M11Cde Skills-Based Assessment

School of Engineering & Computing De authorityment of Computing profits Information Security (M11CDE) Layered Security Student public figure BUSA ABANG obeah SID4560229 I certify that this is my own work f each(a) emerge yes/no and that I take a leak read and understand the University Assessment regulations. Signature pic Submission Details The expatiate below indicate what you should submit, when you should submit it and where is should be submitted to. Submission Date and expressive style Deadline 11 January 2013 1150pm online compliance. Submission Format 1. Fill the online screen for the virtual(a) test which allow be avail competent one week in the lead the final fixed deadline. . Download an electronic re-create of this papers and where at that place be blanks or spaces to pure(a) tradeing information etc. , please entangle them in the document. You submission should include the answers in the document, but do non change the document in whatsoever former(a ) way If the document has been modified other than to include the required information your submission leave be null and void. 3. Your files should be recognise as SID_FIRSTNAME_SURNAME. doc. E. g. vitamin C292_FIRSTNAME_SURNAME. doc. 4. barely the frames from all your cyberspace devices and embed them into the eradicate of this document. 5.If you have attempted to tack VLANs, please also include a switch descriptor from every one of your LAN switches. Please none that this essential be a switch that you have symboliseually tackd VLANs on. 6. If you have implemented the ne twainrk in packet boat Tracer, you may consider submitting a assume of that as salutary but this is not compulsory. Zero Tolerance for late submission If your work is late it will have to be pronounced set according to new university policy. Please ensure you upload your work well forwards the deadline. You will be able to delete and update your work before the deadline. Plagiarism NoteAs with a ll assessed work, both the interrogation and written submission should be your own work. When submitting this work you are explicitly indicating that you have read the rules on plagiarism as defined in the University regulations and that all work is in fact your own, except where explicitly compose apply the accepted referencing style. Feedback and marking The practical work will be marked by using the questions set in the online quiz and sum of questions for each section will depend on the weightings set in the below sections. Feedbacks and marks will be provided once the online practical quiz is submitted.Network topology Whilst the topology proves unaccompanied two soldierss on each LAN, you should configure four hosts on each LAN. Network Information The mad IP net income approach between Dundee and Glasgow is 209. 154. 17. 0 with a subnet entomb of 255. 255. 255. 0. The WAN IP electronic network address between Edinburgh and Glasgow is 209. 154. 16. 0 with a subne t mask of 255. 255. 255. 0. This is clearly shown on the network topology. Dundee information The LAN for Dundee has been assigned an IP network address of 192. 168. 6. 0 Each subnet of the above network call for to accommodate 14 host addresses. The subnet mask will be 255. 255. 255. 40. This is worked out by borrowing 4 bits from the final octet and is shown in the flurry below. Table 1 Custom Subnet Mask for Dundee 255 255 255 240 128 64 32 16 8 4 2 1 128 64 32 16 8 4 2 1 128 64 32 16 8 4 2 1 128 64 32 16 8 4 2 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 Use the 6th working(a) subnet for the LAN.Do not using up subnet energy as the starting signal functional subnet. The plug-in below shows how the 6th usable network can be identified. Network Network ID First legions Last soldiery Broadcast Mask 0 192. 168. 6. 0 192. 168. 6. 1 192. 168. 6. 14 192. 168. 6. 15 /28 1 192. 168. 6. 16 192. 168. 6. 17 192. 168. 6. 30 192. 168. 6. 31 /28 2 192. 168. 6. 2 192. 168. 6. 33 192. 168. 6. 46 192. 168. 6. 47 /28 3 192. 168. 6. 48 192. 168. 6. 49 192. 168. 6. 62 192. 168. 6. 63 /28 4 192. 168. 6. 64 192. 168. 6. 65 192. 168. 6. 78 192. 168. 6. 