CCNA Security Chapter 4 Case Study

Objectives Describe numbered and named, standard and extended IP ACLs. Configure IP ACLs with IOS CLI and SDM. Describe and configure time-based ACLs. Describe attack mitigation with ACLs. Describe the major types of firewalls. Describe and configure CBAC (IOS Stateful Packet Inspection) with CLI. Describe and configure Zone-Based Policy Firewall with CLI and SDM.

Scenario The transition team is responsible for protecting the perimeter of the network and the DMZ at Superior Health Care System Corporation. Your group has been asked to evaluate the network design and present a new design which will better control traffic patterns and trust relationships between the Internet, intranets, extranets and the DMZ. Tasks 4.1 Use a drawing program like Microsoft Visio to draw a logical diagram of the Internet, intranets, extranets and the DMZ. The drawing should be based on the following facts: 1. Internet connections from two ISPs: AT&T T3 connection (R1) Metro Ethernet - 50 MB (R2)

2. A double firewall design Public firewalls (Pub1 & Pub2) located behind both Internet routers (R1 & R2) used to control access to internal networks, DMZ and extranets. Inside firewall (Priv1) located in front of the private network use to screen intranet and extranet traffic entering the internal private network.

3. A corporate intranet available to all employees through VPNs that terminate at (R1 & R2) 4. The plan should include the creation of one large DMZ to contain the following: Company web services Email Services Connection to extranets (other corporate partners) via VPNs 2009 Cisco Learning Institute

CCNA Security Chapter 4 Case Study

Tasks 4.2 Provide the syntax used to activate ACLs during the off hours of the hospitals business offices (7a.m. 6 p.m.). Also provide the syntax to name ACLs for the application they are used. Syntax Time-based ACLs: ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ Syntax Named ACLs: ____________________________________________________________________________________ ____________________________________________________________________________________ ____________________________________________________________________________________ Tasks 4.3 Create a table to record CBACs that can be used at (R1 & R2) to control traffic entering the internal networks and DMZ. Include the control of the following traffic inside the internal networks: All routing protocol denied All ICMP denied All outside telnet denied All outside SSH denied except from address 172.16.1.1-16. R1 R2

2009 Cisco Learning Institute

CCNA Security Chapter 4 Case Study

Tasks 4.4 Create a table to record the commands used to create a zone pair between the following corporate networks: Public and DMZ DMZ and Private Public and Private

The Public network should have no initial access to the DMZ or Private networks. The DMZ should have no initial access to the Private network. R1 R2

2009 Cisco Learning Institute