SlideShare a Scribd company logo

Netw450 advanced network security with lab entire class

•
•
C
Carlosbhakta

Netw450 advanced network security with lab entire class

Economy & Finance
1 of 21
Download to read offline
NETW450 Advanced Network Security with Lab Entire Class https://homeworklance.com/downloads/netw450-advanced-network-security-lab-entire-class/ NETW450 Advanced Network Security with Lab Entire Class   Devry NETW 450 Week 1 Discussion DQ 1 & DQ 2 Latest 2016   DQ 1       Security Policy issues (graded) (graded) What are the key components of a good security policy? What are some of the most common attacks and how can a network be protected against these attacks?   DQ 2     iLab Experiences (graded)   Discuss your experiences with the Skillsoft Lab 1. What parts of the iLab did you find difficult or unclear? What did you learn about security in completing the assigned iLab?     Devry NETW 450 Week 2 Discussion DQ 1 & DQ 2 Latest 2016   DQ 1   Router Security (graded) Discuss the methods that can be used on standard IOS router that will prevent unauthorized access to the router. Also, discuss how privilege levels and role-based CLI can improve the security on the router.   DQ 2   iLab Experiences (graded)
Read the Week 2 iLab instructions and discuss the expectations you have regarding this lab. Do you think it is important to prevent access to unused ports and services on the routers within your network? How did your actual lab experiences meet your expectations? Are there specific insights or challenges you encountered you would like to share with the class.     Devry NETW 450 Week 3 Discussion DQ 1 & DQ 2 Latest 2016   DQ 1 Layer 2 (Switch) Security (graded)   Discuss the attacks that can occur on a layer 2 switch and how the network can be impacted by these attacks. Also, discuss the methods that can be used to mitigate the effects of these attacks on the network.     DQ 2   iLab Experiences (graded)     Read the Week 3 iLab instructions and discuss the expectations you have regarding this lab. Do you think it is important to prevent access to unused ports and services on the routers within your network? How did your actual lab experiences meet your expectations? Are there specific insights or challenges you encountered that you would like to share with the class? What did you learn about security ACLs in completing this lab?       Devry NETW 450 Week 4 Discussion DQ 1 & DQ 2 Latest 2016   DQ 1 Security ACLs and Firewall (graded) Discuss the security ACLs, we covered this week in the text reading and the lecture. Describe different scenarios where a specific type of ACL can enhance network security. Compare CBAC firewalls versus zone-based firewalls. What are the advantages and disadvantages of each?   DQ 2   iLab
Experiences and WLAN Security (graded)   Read the Week 4 iLab instructions and discuss the expectations you have regarding this lab. Do you think the wireless LAN is secure on your network? What wireless security measures can you take to secure the WLAN? How did your actual lab experiences meet your expectations? Are there specific insights or challenges you encountered that you would like to share with the class? What did you learn about wireless access points and roaming in completing this lab?     Devry NETW 450 Week 5 Discussion DQ 1 & DQ 2 Latest 2016   DQ 1   AAA Servers (graded)   Compare the relative merits of TACACS+ and RADIUS AAA servers. What advantages and disadvantages does each type of AAA server have?     DQ 2     iLab Experiences and Analyzing Bandwidth Needs (graded)    Read the Week 5 iLab instructions and discuss the expectations you have regarding this lab. Do you think the overhead involved in securing communication links can affect the bandwidth requirements of a network? How did your actual lab experiences meet your expectations? Are there specific insights or challenges you encountered that you would like to share with the class?  What did you learn about analyzing bandwidth requirements for serial links in completing this lab?       Devry NETW 450 Week 6 Discussion DQ 1 & DQ 2 Latest 2016   DQ 1  
Virtual Private Networks (graded)   Discuss what you learned about the configuration and operation of virtual private networks.     DQ 2     iLab Experiences (graded)   Read the Week 6 iLab instructions and discuss the expectations you have regarding this lab. Periodic security audits are necessary to ensure continued protection of a company network. Why is it important to use and run a scheduled security audit on your network? How did your actual lab experiences meet your expectations? Are there specific insights or challenges you encountered that you would like to share with the class? What did you learn about security audits in completing this lab?     Devry NETW 450 Week 7 Discussion DQ 1 & DQ 2 Latest 2016   DQ 1     Intrusion Detection/Prevention Systems (IDS/IPS) (graded)   Intrusion detection systems can be implemented on IOS firewall routers and security appliances. They can also be dedicated in in-line hardware devices. Why is intrusion detection important in networks with connections to the Internet, and what are the functions of IDS? What are the differences between intrusion detection systems (IDS) and intrusion prevention systems (IPS)?   DQ 2     iLab Experiences (graded)   Read the Week 7 iLab instructions and discuss the expectations you have regarding this lab. Periodic security audits are necessary to ensure continued protection of a company network. Why is it important to use and run a scheduled security audit on your network? How did your actual lab experiences meet your expectations? Are there specific insights or challenges you encountered that you would like to share with the class?
What did you learn about security audits in completing this lab?   i labs   iLab 2 of 7: Security Demands   Note! Submit your assignment to the Dropbox, located at the top of this page. (See the Syllabus section “Due Dates for Assignments & Exams” for due dates.)   iLAB OVERVIEW Scenario and Summary In this lab, the students will examine the following objectives.  Create ACL to meet the requirements of the security demands.  Modify existing ACL to meet additional security requirements. Deliverables Students will complete all tasks specified in the iLab Instructions document. As the iLab tasks are completed, students will enter CLI commands, and answer questions in the iLab Report document. This iLab Report document will be submitted to the iLab Dropbox for Week 2. Supporting Documentation  SEC450 ACL Tutorial  Textbook (Chapter 3)  Webliography links on Access Control List Required Software  Access the software at Skillsoft iLAB STEPS STEP 1: Access Skillsoft iLab Back to Top Access Skillsoft Labs at the provided iLab link, and select Catalog. Click to Launch the course and then select Lab2. Then, download the PDF instructions. Ensure that you open and read the iLab instructions before you begin the lab. PLEASE NOTE: Lab instr STEP 2: Perform iLab 2 Back to Top Download and open SEC450_W2_Security_Demands_Lab2_Report.docx. Follow the instructions to perform all procedures in this week lab. Instructions in red indicate tasks that you need to answer and include in the lab report. STEP 3: Complete Your Lab Report Back to Top When you are satisfied with your documentation, submit your completed report to the Dropbox. Submit your lab to the Dropbox, located at the top of this page. For instructions on how to use the Dropbox, read these step-by-step instructionsor watch this Dropbox Tutorial. See the Syllabus section “Due Dates for Assignments & Exams” for due date information.   Student   Security Demands Lab NETW 450 Week 2 iLab2 Report Copy below each of the tasks that appears inred in the pdf lab Instructions from Skillsoft. Then, write the answer following each of the tasks. Submit this document to the iLab Dropbox in Week 2.
      week 3       Lab 3 of 7: Database Security Demands Note! Submit your assignment to the Dropbox, located at the top of this page. (See the Syllabus section “Due Dates for Assignments & Exams” for due dates.) iLAB OVERVIEW   NETW 450 ACL Tutorial   This document highlights the most important concepts on Access Control List (ACL) that you need to learn in order to configure ACL in CLI. This tutorial does not intend by any mean to cover all ACL applications, but only those scenarios used in the SEC450 iLabs. Introduction to Access Control List  A host-based firewall essentially works closing and/or opening ports in a computer. The engine behind firewalls is built with Access Control Lists (ACL).    Network-based firewalls are implemented in device-specific appliances and routers. Basically, firewalls in routers filter packets through interfaces to permit or deny them.    Ports are layer-4 address specified in TCP/IP protocol suit that identify networking processes running in clients and servers.    ACLs are configured using shell-specific commands. In Cisco IOS, CLI commands access-list and access-group are used to create and apply ACL on an interface.    ACL can be named by number ID or a name. Naming ACL is useful to identify ACL’s purpose.    ACL are classified in Standard ACL and Extended ACL.    Standard ACL’s number IDs are assigned from 1 to 99. Extended ACL’s number IDs are from 100 to 199.    Standard ACL only uses source IP address in an IP packet to filter through an interface. Hence, standard ACL denies or permits all packets (IP) with the same source IP regardless upper protocols, destination IP address, etc. Example 1: Router(config)#access-list 8 deny host 172.12.3.5    Extended ACL does filtering packets based on protocol, source IP address, source port number, destination IP address, and destination port number. Example 2: Router(config)#access-list 102 deny tcp host 10.0.3.2 host 172.129.4.1. Deny tcp packets with source IP address 10.0.3.2 and destination IP address 172.129.4.1.  
 Since, Standard ACLs only have source IP address; the rule is to apply them in an interface as closer as possible to the destination IP address.    For the contrary, the rule for Extended ACLs is to apply them in an interface as closer as possible to the source IP address.    Use Extended ACL in all iLabs as they are more granular on packet filtering. Create Extended ACL in global configuration  You can use access-list command options lt, gt, eq, neq, and range (less than, greater than, equal, not equal, range of ports) to do operation with port numbers. Example 3: access-list 102 deny tcp any host 11.23.45.7 gt 20 denies all packets with any source IP address to destination IP address 11.23.45.7 and destination tcp port greater than 20. Example 4: access-list 107 permit udp any any permits all packets with udp protocol with any source IP address to any destination IP address.    Extended ACL can do packet filtering based on source port number and destination port number.  Extended ACL Syntax can be as follows. access-list <#,name> <protocol> host <source_ip> <port_qualifier> <source_port_number> host <dest_ip> <port_qualifier> <dest_port_number> where: <#,name> is a number between 100 to 199 or a one-word name <protocol> is any protocol in the TCP/IP suite <source_ip> and <dest_ip> are the source and destination IP addresses <port_qualifier> is optional, and can be eq, gt, lt, neq, and range <source_port_number> and <dest_port_number> follow <port_qualifier> to specify the port number(s). <port_qualifier> and <port_number> can be replaced by the application protocol. Example, http instead of eq 80.    Creation of ACL follows the three Ps rule. One ACL per protocol, per interface, per traffic direction. Per protocol means ones protocol such as IP, TCP, IPX, UDP, or ICMP can be specified. Per interface means the ACL is applied to an interface to make it active. Per direction means the ACL needs to specify which direction at the interface, packet in or out, filtering applies.    Steps for configuring a new ACL are: First, create the ACL in CLI global configuration using access- list command(s). Then, apply the ACL using access-group command in CLI interface configuration. The ACL is activated unless it is applied to an interface.    An ACL consists of one or more access-list commands. Routers process the ACL commands in order; top first to bottom last likewise a scripting or computer program. That is why the order of access-list commands makes a difference.    The effectiveness of an access-list command depends upon previous access-list commands. Therefore, always write the commands following the order; more-specific-traffic commands first and, then more-generic-traffic commands last. Example 5: It makes sense to write an ACL as Router(config)#access-list 101 deny tcp host 10.0.3.2 any Router(config)#access-list 101 permit tcp any any But never follows the order below, because the second command is more specific, and therefore, “deny” is worthless because the first command already lets packets passing through.
Router(config)#access-list 101 permit tcp any any Router(config)#access-list 101 deny tcp host 10.0.3.2 any    All ACL have a hidden access-list command at the end that denies all packets (i.e., deny ip any any). Hence, packets that are not specifically permitted in a command will always be denied by the ACL. Example 6: Use command Router(config)#access-list 105 permit ip any any at the end of ACL if it requires to permit all other traffic after denying packets with Router(config)#access-list 105 deny icmp any host 192.168.10.244    Wildcard option is used in access-list commands filtering packets from a subnet of source and/or destination IP addresses instead of single hosts. IP addresses in each of those subnets must be continuous. Filtering on port numbers is also applicable, but it have been omitted for the sake of simplicity. Here is the syntax. access-list <#,name> <protocol> <source_ip> <source_wildcard> < <dest_ip> <dest_wildcard> where: <#,name> is a number between 100 to 199 or a one-word name <protocol> is any protocol in the TCP/IP suite <source_ip> and <dest_ip> are the source and destination IP addresses <source_wildcard> and <dest_wildcard> specify the subnet ranges of source and destination IP addresses    Wildcard in ACL has the same meaning as in routing protocols such as EIGRP and OSPF. Wildcard bit 0 means the bit in the IP address must be the same as the corresponding bit in the subnet IP addresses. Wildcard bit 1 means the bit in the IP address can be any value (0 or 1). Example 7: access-list 105 deny udp 172.16.7.3 0.0.0.3 any means to deny all packets with udp protocol with source IP addresses from 172.16.7.0 to 172.16.7.3 to any destination IP address. Note that .3 is in binary .00000011 and .000000xx for wildcard, where x means any (0 or 1). Example 8: access-list 109 permit tcp host 192.168.6.3 eq 80 10.0.0.0 0.0.0.255 means to permit all tcp packets from source IP address 192.168.6.3 and source port tcp 80 (e.g., http server) to destination IP addresses in range 10.0.0.0 to 10.0.0.255. The fact that 10.0.0.0 would not qualify for host IP in classful networks is irrelevant to the ACL.    Using wildcard with all 0s is the same as using the option host in access-list commands. Example 9: access-list 110 permit ip host 10.23.4.3 host 10.30.2.1 and access-list 110 permit ip 10.23.4.3 0.0.0.0 10.30.2.1 0.0.0.0 are equivalent commands. Both permit filtering packets with source IP address 10.23.4.3 and destination IP address 10.30.2.1.    Only use wildcard in access-list commands when the ACL requires filtering packets on subnet of IP addresses; either at source, destination, or both. Applying ACL to an Interface to activation  Example 10: Assume you need to create an ACL in router that permits filtering any traffic excepting udp packets with source IP address 10.23.4.3 and destination IP address 10.30.2.1 as shown in the network diagram below.  First, you need to create an extended ACL in CLI global configuration. Router#config t Router(config)#access-list 103 deny udp host 10.23.4.3 host 10.30.2.1 Router(config)#access-list 103 permit ip any any  
 Second, you need to apply ACL 103 in an interface closer to the source (e.g., extended ACL rule of thumb). The closer interface is S0/1 in Router for traffic coming from IP 10.23.4.3. Thus, you go to interface configuration in CLI to activate the ACL. Router(config)#interface s0/1 Router(config-if)#ip access-group 103 in    If you need to make any correction after creating an ACL, then erase first the ACL from global and interface configurations. To erase ACL 103 from the previous example execute the following commands. Router(config)#interface s0/1 Router(config-if)#no ip access-group 103 Router(config)#no ip access-list 103   Now, you can start over creating ACL 103. If you do not erase the ACL, then new access-list commands will be compounding in the configuration file producing unexpected behavior. Use command show run to verify the ACL is erased and created again correctly. Verify ACL Configuration  Example 11: Let’s say you have been asked to create an ACL in a router R to deny TCP traffic coming through interface Serial 0/2 from source IP address 10.16.2.1 to destination IP address172.16.5.3 with destination port number greater than 200. Also, the ACL should permit filtering any other traffic.    There are two configuration tasks you need to do in CLI. First, create the ACL. Second, apply the ACL to interface Serial 0/2.    So, in CLI, R> enable R# config t R(config)# access-list 101 deny tcp host 10.16.2.1 host 172.16.5.3 gt 200 R(config)# access-list 101 permit ip any any this command is needed to permit any other traffic after denying the selecting packets from the first command. R(config)# interface serial0/2 R(config-if)# ip access-group 101 in this command is to apply the ACL to serial0/2 for traffic coming in. R(config-if)# exit R# show run this is to verify the ACL configuration is correct in running-config.file       R#show running-config version 12.3 ! hostname R ! interface FastEthernet0/0 ip address 192.168.200.1 255.255.255.0 ! interface FastEthernet0/1 ip address 192.168.20.1 255.255.255.0 shutdown !