79 /28 5 192. 168. 6. 80 192. 168. 6. 81 192. 168. 6. 94 192. 168. 6. 95 /28 6 192. 168. 6. 6 192. 168. 6. 97 192. 168. 6. one hundred ten 192. 168. 6. 111 /28 7 192. 168. 6. 112 192. 168. 6. 113 192. 168. 6. 126 192. 168. 6. 127 /28 You should be able to signalize the pattern (or magic heel from the subnet mask). If it is not immediately unembellished deduce the last non-zero octet from 256. Edinburgh information The LAN for Edinburgh has been assigned an IP network address of 192. 168. 5. 0 Again, each subnet of the above network needs to accommodate 14 host addresses.The subnet mask will be 255. 255. 255. 240. This is worked out by borrowing 4 bits from the final octet and is shown in the table below. Table 1 Custom Subnet Mask for Edinburgh 255 255 255 240 128 64 32 16 8 4 2 1 128 64 32 16 8 4 2 1 128 64 32 16 8 4 2 1 128 64 32 16 8 4 2 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 Use the 4th usable subnet for the LAN. Do not use subnet zero as the prototypic usable subnet. You must follow the interpreter for Dundee to complete the table for stride 1 planning. You should be able to identify the pattern (or magic number from the subnet mask). If it is not immediately apparent subtract the last non-zero octet from 256. The elements of the coursework are 1. Planning and assigning addresses 30 marks 2. Basic constellation 40 marks 3. Security ACLs 10 marks 4.Security VLANs 20 marks The basic theme is that Glasgow (GLA) is regional headquarters of the comp either(prenominal). Edinburgh and Dundee are branch offices. Each network associate (student) will be responsible for an inherent network. This means that using either the lab equipment in EC1-13 or Packet Tracer, you will configure 3 routers, 2 switches and 8 PCs. A network address a nd specific number of hosts per subnet has been assigned for the local LAN on each network (Edinburgh and Dundee).From the information provided, the subnet address, the subnet mask, the first and last usable addresses and the pass around address for each site LAN need to be determined. (When using the router or Packet Tracer it is expected that you keep a copy of your router configuration at each stage, just in case you actuate into problems). beat 1 Planning Using the chart below, plan the first ten usable subnets of the LAN address assigned to Edinburgh. You have been devoted the first 6 addresses for Dundee, you are now expected to plan for the first 10 addresses for Edinburgh. Subnet Subnet Subnet First waiter Last Host Broadcast cry Mask (/x) 0 192. 168. 5. 0 28 192. 168. 5. 1 192. 168. 5. 14 192. 168. 5. 5 1 192. 168. 5. 16 28 192. 168. 5. 17 192. 168. 5. 30 192. 168. 5. 31 2 192. 168. 5. 32 28 192. 168. 5. 33 192. 168. 5. 46 192. 168. 5. 47 3 192. 168. 5. 48 28 192. 168. 5. 49 192. 168. 5. 2 192. 168. 5. 63 4 192. 168. 5. 64 28 192. 168. 5. 65 192. 168. 5. 78 192. 168. 5. 79 5 192. 168. 5. 80 28 192. 168. 5. 81 192. 168. 5. 94 192. 168. 5. 95 6 192. 168. 5. 96 28 192. 168. 5. 97 192. 68. 5. 110 192. 168. 5. 111 7 192. 168. 5. 112 28 192. 168. 5. 113 192. 168. 5. 126 192. 168. 5. 127 8 192. 168. 5. 128 28 192. 168. 5. 129 192. 168. 5. 142 192. 168. 5. 143 9 192. 168. 5. 144 28 192. 68. 5. 145 192. 168. 5. 152 192. 168. 5. 159 10 192. 168. 5. 160 28 192. 168. 5. 161 192. 168. 5. 174 192. 168. 5. 175 For the WAN connect for DUN and EDN the lowest usable address on the networks must be used. Identify and use the lowest usable WAN address for your S0 embrasure assigned to you for the two networks shown 1 Dundee209. 154. 17. 1 Edinburgh209. 154. 16. 1 For security reasons, all of the production workstations will be assigned the lower-half of the IP addresses of the assigned subnet. each(prenominal) of the network devices and vigil ance stations will be assigned the upper-half of the IP address numbers of the subnet assigned for the LAN. From this upper half range of addresses, the Ethernet router larboard (the default gateway on each LAN) is to be assigned the highest usable address. Identify the required IP address of the Ethernet user interface on your two routers. Address of your Ethernet interface on Dundee 192. 