首页
网站开发
桌面应用
管理软件
微信开发
App开发
嵌入式软件
工具软件
数据采集与分析
其他
首页
>
> 详细
program代写、代做Java程序设计
项目预算:
开发周期:
发布时间:
要求地区:
Assignment 2: Network Configuration and Security
Goals
The purpose of this assignment is to:
1. Demonstrate an understanding of network topology setup and firewall configurations.
2. Test network security by conducting vulnerability assessments.
3. Implement and verify access control rules and Deep Packet Inspection (DPI) measures.
Software Needed:
1. GNS3 Software
2. GNS3 VM for VMware Workstation and Fusion
3. VMware Workstation Player for Windows OR VMware Fusion Player for MAC (For MAC
users, please create an account on VMware's website to start the application trial.)
4. Kali Linux Live Images
5. Request access for the images here
Topology, Steps, and Configurations:
1. Set the IP address for the loopback interface on your machine to 192.168.10.11 with a
subnet mask of 255.255.255.0.
2. In GNS3, create a new project and connect the network topology as shown. Note that all
appliances should run on the GNS3 VM except for the cloud, which should be connected
to the management interface, it has to run on the GNS3 local server.
3. Start the Cisco ASAv and wait until it is fully loaded. Enter the following commands into
the ASA CLI (Console):
ciscoasa> enable
Password: ciscocisco1
Retype password: ciscocisco1
ciscoasa# conf t
ciscoasa (config)# interface Management0/0
ciscoasa (config-if)# management-only
ciscoasa (config-if)# nameif management
ciscoasa (config-if)# security-level 0
ciscoasa (config-if)# ip address 192.168.10.10 255.255.255.0
ciscoasa (config-if)# no shutdown
ciscoasa (config-if)# asdm image boot:/asdm-7181152.bin
ciscoasa (config)# aaa authentication http console LOCAL
ciscoasa (config)# username cisco password ciscocisco privilege 15
ciscoasa (config)# http server enable
ciscoasa (config)# http 192.168.10.11 255.255.255.255 management
ciscoasa (config)# write
4. Download and install Java (search google for Java download).
5. Ensure connectivity from your local machine to the FW management IP by issuing the
command ping 192.168.10.10 in a Windows command prompt (cmd). If successful,
proceed to the next step; if not, check your loopback interface and GNS3 topology
connections.
6. Open a web browser and connect to the FW management IP using the URL
https://192.168.10.10/admin/public/index.html. Click "Install ASDM Launcher" and
follow the prompts for a successful installation.
7. On your local machine, open the “ASDM-IDM Launcher” application, enter the IP
address of the FW management interface, and the username and password you created
earlier as follows:
8. If successful, you will access the FW dashboard.
9. Return to the FW CLI interface (FW Console) and enter the following commands:
ciscoasa> enable
Password: ciscocisco1
ciscoasa# conf t
ciscoasa (config)# interface GigabitEthernet0/0
ciscoasa (config-if)# nameif inside
ciscoasa (config-if)# security-level 100
ciscoasa (config-if)# ip address 10.10.10.1 255.255.255.0
ciscoasa (config-if)# no shutdown
ciscoasa (config-if)# interface GigabitEthernet0/1
ciscoasa (config-if)# nameif outside
ciscoasa (config-if)# security-level 0
ciscoasa (config-if)# ip address dhcp setroute
ciscoasa (config-if)# no shutdown
ciscoasa (config-if)# interface GigabitEthernet0/2
ciscoasa (config-if)# nameif DMZ
ciscoasa (config-if)# security-level 50
ciscoasa (config-if)# ip address 172.16.1.1 255.255.255.0
ciscoasa (config-if)# no shutdown
ciscoasa (config-if)# write
ciscoasa (config-if)# show route
10. Ensure that the output of the last command matches the expected route information.
S* 0.0.0.0 0.0.0.0 [1/0] via 192.168.122.1, outside
C 10.10.10.0 255.255.255.0 is directly connected, inside
L 10.10.10.1 255.255.255.255 is directly connected, inside
C 172.16.1.0 255.255.255.0 is directly connected, DMZ
L 172.16.1.1 255.255.255.255 is directly connected, DMZ
C 192.168.122.0 255.255.255.0 is directly connected, outside
L 192.168.122.x 255.255.255.255 is directly connected, outside
11. Configure the IP addresses for the Inside-Host, DMZ-Host, and Kali Linux as follows
(replace 'x' with your assigned number in the bonus sheet):
● Inside-Host: IP address: 10.10.10.x, subnet mask: 255.255.255.0, default GW:
10.10.10.1
● DMZ-Host: IP address: 172.16.1.x, subnet mask: 255.255.255.0, default GW:
172.16.1.1
● Kali Linux: Leave the automatic DHCP setting as it is and check if it has obtained
an IP from the 192.168.122.0/24 range using the ifconfig command.
