DispersedNet
SiteMap
Network Admin
Unix Admin
System Admin
Network Security
Network Firewalls
«Prev
Next»
Network Security Overview
Security Standards
Security Characteristics
Security System Threat
Effective Security Systems
Planning Security Policy
System Security Policy
Creating Policy
Organizational Training
Security Standards
Security Basics - Quiz
Effective Security Structure
Important Security Elements
Security Services Standards
Encrypting Decrypting Data
Authentication Methods - Quiz
Securing Protocol Layers
TCP/IP Network
Transport Layer
SYN Flood Attack
Packet Construction
Protocol Layers - Quiz
Securing Resources
OS Security
Protecting TCP/IP
OS Security Quiz
Securing Resources Services
Firewalls in Depth
What is Firewall
Packet Filters
Circuit Level Gateways
Application Gateway
Bastion Host Firewall
Common Firewall Designs
Strategies Goals
Firewall Types
Packet Filter Rule - Exercise
Configure Network Firewall
Objective:
Configure a firewall using packet filter rules.
Exercise scoring
This exercise is worth 15 points and is tutor-graded.
Instructions
In this exercise, you will configure a firewall using packet filter rules. For clarity, we are including "Protocol" and "Path" sections in the packet filter rules. Bear in mind that a true packet filter is more complex than we are showing here.
Using the following information, write a packet filter to achieve the stated goals. You may either create a table in MS Word or use the table provided in the exercise downloads on the Resources page.
Your network address is 192.168.0.0/24 (
CIDR notation
[1]
)
Your internal SMTP server address is 192.168.0.10
Your internal Web server address is 192.168.0.20
HTTP traffic normally operates on port 80
SSL traffic normally operates on port 443
FTP request traffic normally operates on ports 21
FTP reply traffic normally operates on port 20 and ports >1023
SMTP traffic normally operates on port 25
Ad
Guide to Network Security
Goals
Create packet filter rules to:
Allow HTTP from your internal network to the outside world (allow your users to browse the Web).
Allow SSL from your internal network to the outside world (allow your users to make purchases online).
Allow FTP from your internal network to the outside world (allow your users to download information from the Web).
Allow SMTP traffic into your mail server only (allow other mail servers to transfer mail to your company).
Allow the outside world to access your internal Web server (allow the public to view your Web site).
Deny all other incoming IP traffic.
Note:
For each goal, choose an action, either Allow or Block, for the IP address, port numbers and protocols indicated. The Path is the direction of data flow, either In to or Out of the network.
Below is an example of the format for your table. You are welcome to create your own table or to use the table provided in the exercise downloads on the Resources page.
Rule #
Action
Source Address
Destination Address
Port
Protocol
Path
(In/Out)
1
2
3
4
5
6
7
Submitting your Exercise
When you have completed this exercise, paste your answers in the text box below and click
Submit.
Submit
[1]
(CIDR) Classless Inter-Domain Routing:
Allocates blocks of Internet addresses assigned to an Internet Service Provider (ISP) by Internic.