168. 6. 10 Address of your Ethernet interface on Edinburgh 192. 168. 5. 78 The host (PC) configurations must also be planned. Using the table, complete the host information. Branch DUN IP Address strand takings Host Range 192. 168. 6. 97192. 168. 6. 103 (Lower half) Management Host Range 192. 168. 6. 104192. 168. 6. 10 (Upper half) 5 marks for ranges of addresses Supply addresses for a production and management host. take Host (1) IP Address192. 168. 6. 97 Subnet Mask255. 255. 255. 240 Default Gateway192. 168. 6. 110 Management Host (1) IP Address192. 168. 6. 104 Subnet Mask255. 2 55. 255. 240 Default Gateway192. 168. 6. 110 Branch EDN IP Address Range occupation Host Range 192. 68. 5. 65192. 168. 5. 71 (Lower half) Management Host Range 192. 168. 5. 72192. 168. 5. 78 (Upper half) Supply addresses for a production and management host. Production Host (1) IP Address192. 168. 5. 65 Subnet Mask255. 255. 255. 240 Default Gateway192. 168. 5. 78 Management Host (1)IP Address192. 168. 5. 72 Subnet Mask255. 255. 255. 240 Default Gateway192. 168. 5. 78 Step 2 Basic variety Apply a basic configuration to the router. This configuration should include all the normal configuration items. You must supply one router configuration file. This will be either Dundee or Edinburgh. The router configuration files will be marked as follows Basic Configuration Router reboot Console and VTY configuration and words (use cisco, class and berril for soothe, secret and VTY rallying crys respectively) port configurations DTE/DCE identified appropriately and clockrates set only on DCE Routing correct and working (RIP is fine) Host tables Banner display before login warn of unauthorised nark Basic Configuration (40 marks) Security (ACLS label as part of step 3) 1. ACLs correct and apply to correct interface in correct direction 10 2. ACLs correct but not applied to correct interface or direction 7 9 3. ACLs attempted but slightly errors or wrong placement 4 6 4. ACLs attempted but incorrect and not applied properly 1- 3 5. ACLs not attempted 0ACL Total (Total 10 marks) Step 3 Security There are several security concerns in the Internetwork. Develop Access Control Lists (ACLs) to address security issues. The following problems must be addressed 1. The production hosts in both the Edinburgh and Dundee networks are permitted HTTP gravel to the 172. 16. 0. 0 network, management hosts are permitted no access to this network. 2. The company has observe an Internet Web server at 198. 145. 7. 1 that is known to fill viruses. All hosts are banned from reaching this site. The ACLs are worth 10 marks. Step 4 VLANsThis step is the final 20% of the coursework mark. To achieve this step you should consider how you might use a VLAN to separate the production and management LANs. The goal is that neither network should be able to see the other network traffic. There is no additional guidance on this part of the skills test as you are expected to identify 1. An appropriate VLAN number to use for each VLAN. 2. An appropriate VLAN configuration. 3. Implement the VLAN and provide the switch configuration file(s) to show that the VLAN has been implemented. VLAN Marks The VLAN component will be marked as follows VLAN configured and correct configuration supplied 20 VLAN identified but configuration sketchy or incorrect 10 15 VLAN attempted 5 10 depending on level of attempt VLAN not attempted 0 VLAN (Total 20 marks) Appendix Network device configurations pic pic pic pic pic pic pic pic pic pic Press emergence to get started Route r alter Routerconfigure terminal cipher configuration commands, one per line. last with CNTL/Z. Router(config) Router(config)hostname EDINBURGH EDINBURGH(config)line locker 0 EDINBURGH(config-line)password ciscoEDINBURGH(config-line)login EDINBURGH(config-line) back up EDINBURGH(config)line vty 0 4 EDINBURGH(config-line)password cisco EDINBURGH(config-line)login EDINBURGH(config-line) effect EDINBURGH(config)enable password cisco EDINBURGH(config) release EDINBURGH %SYS-5-CONFIG_I Configured from locker by console EDINBURGHconfigure terminal place down configuration commands, one per line. leftover with CNTL/Z. EDINBURGHen Password EDINBURGHconfig t inclose configuration commands, one per line. End with CNTL/Z. EDINBURGH(config)enable secret class EDINBURGH(config)exit EDINBURGH SYS-5-CONFIG_I Configured from console by console pic pic EDINBURGHconfigure terminal Enter configuration commands, one per line. End with CNTL/Z. EDINBURGH(config)interface serial2/0 EDINBURGH(confi g-if)ip address 209. 