interface Serial0/0 ip address 200.100.20.2 255.255.255.0 ! interface Serial0/1 ip address 192.168.30.2 255.255.255.0 shutdown ! interface Serial0/2 ip address 192.168.40.1 255.255.255.0 ip access-group 101 in !   router rip network 192.168.200.0 network 200.100.20.0 ! ip default-network 200.100.20.0 ip route 0.0.0.0 0.0.0.0 serial0/0 ! ! access-list 101 permit tcp host 10.16.2.1 host 172.16.5.3 gt 200 access-list 101 permit ip any any ! ! line con 0 line aux 0 line vty 0 4 password cisco line vty 5 15 password cisco ! end    If the ACL is not correct, then delete it with the command below and start over again R# config t R(config)# no access-list 101 R(config)# interface serial0/2 R(config-if)#no ip access-group 10     week 4     AAA Server Authentication Lab   NETW 450 Week 4 iLab4 Report  
Copy below each of the tasks that appears inred in the pdf lab instructions from Skillsoft. Then, write the answer following each of the tasks. Submit this documment to the iLab Dropbox in Week 4.       iLab 5 of 7: VPN – Virtual Private Networks Note! Submit your assignment to the Dropbox, located at the top of this page. (See the Syllabus section “Due Dates for Assignments & Exams” for due dates.)   Student Name: Date: IPSec Site-to-Site VPN Lab SEC450 Week 5 iLab5 Report Copy below each of the tasks that appears inred in the pdf lab Instructions from Skillsoft. Then, write the answer following each of the tasks. Submit this documment to the iLab Dropbox in Week 5.     week 6 iLab 6 of 7: IDS/IPS – Intrusion Detection/Prevention Systems Note! Submit your assignment to the Dropbox, located at the top of this page. (See the Syllabus section “Due Dates for Assignments & Exams” for due dates.)   Student Name: Date: Intrusion Detention System (IDS/IPS) Lab   NETW 450 Week 6 iLab6 Report   Copy below each of the tasks that appears inred in the pdf Lab Instructions from Skillsoft. Then, write the answer following each of the tasks. Submit this documment to the iLab DropBox in Week 6.     week 7     iLab 7 of 7: Network Vulnerability Case Study   Note! Submit your assignment to the Dropbox, located at the top of this page. (See the Syllabus section “Due Dates for Assignments & Exams” for due dates.)   Student Name _________________________________ Date _____________     NETW 450 Network Vulnerability Case Study—iLab7   Objectives In this lab, students will examine the following objectives.
 Differentiate the use of IDS and IPS to detect network attacks.  Design a network with IDS/IPS.  Justify the use of IDS/IPS for a given network solution. Scenario A small company is using the topology shown below to secure its intranet while providing a less-secured environment to its eCommerce DMZ server. The company is concerned that firewalls are not enough to detect and prevent network attacks. Hence, deployment of sensors to intrusion detection systems (IDS) and/or intrusion prevention systems (IPS) are needed in the network. Your job is to provide recommendations, including a network design with IDS/IPS, that meet the company’s requirements. Initial Topology Company’s Requirements 1. Detect any malicious traffic entering the e-commerce server without performance penalty to traffic getting in the server from revenue-generating customers. 2. Stop any malicious traffic entering the human resources LAN (HR LAN). 3. Detect any malicious traffic entering the computer terminal in the marketing LAN (MKT LAN). 4. Stop any traffic entering the File Server in MKT LAN. 5. Deploy a centralized database and analysis console in the intranet to managing and monitoring both IDS and IPS sensors. Note: RED text indicates the required questions to answer Task 1—Layout the New Network Design Click on the Initial Network Topology link on the iLab page in Week 7, and save in your computer the MS Powerpoint fileInitial_Network_Topology_iLab7.ppt. This file contains a diagram for the initial network topology and pictures of all components needed to create the new network design. Review the documentation provided in the references at the end of these instructions to get more familiar with the implementation of IDS and IPS in network design. You need to find a network solution that meets the company’s requirements. #1. Paste below your new network design diagram. Task 2—IDS/IPS Recommendations #2. Write an engineering specification document of at least 250 words (e.g., 1 page of full text, double space, and size 12) describing why your network’s design meets each of the company’s requirements. Justify how each recommendation addresses the company’s needs. Task 3—Conclusions #3. Describe in two paragraphs your learning experience in this lab. References: 1.SANS Institute. “Network IDS & IPS Deployment Strategies“—Webliography 2.Paquet, C. (2012). Implementing Cisco IOS network security (IINS) foundation learning guide (2nd ed.). Indianapolis, IN: Cisco Press. 3.NIST. “Guide to Intrusion Detection and Prevention Systems (IDPS)”—Webliography     quizes   week 2 1.(TCO 2) Which of the following prompts indicates that you have booted into the IOS stored in Bootstrap ROM (possibly due to a Ctrl-Break entered during power-up)? (Points : 3) Router>
> or ROMMON> (Boot)> ROM>   Question 2.2.(TCO 2) Which is the command sequence used to configure a console terminal password on a Cisco router? Note: <CR> represents a carriage return or Enter key. (Points : 3) line con 0 <CR> password {password} <CR> line con 0 <CR> password {password] <CR> login <CR> line con 0 <CR> login {password} <CR> line {password} con 0 <CR>   Question 3.3.(TCO 2) To enter privileged EXEC mode, you can type the command _____ at the user EXEC prompt. (Points : 3) enter enable activate open   Question 4.4.(TCO 2) Which of the following IOS commands will set the minimum length for all router passwords to eight characters? (Points : 3) (config)# service passwords min-length 8 (config)# passwords min-length 8 (config)# security passwords min-length 8 (config)# passwords security min-length 8   Question 5.5.(TCO 2) Which of the following commands will prevent password recovery using ROM monitor mode? (Points : 3) (config)# no rom monitor (config)# no password-recovery (config)# no service password-recovery (config)# no password-recovery service   Question 6.6.(TCO 2) To configure role-based CLI on a Cisco router, the first command to enter in privileged mode is _____. (Points : 3) parser view view enable enable view config view   Question 7.7.(TCO 2) Which of the following commands is required before you can begin configuring SSH configuration on a Cisco router? (Points : 3) Crypto key generate rsa IP domain-name Crypto key zeroize Transport input ssh   Question 8.8.(TCO 2) Which of the following cannot be used to enhance access security on a router? (Points : 3)
MD5 encrypted enable passwords SHA encrypted usernames Privilege levels MD5 encrypted username   week 4   Question 1. 1.(TCO 4) Which type of access list entry is dynamic and becomes active only when a Telnet session is authenticated? It can be used for inbound or outbound traffic. (Points : 3) Established Lock and key Reflexive CBAC   Question 2. 2.(TCO 4) What function CBAC does on a Cisco IOS firewall? (Points : 3) Creates specific security policies for each user. Provides secure, per-application access control across network perimeters. Provides additional visibility at intranet, extranet, and Internet perimeters. Protects the network from internal attacks and threats.   Question 3. 3.(TCO 4) Given the configuration shown below, the idle timeout for TCP and UDP sessions is _____. ip inspect audit-trail ip inspect name FWRULE tcp timeout 180 ip inspect name FWRULE udp timeout 180 ! interface FastEthernet0/0 ip access-group 100 in ip inspect FWRULE in ! interface FastEthernet0/1 ip access-group 101 in ! logging on logging 192.168.100.100 ! access-list 100 permit ip any any ! access-list 101 deny ip any any log (Points : 3) 180 minutes 180 seconds 180 days 180 milliseconds Question 4. 4.(TCO 4) Given the configuration shown below, the host at IP address 192.168.100.100 is a _____. ip inspect audit-trail ip inspect name FWRULE tcp timeout 180 ip inspect name FWRULE udp timeout 180 ! interface FastEthernet0/0
ip access-group 100 in ip inspect FWRULE in ! interface FastEthernet0/1 ip access-group 101 in ! logging on logging 192.168.100.100 ! access-list 100 permit ip any any ! access-list 101 deny ip any any log (Points : 3) TACACS+ server syslog server Radius server TACACS server     Question 5. 5.(TCO 4) Which of the following is not a policy action that can be specified for zone-based firewall traffic? (Points : 3) Pass Drop Hold Inspect     Question 6. 6.(TCO 4) With zone-based firewalls, which of the following is used to define interfaces on routers that have the same security level? (Points : 3) Zones Class maps Policy maps Zone pairs     Question 7. 7.(TCO 4) What is the range of ACL numbers for a standard access list?(Points : 3) 100–199 and 1700–1999 1–99 and 1300–1999 0–99 100–199     Question 8. 8.(TCO 4) In CLI, the zone-pair command is used to associate together which of the following?(Points : 3) Zones and service-policy Class maps and interface Policy maps and interface Class-type and interface  
  week 6     Question 1.1. (TCO 6) When you are configuring a Cisco IOS firewall router for IPSec using RSA signatures, you need to generate a local RSA key. Before you generate the RSA key, you must _____. (Points : 3) generate general purpose keys configure a domain name for the router contact a third-party certificate authority (CA) enable the key management protocol in global configuration mode     Question 2.2. (TCO 6) IPSec VPNs use ACLs to specify VPN tunnel traffic. Any traffic not permitted in the ACL will be _____. (Points : 3) dropped before it exits the VPN outbound interface passed through the VPN outbound interface with no IPSec protection encrypted and sent out through the VPN outbound interface because the ACL specifies traffic to be restricted sent back to the sender with a message indicating invalid IPSec format     Question 3.3. (TCO 6) The Cisco IOS firewall crypto isakmp policy mode command that will set the isakmp security association lifetime is _____. (Points : 3) lifetime {days} lifetime {seconds} set lifetime {days} set lifetime {seconds}     Question 4.4. (TCO 6) _____ encryption algorithms use one key to encrypt the data and another key to decrypt the data between the sender and recipient. (Points : 3) Symmetric Asymmetric Balanced Bidirectional     Question 5.5. (TCO 6) The _____ encryption algorithm uses a key size of 168 bits. (Points : 3) DES 3DES AES WEP     Question 6.6. (TCO 6) Which of the following encryption algorithms is considered the most secure? (Points : 3) DES 3DES AES WEP
    Question 7.7. (TCO 6) Which of the following commands will delete all of the IOS firewall router’s RSA keys? (Points : 3) crypto key remove rsa crypto key delete rsa crypto key zeroize rsa crypto key remove rsa all     Question 8.8. (TCO 6) What is the size of the keys in an DES algorithm? (Points : 3) 32 bits 96 bits 112 bits 56 bits     week 7     Question 1.1. (TCO 7) The type of IDS signature that triggers on a multiple packet stream is called _____. (Points : 3) atomic dynamic cyclical compound or composite     Question 2.2. (TCO 7) Which device responds immediately and does not allow malicious traffic to pass? (Points : 3) Intrusion detections system (IDS) Intrusion prevention system (IPS) All of the above Neither of the above     Question 3.3. (TCO 7) An IPS sensor that receives a copy of data for analysis while the original data continues toward the destination is running in _____ mode. (Points : 3) passive active promiscuous inline     Question 4.4. (TCO 7) Most IOS commands used to configure an intrusion prevention system (IPS) begin with the prefix _____. (Points : 3) ids ips ips ip ip ips
ios ips     Question 5.5. (TCO 7) Which is an IDS or IPS signature? (Points : 3) A message digest encrypted with the sender’s private key A set of rules used to detect typical intrusive activity A binary pattern specific to a virus An appliance that provides anti-intrusion services     Question 6.6. (TCO 7) Which of the following ip actions will drop the packet and all future packets from this TCP flow? (Points : 3) Deny attacker inline Deny connection inline Deny ip host inline Deny packet inline     Question 7.7. (TCO 7) Which of the following are signature types that IOS firewall IDS can detect as requiring the storage of state information? (Points : 3) Atomic Dynamic Cyclical Compound (composite)     Question 8.8. (TCO 7) Why is a network using IDS only more vulnerable to atomic attacks? (Points : 3) IDS must track three-way handshakes of established TCP connections. IDS cannot track UDP sessions. IDS permits malicious single packets into a network. IDS is not stateful and therefore cannot track multiple-packet attack streams.         NETW 450 Final Answers       Question 1. 1. (TCO 1) The component of network security that ensures that authorized users have access to data and network resources is _____. (Points : 6) data integrity data confidentiality data and system availability data and user authentication     Question 2. 2. (TCO 1) The type of security control that makes use of firewalls is called _____. (Points : 6)
administrative physical technical clerical     Question 3. 3. (TCO 2) To configure a role-based CLI on a Cisco router, the first command to enter in privileged mode is _____. (Points : 6) parser view view enable enable view config view super view     Question 4. 4. (TCO 2) The show running-config output can be modified using all of the following pipes except for _____. (Points : 6) | begin | end | include | exclude     Question 5. 5. (TCO 3) Which of the following is the default number of MAC addresses allowed when you execute the switchport port-security command on a switch port? (Points : 6) Zero One Two Three     Question 6. 6. (TCO 3) Which switch feature causes a port to skip the listening and learning states, causing the port to enter the forwarding state very quickly? (Points : 6) fastport portfast enablefast portforward     Question 7. 7. (TCO 4) With zone-based firewalls, which of the following is used to specify actions to be taken when traffic matches a criterion? (Points : 6) Zones Class maps Policy maps Zone pairs    
Question 8. 8. (TCO 4) Which type of access list uses rules placed on the interface where allowed traffic initiates and permits return traffic for TCP, UDP, SMTP, and other protocols? (Points : 6)   Established Lock and key Reflexive CBAC     Question 9. 9. (TCO 5) Which AAA server protocol offers support for ARAP and NETBEUI protocols as well as IP? (Points : 6) CSACS RADIUS OpenACS TACACS+     Question 10. 10. (TCO 5) Which of the following is not considered a component of AAA? (Points : 6) Authentication Authorization Accounting Administration     Question 11. 11. (TCO 6) The Cisco IOS command that will display all current IKE security associations (SAs) is _____. (Points : 6) show crypto ipsec show crypto isakmp show crypto ipsec sa show crypto isakmp sa show crypto ike sa     Question 12. 12. (TCO 6) The Cisco IOS firewall crypto isakmp policy mode command that will set the isakmp security association lifetime is _____. (Points : 6) lifetime {days} lifetime {seconds} set lifetime {days} set lifetime {seconds}     Question 13. 13. (TCO 7) Cisco routers implementing IPS can save IPS events in a Syslog server by executing which of the following commands? (Points : 6) ip ips log {IP Address} ip ips notify syslog ip ips notify log ip ips notify sdee  
  Question 14. 14. (TCO 7) Which of the following is not an action that can be performed by the IOS firewall IDS router when a packet or packet stream matches a signature? (Points : 6) Drop the packet immediately. Send an alarm to the Cisco IOS designated Syslog server. Set the packet reset flag and forward the packet through. Block all future data from the source of the attack for a specified time.     Question 15. 15. (TCO 1) Explain how to mitigate a Smurf attack. (Points : 24)     Question 16. 16. (TCO 2) Type the global configuration mode and line configuration mode commands that are required to secure the VTY lines 0 through 15 to use the local username admin with the encrypted password adminpass for remote Telnet or SSH log-ins to the Cisco router. (Points : 24)     Question 17. 17. (TCO 3) What are at least two best practices that should be implemented for unused ports on a Layer 2 switch for switch security? (Points : 24)     Question 18. 18. (TCO 4) Given the commands shown below and assuming F0/0 is the inside interface of the network, explain what this ACL does. access-list 100 permit tcp any any eq 80 time-range MWF time-range MWF periodic Monday Wednesday Friday 8:00 to 17:00 time-range absolute start 00:00 30 Sept 2014 end 01:00 30 Sept 2014 int f0/0 ip access-group 100 in Correct Answer: (Points : 24)     Question 19. 19. (TCO 5) Type two global configuration mode commands that enable AAA authentication and configure a default log-in method list. Use a TACACS+ server first, then a local username and password, and finally the enable password. (Points : 24)     Question 20. 20. (TCO 6) Discuss the data encryption algorithms DES and 3DES. Discuss the key lengths, and rank the algorithms in order of best security. (Points : 24)     Question 21. 21. (TCO 7) Explain the two benefits of Cisco IPS version 5.x signature format over the Cisco IPS version 4.x signature format. (Points : 22)

