COMP2003 – Securing Networks Assignment 2 _______________________________________________________________________________________________ Page 1 of 7 Faculty of Science and Engineering Unit Securing...

1 answer below »

COMP2003 – Securing Networks Assignment 2
_______________________________________________________________________________________________
Page 1 of 7
Faculty of Science and Engineering


Unit Securing Networks
Unit code COMP2003
Assignment 1 Practical network security setup
Mode Individual assignment
Due Date Monday 18 April XXXXXXXXXX:00 PM
Learning
Outcomes LO1, LO2, LO3, LO4
Weight 60% of overall unit assessment
Suggestion This assignment is developmental and cumulative. You are strongly advised
to start doing this assignment from Week-3 in your study. Leaving your
starting date to the week before the due date is a very poor strategy for
success in the unit. Follow the provided guidelines to help you successfully
direct your efforts.
Task Description
In this assignment, you will perform necessary setup to install, configure and troubleshoot
an SME network.
You must successfully implement the network in Cisco’s Packet Tracer network simulation
software and perform important steps to manage the network security configuration.
You must complete the following tasks:
• Task 1: Install and connect the devices into a network as shown in the diagram.
• Task 2: Set up and test the security.
• Task 3: Network testing and troubleshooting.
• Task 4: Network security analysis.
• Task 5: Network documentation.
COMP2003 – Securing Networks Assignment 2
_______________________________________________________________________________________________
Page 2 of 7
Scenario
You are up for a promotion to senior network administrator and because of your ongoing
experience your manager has assigned you a new client to assist them setup their new
network.
The design and requirements have been provided to you in the logical topology network
diagram.
You have been advised of the following criteria:
1. Routers and default gateways are always set to the first IP address in the range.
2. Switches will always get the second IP address in the range.
3. End devices (servers and workstations etc) will get an IP address starting at the 20th
usable address for the host address.
4. Servers will have their MAC address stored on the switch.
5. Connections to the head office network need to be secure.
6. The IT department needs to be able to access all networks for maintenance and
troubleshooting including ping and SSH.
The following networks will be set up:
• DMZ – Used for placing internet facing devices to be able to be reached from the
internet as well as the internal business network.
• Server Network (ServerNet) – used for storing the internal company servers that
only staff can access.
• Corporate Network (CorpNet) – used by the normal users of the company at head
office that can access the internet, the servers including the DMZ. Departments
need to be segmented from each other.
• Remote network (Remote Net) – used by company employees at the second office.
They can access the server network and the DMZ and the internet only.
• Research and Development network (R&D Net) – used by the team developing new
products and researching new techniques. This network is segmented from the
other networks and has internet access, server access is only for traffic they
initiate, and no devices can initiate connections to this network.
Your task is to configure the network in simulation software so that it can be tested before
it is implemented.
You must devise any other security options you deem appropriate and configure and
document them so they can be used when the network is implemented.
COMP2003 – Securing Networks Assignment 2
_______________________________________________________________________________________________
Page 3 of 7
COMP2003 – Securing Networks Assignment 2
_______________________________________________________________________________________________
Page 4 of 7
Network Addresses
Network IP Address Range
ISP (Internet Service Provider) Connections 64.27.X.Y /29
DMZ Network XXXXXXXXXXX.0 /24
Server Network XXXXXXXXXXX.0 /24
Corp Network XXXXXXXXXXX.0 /24
Remote Network XXXXXXXXXXY.0 /24
R & D Network 10.x.0.0 /8
Internet Connection (loopback XXXXXXXXXX/32
Where a task asks for X or Y use your student number in this way
Student ID: XXXXXXXXXX
X = 12 (first 2 numbers) and Y= 89 (last 2 numbers)
Submission Format
When you have completed the assignment, you are required to submit the following:
1. your assignment in the PDF/DOC format. The file will be named using the
following convention:
filename = FirstInitialYourLastName_COMP2003_A1
(i.e. FJones_COMP2003_A1.pdf or FJones_COMP2003_A1.docx)
2. You Packet Tracer file with devices configured named in the format:
filename = FirstInitialYourLastName_COMP2003_A2.pkt
(i.e. FJones_COMP2003_A2.pkt)
Format and Presentation
Task 1, 3, 4 and 5: Use the template provided with this assignment for this task.
Task 2: Provide your topology in a Packet Tracer file.
All intermediate device names must start with your name in the format of
FirstInitialYourLastName (I.e., FJones Router 1)
COMP2003 – Securing Networks Assignment 2
_______________________________________________________________________________________________
Page 5 of 7
Grading Scores
The ru
ic for this assignment is available on the MySCU site and will give the criteria for
marking.
Generally, you need to not only concentrate on getting the design and configuration right,
ut also think about how you are presenting it, and how you are communicating your
message, supported by the design and layout of the network. There are two parts of the
marking criteria – the technical competency, and the level of professionalism shown.
The difference between a “Pass” and higher grades will be based on how much you look
at the whole project and security practices, and how well you follow best practices while
keep your design cohesive and security robust.
Criteria Max Mark
Task 1: Install and connect the devices 10
Task 1.1: Devices connected (routers, switches and PC’s etc) 2
Task 1.2: Basic configuration completed 3
Task 1.3: Basic security setup 3
Task 1.4: Connectivity works 2
Task 2: Set up and test the security 15
Task 2.1: Switchport security setup 4
Task 2.2: Sticky mac addresses 3
Task 2.3: VLAN’s configured 6
Task 2.4: ACL’s configured 8
Task 2.6: VPNs configured 6
Task 2.5: Routing configured 3

