Take annotated screenshots of the output for each step Pre-lab: 1. Find a YouTube on the Atom editor and watch it. 2. Watch the YouTube video - https://www.youtube.com/watch?v=PRHClwLsTss 3. Watch the...

COMP2003 – Securing Networks        [TERM #, YEAR]
ASSIGNMENT COVER SHEET
For use with online submission of assignments
Please complete all of the following details and then make this sheet the first page of each file of your assignment – do not send it as a separate document.
Your assignments must be submitted as either Word documents, text documents with .rtf extension or as .pdf documents. If you wish to submit in any other file format please discuss this with your lecturer well before the assignment submission date.        
    Student Name:
    NAME
    Student ID No.:
    
    Unit Name:
    Securing Networks
    Unit Code:
    COMP2003
    Tutor’s name:
    
    Assignment No.:
    Assessment 2
    Assignment Title:
    Case Study - Practical Skills
    Due date:
    
    Date submitted:
    
Declaration:
I have read and understand the Rules Relating to Awards (Rule 3 Section 18 – Academic Misconduct Including Plagiarism) as contained in the SCU Policy Library.
I understand the penalties that apply for plagiarism and agree to be bound by these rules. The work I am submitting electronically is entirely my own work.
    Signed:
    
    (please type your name)
    
    Date:
    
COMP2003 – Securing Networks        [TERM #, YEAR]
COMP2003 – Securing Networks        [TERM #, YEAR]
Remove red instructional text and replace with your answers.
(Including this)
[YOUR NAME HERE]        Page 18 of 39
Task 1
Set up the network.
•    Set up the routers, switches, and PCs with the appropriate connections
Ans: Yes
•    Perform basic configuration of the devices
Ans: Yes
•    Test connectivity
Include a screenshot here.
Main Router routing table:
1.
2.
Task 2
Add the required security to the network to meet the requirements.
Ensure you look at task 3 and record your troubleshooting as you complete this task.
Provide your Packet Tracer saved topology in a PKT file.
Your Packet Tracer file must be named in the format:
filename = FirstInitialYourLastName_A1.pkt
(i.e. FJones_COMP2003_A1.pkt)
Task 3
You must document what tests you will carry out, what the test is for and the result.
This task contains a series of steps that must be completed multiple times. Each test will go through the following steps:
Step 1: Propose a hypothesis to be tested.
Document the hypothesis.
Step 2: Identify information to be collected / devices to be tested.
Document information to be collected.
· Communication has been established between the DMZ to Server
· Communication has been established between the DMZ to HQ
· Communication has been established between the Server to DMZ
· Communication has been established between the Server to HQ
Step 3: Test the configuration.
Please refer the above snap shots
Step 4: Determine conclusion of test – satisfactory or not.
As mentioned in documents, communication is established and secured.
Step 5a: If step 4 was not satisfactory, document and then change settings and move back to step 3
NA
Step 5b: If step 4 was satisfactory document the conclusion.
All ping test and trace route test done successfully.
Repeat this for number of tests to ensure that the configuration and security settings are working as required.
Consider creating a table for this.
You need to conduct enough tests to ensure that the requirements are met.
Ans: Please refer the above snaps for test results
Task 4
For each type of security that you have configured provide:
a) a brief description of the security that was configured,
Ans:
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
lifetime 86400
crypto isakmp key firewallcx address 192.168.23.2
ip access-list extended Enc-TRAFFIC
permit ip 0.0.0.0 0.0.0.0
crypto ipsec transform-set TS esp-3des esp-md5-hmac

crypto map CMAP 10 ipsec-isakmp
set peer 192.168.23.2
set transform-set TS
match address Enc-TRAFFIC
interface Ethernet1/2
crypto map CMAP
---------------
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
lifetime 86400
crypto isakmp key firewallcx address 192.168.23.1
ip access-list extended Enc-TRAFFIC
permit ip 0.0.0.0 0.0.0.0
crypto ipsec transform-set TS esp-3des esp-md5-hmac