Recommended

Java code coverage with JCov. Implementation details and use cases.
Java code coverage with JCov. Implementation details and use cases.Java code coverage with JCov. Implementation details and use cases.
Java code coverage with JCov. Implementation details and use cases.Alexandre (Shura) Iline
 
Dev seccon london 2016 intelliment security
Dev seccon london 2016 intelliment securityDev seccon london 2016 intelliment security
Dev seccon london 2016 intelliment securityDevSecCon
 
Network Security Open Source Software Developer Certification
Network Security Open Source Software Developer CertificationNetwork Security Open Source Software Developer Certification
Network Security Open Source Software Developer CertificationVskills
 
Making Security Agile
Making Security AgileMaking Security Agile
Making Security AgileOleg Gryb
 
EC-Council Certified Security Analyst Program
EC-Council Certified Security Analyst ProgramEC-Council Certified Security Analyst Program
EC-Council Certified Security Analyst ProgramITpreneurs
 
DEVNET-1151 DevNet Sandbox 101
DEVNET-1151 DevNet Sandbox 101DEVNET-1151 DevNet Sandbox 101
DEVNET-1151 DevNet Sandbox 101Cisco DevNet
 
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, CheaperTesting in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, CheaperGene Gotimer
 
Newspeak: Evolving Smalltalk for the Age of the Net
Newspeak: Evolving Smalltalk for the Age of the NetNewspeak: Evolving Smalltalk for the Age of the Net
Newspeak: Evolving Smalltalk for the Age of the NetESUG
 

Recommended

Java code coverage with JCov. Implementation details and use cases.
Java code coverage with JCov. Implementation details and use cases.Java code coverage with JCov. Implementation details and use cases.
Java code coverage with JCov. Implementation details and use cases.Alexandre (Shura) Iline
 
Dev seccon london 2016 intelliment security
Dev seccon london 2016 intelliment securityDev seccon london 2016 intelliment security
Dev seccon london 2016 intelliment securityDevSecCon
 
Network Security Open Source Software Developer Certification
Network Security Open Source Software Developer CertificationNetwork Security Open Source Software Developer Certification
Network Security Open Source Software Developer CertificationVskills
 
Making Security Agile
Making Security AgileMaking Security Agile
Making Security AgileOleg Gryb
 