Task 3: Network testing and troubleshooting 10
Task 3.1: Identified information to be collected 4
Task 3.2: Tested configuration 3
Task 3.3: Identified issues and co
ected 3
Task 4: Network Security Analysis 10
Task 4.1: Advise what you have configured and why for each type of security. 10

Task 5: Network documentation 8
Task 5.1: Documented End Devices 2
Task 5.2: Documented Intermediate Devices 4
Task 5.3: Exported Configurations 2

Documentation 1
Professional presentation 1
TOTAL 60
COMP2003 – Securing Networks Assignment 2
_______________________________________________________________________________________________
Page 6 of 7
Resubmit policy:
As this task is the major task for a core unit, it is eligible for a resubmit under our resubmit
policy. This means that if you fail the assessment then you will be given a chance to
esubmit, if you are eligible.
Eligible students are those who have
• handed in all assessments.
• not committed academic misconduct in the unit.
• passed at least 50% of the other assessment in the unit.
• failed this assessment and cannot pass the unit otherwise.
If you fail this assessment and are eligible for a resubmit, your unit assessor will contact
you in Week 7 with further instructions.
Getting Help:
This assignment, which is to be completed individually, is your chance to gain an
understanding of the fundamental concepts of network security which later learning will
e based. It is important that you master these concepts yourself.
Since you are mastering fundamental skills, you are permitted to work from the examples
in the MySCU site or other resources, but you must acknowledge assistance from other
textbooks or classmates. In particular, you must be careful in the use online material or
help from others, as this would prevent you from mastering these concepts.
This diagram will help you understand where you can get help:
Encouraged Attribution Required
Not acceptable Ask tutor
Be aware if you do get help from one of the red sources, you are at risk of failing the
assignment, or the unit.
Retain duplicate copy
Before submitting the assignment, you are advised to retain electronic copies of original
work. In the event of any uncertainty regarding the submission of assessment items, you
may be requested to reproduce a final copy.
Lecturer Tutors
Online
Forums
Relatives
Students
outside unit
Hired coders Classmates
Private
Tutors
Othe
COMP2003 – Securing Networks Assignment 2
_______________________________________________________________________________________________
Page 7 of 7
School Extension Policy
Please see the Special Consideration page for more information available at
https:
www.scu.edu.au/cu
ent-students/student-administration/special-
consideration/
A penalty of 10% of the total available grade will accrue for each 24-hour period that an
assessment item is submitted late. Therefore, an assessment item worth 60 marks will
have 6 marks deducted for every 24-hour period and at the end of 5 days will receive a
maximum of 30 marks or 50%.
Students who fail to submit following the guidelines in this Unit Information Guide will be
deemed to have not submitted the assessment item and the above penalty will be applied
until the specified submission guidelines are followed.
Marks and Feedback
All assessment materials submitted during the semester will normally be marked and
eturned within two weeks of the required date of submission (provided that the
assessment materials have been submitted by the due date).
Marks will be made available to each student via the MySCU Grade book.
https:
www.scu.edu.au/cu
ent-students/student-administration/special-consideration
https:
www.scu.edu.au/cu
ent-students/student-administration/special-consideration