crypto map CMAP 10 ipsec-isakmp
set peer 192.168.23.1
set transform-set TS
match address Enc-TRAFFIC
interface Ethernet1/2
crypto map CMAP
b) what the purpose of the configuration is,
Ans: Create secure communicating between the branch offices.
c) how it improves the posture of the organization.
Ans: With the help of Proper auditing and secure hardening
Task 5
Document the devices and settings.
Consider creating tables – the page is already landscape.
Include the following:
Host Devices (PC’s and servers)
172.16.23.0/24
172.16.24.0/24
192.168.23.0/24
10.23.0.0/8
192.168.37.0/24
Network Devices
· Name/ID : DMZ_Net
· Link technology e.g. Ethernet
· Port Address: 172.16.23.0/24
· Physical address: 0005.5e07.3801
· IP Address : 172.16.23.2/24
· Subnet Mask: 255.255.255.0
· Default Gateway: 172.16.23.1
· DNS 0.0.0.0
· Name/ID : R&D
· Link technology e.g. Ethernet
· Port Address: 10.23.0.0/8
· Physical address: 0002.4a39.ee01
· IP Address : 10.23.0.2/8
· Subnet Mask: 255.0.0.0
· Default Gateway: 10.23.0.1
· DNS 0.0.0.0
· Name/ID : Server_net
· Link technology e.g. Ethernet
· Port Address: 172.16.24.0/24
· Physical address: 00d0.ff66.1001
· IP Address : 172.16.24.2/24
· Subnet Mask: 255.255.255.0
· Default Gateway: 172.16.24.1
· DNS 0.0.0.0
· Name/ID : Remote_Net
· Link technology e.g. Ethernet
· Port Address: 192.168.37.0/24
· Physical address: 00e0.b0bd.9001
· IP Address : 192.168.37.2/24
· Subnet Mask: 255.255.255.0
· Default Gateway: 192.168.37.1
· DNS 0.0.0.0
· Name/ID : HeadOff
· Link technology e.g. Ethernet
· Port Address: 192.168.23.0/24
· Physical address: 000b.be79.2c01
· IP Address : 192.168.23.2/24
· Subnet Mask: 255.255.255.0
· Default Gateway: 192.168.23.1
· DNS 0.0.0.0
· Security Configuration
· Switch port security : Yes
· VLANs: 23, 24, 10, 37
· ACLs: Access list 101, 102, 103, 104, 105
· Routes: EIGRP 0001
· VPNs: Yes, Please referee the above config files
COMP2003 – Securing Networks    [TERM #, YEAR]
[YOUR NAME HERE]        Page 10 of 39
Appendix
Export the configurations to files or copy paste the running-config, please place them after your answers in this Appendix.
If you export them to text files, upload them all as a Zip.
Do not use RAR or 7 zip etc, just use ZIP!
Router:
Router>
Router>
Router>en
Router#
Router#
Router#
Router#sh run
Router#sh running-config
Building configuration...
Current configuration : 586 bytes
!
version 23.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
!
!
!
!
no ip cef
no ipv6 cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.23.0.1 255.0.0.0
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 64.27.23.2 255.255.255.248
duplex auto
speed auto
!
router eigrp 1
network 10.0.0.0
network 64.27.23.0 0.0.0.7
auto-summary
!
ip classless
!
ip flow-export version 9
!
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
Router#
Router#
Main Router
Router#tra
Router#traceroute
Router#traceroute ip 172.16.23.20
Type escape sequence to abort.
Tracing the route to 172.16.23.20
1 172.16.23.20 0 msec 0 msec 1 msec
Router#traceroute ip 172.16.24.20
Type escape sequence to abort.
Tracing the route to 172.16.24.20
1 172.16.24.20 0 msec 0 msec 0 msec
Router#traceroute ip 192.168.23.20
Type escape sequence to abort.
Tracing the route to 192.168.23.20
1 192.168.23.20 0 msec 0 msec 1 msec
Router#
Router con0 is now available
Press RETURN to get started.
Router>
Router>
Router>en
Router#
Router#sh run
Router#sh running-config
Building configuration...
Current configuration : 2204 bytes
!
version 23.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
!
!
!
!
no ip cef
no ipv6 cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback1
ip address 200.239.37.52 255.255.255.255
!
interface FastEthernet0/0
ip address 64.27.23.1 255.255.255.248
ip access-group 105 out
duplex auto
speed auto
!
interface Ethernet1/0
ip address 172.16.23.1...