EC-Council Certified Security Analyst Program
EC-Council Certified Security Analyst ProgramEC-Council Certified Security Analyst Program
EC-Council Certified Security Analyst ProgramITpreneurs
 
DEVNET-1151 DevNet Sandbox 101
DEVNET-1151 DevNet Sandbox 101DEVNET-1151 DevNet Sandbox 101
DEVNET-1151 DevNet Sandbox 101Cisco DevNet
 
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, CheaperTesting in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, CheaperGene Gotimer
 
Newspeak: Evolving Smalltalk for the Age of the Net
Newspeak: Evolving Smalltalk for the Age of the NetNewspeak: Evolving Smalltalk for the Age of the Net
Newspeak: Evolving Smalltalk for the Age of the NetESUG
 
Making the Shift from DevOps to Practical DevSecOps | Sumo Logic Webinar
Making the Shift from DevOps to Practical DevSecOps | Sumo Logic WebinarMaking the Shift from DevOps to Practical DevSecOps | Sumo Logic Webinar
Making the Shift from DevOps to Practical DevSecOps | Sumo Logic WebinarSumo Logic
 
Static Analysis For Security and DevOps Happiness w/ Justin Collins
Static Analysis For Security and DevOps Happiness w/ Justin CollinsStatic Analysis For Security and DevOps Happiness w/ Justin Collins
Static Analysis For Security and DevOps Happiness w/ Justin CollinsSonatype
 
Better Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryBetter Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryGene Gotimer
 
Code Smells Part 1: Basic Smells
Code Smells Part 1: Basic SmellsCode Smells Part 1: Basic Smells
Code Smells Part 1: Basic SmellsNancy Henson
 
Renato Rodrigues - Security in the wild
Renato Rodrigues - Security in the wildRenato Rodrigues - Security in the wild
Renato Rodrigues - Security in the wildDevSecCon
 
National software testing conference 2016 fergal hynes
National software testing conference 2016 fergal hynesNational software testing conference 2016 fergal hynes
National software testing conference 2016 fergal hynesFergal Hynes
 
Software Composition Analysis Deep Dive
Software Composition Analysis Deep DiveSoftware Composition Analysis Deep Dive
Software Composition Analysis Deep DiveUlisses Albuquerque
 
CSUN 2018 Analyzing and Extending WCAG Beyond 3 Digits
CSUN 2018 Analyzing and Extending WCAG Beyond 3 DigitsCSUN 2018 Analyzing and Extending WCAG Beyond 3 Digits
CSUN 2018 Analyzing and Extending WCAG Beyond 3 DigitsBill Tyler
 
Test Drive Development
Test Drive DevelopmentTest Drive Development
Test Drive Developmentsatya sudheer
 
Securing Apache Web Servers
Securing Apache Web ServersSecuring Apache Web Servers
Securing Apache Web ServersInformation Technology
 
BlueHat v18 || Crafting synthetic attack examples from past cyber-attacks for...
BlueHat v18 || Crafting synthetic attack examples from past cyber-attacks for...BlueHat v18 || Crafting synthetic attack examples from past cyber-attacks for...
BlueHat v18 || Crafting synthetic attack examples from past cyber-attacks for...BlueHat Security Conference
 
Resume-thilaga
Resume-thilagaResume-thilaga
Resume-thilagaThilaga Ramalingam
 
Seeding a Tree in a Gherkin
Seeding a Tree in a GherkinSeeding a Tree in a Gherkin
Seeding a Tree in a GherkinPaul Rohorzka
 
What's in a Jailbreak? - BSides 2019 keynote
What's in a Jailbreak? - BSides 2019 keynoteWhat's in a Jailbreak? - BSides 2019 keynote
What's in a Jailbreak? - BSides 2019 keynoteMarkDowd13
 
Tracking vulnerable JARs
Tracking vulnerable JARsTracking vulnerable JARs
Tracking vulnerable JARsDavid Jorm
 
Become a Cloud Security Ninja
Become a Cloud Security NinjaBecome a Cloud Security Ninja
Become a Cloud Security NinjaAmazon Web Services
 
Chapter 9 lab a security policy development and implementation (instructor ve...
Chapter 9 lab a security policy development and implementation (instructor ve...Chapter 9 lab a security policy development and implementation (instructor ve...
Chapter 9 lab a security policy development and implementation (instructor ve...wosborne03
 
Devry CIS 246 Full Course Latest
Devry CIS 246 Full Course LatestDevry CIS 246 Full Course Latest
Devry CIS 246 Full Course LatestAtifkhilji
 
Creating Realistic Unit Tests with Testcontainers
Creating Realistic Unit Tests with TestcontainersCreating Realistic Unit Tests with Testcontainers
Creating Realistic Unit Tests with TestcontainersPaul Balogh
 
Netw 208 Success Begins / snaptutorial.com
Netw 208 Success Begins / snaptutorial.comNetw 208 Success Begins / snaptutorial.com
Netw 208 Success Begins / snaptutorial.comWilliamsTaylor65
 
600-199 Exam Questions - Securing Cisco Networks with Threat Detection and An...
600-199 Exam Questions - Securing Cisco Networks with Threat Detection and An...600-199 Exam Questions - Securing Cisco Networks with Threat Detection and An...
600-199 Exam Questions - Securing Cisco Networks with Threat Detection and An...Susan Hannan
 
NTC 362 education changes / sellfy.com
NTC 362 education changes / sellfy.comNTC 362 education changes / sellfy.com
NTC 362 education changes / sellfy.comnafiana
 

More Related Content

What's hot

Making the Shift from DevOps to Practical DevSecOps | Sumo Logic Webinar
Making the Shift from DevOps to Practical DevSecOps | Sumo Logic WebinarMaking the Shift from DevOps to Practical DevSecOps | Sumo Logic Webinar
Making the Shift from DevOps to Practical DevSecOps | Sumo Logic WebinarSumo Logic
 
Static Analysis For Security and DevOps Happiness w/ Justin Collins
Static Analysis For Security and DevOps Happiness w/ Justin CollinsStatic Analysis For Security and DevOps Happiness w/ Justin Collins
Static Analysis For Security and DevOps Happiness w/ Justin CollinsSonatype
 
Better Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryBetter Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryGene Gotimer
 
Code Smells Part 1: Basic Smells
Code Smells Part 1: Basic SmellsCode Smells Part 1: Basic Smells
Code Smells Part 1: Basic SmellsNancy Henson
 
Renato Rodrigues - Security in the wild
Renato Rodrigues - Security in the wildRenato Rodrigues - Security in the wild
Renato Rodrigues - Security in the wildDevSecCon
 
National software testing conference 2016 fergal hynes
National software testing conference 2016 fergal hynesNational software testing conference 2016 fergal hynes
National software testing conference 2016 fergal hynesFergal Hynes
 
Software Composition Analysis Deep Dive
Software Composition Analysis Deep DiveSoftware Composition Analysis Deep Dive
Software Composition Analysis Deep DiveUlisses Albuquerque
 
CSUN 2018 Analyzing and Extending WCAG Beyond 3 Digits
CSUN 2018 Analyzing and Extending WCAG Beyond 3 DigitsCSUN 2018 Analyzing and Extending WCAG Beyond 3 Digits
CSUN 2018 Analyzing and Extending WCAG Beyond 3 DigitsBill Tyler
 
Test Drive Development
Test Drive DevelopmentTest Drive Development
Test Drive Developmentsatya sudheer
 
BlueHat v18 || Crafting synthetic attack examples from past cyber-attacks for...
BlueHat v18 || Crafting synthetic attack examples from past cyber-attacks for...BlueHat v18 || Crafting synthetic attack examples from past cyber-attacks for...
BlueHat v18 || Crafting synthetic attack examples from past cyber-attacks for...BlueHat Security Conference
 
Seeding a Tree in a Gherkin
Seeding a Tree in a GherkinSeeding a Tree in a Gherkin
Seeding a Tree in a GherkinPaul Rohorzka
 
What's in a Jailbreak? - BSides 2019 keynote
What's in a Jailbreak? - BSides 2019 keynoteWhat's in a Jailbreak? - BSides 2019 keynote
What's in a Jailbreak? - BSides 2019 keynoteMarkDowd13
 
Tracking vulnerable JARs
Tracking vulnerable JARsTracking vulnerable JARs
Tracking vulnerable JARsDavid Jorm
 

What's hot (15)

Making the Shift from DevOps to Practical DevSecOps | Sumo Logic Webinar
Making the Shift from DevOps to Practical DevSecOps | Sumo Logic WebinarMaking the Shift from DevOps to Practical DevSecOps | Sumo Logic Webinar
Making the Shift from DevOps to Practical DevSecOps | Sumo Logic Webinar
 
Static Analysis For Security and DevOps Happiness w/ Justin Collins
Static Analysis For Security and DevOps Happiness w/ Justin CollinsStatic Analysis For Security and DevOps Happiness w/ Justin Collins
Static Analysis For Security and DevOps Happiness w/ Justin Collins
 
Better Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryBetter Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous Delivery
 
Code Smells Part 1: Basic Smells
Code Smells Part 1: Basic SmellsCode Smells Part 1: Basic Smells
Code Smells Part 1: Basic Smells
 
Renato Rodrigues - Security in the wild
Renato Rodrigues - Security in the wildRenato Rodrigues - Security in the wild
Renato Rodrigues - Security in the wild
 
National software testing conference 2016 fergal hynes
National software testing conference 2016 fergal hynesNational software testing conference 2016 fergal hynes
National software testing conference 2016 fergal hynes
 
Software Composition Analysis Deep Dive
Software Composition Analysis Deep DiveSoftware Composition Analysis Deep Dive
Software Composition Analysis Deep Dive
 
CSUN 2018 Analyzing and Extending WCAG Beyond 3 Digits
CSUN 2018 Analyzing and Extending WCAG Beyond 3 DigitsCSUN 2018 Analyzing and Extending WCAG Beyond 3 Digits
CSUN 2018 Analyzing and Extending WCAG Beyond 3 Digits
 
Test Drive Development
Test Drive DevelopmentTest Drive Development
Test Drive Development
 
Securing Apache Web Servers
Securing Apache Web ServersSecuring Apache Web Servers
Securing Apache Web Servers
 
BlueHat v18 || Crafting synthetic attack examples from past cyber-attacks for...
BlueHat v18 || Crafting synthetic attack examples from past cyber-attacks for...BlueHat v18 || Crafting synthetic attack examples from past cyber-attacks for...
BlueHat v18 || Crafting synthetic attack examples from past cyber-attacks for...
 