Answered 7 days AfterApr 10, 2022

Solution

Naveen Kumar answered on Apr 18 2022
9 Votes
COMP2003 – Securing Networks        [TERM #, YEAR]
ASSIGNMENT COVER SHEET
For use with online submission of assignments
Please complete all of the following details and then make this sheet the first page of each file of your assignment – do not send it as a separate document.
Your assignments must be submitted as either Word documents, text documents with .rtf extension or as .pdf documents. If you wish to submit in any other file format please discuss this with your lecturer well before the assignment submission date.        
    Student Name:
    NAME
    Student ID No.:
    
    Unit Name:
    Securing Networks
    Unit Code:
    COMP2003
    Tutor’s name:
    
    Assignment No.:
    Assessment 2
    Assignment Title:
    Case Study - Practical Skills
    Due date:
    
    Date submitted:
    
Declaration:
I have read and understand the Rules Relating to Awards (Rule 3 Section 18 – Academic Misconduct Including Plagiarism) as contained in the SCU Policy Li
ary.
I understand the penalties that apply for plagiarism and agree to be bound by these rules. The work I am submitting electronically is entirely my own work.
    Signed:
    
    (please type your name)
    
    Date:
    
COMP2003 – Securing Networks        [TERM #, YEAR]
COMP2003 – Securing Networks        [TERM #, YEAR]
Remove red instructional text and replace with your answers.
(Including this)
[YOUR NAME HERE]        Page 18 of 39
Task 1
Set up the network.
•    Set up the routers, switches, and PCs with the appropriate connections
Ans: Yes
•    Perform basic configuration of the devices
Ans: Yes
•    Test connectivity
Include a screenshot here.
Main Router routing table:
1.
2.
Task 2
Add the required security to the network to meet the requirements.
Ensure you look at task 3 and record your troubleshooting as you complete this task.
Provide your Packet Tracer saved topology in a PKT file.
Your Packet Tracer file must be named in the format:
filename = FirstInitialYourLastName_A1.pkt
(i.e. FJones_COMP2003_A1.pkt)
Task 3
You must document what tests you will ca
y out, what the test is for and the result.
This task contains a series of steps that must be completed multiple times. Each test will go through the following steps:
Step 1: Propose a hypothesis to be tested.
Document the hypothesis.
Step 2: Identify information to be collected / devices to be tested.
Document information to be collected.
· Communication has been established between the DMZ to Serve
· Communication has been established between the DMZ to HQ
· Communication has been established between the Server to DMZ
· Communication has been established between the Server to HQ
Step 3: Test the configuration.
Please refer the above snap shots
Step 4: Determine conclusion of test – satisfactory or not.
As mentioned in documents, communication is established and secured.
Step 5a: If step 4 was not satisfactory, document and then change settings and move back to step 3
NA
Step 5b: If step 4 was satisfactory document the conclusion.
All ping test and trace route test done successfully.
Repeat this for number of tests to ensure that the configuration and security settings are working as required.
Consider creating a table for this.
You need to conduct enough tests to ensure that the requirements are met.
Ans: Please refer the above snaps for test results
Task 4
For each type of security that you have configured provide:
a) a
ief description of the security that was configured,
Ans:
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
lifetime 86400
crypto isakmp key firewallcx address 192.168.23.2
ip access-list extended Enc-TRAFFIC
permit ip 0.0.0.0 0.0.0.0
crypto ipsec transform-set TS esp-3des esp-md5-hmac

crypto map CMAP 10 ipsec-isakmp
set peer 192.168.23.2
set transform-set TS
match address Enc-TRAFFIC
interface Ethernet1/2
crypto map CMAP
---------------
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
lifetime 86400
crypto isakmp key firewallcx address 192.168.23.1
ip access-list extended Enc-TRAFFIC
permit ip 0.0.0.0 0.0.0.0
crypto ipsec transform-set TS esp-3des esp-md5-hmac

