Problem 2 (75 ) ACL Configuration For this assignment, you are asked to implement a security policy, utilizing Cisco ACLs (Stateless packet filters), for a mid size company Consider the network topology and the security policy shown below to answer the following questions You are not required to implement the policy in GNS3 Only provide the access lists in a PDF document similar to what we have done in the AC case studies Security Policy P1 The company runs the following services web ( HTTP, HTTPS ), domain name service ( DNS ), mail exchange ( SMTP and IMAP ), file transfer ( FTP ), MySQL , and Print services The services are distributed as shown in the figure above P2 The web, DNS , and mail exchange services in DMZ can be accessed by local and external users (from the internet) P3 The Web and mail services in the DMZ will need to access MySQL DB in Utility to operate properly P4 SSH , Rlogin , and Network News Transfer ( NNTP ) protocols are commonly used by attackers to gain remote access They should be prohibited from outside the company or from DMZ to any of the internal subnets P5 Local users (in any of the internal subnets DMZ , R D , Development , and Utility ) can always access the internet freely P6 MySQL and FTP services in Utility can be accessed from local subnets , including the DMZ , but not from the internet P7 The MySQL service in Development is limited to Development use only (no one should be able to access it from outside Development) P8 SSH connections to Utility, DMZ , and the R D subnets are permitted only from local subnets, except DMZ as indicated in P3 P9 The ports 5950 6000 in the R D subnet can be accessed from one of the companys collaborators on the internet The collaborator IP address range is 65 5 113 0 24 (i e , connections to these ports should only be allowed if the source belongs to this range) b Define the access control lists (ACLs) required to enforce the security policy Again, no implementation in GNS3 is required I only need the ACLs in a PDF document Make sure you clearly specify the router, interface, and the direction (similar to what we have done in the case studies) You can use the following template You are not required to use Cisco syntax, but feel free to do so You can use the subnet name (e g , DMZ, R D, Dev, Utility, Internet) instead of the exact IP address wildcard mask of subnets Similarly, you can use the service name (HTTP, DNS, Rlogin, etc ) instead of the exact port number

The Answer is in the image, click to view ...

Answered step by step

Verified Expert Solution

Link Copied!

Question

1 Approved Answer

Posted on Sep 06, 2024

Problem 2 (75%): ACL Configuration For this assignment, you are asked to implement a security policy, utilizing Cisco ACLs (Stateless packet filters), for a mid-size

Problem 2 (75%): ACL Configuration

For this assignment, you are asked to implement a security policy, utilizing Cisco ACLs (Stateless packet filters), for a mid-size company. Consider the network topology and the security policy shown below to answer the following questions.

You are not required to implement the policy in GNS3. Only provide the access lists in a PDF document similar to what we have done in the AC case studies.

Security Policy

P1.	The company runs the following services: web (HTTP, HTTPS), domain name service (DNS), mail exchange (SMTP and IMAP), file transfer (FTP), MySQL, and Print services. The services are distributed as shown in the figure above.
P2.	The web, DNS, and mail exchange services in DMZ can be accessed by local and external users (from the internet).
P3.	The Web and mail services in the DMZ will need to access MySQL DB in Utility to operate properly.
P4.	SSH, Rlogin, and Network News Transfer (NNTP) protocols are commonly used by attackers to gain remote access. They should be prohibited from outside the company or from DMZ to any of the internal subnets.
P5.	Local users (in any of the internal subnets: DMZ, R&D, Development, and Utility) can always access the internet freely.
P6.	MySQL and FTP services in Utility can be accessed from local subnets, including the DMZ, but not from the internet.
P7.	The MySQL service in Development is limited to Development use only (no one should be able to access it from outside Development).

P8.

SSH connections to Utility, DMZ, and the R&D subnets are permitted only from local subnets,

except DMZ as indicated in P3.

P9.

The ports 5950-6000 in the R&D subnet can be accessed from one of the companys collaborators

on the internet. The collaborator IP address range is 65.5.113.0/24 (i.e., connections to these ports should only be allowed if the source belongs to this range).

b. Define the access control lists (ACLs) required to enforce the security policy.

Again, no implementation in GNS3 is required. I only need the ACLs in a PDF document.
Make sure you clearly specify the router, interface, and the direction (similar to what we have done in the case-studies). You can use the following template. You are not required to use Cisco syntax, but feel free to do so.