Resume-thilaga
Resume-thilagaResume-thilaga
Resume-thilaga
 
Seeding a Tree in a Gherkin
Seeding a Tree in a GherkinSeeding a Tree in a Gherkin
Seeding a Tree in a Gherkin
 
What's in a Jailbreak? - BSides 2019 keynote
What's in a Jailbreak? - BSides 2019 keynoteWhat's in a Jailbreak? - BSides 2019 keynote
What's in a Jailbreak? - BSides 2019 keynote
 
Tracking vulnerable JARs
Tracking vulnerable JARsTracking vulnerable JARs
Tracking vulnerable JARs
 

Similar to Netw450 advanced network security with lab entire class

Become a Cloud Security Ninja
Become a Cloud Security NinjaBecome a Cloud Security Ninja
Become a Cloud Security NinjaAmazon Web Services
 
Chapter 9 lab a security policy development and implementation (instructor ve...
Chapter 9 lab a security policy development and implementation (instructor ve...Chapter 9 lab a security policy development and implementation (instructor ve...
Chapter 9 lab a security policy development and implementation (instructor ve...wosborne03
 
Devry CIS 246 Full Course Latest
Devry CIS 246 Full Course LatestDevry CIS 246 Full Course Latest
Devry CIS 246 Full Course LatestAtifkhilji
 
Creating Realistic Unit Tests with Testcontainers
Creating Realistic Unit Tests with TestcontainersCreating Realistic Unit Tests with Testcontainers
Creating Realistic Unit Tests with TestcontainersPaul Balogh
 
Netw 208 Success Begins / snaptutorial.com
Netw 208 Success Begins / snaptutorial.comNetw 208 Success Begins / snaptutorial.com
Netw 208 Success Begins / snaptutorial.comWilliamsTaylor65
 
600-199 Exam Questions - Securing Cisco Networks with Threat Detection and An...
600-199 Exam Questions - Securing Cisco Networks with Threat Detection and An...600-199 Exam Questions - Securing Cisco Networks with Threat Detection and An...
600-199 Exam Questions - Securing Cisco Networks with Threat Detection and An...Susan Hannan
 
NTC 362 education changes / sellfy.com
NTC 362 education changes / sellfy.comNTC 362 education changes / sellfy.com
NTC 362 education changes / sellfy.comnafiana
 
Design and Implement Security Operat.docx
Design and Implement Security Operat.docxDesign and Implement Security Operat.docx
Design and Implement Security Operat.docxtheodorelove43763
 
CIS 333 Entire Course NEW
CIS 333 Entire Course NEWCIS 333 Entire Course NEW
CIS 333 Entire Course NEWshyamuopfive
 
NTC 362 Massive Success / snaptutorial...com
NTC 362 Massive Success / snaptutorial...comNTC 362 Massive Success / snaptutorial...com
NTC 362 Massive Success / snaptutorial...comdonaldzs25
 
NTC 362 Massive Success / snaptutorial.com
NTC 362 Massive Success / snaptutorial.comNTC 362 Massive Success / snaptutorial.com
NTC 362 Massive Success / snaptutorial.comdonaldzs17
 
1 SDEV 460 – Homework 4 Input Validation and Busine
1 SDEV 460 – Homework 4 Input Validation and Busine1 SDEV 460 – Homework 4 Input Validation and Busine
1 SDEV 460 – Homework 4 Input Validation and BusineVannaJoy20
 
AppSec California 2016 - Making Security Agile
AppSec California 2016 - Making Security AgileAppSec California 2016 - Making Security Agile
AppSec California 2016 - Making Security AgileOleg Gryb
 
CYB 360 Education Specialist |tutorialrank.com
CYB 360 Education Specialist |tutorialrank.comCYB 360 Education Specialist |tutorialrank.com
CYB 360 Education Specialist |tutorialrank.comladworkspaces
 
Cyb 360 academic adviser ....tutorialrank.com
Cyb 360 academic adviser ....tutorialrank.comCyb 360 academic adviser ....tutorialrank.com
Cyb 360 academic adviser ....tutorialrank.comladworkspaces
 
GDG SLK - Why should devs care about container security.pdf
GDG SLK - Why should devs care about container security.pdfGDG SLK - Why should devs care about container security.pdf
GDG SLK - Why should devs care about container security.pdfJames Anderson
 
Implementing Secure DevOps on Public Cloud Platforms
Implementing Secure DevOps on Public Cloud PlatformsImplementing Secure DevOps on Public Cloud Platforms
Implementing Secure DevOps on Public Cloud PlatformsGaurav "GP" Pal
 
CHAI by Wanclouds for OpenStack Operations
CHAI by Wanclouds for OpenStack OperationsCHAI by Wanclouds for OpenStack Operations
CHAI by Wanclouds for OpenStack OperationsZayad Bin Tariq Malik
 
pcnsa-study-guide_PAN-OS_v11.0-1__01.pdf
pcnsa-study-guide_PAN-OS_v11.0-1__01.pdfpcnsa-study-guide_PAN-OS_v11.0-1__01.pdf
pcnsa-study-guide_PAN-OS_v11.0-1__01.pdfAzzeddine Salem
 
IPD Week - Technical Session - New IT Essentials 8 Technical Topics.pptx
IPD Week - Technical Session - New IT Essentials 8 Technical Topics.pptxIPD Week - Technical Session - New IT Essentials 8 Technical Topics.pptx
IPD Week - Technical Session - New IT Essentials 8 Technical Topics.pptxssuser455e28
 

Similar to Netw450 advanced network security with lab entire class (20)

Become a Cloud Security Ninja
Become a Cloud Security NinjaBecome a Cloud Security Ninja
Become a Cloud Security Ninja
 
Chapter 9 lab a security policy development and implementation (instructor ve...
Chapter 9 lab a security policy development and implementation (instructor ve...Chapter 9 lab a security policy development and implementation (instructor ve...
Chapter 9 lab a security policy development and implementation (instructor ve...
 
Devry CIS 246 Full Course Latest
Devry CIS 246 Full Course LatestDevry CIS 246 Full Course Latest
Devry CIS 246 Full Course Latest
 
Creating Realistic Unit Tests with Testcontainers
Creating Realistic Unit Tests with TestcontainersCreating Realistic Unit Tests with Testcontainers
Creating Realistic Unit Tests with Testcontainers
 
Netw 208 Success Begins / snaptutorial.com
Netw 208 Success Begins / snaptutorial.comNetw 208 Success Begins / snaptutorial.com
Netw 208 Success Begins / snaptutorial.com
 
600-199 Exam Questions - Securing Cisco Networks with Threat Detection and An...
600-199 Exam Questions - Securing Cisco Networks with Threat Detection and An...600-199 Exam Questions - Securing Cisco Networks with Threat Detection and An...
600-199 Exam Questions - Securing Cisco Networks with Threat Detection and An...
 
NTC 362 education changes / sellfy.com
NTC 362 education changes / sellfy.comNTC 362 education changes / sellfy.com
NTC 362 education changes / sellfy.com
 
Design and Implement Security Operat.docx
Design and Implement Security Operat.docxDesign and Implement Security Operat.docx
Design and Implement Security Operat.docx
 
CIS 333 Entire Course NEW
CIS 333 Entire Course NEWCIS 333 Entire Course NEW
CIS 333 Entire Course NEW
 
NTC 362 Massive Success / snaptutorial...com
NTC 362 Massive Success / snaptutorial...comNTC 362 Massive Success / snaptutorial...com
NTC 362 Massive Success / snaptutorial...com
 
NTC 362 Massive Success / snaptutorial.com
NTC 362 Massive Success / snaptutorial.comNTC 362 Massive Success / snaptutorial.com
NTC 362 Massive Success / snaptutorial.com
 
1 SDEV 460 – Homework 4 Input Validation and Busine
1 SDEV 460 – Homework 4 Input Validation and Busine1 SDEV 460 – Homework 4 Input Validation and Busine
1 SDEV 460 – Homework 4 Input Validation and Busine
 
AppSec California 2016 - Making Security Agile
AppSec California 2016 - Making Security AgileAppSec California 2016 - Making Security Agile
AppSec California 2016 - Making Security Agile
 
CYB 360 Education Specialist |tutorialrank.com
CYB 360 Education Specialist |tutorialrank.comCYB 360 Education Specialist |tutorialrank.com
CYB 360 Education Specialist |tutorialrank.com
 
Cyb 360 academic adviser ....tutorialrank.com
Cyb 360 academic adviser ....tutorialrank.comCyb 360 academic adviser ....tutorialrank.com
Cyb 360 academic adviser ....tutorialrank.com
 
GDG SLK - Why should devs care about container security.pdf
GDG SLK - Why should devs care about container security.pdfGDG SLK - Why should devs care about container security.pdf
GDG SLK - Why should devs care about container security.pdf
 
Implementing Secure DevOps on Public Cloud Platforms
Implementing Secure DevOps on Public Cloud PlatformsImplementing Secure DevOps on Public Cloud Platforms
Implementing Secure DevOps on Public Cloud Platforms
 
CHAI by Wanclouds for OpenStack Operations
CHAI by Wanclouds for OpenStack OperationsCHAI by Wanclouds for OpenStack Operations
CHAI by Wanclouds for OpenStack Operations
 
pcnsa-study-guide_PAN-OS_v11.0-1__01.pdf
pcnsa-study-guide_PAN-OS_v11.0-1__01.pdfpcnsa-study-guide_PAN-OS_v11.0-1__01.pdf
pcnsa-study-guide_PAN-OS_v11.0-1__01.pdf
 
IPD Week - Technical Session - New IT Essentials 8 Technical Topics.pptx
IPD Week - Technical Session - New IT Essentials 8 Technical Topics.pptxIPD Week - Technical Session - New IT Essentials 8 Technical Topics.pptx
IPD Week - Technical Session - New IT Essentials 8 Technical Topics.pptx
 

Recently uploaded

02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptxFinTech Belgium
 
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
High Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
High Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsHigh Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
High Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
How Automation is Driving Efficiency Through the Last Mile of Reporting
How Automation is Driving Efficiency Through the Last Mile of ReportingHow Automation is Driving Efficiency Through the Last Mile of Reporting
How Automation is Driving Efficiency Through the Last Mile of ReportingAggregage
 
Quarter 4- Module 3 Principles of Marketing
Quarter 4- Module 3 Principles of MarketingQuarter 4- Module 3 Principles of Marketing
Quarter 4- Module 3 Principles of MarketingMaristelaRamos12
 
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...ssifa0344
 
20240417-Calibre-April-2024-Investor-Presentation.pdf
20240417-Calibre-April-2024-Investor-Presentation.pdf20240417-Calibre-April-2024-Investor-Presentation.pdf
20240417-Calibre-April-2024-Investor-Presentation.pdfAdnet Communications
 
The Economic History of the U.S. Lecture 21.pdf
The Economic History of the U.S. Lecture 21.pdfThe Economic History of the U.S. Lecture 21.pdf
The Economic History of the U.S. Lecture 21.pdfGale Pooley
 
Dividend Policy and Dividend Decision Theories.pptx
Dividend Policy and Dividend Decision Theories.pptxDividend Policy and Dividend Decision Theories.pptx
Dividend Policy and Dividend Decision Theories.pptxanshikagoel52
 
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...Pooja Nehwal
 
The Economic History of the U.S. Lecture 22.pdf
The Economic History of the U.S. Lecture 22.pdfThe Economic History of the U.S. Lecture 22.pdf
The Economic History of the U.S. Lecture 22.pdfGale Pooley
 
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130Suhani Kapoor
 
The Economic History of the U.S. Lecture 30.pdf
The Economic History of the U.S. Lecture 30.pdfThe Economic History of the U.S. Lecture 30.pdf
The Economic History of the U.S. Lecture 30.pdfGale Pooley
 
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptx
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptxOAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptx
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptxhiddenlevers
 
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...Pooja Nehwal
 
00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptx00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptxFinTech Belgium
 
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service NashikHigh Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
Log your LOA pain with Pension Lab's brilliant campaign
Log your LOA pain with Pension Lab's brilliant campaignLog your LOA pain with Pension Lab's brilliant campaign
Log your LOA pain with Pension Lab's brilliant campaignHenry Tapper
 
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptxFinTech Belgium
 

Recently uploaded (20)

02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
 
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
 
High Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
High Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsHigh Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
High Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
 
How Automation is Driving Efficiency Through the Last Mile of Reporting
How Automation is Driving Efficiency Through the Last Mile of ReportingHow Automation is Driving Efficiency Through the Last Mile of Reporting
How Automation is Driving Efficiency Through the Last Mile of Reporting
 