crypto map CMAP 10 ipsec-isakmp
set peer 192.168.23.1
set transform-set TS
match address Enc-TRAFFIC
interface Ethernet1/2
crypto map CMAP
) what the purpose of the configuration is,
Ans: Create secure communicating between the
anch offices.
c) how it improves the posture of the organization.
Ans: With the help of Proper auditing and secure hardening
Task 5
Document the devices and settings.
Consider creating tables – the page is already landscape.
Include the following:
Host Devices (PC’s and servers)
172.16.23.0/24
172.16.24.0/24
192.168.23.0/24
10.23.0.0/8
192.168.37.0/24
Network Devices
· Name/ID : DMZ_Net
· Link technology e.g. Ethernet
· Port Address: 172.16.23.0/24
· Physical address: 0005.5e07.3801
· IP Address : 172.16.23.2/24
· Subnet Mask: 255.255.255.0
· Default Gateway: 172.16.23.1
· DNS 0.0.0.0
· Name/ID : R&D
· Link technology e.g. Ethernet
· Port Address: 10.23.0.0/8
· Physical address: 0002.4a39.ee01
· IP Address : 10.23.0.2/8
· Subnet Mask: 255.0.0.0
· Default Gateway: 10.23.0.1
· DNS 0.0.0.0
· Name/ID : Server_net
· Link technology e.g. Ethernet
· Port Address: 172.16.24.0/24
· Physical address: 00d0.ff66.1001
· IP Address : 172.16.24.2/24
· Subnet Mask: 255.255.255.0
· Default Gateway: 172.16.24.1
· DNS 0.0.0.0
· Name/ID : Remote_Net
· Link technology e.g. Ethernet
· Port Address: 192.168.37.0/24
· Physical address: 00e0.b0bd.9001
· IP Address : 192.168.37.2/24
· Subnet Mask: 255.255.255.0
· Default Gateway: 192.168.37.1
· DNS 0.0.0.0
· Name/ID : HeadOff
· Link technology e.g. Ethernet
· Port Address: 192.168.23.0/24
· Physical address: 000b.be79.2c01
· IP Address : 192.168.23.2/24
· Subnet Mask: 255.255.255.0
· Default Gateway: 192.168.23.1
· DNS 0.0.0.0
· Security Configuration
· Switch port security : Yes
· VLANs: 23, 24, 10, 37
· ACLs: Access list 101, 102, 103, 104, 105
· Routes: EIGRP 0001
· VPNs: Yes, Please referee the above config files
COMP2003 – Securing Networks    [TERM #, YEAR]
[YOUR NAME HERE]        Page 10 of 39
Appendix
Export the configurations to files or copy paste the running-config, please place them after your answers in this Appendix.
If you export them to text files, upload them all as a Zip.
Do not use RAR or 7 zip etc, just use ZIP!
Router:
Route
Route
Route
en
Router#
Router#
Router#
Router#sh run
Router#sh running-config
Building configuration...
Cu
ent configuration : 586 bytes
!
version 23.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Route
!
!
!
!
!
!
!
!
no ip cef
no ipv6 cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.23.0.1 255.0.0.0
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 64.27.23.2 255.255.255.248
duplex auto
speed auto
!
outer eigrp 1
network 10.0.0.0
network 64.27.23.0 0.0.0.7
auto-summary
!
ip classless
!
ip flow-export version 9
!
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
Router#
Router#
Main Route
Router#tra
Router#traceroute
Router#traceroute ip 172.16.23.20
Type escape sequence to abort.
Tracing the route to 172.16.23.20
1 172.16.23.20 0 msec 0 msec 1 msec
Router#traceroute ip 172.16.24.20
Type escape sequence to abort.
Tracing the route to 172.16.24.20
1 172.16.24.20 0 msec 0 msec 0 msec
Router#traceroute ip 192.168.23.20
Type escape sequence to abort.
Tracing the route to 192.168.23.20
1 192.168.23.20 0 msec 0 msec 1 msec
Router#
Router con0 is now available
Press RETURN to get started.
Route
Route
Route
en
Router#
Router#sh run
Router#sh running-config
Building configuration...
Cu
ent configuration : 2204 bytes
!
version 23.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Route
!
!
!
!
!
!
!
!
no ip cef
no ipv6 cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback1
ip address 200.239.37.52 255.255.255.255
!
interface FastEthernet0/0
ip address 64.27.23.1 255.255.255.248
ip access-group 105 out
duplex auto
speed auto
!
interface Ethernet1/0
ip address 172.16.23.1...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here