154. 16. 1 255. 255. 255. 0 EDINBURGH(config-if)no gag rule %LINK-5-CHANGED Interface Serial2/0, changed state to up EDINBURGH(config-if)exit %LINEPROTO-5-UPDOWN Line protocol on Interface Serial2/0, changed state to up EDINBURGH(config)interface fastethernet0/0 EDINBURGH(config-if)ip address 192. 168. 5. 78 255. 255. 255. 240 EDINBURGH(config-if)no shutdown LINK-5-CHANGED Interface FastEthernet0/0, changed state to up %LINEPROTO-5-UPDOWN Line protocol on Interface FastEthernet0/0, changed state to up EDINBURGH(config-if)exit EDINBURGH(config)router rip EDINBURGH(config-router)network 172. 16. 0. 0 EDINBURGH(config-router)network 192. 168. 6. 0 EDINBURGH(config-router)network 192. 168. 5. 0 EDINBURGH(config-router)network 209. 154. 16. 0 EDINBURGH(config-router)network 209. 154. 17. 0 EDINBURGH(config-router)exit EDINBURGH(config) banner motd warn of unauthorised access EDINBURGH(config) banner login do not enter if you are not authorized EDINBURGH(config)ip h ost DUN 209. 54. 17. 1 192. 168. 6. 110 EDINBURGH(config)ip host GLA 172. 16. 1. 254 209. 154. 16. 2 209. 154. 17. 2 EDINBURGH(config)exit EDINBURGH %SYS-5-CONFIG_I Configured from console by console EDINBURGHcopy running-config startup-config terminal computer filename startup-config? grammatical construction configuration OK EDINBURGH EDINBURGHshow host Default Domain is not set Name/address lookup uses domain emolument Name servers are 255. 255. 255. 255 Codes UN unknown, EX expired, OK OK, revalidate temp temporary, perm permanent NA Not Applicable none Not definedHost Port Flags Age eccentric person Address(es) DUN None (perm, OK) 0 IP 192. 168. 6. 110 209. 154. 17. 1 GLA None (perm, OK) 0 IP 172. 16. 1. 254 209. 154. 16. 2 209. 154. 17. 2 EDINBURGH pic pic pic EDINBURGHshow r Building configuration Current configuration 1291 bytes version 12. 2 no service timestamps log datetime msec no service timestamps debug datetime msec o service password-encryption hostn ame EDINBURGH enable secret 5 $1$mERr$9cTjUIEqNGurQiFU. ZeCi1 enable password cisco ip host DUN 192. 168. 6. 110 209. 154. 17. 1 ip host GLA 172. 16. 1. 254 209. 154. 16. 2 209. 154. 17. 2 interface FastEthernet0/0 ip address 192. 168. 5. 78 255. 255. 255. 240 ip access-group 100 in duplex house auto upper berth auto interface FastEthernet1/0 no ip address duplex auto speed auto shutdown interface Serial2/0 ip address 209. 154. 16. 1 255. 255. 255. 0 ip access-group 10 out interface Serial3/0 no ip address shutdown interface FastEthernet4/0 o ip address shutdown interface FastEthernet5/0 no ip address shutdown router rip network 172. 16. 0. 0 network 192. 168. 5. 0 network 192. 168. 6. 0 network 209. 154. 16. 0 network 209. 154. 17. 0 ip classless access-list 100 repudiate tcp 192. 168. 5. 72 0. 0. 0. 7 172. 16. 0. 0 0. 0. 255. 255 eq www access-list 100 permit ip any any access-list 10 permit any access-list 10 deny host 198. 145. 7. 1 no cdp run ba nner login Cdo not enter if you are not authorizedC banner motd Cwarn of unauthorised accessC line con 0 password cisco login line vty 0 4 password cisco login endEDINBURGH EDINBURGHshow access-lists configuration EDINBURGH(config)access-list 100 deny tcp 192. 168. 5. 72 0. 0. 0. 7 172. 16. 0. 0 0. 0. 255. 255 eq 80 EDINBURGH(config)access-list 100 permit ip any any EDINBURGH(config)interface fastethernet0/0 EDINBURGH(config-if)ip access-group 100 in EDINBURGH(config-if)exit EDINBURGH(config)access-list 10 permit any EDINBURGH(config)access-list 10 deny host 198. 145. 7. 1 EDINBURGH(config)interface serial2/0 EDINBURGH(config-if)ip access-group 10 out EDINBURGH(config-if)exit EDINBURGH(config)exit EDINBURGH %SYS-5-CONFIG_I Configured from console by consoleEDINBURGHcopy running-config startup-config Destination filename startup-config? Building configuration OK EDINBURGH pic EDINBURGHshow access-lists Extended IP access list 100 deny tcp 192. 