Quarter 4- Module 3 Principles of Marketing
Quarter 4- Module 3 Principles of MarketingQuarter 4- Module 3 Principles of Marketing
Quarter 4- Module 3 Principles of Marketing
 
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
 
20240417-Calibre-April-2024-Investor-Presentation.pdf
20240417-Calibre-April-2024-Investor-Presentation.pdf20240417-Calibre-April-2024-Investor-Presentation.pdf
20240417-Calibre-April-2024-Investor-Presentation.pdf
 
The Economic History of the U.S. Lecture 21.pdf
The Economic History of the U.S. Lecture 21.pdfThe Economic History of the U.S. Lecture 21.pdf
The Economic History of the U.S. Lecture 21.pdf
 
Dividend Policy and Dividend Decision Theories.pptx
Dividend Policy and Dividend Decision Theories.pptxDividend Policy and Dividend Decision Theories.pptx
Dividend Policy and Dividend Decision Theories.pptx
 
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
 
The Economic History of the U.S. Lecture 22.pdf
The Economic History of the U.S. Lecture 22.pdfThe Economic History of the U.S. Lecture 22.pdf
The Economic History of the U.S. Lecture 22.pdf
 
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
VIP Call Girls Service Dilsukhnagar Hyderabad Call +91-8250192130
 
Commercial Bank Economic Capsule - April 2024
Commercial Bank Economic Capsule - April 2024Commercial Bank Economic Capsule - April 2024
Commercial Bank Economic Capsule - April 2024
 
The Economic History of the U.S. Lecture 30.pdf
The Economic History of the U.S. Lecture 30.pdfThe Economic History of the U.S. Lecture 30.pdf
The Economic History of the U.S. Lecture 30.pdf
 
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptx
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptxOAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptx
OAT_RI_Ep19 WeighingTheRisks_Apr24_TheYellowMetal.pptx
 
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
 
00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptx00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptx
 
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service NashikHigh Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
 
Log your LOA pain with Pension Lab's brilliant campaign
Log your LOA pain with Pension Lab's brilliant campaignLog your LOA pain with Pension Lab's brilliant campaign
Log your LOA pain with Pension Lab's brilliant campaign
 
