Embed
Email

Firewalls_Objectives

Document Sample

Shared by: ajizai
Categories
Tags
Stats
views:
1
posted:
12/19/2011
language:
pages:
4
FIREWALLS OBJECTIVES



EXERCISE 1



Aligning Network Topologies with Security Requirements



Given a set of security requirements within a security policy and a network topology, you

will be able to:



1. Determine if the topology could support the given requirement stated in the policy

2. Determine if the topology is usable within the given policy

3. Justify your answer by stating how the topology does or does not address the

requirements



EXERCISE 2



Configuring a Network Topology



1. Given the company’s set of security requirements, a diagram of the company’s

network topology, and a Network Connectivity Matrix (NCM) template, you will be

able to complete an NCM by filling in the relationships between the logical

information groups on the NCM template

2. Given an NCM and four firewall configurations, you will be able to select the

appropriate firewall configuration for the company and justify your selection of a

firewall topology network by writing a memo to UCB management that indicates

your selection and explains your justification.



EXERCISE 3



Packet Structure



1. Given a Linux computer system, TCP/IP datagram formats, packet analysis questions,

and a file containing packets captured using the tcpdump command, you will be able

to pick out specific packets and answer questions about the contents, by providing the

information requested on the packet analysis questions.



EXERCISE 4



Packet Filtering (Linux)



1. Given a set of requirements for access control, a network topology, and a rules-table

template, you will be able to define a set of filtering rules to protect an internal

network by completing the configuration parameters on the rules-table template.

2. Given a set of filtering rules and a set of commands, you will be able to configure

packet filtering rules on a Linux firewall using the Linux command line interface

(CLI).

3. Given a configured Linux firewall, you will be able to verify access control

configuration by entering packet testing commands from the CLI.



EXERCISE 5



Network Address Translation



1. Given a set of requirements for network address translation (NAT), a network

topology, and a rules-table template, you will be able to define a set of filtering rules

to protect an internal network by completing in the configuration parameters on the

rules-table template.

2. Given a set of NAT rules, access to a Linux firewall via a command line interface,

and the necessary commands, you will be able to configure a Linux firewall to apply

NAT rules using IP tables.

3. Given a configured Linux firewall, you will be able to verify translated IP addresses

in packets from internal or external network nodes by testing connectivity.



EXERCISE 6



Proxy Servers



1. Given a set of requirements, a network topology, and access to a Squid server via a

command line interface, you will be able to configure a set of remapping rules to get

HTTP laboratory users’ requests through the proxy server by entering in the

configuration parameters on the Squid configuration file.

2. Given a set of requirements, a network topology, and access to a Squid server via a

command line interface, you will be able to configure a set of authentication rules to

prevent unauthorized laboratory users from getting access to the ACME chemical

database by entering in the configuration parameters on the Squid configuration file.

3. Given a configured Squid server, you will be able to verify the remapping and

authentication rules by testing denied web sites connectivity and content of cached

files.



EXERCISE 7



Application Gateway



1. Given a set of requirements, a network topology, and access to a Squid server via a

command line interface, you will be able to configure a set of blocking site rules to

prevent internal network users from getting access to undesired external web sites by

entering in the configuration parameters on the Squid configuration file.

2. Given a set of requirements, a network topology, and access to a Squid server via a

command line interface, you will be able to configure a set of paths and parameters to

cache web traffic by entering in the configuration parameters and paths on the Squid

configuration file.

3. Given a configured Squid server, you will be able to verify blocked sites and cached

web traffic by testing denied web sites connectivity and content of cached files.



EXERCISE 8



Logging



1. Given a set of firewall access control rules, a set of monitoring requirements, a

network topology, and a set of commands, you will be able to configure a set of

logging rules to analyze the access control operation of a Linux firewall by entering

commands using the Linux command line interface (CLI).

2. Given a configured Linux firewall and a traffic generator program, you will be able to

execute the traffic generator program to record the logging information in the Linux

syslog-file. You will be able to determine how well the access control rules you

implemented worked by analyzing the syslog-file on the firewall and comparing the

results to the monitoring requirements using the CLI.



EXERCISE 9



Encryption



1. Given a network topology and a set of OpenSSH configuration commands, you will

be able to set up the public key authentication service to allow users for password-

free logins on a Linux firewall by entering the public key generation commands using

the Linux command line interface (CLI).

2. Given a set of tcpdump commands and two saved packet-data files, you will be able

to review encrypted and unencrypted http packets on a Linux firewall by entering the

command to read from a saved packet-data file using the Linux command line

interface (CLI).

3. Given a set of pgp commands and an unencrypted text file, you will be able to

encrypt and decrypt the text file and review its content on a Linux firewall by

entering the encryption commands using the Linux command line interface (CLI).



EXERCISE 10



VPN (Linux)



1. Given a network topology and a set of commands, you will be able to configure a

VPN tunnel on a Linux server by entering VPN configuration commands using the

Linux command line interface (CLI).

2. Given a configured Linux firewall and a traffic generator program, you will be able to

execute the demo program and determine how well the access control rules work by

analyzing the firewall log file using the CLI.



Related docs
Tax Laws Banking Industry
Views: 2  |  Downloads: 0
Firewalls _ VPNs
Views: 4  |  Downloads: 0
Discovery 1 Networking for Home and Small Business
Views: 7  |  Downloads: 0
Guide to Network Defense and Countermeasures
Views: 21  |  Downloads: 0
configfirewall.ppt - Welcome to Penn State's Home on the Web
Views: 57  |  Downloads: 0
9781435420168_IM_CH09
Views: 0  |  Downloads: 0
Guide to Network Defense and Countermeasures Second Edition
Views: 37  |  Downloads: 3
Other docs by ajizai
NH_Members
Views: 0  |  Downloads: 0
06 Mr. Wu Jun 16012009
Views: 0  |  Downloads: 0
9i CITY OF RAPID CITY
Views: 0  |  Downloads: 0
K Readiness Doc. July 2010
Views: 0  |  Downloads: 0
LookMaNoHands
Views: 0  |  Downloads: 0
1.0 RFP PURPOSE - New Opportunities for Agriculture
Views: 0  |  Downloads: 0
Regression output Muslims - Feel able to practice their
Views: 0  |  Downloads: 0
97605964
Views: 0  |  Downloads: 0
For Immediate Release Y-cam releases Power over Ethernet IP camera ...
Views: 1  |  Downloads: 0
NBA 2006-07 data
Views: 0  |  Downloads: 0
By registering with docstoc.com you agree to our
privacy policy
Close

You are almost ready to download!

close

You are almost ready to download!