dns and security
TRANSCRIPT
-
8/10/2019 DNS and Security
1/5
Instructions
You will download a fully working copy of the network file from the exam folder that is availableduring the examination. All routing and addressing is set up for you, however you may re-designas you see fit.
Part 1 (50%)You must examine this network in conjunction with the security problems that are given below anddesign a security solution to overcome the security issues. You will use the next 9 minutes torebuild the network in !acket "racer #..$and apply the configurations that you have written to therouters.
Part 2 (50%)%uring the last & minutes, you will be asked to perform the "'( tasks on page # using )*+ and! commands within your network and then write a )'/ criti0ue of the network. !lease saveyour responses to the 0uestions on page # in this word document by use of screenshots or copyand paste. Add your criti0ue to page 1 of this document. "his does not need to exceed 2 words
and must be concise. You will save this file along with your !acket "racer file in the 3exam4directory that is provided in 35y omputer4.
You must remain in the examination room until your network test results in this word document andyour .pkt file has been saved appropriately.
You may login to your ! now and download the examination files but you may not beginreconfiguring the !acket "racer file until you are told.
-
8/10/2019 DNS and Security
2/5
Insecure Starting Network
You will download a pre-configured network as shown in the diagram below from your exam folder.
Important when adding any hardware:
You should use appropriate routers throughout the network.
You may need to add appropriate interfaces to the routers.
6se 792-78 +witches for all switches in the network.
6se eneric !s for all workstations.
6se eneric +erver-!" for any additional servers in the network : remember to turn *//unnecessary services on these machines.
So-Knee Network
External
Network
-
8/10/2019 DNS and Security
3/5
Network Re-Design Value 50%
Time allowed 90 minutes
Instructions
You will be given NINETY MINUTESto redesign your network. Please put ALL details on the A paper
provided.
Please re!er to the diagra" on page when reading the instru#tions below.
$here is N% NEE& to redesign the External Network
You "ay use the 'is#opedia installed on your P's or your notes to help you with the re(uired #o""ands.
)e sure to draw a #lear diagra" o! your re-designed network on the A paper supplied with ALLse#urity
details. You "ay also write pertinent #on!igurations !or the routers on the A paper.
Subnetting the Network
You "ay add any *Pv+ address blo#ks to your network.
You "ay subnet as you see !it using appropriate subnetting te#hni(ues.
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Network Probem!
$he So-Knee Paystation ga"ing #o"pany has been ha#ked re#ently. %ne o! its bran#h o!!i#es has been
tested !or se#urity and has several proble"s. $he So-Knee network border is the router tagged AS).
A ha#ker /a#ker P' is in#luded 0 has "anaged to gain a##ess to the entire So-Knee network and is able to$ELNE$ into the AS) router and #an ping all "a#hines in the So-Knee network.
$he ha#ker has also "anaged to gain a##ess to the #o"pany *ntranet Server at 123.145.1.3.
$he publi# webserver #an be pinged !ro" the outside and #an there!ore be sus#eptible to a &&oS atta#k
Swit"h #on$iguration
No #on!iguration or na"ing is re(uired !or any o! the swit#hes. You are not re(uired to design 6LANs to
solve this network proble"
Serer #on$iguration
You should not need to #hange the #on!iguration or purpose o! the servers in your network but you "ay need
to "ove the" to di!!erent networks i! appropriate.
P# "on$iguration
You do not need to na"e or add to the P's. You "ay set the P's to be#o"e &/'P #lients or give the"
stati# addresses.
e"e"ber to turn %77 the &/'P servi#e on any extra servers as this servi#e is turned %N by de!ault and
will #ause proble"s with your &/'P #on!iguration.
Re-designing the network
-
8/10/2019 DNS and Security
4/5
%pen Pa#ket $ra#er 4.8.1on your P' and download the network as shown on page . e!er to your diagra"
!or details.
You "ust #reate a $wo $ier network se#urity solution that pla#es the Publi# 9ebserver into a &e"ilitarised
:one &;:0 on its own.
No external "a#hine "ay be able to gain a##ess to any "a#hine in the So-Knee network using *';P.
No external "a#hine "ay have any a##ess whatsoever to any So-Knee resour#e E
-
8/10/2019 DNS and Security
5/5
Time allowed 30 minutes
9hen you have #o"pleted the network re-#on!iguration> you will need to show that the new
network setup works #orre#tly. ?se s#reenshots and #ut and paste where appropriate to
answer the !ollowing (uestions.
;ake sure that you in#lude su!!i#ient in!or"ation to prove that you have answered the
(uestion as you were asked. $his "ay "ean showing the #o""and and the response.
You "ust add a written #riti(ue o! the network a!ter answering the (uestions below.
&a!k to per$orm
$ +how the result when the ;acker ! tries to access the A+ routerusing telnet
7 +how the response on the webpage when the hacker tries to accessthe company intranet webpage using its )! address
& !rove that the hacker cannot ping any destination on the +o-?
!rove that one of your Access ontrol >ist statements has operatedcorrectly using a !howcommand.
9 +how that you have increased the security of the A+ router
$ +how that +(5! traffic is able to reach the )ntranet +erver from the@eb 5anagement !
Network #riti'ue
Add a #on#ise network #riti(ue to show the basi# proble"s and solutions that you have #reated to the
proble"s. $he #riti(ue should be less than @88 words. Please write your #riti(ue below.
y Network #riti'ue