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx
 

Netw450 advanced network security with lab entire class

  • 1. NETW450 Advanced Network Security with Lab Entire Class https://homeworklance.com/downloads/netw450-advanced-network-security-lab-entire-class/ NETW450 Advanced Network Security with Lab Entire Class   Devry NETW 450 Week 1 Discussion DQ 1 & DQ 2 Latest 2016   DQ 1       Security Policy issues (graded) (graded) What are the key components of a good security policy? What are some of the most common attacks and how can a network be protected against these attacks?   DQ 2     iLab Experiences (graded)   Discuss your experiences with the Skillsoft Lab 1. What parts of the iLab did you find difficult or unclear? What did you learn about security in completing the assigned iLab?     Devry NETW 450 Week 2 Discussion DQ 1 & DQ 2 Latest 2016   DQ 1   Router Security (graded) Discuss the methods that can be used on standard IOS router that will prevent unauthorized access to the router. Also, discuss how privilege levels and role-based CLI can improve the security on the router.   DQ 2   iLab Experiences (graded)
  • 2. Read the Week 2 iLab instructions and discuss the expectations you have regarding this lab. Do you think it is important to prevent access to unused ports and services on the routers within your network? How did your actual lab experiences meet your expectations? Are there specific insights or challenges you encountered you would like to share with the class.     Devry NETW 450 Week 3 Discussion DQ 1 & DQ 2 Latest 2016   DQ 1 Layer 2 (Switch) Security (graded)   Discuss the attacks that can occur on a layer 2 switch and how the network can be impacted by these attacks. Also, discuss the methods that can be used to mitigate the effects of these attacks on the network.     DQ 2   iLab Experiences (graded)     Read the Week 3 iLab instructions and discuss the expectations you have regarding this lab. Do you think it is important to prevent access to unused ports and services on the routers within your network? How did your actual lab experiences meet your expectations? Are there specific insights or challenges you encountered that you would like to share with the class? What did you learn about security ACLs in completing this lab?       Devry NETW 450 Week 4 Discussion DQ 1 & DQ 2 Latest 2016   DQ 1 Security ACLs and Firewall (graded) Discuss the security ACLs, we covered this week in the text reading and the lecture. Describe different scenarios where a specific type of ACL can enhance network security. Compare CBAC firewalls versus zone-based firewalls. What are the advantages and disadvantages of each?   DQ 2   iLab
  • 3. Experiences and WLAN Security (graded)   Read the Week 4 iLab instructions and discuss the expectations you have regarding this lab. Do you think the wireless LAN is secure on your network? What wireless security measures can you take to secure the WLAN? How did your actual lab experiences meet your expectations? Are there specific insights or challenges you encountered that you would like to share with the class? What did you learn about wireless access points and roaming in completing this lab?     Devry NETW 450 Week 5 Discussion DQ 1 & DQ 2 Latest 2016   DQ 1   AAA Servers (graded)   Compare the relative merits of TACACS+ and RADIUS AAA servers. What advantages and disadvantages does each type of AAA server have?     DQ 2     iLab Experiences and Analyzing Bandwidth Needs (graded)    Read the Week 5 iLab instructions and discuss the expectations you have regarding this lab. Do you think the overhead involved in securing communication links can affect the bandwidth requirements of a network? How did your actual lab experiences meet your expectations? Are there specific insights or challenges you encountered that you would like to share with the class?  What did you learn about analyzing bandwidth requirements for serial links in completing this lab?       Devry NETW 450 Week 6 Discussion DQ 1 & DQ 2 Latest 2016   DQ 1  
  • 4. Virtual Private Networks (graded)   Discuss what you learned about the configuration and operation of virtual private networks.     DQ 2     iLab Experiences (graded)   Read the Week 6 iLab instructions and discuss the expectations you have regarding this lab. Periodic security audits are necessary to ensure continued protection of a company network. Why is it important to use and run a scheduled security audit on your network? How did your actual lab experiences meet your expectations? Are there specific insights or challenges you encountered that you would like to share with the class? What did you learn about security audits in completing this lab?     Devry NETW 450 Week 7 Discussion DQ 1 & DQ 2 Latest 2016   DQ 1     Intrusion Detection/Prevention Systems (IDS/IPS) (graded)   Intrusion detection systems can be implemented on IOS firewall routers and security appliances. They can also be dedicated in in-line hardware devices. Why is intrusion detection important in networks with connections to the Internet, and what are the functions of IDS? What are the differences between intrusion detection systems (IDS) and intrusion prevention systems (IPS)?   DQ 2     iLab Experiences (graded)   Read the Week 7 iLab instructions and discuss the expectations you have regarding this lab. Periodic security audits are necessary to ensure continued protection of a company network. Why is it important to use and run a scheduled security audit on your network? How did your actual lab experiences meet your expectations? Are there specific insights or challenges you encountered that you would like to share with the class?
  • 5. What did you learn about security audits in completing this lab?   i labs   iLab 2 of 7: Security Demands   Note! Submit your assignment to the Dropbox, located at the top of this page. (See the Syllabus section “Due Dates for Assignments & Exams” for due dates.)   iLAB OVERVIEW Scenario and Summary In this lab, the students will examine the following objectives.  Create ACL to meet the requirements of the security demands.  Modify existing ACL to meet additional security requirements. Deliverables Students will complete all tasks specified in the iLab Instructions document. As the iLab tasks are completed, students will enter CLI commands, and answer questions in the iLab Report document. This iLab Report document will be submitted to the iLab Dropbox for Week 2. Supporting Documentation  SEC450 ACL Tutorial  Textbook (Chapter 3)  Webliography links on Access Control List Required Software  Access the software at Skillsoft iLAB STEPS STEP 1: Access Skillsoft iLab Back to Top Access Skillsoft Labs at the provided iLab link, and select Catalog. Click to Launch the course and then select Lab2. Then, download the PDF instructions. Ensure that you open and read the iLab instructions before you begin the lab. PLEASE NOTE: Lab instr STEP 2: Perform iLab 2 Back to Top Download and open SEC450_W2_Security_Demands_Lab2_Report.docx. Follow the instructions to perform all procedures in this week lab. Instructions in red indicate tasks that you need to answer and include in the lab report. STEP 3: Complete Your Lab Report Back to Top When you are satisfied with your documentation, submit your completed report to the Dropbox. Submit your lab to the Dropbox, located at the top of this page. For instructions on how to use the Dropbox, read these step-by-step instructionsor watch this Dropbox Tutorial. See the Syllabus section “Due Dates for Assignments & Exams” for due date information.   Student   Security Demands Lab NETW 450 Week 2 iLab2 Report Copy below each of the tasks that appears inred in the pdf lab Instructions from Skillsoft. Then, write the answer following each of the tasks. Submit this document to the iLab Dropbox in Week 2.
  • 6.       week 3       Lab 3 of 7: Database Security Demands Note! Submit your assignment to the Dropbox, located at the top of this page. (See the Syllabus section “Due Dates for Assignments & Exams” for due dates.) iLAB OVERVIEW   NETW 450 ACL Tutorial   This document highlights the most important concepts on Access Control List (ACL) that you need to learn in order to configure ACL in CLI. This tutorial does not intend by any mean to cover all ACL applications, but only those scenarios used in the SEC450 iLabs. Introduction to Access Control List  A host-based firewall essentially works closing and/or opening ports in a computer. The engine behind firewalls is built with Access Control Lists (ACL).    Network-based firewalls are implemented in device-specific appliances and routers. Basically, firewalls in routers filter packets through interfaces to permit or deny them.    Ports are layer-4 address specified in TCP/IP protocol suit that identify networking processes running in clients and servers.    ACLs are configured using shell-specific commands. In Cisco IOS, CLI commands access-list and access-group are used to create and apply ACL on an interface.    ACL can be named by number ID or a name. Naming ACL is useful to identify ACL’s purpose.    ACL are classified in Standard ACL and Extended ACL.    Standard ACL’s number IDs are assigned from 1 to 99. Extended ACL’s number IDs are from 100 to 199.    Standard ACL only uses source IP address in an IP packet to filter through an interface. Hence, standard ACL denies or permits all packets (IP) with the same source IP regardless upper protocols, destination IP address, etc. Example 1: Router(config)#access-list 8 deny host 172.12.3.5    Extended ACL does filtering packets based on protocol, source IP address, source port number, destination IP address, and destination port number. Example 2: Router(config)#access-list 102 deny tcp host 10.0.3.2 host 172.129.4.1. Deny tcp packets with source IP address 10.0.3.2 and destination IP address 172.129.4.1.  
  • 7.  Since, Standard ACLs only have source IP address; the rule is to apply them in an interface as closer as possible to the destination IP address.    For the contrary, the rule for Extended ACLs is to apply them in an interface as closer as possible to the source IP address.    Use Extended ACL in all iLabs as they are more granular on packet filtering. Create Extended ACL in global configuration  You can use access-list command options lt, gt, eq, neq, and range (less than, greater than, equal, not equal, range of ports) to do operation with port numbers. Example 3: access-list 102 deny tcp any host 11.23.45.7 gt 20 denies all packets with any source IP address to destination IP address 11.23.45.7 and destination tcp port greater than 20. Example 4: access-list 107 permit udp any any permits all packets with udp protocol with any source IP address to any destination IP address.    Extended ACL can do packet filtering based on source port number and destination port number.  Extended ACL Syntax can be as follows. access-list <#,name> <protocol> host <source_ip> <port_qualifier> <source_port_number> host <dest_ip> <port_qualifier> <dest_port_number> where: <#,name> is a number between 100 to 199 or a one-word name <protocol> is any protocol in the TCP/IP suite <source_ip> and <dest_ip> are the source and destination IP addresses <port_qualifier> is optional, and can be eq, gt, lt, neq, and range <source_port_number> and <dest_port_number> follow <port_qualifier> to specify the port number(s). <port_qualifier> and <port_number> can be replaced by the application protocol. Example, http instead of eq 80.    Creation of ACL follows the three Ps rule. One ACL per protocol, per interface, per traffic direction. Per protocol means ones protocol such as IP, TCP, IPX, UDP, or ICMP can be specified. Per interface means the ACL is applied to an interface to make it active. Per direction means the ACL needs to specify which direction at the interface, packet in or out, filtering applies.    Steps for configuring a new ACL are: First, create the ACL in CLI global configuration using access- list command(s). Then, apply the ACL using access-group command in CLI interface configuration. The ACL is activated unless it is applied to an interface.    An ACL consists of one or more access-list commands. Routers process the ACL commands in order; top first to bottom last likewise a scripting or computer program. That is why the order of access-list commands makes a difference.    The effectiveness of an access-list command depends upon previous access-list commands. Therefore, always write the commands following the order; more-specific-traffic commands first and, then more-generic-traffic commands last. Example 5: It makes sense to write an ACL as Router(config)#access-list 101 deny tcp host 10.0.3.2 any Router(config)#access-list 101 permit tcp any any But never follows the order below, because the second command is more specific, and therefore, “deny” is worthless because the first command already lets packets passing through.
  • 8. Router(config)#access-list 101 permit tcp any any Router(config)#access-list 101 deny tcp host 10.0.3.2 any    All ACL have a hidden access-list command at the end that denies all packets (i.e., deny ip any any). Hence, packets that are not specifically permitted in a command will always be denied by the ACL. Example 6: Use command Router(config)#access-list 105 permit ip any any at the end of ACL if it requires to permit all other traffic after denying packets with Router(config)#access-list 105 deny icmp any host 192.168.10.244    Wildcard option is used in access-list commands filtering packets from a subnet of source and/or destination IP addresses instead of single hosts. IP addresses in each of those subnets must be continuous. Filtering on port numbers is also applicable, but it have been omitted for the sake of simplicity. Here is the syntax. access-list <#,name> <protocol> <source_ip> <source_wildcard> < <dest_ip> <dest_wildcard> where: <#,name> is a number between 100 to 199 or a one-word name <protocol> is any protocol in the TCP/IP suite <source_ip> and <dest_ip> are the source and destination IP addresses <source_wildcard> and <dest_wildcard> specify the subnet ranges of source and destination IP addresses    Wildcard in ACL has the same meaning as in routing protocols such as EIGRP and OSPF. Wildcard bit 0 means the bit in the IP address must be the same as the corresponding bit in the subnet IP addresses. Wildcard bit 1 means the bit in the IP address can be any value (0 or 1). Example 7: access-list 105 deny udp 172.16.7.3 0.0.0.3 any means to deny all packets with udp protocol with source IP addresses from 172.16.7.0 to 172.16.7.3 to any destination IP address. Note that .3 is in binary .00000011 and .000000xx for wildcard, where x means any (0 or 1). Example 8: access-list 109 permit tcp host 192.168.6.3 eq 80 10.0.0.0 0.0.0.255 means to permit all tcp packets from source IP address 192.168.6.3 and source port tcp 80 (e.g., http server) to destination IP addresses in range 10.0.0.0 to 10.0.0.255. The fact that 10.0.0.0 would not qualify for host IP in classful networks is irrelevant to the ACL.    Using wildcard with all 0s is the same as using the option host in access-list commands. Example 9: access-list 110 permit ip host 10.23.4.3 host 10.30.2.1 and access-list 110 permit ip 10.23.4.3 0.0.0.0 10.30.2.1 0.0.0.0 are equivalent commands. Both permit filtering packets with source IP address 10.23.4.3 and destination IP address 10.30.2.1.    Only use wildcard in access-list commands when the ACL requires filtering packets on subnet of IP addresses; either at source, destination, or both. Applying ACL to an Interface to activation  Example 10: Assume you need to create an ACL in router that permits filtering any traffic excepting udp packets with source IP address 10.23.4.3 and destination IP address 10.30.2.1 as shown in the network diagram below.  First, you need to create an extended ACL in CLI global configuration. Router#config t Router(config)#access-list 103 deny udp host 10.23.4.3 host 10.30.2.1 Router(config)#access-list 103 permit ip any any  
  • 9.  Second, you need to apply ACL 103 in an interface closer to the source (e.g., extended ACL rule of thumb). The closer interface is S0/1 in Router for traffic coming from IP 10.23.4.3. Thus, you go to interface configuration in CLI to activate the ACL. Router(config)#interface s0/1 Router(config-if)#ip access-group 103 in    If you need to make any correction after creating an ACL, then erase first the ACL from global and interface configurations. To erase ACL 103 from the previous example execute the following commands. Router(config)#interface s0/1 Router(config-if)#no ip access-group 103 Router(config)#no ip access-list 103   Now, you can start over creating ACL 103. If you do not erase the ACL, then new access-list commands will be compounding in the configuration file producing unexpected behavior. Use command show run to verify the ACL is erased and created again correctly. Verify ACL Configuration  Example 11: Let’s say you have been asked to create an ACL in a router R to deny TCP traffic coming through interface Serial 0/2 from source IP address 10.16.2.1 to destination IP address172.16.5.3 with destination port number greater than 200. Also, the ACL should permit filtering any other traffic.    There are two configuration tasks you need to do in CLI. First, create the ACL. Second, apply the ACL to interface Serial 0/2.    So, in CLI, R> enable R# config t R(config)# access-list 101 deny tcp host 10.16.2.1 host 172.16.5.3 gt 200 R(config)# access-list 101 permit ip any any this command is needed to permit any other traffic after denying the selecting packets from the first command. R(config)# interface serial0/2 R(config-if)# ip access-group 101 in this command is to apply the ACL to serial0/2 for traffic coming in. R(config-if)# exit R# show run this is to verify the ACL configuration is correct in running-config.file       R#show running-config version 12.3 ! hostname R ! interface FastEthernet0/0 ip address 192.168.200.1 255.255.255.0 ! interface FastEthernet0/1 ip address 192.168.20.1 255.255.255.0 shutdown !