168. 5. 72 0. 0. 0. 7 172. 16. 0. 0 0. 0. 255. 255 eq www permit ip any any Standard IP access list 10 permit any deny host 198. 145. 7. 1 EDINBURGH pic EDINBURGHSWITCH CONFIGURATION Switchen Switchconfig t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)hostname EDINBURGHSWITCH EDINBURGHSWITCH(config)line console 0 EDINBURGHSWITCH(config-line)password ciscoEDINBURGHSWITCH(config-line)login EDINBURGHSWITCH(config-line)exit EDINBURGHSWITCH(config)line vty 0 4 EDINBURGHSWITCH(config-line)password cisco EDINBURGHSWITCH(config-line)login EDINBURGHSWITCH(config-line)exit EDINBURGHSWITCH(config)enable password cisco EDINBURGHSWITCH(config)exit EDINBURGHSWITCH %SYS-5-CONFIG_I Configured from console by console EDINBURGHSWITCHconfig t Enter configuration commands, one per line. End with CNTL/Z. EDINBURGHSWITCH(config)enable secret class EDINBURGHSWITCH(config)exit EDINBURGHSWITCH %SYS-5-CONFIG_I Configured from console by console EDINBURGHSWITCH EDINBURGHSWITCHconfig tEnter configuration commands , one per line. End with CNTL/Z. EDINBURGHSWITCH(config)interface vlan1 EDINBURGHSWITCH(config-if)ip address 192. 168. 5. 77 255. 255. 255. 240 EDINBURGHSWITCH(config-if)no shutdown %LINK-5-CHANGED Interface Vlan1, changed state to up %LINEPROTO-5-UPDOWN Line protocol on Interface Vlan1, changed state to up EDINBURGHSWITCH(config-if)ip default-gateway 192. 168. 5. 78 EDINBURGHSWITCH(config)exit EDINBURGHSWITCH %SYS-5-CONFIG_I Configured from console by console EDINBURGHSWITCHcopy running-config startup-config Destination filename startup-config? Building configuration OKEDINBURGHSWITCH EDINBURGHSWITCHvlan database % Warning It is recommended to configure VLAN from config mode, as VLAN database mode is being deprecated. Please consult user documentation for configuring VTP/VLAN in config mode. EDINBURGHSWITCH(vlan)vlan 10 name production VLAN 10 modified Name production EDINBURGHSWITCH(vlan)vlan 20 name management VLAN 20 added Name management EDINBURGHSWITCH(vlan)exit APPLY complet ed. EDINBURGHSWITCHconfig t Enter configuration commands, one per line. End with CNTL/Z. EDINBURGHSWITCH(config)interface fastethernet0/2 EDINBURGHSWITCH(config-if)switchport mode accessEDINBURGHSWITCH(config-if)switchport access vlan 10 EDINBURGHSWITCH(config-if)end EDINBURGHSWITCH %SYS-5-CONFIG_I Configured from console by console EDINBURGHSWITCHconfig t Enter configuration commands, one per line. End with CNTL/Z. EDINBURGHSWITCH(config)interface fastethernet0/3 EDINBURGHSWITCH(config-if)switchport mode access EDINBURGHSWITCH(config-if)switchport access vlan 10 EDINBURGHSWITCH(config-if)end EDINBURGHSWITCH %SYS-5-CONFIG_I Configured from console by console EDINBURGHSWITCHconfig t Enter configuration commands, one per line. End with CNTL/Z. EDINBURGHSWITCH(config)interface fastethernet 0/4EDINBURGHSWITCH(config-if)switchport mode access EDINBURGHSWITCH(config-if)switchport access vlan 20 EDINBURGHSWITCH(config-if)end EDINBURGHSWITCH %SYS-5-CONFIG_I Configured from console by consol e EDINBURGHSWITCHconfig t Enter configuration commands, one per line. End with CNTL/Z. EDINBURGHSWITCH(config)interface fastethernet0/5 EDINBURGHSWITCH(config-if)switchport mode access EDINBURGHSWITCH(config-if)switchport access vlan 20 EDINBURGHSWITCH(config-if)end EDINBURGHSWITCH %SYS-5-CONFIG_I Configured from console by console EDINBURGHSWITCHshow vlan VLAN Name Status Ports - 1 default lively Fa0/1, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22, Fa0/23, Fa0/24 Gig1/1, Gig1/2 10 production active Fa0/2, Fa0/3 20 management active Fa0/4, Fa0/5 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsupVLAN typeface SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2 - - - 1 enet 100001 1500 0 0 10 enet 100010 1500 0 0 20 enet 100020 1500 0 0 1002 fddi 101002 1500 0 0 1003 tr 101003 1500 0 0 1004 fdnet 101004 1500 ieee 0 0 1005 trnet 101005 1500 ibm 0 0 Remote SPAN VLANs Primary Secondary Type Ports - EDINBURGHSWITCH pic pic pic