Due: Friday, March 24, 2023
Reading: ...
In this part you will configure some access control lists to implement a specific security policy.
Proceed as follows:
The file homework-04.pkt is a file you can use as a starting point for this assignment. It is a model of a simple corporate network with two branches connected together over a wide-area link via an ISP. The end systems and routers have been pre-configured with appropriate interface addresses. The OSPF routing protocol has also been pre-configured. Check the connectivity of the system by pinging the end systems from each other.
There is a simulated web server running on the server machine. Use the simulated web browser on the various end systems to verify access to the web server. The server supports both http (port 80) and https (port 443) access.
The server also supports FTP. Using Bob's system, transfer a file from the FTP server to verify that access. Use commands such as:
C:\> ftp 192.168.2.2
Username: cisco
Password: cisco [not shown as you type]
ftp> dir [shows a list of files]
ftp> get asa842-k8.bin [first file on the list]
[green lights will flicker. transfer may take some time]
ftp> quit
C:\> dir [display local files to verify it was transferred]
C:\> delete asa842-k8.bin
The security policy to implement is as follows:
Only corporate users should be able to access the web server. Users at the remote branch must use HTTPS to avoid unencrypted web pages from passing through the ISP. Outside users have no access to the web server.
Apply the same policy above to the FTP server (except don't worry about dragging unencrypted files through the ISP). FTP is tricky to manage in firewalls. Read the section on this page about passive mode.
Submit to Canvas your modified homework-04.pkt along with a document that describes what you did and your reasoning behind your choices.
Last Revised: 2023-03-15
© Copyright 2023 by Peter C. Chapin
<pchapin@vtc.edu>