  • 10. interface Serial0/0 ip address 200.100.20.2 255.255.255.0 ! interface Serial0/1 ip address 192.168.30.2 255.255.255.0 shutdown ! interface Serial0/2 ip address 192.168.40.1 255.255.255.0 ip access-group 101 in !   router rip network 192.168.200.0 network 200.100.20.0 ! ip default-network 200.100.20.0 ip route 0.0.0.0 0.0.0.0 serial0/0 ! ! access-list 101 permit tcp host 10.16.2.1 host 172.16.5.3 gt 200 access-list 101 permit ip any any ! ! line con 0 line aux 0 line vty 0 4 password cisco line vty 5 15 password cisco ! end    If the ACL is not correct, then delete it with the command below and start over again R# config t R(config)# no access-list 101 R(config)# interface serial0/2 R(config-if)#no ip access-group 10     week 4     AAA Server Authentication Lab   NETW 450 Week 4 iLab4 Report  
  • 11. Copy below each of the tasks that appears inred in the pdf lab instructions from Skillsoft. Then, write the answer following each of the tasks. Submit this documment to the iLab Dropbox in Week 4.       iLab 5 of 7: VPN – Virtual Private Networks Note! Submit your assignment to the Dropbox, located at the top of this page. (See the Syllabus section “Due Dates for Assignments & Exams” for due dates.)   Student Name: Date: IPSec Site-to-Site VPN Lab SEC450 Week 5 iLab5 Report Copy below each of the tasks that appears inred in the pdf lab Instructions from Skillsoft. Then, write the answer following each of the tasks. Submit this documment to the iLab Dropbox in Week 5.     week 6 iLab 6 of 7: IDS/IPS – Intrusion Detection/Prevention Systems Note! Submit your assignment to the Dropbox, located at the top of this page. (See the Syllabus section “Due Dates for Assignments & Exams” for due dates.)   Student Name: Date: Intrusion Detention System (IDS/IPS) Lab   NETW 450 Week 6 iLab6 Report   Copy below each of the tasks that appears inred in the pdf Lab Instructions from Skillsoft. Then, write the answer following each of the tasks. Submit this documment to the iLab DropBox in Week 6.     week 7     iLab 7 of 7: Network Vulnerability Case Study   Note! Submit your assignment to the Dropbox, located at the top of this page. (See the Syllabus section “Due Dates for Assignments & Exams” for due dates.)   Student Name _________________________________ Date _____________     NETW 450 Network Vulnerability Case Study—iLab7   Objectives In this lab, students will examine the following objectives.
  • 12.  Differentiate the use of IDS and IPS to detect network attacks.  Design a network with IDS/IPS.  Justify the use of IDS/IPS for a given network solution. Scenario A small company is using the topology shown below to secure its intranet while providing a less-secured environment to its eCommerce DMZ server. The company is concerned that firewalls are not enough to detect and prevent network attacks. Hence, deployment of sensors to intrusion detection systems (IDS) and/or intrusion prevention systems (IPS) are needed in the network. Your job is to provide recommendations, including a network design with IDS/IPS, that meet the company’s requirements. Initial Topology Company’s Requirements 1. Detect any malicious traffic entering the e-commerce server without performance penalty to traffic getting in the server from revenue-generating customers. 2. Stop any malicious traffic entering the human resources LAN (HR LAN). 3. Detect any malicious traffic entering the computer terminal in the marketing LAN (MKT LAN). 4. Stop any traffic entering the File Server in MKT LAN. 5. Deploy a centralized database and analysis console in the intranet to managing and monitoring both IDS and IPS sensors. Note: RED text indicates the required questions to answer Task 1—Layout the New Network Design Click on the Initial Network Topology link on the iLab page in Week 7, and save in your computer the MS Powerpoint fileInitial_Network_Topology_iLab7.ppt. This file contains a diagram for the initial network topology and pictures of all components needed to create the new network design. Review the documentation provided in the references at the end of these instructions to get more familiar with the implementation of IDS and IPS in network design. You need to find a network solution that meets the company’s requirements. #1. Paste below your new network design diagram. Task 2—IDS/IPS Recommendations #2. Write an engineering specification document of at least 250 words (e.g., 1 page of full text, double space, and size 12) describing why your network’s design meets each of the company’s requirements. Justify how each recommendation addresses the company’s needs. Task 3—Conclusions #3. Describe in two paragraphs your learning experience in this lab. References: 1.SANS Institute. “Network IDS & IPS Deployment Strategies“—Webliography 2.Paquet, C. (2012). Implementing Cisco IOS network security (IINS) foundation learning guide (2nd ed.). Indianapolis, IN: Cisco Press. 3.NIST. “Guide to Intrusion Detection and Prevention Systems (IDPS)”—Webliography     quizes   week 2 1.(TCO 2) Which of the following prompts indicates that you have booted into the IOS stored in Bootstrap ROM (possibly due to a Ctrl-Break entered during power-up)? (Points : 3) Router>
  • 13. > or ROMMON> (Boot)> ROM>   Question 2.2.(TCO 2) Which is the command sequence used to configure a console terminal password on a Cisco router? Note: <CR> represents a carriage return or Enter key. (Points : 3) line con 0 <CR> password {password} <CR> line con 0 <CR> password {password] <CR> login <CR> line con 0 <CR> login {password} <CR> line {password} con 0 <CR>   Question 3.3.(TCO 2) To enter privileged EXEC mode, you can type the command _____ at the user EXEC prompt. (Points : 3) enter enable activate open   Question 4.4.(TCO 2) Which of the following IOS commands will set the minimum length for all router passwords to eight characters? (Points : 3) (config)# service passwords min-length 8 (config)# passwords min-length 8 (config)# security passwords min-length 8 (config)# passwords security min-length 8   Question 5.5.(TCO 2) Which of the following commands will prevent password recovery using ROM monitor mode? (Points : 3) (config)# no rom monitor (config)# no password-recovery (config)# no service password-recovery (config)# no password-recovery service   Question 6.6.(TCO 2) To configure role-based CLI on a Cisco router, the first command to enter in privileged mode is _____. (Points : 3) parser view view enable enable view config view   Question 7.7.(TCO 2) Which of the following commands is required before you can begin configuring SSH configuration on a Cisco router? (Points : 3) Crypto key generate rsa IP domain-name Crypto key zeroize Transport input ssh   Question 8.8.(TCO 2) Which of the following cannot be used to enhance access security on a router? (Points : 3)
  • 14. MD5 encrypted enable passwords SHA encrypted usernames Privilege levels MD5 encrypted username   week 4   Question 1. 1.(TCO 4) Which type of access list entry is dynamic and becomes active only when a Telnet session is authenticated? It can be used for inbound or outbound traffic. (Points : 3) Established Lock and key Reflexive CBAC   Question 2. 2.(TCO 4) What function CBAC does on a Cisco IOS firewall? (Points : 3) Creates specific security policies for each user. Provides secure, per-application access control across network perimeters. Provides additional visibility at intranet, extranet, and Internet perimeters. Protects the network from internal attacks and threats.   Question 3. 3.(TCO 4) Given the configuration shown below, the idle timeout for TCP and UDP sessions is _____. ip inspect audit-trail ip inspect name FWRULE tcp timeout 180 ip inspect name FWRULE udp timeout 180 ! interface FastEthernet0/0 ip access-group 100 in ip inspect FWRULE in ! interface FastEthernet0/1 ip access-group 101 in ! logging on logging 192.168.100.100 ! access-list 100 permit ip any any ! access-list 101 deny ip any any log (Points : 3) 180 minutes 180 seconds 180 days 180 milliseconds Question 4. 4.(TCO 4) Given the configuration shown below, the host at IP address 192.168.100.100 is a _____. ip inspect audit-trail ip inspect name FWRULE tcp timeout 180 ip inspect name FWRULE udp timeout 180 ! interface FastEthernet0/0
  • 15. ip access-group 100 in ip inspect FWRULE in ! interface FastEthernet0/1 ip access-group 101 in ! logging on logging 192.168.100.100 ! access-list 100 permit ip any any ! access-list 101 deny ip any any log (Points : 3) TACACS+ server syslog server Radius server TACACS server     Question 5. 5.(TCO 4) Which of the following is not a policy action that can be specified for zone-based firewall traffic? (Points : 3) Pass Drop Hold Inspect     Question 6. 6.(TCO 4) With zone-based firewalls, which of the following is used to define interfaces on routers that have the same security level? (Points : 3) Zones Class maps Policy maps Zone pairs     Question 7. 7.(TCO 4) What is the range of ACL numbers for a standard access list?(Points : 3) 100–199 and 1700–1999 1–99 and 1300–1999 0–99 100–199     Question 8. 8.(TCO 4) In CLI, the zone-pair command is used to associate together which of the following?(Points : 3) Zones and service-policy Class maps and interface Policy maps and interface Class-type and interface  
  • 16.   week 6     Question 1.1. (TCO 6) When you are configuring a Cisco IOS firewall router for IPSec using RSA signatures, you need to generate a local RSA key. Before you generate the RSA key, you must _____. (Points : 3) generate general purpose keys configure a domain name for the router contact a third-party certificate authority (CA) enable the key management protocol in global configuration mode     Question 2.2. (TCO 6) IPSec VPNs use ACLs to specify VPN tunnel traffic. Any traffic not permitted in the ACL will be _____. (Points : 3) dropped before it exits the VPN outbound interface passed through the VPN outbound interface with no IPSec protection encrypted and sent out through the VPN outbound interface because the ACL specifies traffic to be restricted sent back to the sender with a message indicating invalid IPSec format     Question 3.3. (TCO 6) The Cisco IOS firewall crypto isakmp policy mode command that will set the isakmp security association lifetime is _____. (Points : 3) lifetime {days} lifetime {seconds} set lifetime {days} set lifetime {seconds}     Question 4.4. (TCO 6) _____ encryption algorithms use one key to encrypt the data and another key to decrypt the data between the sender and recipient. (Points : 3) Symmetric Asymmetric Balanced Bidirectional     Question 5.5. (TCO 6) The _____ encryption algorithm uses a key size of 168 bits. (Points : 3) DES 3DES AES WEP     Question 6.6. (TCO 6) Which of the following encryption algorithms is considered the most secure? (Points : 3) DES 3DES AES WEP
  • 17.     Question 7.7. (TCO 6) Which of the following commands will delete all of the IOS firewall router’s RSA keys? (Points : 3) crypto key remove rsa crypto key delete rsa crypto key zeroize rsa crypto key remove rsa all     Question 8.8. (TCO 6) What is the size of the keys in an DES algorithm? (Points : 3) 32 bits 96 bits 112 bits 56 bits     week 7     Question 1.1. (TCO 7) The type of IDS signature that triggers on a multiple packet stream is called _____. (Points : 3) atomic dynamic cyclical compound or composite     Question 2.2. (TCO 7) Which device responds immediately and does not allow malicious traffic to pass? (Points : 3) Intrusion detections system (IDS) Intrusion prevention system (IPS) All of the above Neither of the above     Question 3.3. (TCO 7) An IPS sensor that receives a copy of data for analysis while the original data continues toward the destination is running in _____ mode. (Points : 3) passive active promiscuous inline     Question 4.4. (TCO 7) Most IOS commands used to configure an intrusion prevention system (IPS) begin with the prefix _____. (Points : 3) ids ips ips ip ip ips
  • 18. ios ips     Question 5.5. (TCO 7) Which is an IDS or IPS signature? (Points : 3) A message digest encrypted with the sender’s private key A set of rules used to detect typical intrusive activity A binary pattern specific to a virus An appliance that provides anti-intrusion services     Question 6.6. (TCO 7) Which of the following ip actions will drop the packet and all future packets from this TCP flow? (Points : 3) Deny attacker inline Deny connection inline Deny ip host inline Deny packet inline     Question 7.7. (TCO 7) Which of the following are signature types that IOS firewall IDS can detect as requiring the storage of state information? (Points : 3) Atomic Dynamic Cyclical Compound (composite)     Question 8.8. (TCO 7) Why is a network using IDS only more vulnerable to atomic attacks? (Points : 3) IDS must track three-way handshakes of established TCP connections. IDS cannot track UDP sessions. IDS permits malicious single packets into a network. IDS is not stateful and therefore cannot track multiple-packet attack streams.         NETW 450 Final Answers       Question 1. 1. (TCO 1) The component of network security that ensures that authorized users have access to data and network resources is _____. (Points : 6) data integrity data confidentiality data and system availability data and user authentication     Question 2. 2. (TCO 1) The type of security control that makes use of firewalls is called _____. (Points : 6)
  • 19. administrative physical technical clerical     Question 3. 3. (TCO 2) To configure a role-based CLI on a Cisco router, the first command to enter in privileged mode is _____. (Points : 6) parser view view enable enable view config view super view     Question 4. 4. (TCO 2) The show running-config output can be modified using all of the following pipes except for _____. (Points : 6) | begin | end | include | exclude     Question 5. 5. (TCO 3) Which of the following is the default number of MAC addresses allowed when you execute the switchport port-security command on a switch port? (Points : 6) Zero One Two Three     Question 6. 6. (TCO 3) Which switch feature causes a port to skip the listening and learning states, causing the port to enter the forwarding state very quickly? (Points : 6) fastport portfast enablefast portforward     Question 7. 7. (TCO 4) With zone-based firewalls, which of the following is used to specify actions to be taken when traffic matches a criterion? (Points : 6) Zones Class maps Policy maps Zone pairs    
  • 20. Question 8. 8. (TCO 4) Which type of access list uses rules placed on the interface where allowed traffic initiates and permits return traffic for TCP, UDP, SMTP, and other protocols? (Points : 6)   Established Lock and key Reflexive CBAC     Question 9. 9. (TCO 5) Which AAA server protocol offers support for ARAP and NETBEUI protocols as well as IP? (Points : 6) CSACS RADIUS OpenACS TACACS+     Question 10. 10. (TCO 5) Which of the following is not considered a component of AAA? (Points : 6) Authentication Authorization Accounting Administration     Question 11. 11. (TCO 6) The Cisco IOS command that will display all current IKE security associations (SAs) is _____. (Points : 6) show crypto ipsec show crypto isakmp show crypto ipsec sa show crypto isakmp sa show crypto ike sa     Question 12. 12. (TCO 6) The Cisco IOS firewall crypto isakmp policy mode command that will set the isakmp security association lifetime is _____. (Points : 6) lifetime {days} lifetime {seconds} set lifetime {days} set lifetime {seconds}     Question 13. 13. (TCO 7) Cisco routers implementing IPS can save IPS events in a Syslog server by executing which of the following commands? (Points : 6) ip ips log {IP Address} ip ips notify syslog ip ips notify log ip ips notify sdee  
  • 21.   Question 14. 14. (TCO 7) Which of the following is not an action that can be performed by the IOS firewall IDS router when a packet or packet stream matches a signature? (Points : 6) Drop the packet immediately. Send an alarm to the Cisco IOS designated Syslog server. Set the packet reset flag and forward the packet through. Block all future data from the source of the attack for a specified time.     Question 15. 15. (TCO 1) Explain how to mitigate a Smurf attack. (Points : 24)     Question 16. 16. (TCO 2) Type the global configuration mode and line configuration mode commands that are required to secure the VTY lines 0 through 15 to use the local username admin with the encrypted password adminpass for remote Telnet or SSH log-ins to the Cisco router. (Points : 24)     Question 17. 17. (TCO 3) What are at least two best practices that should be implemented for unused ports on a Layer 2 switch for switch security? (Points : 24)     Question 18. 18. (TCO 4) Given the commands shown below and assuming F0/0 is the inside interface of the network, explain what this ACL does. access-list 100 permit tcp any any eq 80 time-range MWF time-range MWF periodic Monday Wednesday Friday 8:00 to 17:00 time-range absolute start 00:00 30 Sept 2014 end 01:00 30 Sept 2014 int f0/0 ip access-group 100 in Correct Answer: (Points : 24)     Question 19. 19. (TCO 5) Type two global configuration mode commands that enable AAA authentication and configure a default log-in method list. Use a TACACS+ server first, then a local username and password, and finally the enable password. (Points : 24)     Question 20. 20. (TCO 6) Discuss the data encryption algorithms DES and 3DES. Discuss the key lengths, and rank the algorithms in order of best security. (Points : 24)     Question 21. 21. (TCO 7) Explain the two benefits of Cisco IPS version 5.x signature format over the Cisco IPS version 4.x signature format. (Points : 22)