12. Check connectivity from each host to its corresponding interface using the Ping tool.
13. On the ASAv CLI, configure the following static NATting one-to-one rules (replace
'Inside-Host-IP' and 'DMZ-Host-IP' with the respective IPs):
ciscoasa> enable
Password: ciscocisco1
ciscoasa# conf t
ciscoasa (config)# nat (inside,outside) source static Inside-Host-IP 192.168.122.250
ciscoasa (config)# nat (DMZ,outside) source static DMZ-Host-IP 192.168.122.249
ciscoasa (config)# write
14. Your topology is now up and running. Proceed to the assignment tasks.
Assignment Tasks:
1. Demonstrate that the Inside-Host and DMZ-Host can access the internet without any
access rules configured.
2. Prove that the Kali Linux machine cannot access any port on either the Inside-Host or
DMZ-Host.
3. Configure an access rule that allows the Kali Linux machine to access the SMB ports
(port 445 and port 135) on the DMZ-Host.
4. Demonstrate that the Kali Linux machine can now access the SMB ports on the
DMZ-Host.
5. Use the Metasploit framework on the Kali Linux machine to show that the DMZ-Host is
vulnerable to the MS17-010 vulnerability.
6. Exploit the MS17-010 vulnerability on the DMZ-Host using the default Meterpreter
payload (reverse TCP) from the Kali Linux machine.
7. Show that upon successful exploitation, the DMZ-Host has initiated a connection to the
Kali Linux machine. Explain why this connection is successful even though no access rule
is configured to allow it.
8. Use the DPI capabilities of Cisco ASA to configure the following rules:
● Allow ICMP traffic across the FW.
● Filter DNS Type Field “A”.
● Filter the HTTP “get” command.
9. Provide evidence that each of the above DPI rules is working correctly.
Please follow these instructions carefully to complete your assignment. If you have any
questions or need further assistance, don't hesitate to reach out.
Good luck with your assignment!
软件开发、广告设计客服
QQ:99515681
邮箱:99515681@qq.com
工作时间:8:00-23:00
微信:codinghelp
热点项目
更多
urba6006代写、java/c++编程语...
2024-12-26
代做program、代写python编程语...
2024-12-26
代写dts207tc、sql编程语言代做
2024-12-25
cs209a代做、java程序设计代写
2024-12-25
cs305程序代做、代写python程序...
2024-12-25
代写csc1001、代做python设计程...
2024-12-24
代写practice test preparatio...
2024-12-24
代写bre2031 – environmental...
2024-12-24
代写ece5550: applied kalman ...
2024-12-24
代做conmgnt 7049 – measurem...
2024-12-24
代写ece3700j introduction to...
2024-12-24
代做adad9311 designing the e...
2024-12-24
代做comp5618 - applied cyber...
2024-12-24
热点标签
mktg2509
csci 2600
38170
lng302
csse3010
phas3226
77938
arch1162
engn4536/engn6536
acx5903
comp151101
phl245
cse12
comp9312
stat3016/6016
phas0038
comp2140
6qqmb312
xjco3011
rest0005
ematm0051
5qqmn219
lubs5062m
eee8155
cege0100
eap033
artd1109
mat246
etc3430
ecmm462
mis102
inft6800
ddes9903
comp6521
comp9517
comp3331/9331
comp4337
comp6008
comp9414
bu.231.790.81
man00150m
csb352h
math1041
eengm4100
isys1002
08
6057cem
mktg3504
mthm036
mtrx1701
mth3241
eeee3086
cmp-7038b
cmp-7000a
ints4010
econ2151
infs5710
fins5516
fin3309
fins5510
gsoe9340
math2007
math2036
soee5010
mark3088
infs3605
elec9714
comp2271
ma214
comp2211
infs3604
600426
sit254
acct3091
bbt405
msin0116
com107/com113
mark5826
sit120
comp9021
eco2101
eeen40700
cs253
ece3114
ecmm447
chns3000
math377
itd102
comp9444
comp(2041|9044)
econ0060
econ7230
mgt001371
ecs-323
cs6250
mgdi60012
mdia2012
comm221001
comm5000
ma1008
engl642
econ241
com333
math367
mis201
nbs-7041x
meek16104
econ2003
comm1190
mbas902
comp-1027
dpst1091
comp7315
eppd1033
m06
ee3025
msci231
bb113/bbs1063
fc709
comp3425
comp9417
econ42915
cb9101
math1102e
chme0017
fc307
mkt60104
5522usst
litr1-uc6201.200
ee1102
cosc2803
math39512
omp9727
int2067/int5051
bsb151
mgt253
fc021
babs2202
mis2002s
phya21
18-213
cege0012
mdia1002
math38032
mech5125
07
cisc102
mgx3110
cs240
11175
fin3020s
eco3420
ictten622
comp9727
cpt111
de114102d
mgm320h5s
bafi1019
math21112
efim20036
mn-3503
fins5568
110.807
bcpm000028
info6030
bma0092
bcpm0054
math20212
ce335
cs365
cenv6141
ftec5580
math2010
ec3450
comm1170
ecmt1010
csci-ua.0480-003
econ12-200
ib3960
ectb60h3f
cs247—assignment
tk3163
ics3u
ib3j80
comp20008
comp9334
eppd1063
acct2343
cct109
isys1055/3412
math350-real
math2014
eec180
stat141b
econ2101
msinm014/msing014/msing014b
fit2004
comp643
bu1002
cm2030
联系我们
- QQ: 9951568
© 2021
www.rj363.com
软件定制开发网!