Assessment 1
Assessment type: Practical and Written Assessment, Individual assignment (1,000 words).
Purpose: The purpose of this assignment is to assess student understanding on firewall design and configuration and students ability to exercise the operational, analytical and critical skills needed to reduce the potential security risks. Analyse and evaluate the organizational adoption of security controls.Design solutions for concrete security problems for distributed applications This assessment contributes to learning outcomes a, b.
ICT 205 Cyber Security Assignment 1 – King’s Own Institute Australia.
Assessment topic: Firewall Setup and Configuration:
Task Details:For any organizational network it is necessary to identify the services running on the networks/hosts due to the fact that any open ports without appropriate services running can introduce security vulnerabilities into the network. This Assignment requires you to perform a scan on a network to identify the services running on the network/hosts and also to identify the status of the ports. Once a set of scans has been performed on the network/hosts configure the firewall settings to address security in the network.
Case Study for the Assignment: Express Print Services Pty Ltd. is a Medium Business Enterprise comprising with its branch offices based at Sydney, Melbourne and Perth. Each office manages the local area network configuration with appropriate network facilities to reach their business requirements through proper WAN interconnections. The System and Network administrator of the organization realizes that the security of the network has to be addressed and it is highly recommended that there is a need to impose a certain level of filtering for the network to be secure so as to sustain from threats and attacks. To add the restrictions on a particular network it is necessary to identify the possible threats to the organization. For instance, it is necessary to identify the important services that need to run on the network. In order to figure this out there is a need to run scanning on the network to identify the services and ports of the applications. Furthermore, the firewall needs to be configured by adding rules to block and allow the services based on the requirements of the organizations and the security perspective of the network.
ICT 205 Cyber Security Assignment 1 – King’s Own Institute Australia.
The executive management of the organization hires you for the above project and urges you to design the necessary security requirements. Plan an appropriate scanning for the organizational network and configure the firewall rules for the same.
The assignment requires you to do the following:
1.Scanning network services using Nmap application tool from Kali Linux platform in Virtual Box. Run a set of scan commands (from the Nmap cheat sheet) and discuss how the results obtained from Nmap in terms of the services running on the network and other attributes provided in the result. The discussion of results should be supported with screenshots.
2.Write a short summary on the possible threats that can be experienced by the network to set up the firewall configuration accordingly
3.Configure or set up firewall rules for the network using the Ufw of the Kali Linux platform
Configure the following setting on the firewall using the appropriate commands in Kali Linux. The list of commands is provided below:
Command Description
Ufw status To check firewall status
Ufw enable Enable firewall
Ufw allow Allow services, port range and network
Ufw deny Blocking a service
ICT 205 Cyber Security Assignment 1 – King’s Own Institute Australia.
1.Check the firewall status
2.Enable or disable the firewall accordingly
3.Allow services such as TCP, SSH and samba using their port number or name
4.Verify the firewall rules after adding the above services
5.Secure a web server by blocking HTTP service and allowing HTTPS service only
6.Allow a range of ports from 20 to 80 and deny a range of ports from 100 to 500
7.Verify the firewall rules
8.Allow HTTP from a specific subnet to access your web services
9.Block connections to a network interface