Scribd Logo
Upload

Welcome to Scribd!

  • SEC 450 Week 3 ILab Database Server Security Demands

    Uploaded by

    David M Fontanez
    89 views6 pages
    Database Server security demands - iLab3 Objectives In this lab, the students will examine the following objectives. Become familiar with well-known and ephemeral ports Create ACL to meet requirements on database security demands. Only users in the Dallas and Chicago LANs should be able to access the Database Server securely.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Database Server security demands - iLab3 Objectives In this lab, the students will examine the following objectives. Become familiar with well-known and ephemeral ports Create ACL to meet requirements on database security demands. Only users in the Dallas and Chicago LANs should be able to access the Database Server securely.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    89 views6 pages

    SEC 450 Week 3 ILab Database Server Security Demands

    Uploaded by

    David M Fontanez
    Database Server security demands - iLab3 Objectives In this lab, the students will examine the following objectives. Become familiar with well-known and ephemeral ports Create ACL to meet requirements on database security demands. Only users in the Dallas and Chicago LANs should be able to access the Database Server securely.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    Student Name _David M.

    Fontanez___ ___ Date___22 Jan 2015___

    Database Server Security Demands iLab3


    Objectives
    In this lab, the students will examine the following objectives.

    Become familiar with well-known and ephemeral ports


    Create ACL to meet requirements on database security demands
    Learn best practices to create and apply ACLs.

    Scenario
    A small company is using the topology shown below. The Public Server is actually an off-site
    Database Server that contains company records. Assume that the 200.100.0.0/16 network represents
    the Internet. The Dallas and Chicago Servers and hosts need to access the database server securely.
    Only users in the Dallas and Chicago LANs should be able to access the database server.
    Topology

    The last page of the lab assignment document contains a full-page topology. Remove this
    page and use it for reference to the topology and the IP addresses.

    Initial Configuration
    The Dallas, Chicago, and ISP Routers FastEthernet and Serial interfaces used for the lab have been
    correctly configured and enabled. Unused interfaces have been shutdown. The RIP routing tables are
    complete for all routers and hosts. No ACLs have been applied to any of the routers. Below is the
    initial running-config file in ISP router.
    version 12.3(4)T7
    !
    hostname ISP_Router
    !
    interface FastEthernet0/0
    ip address 200.100.0.1 255.255.255.0
    !
    interface FastEthernet1/0
    ip address 200.100.40.1 255.255.255.0
    !
    interface Serial0/0
    ip address 200.100.10.1 255.255.255.0
    !
    interface Serial0/1
    ip address 200.100.20.1 255.255.255.0
    !
    router rip
    network 200.100.0.0
    network 200.100.10.0
    network 200.100.20.0
    network 200.100.40.0
    !
    line con 0
    line aux 0
    line vty 0 4
    password cisco
    line vty 5 15
    password cisco
    !
    end

    Lab Data Collection and Submission


    Download and open the lab document file: SEC450_DB-SecurityDemands_Report.docx. Enter your
    name and date at the top of the lab document. As you complete each task of the lab assignment
    entering all relevant configuration commands, and, answered questions (as specified in the iLab
    assignment) into this lab document. You will submit the completed
    SEC450_DB_SecurityDemands_Report.docx file into the this weeks eCollege iLab Dropbox.

    Note: RED text indicates the required questions to answer

    Task to Set up Security Policy for Offsite Database Server


    The following requirements were given to the network engineer to create and apply ACL 100 in ISP router
    1.
    2.
    3.
    4.
    5.
    6.

    Permit SQL database traffic from the Public server to the Dallas Host.
    Permit SQL database traffic from the Public server to the Dallas Server.
    Permit SQL database traffic from the Public server to the Chicago Host.
    Permit SQL database traffic from the Public server to the Chicago Server.
    Deny all other TCP traffic from the Public server to any destination.
    Permit all other traffic.

    #1. Explain the meaning of the "three P's" best practice rule to create ACL in routers
    One ACL per protocol- To control traffic flow on an interface, an ACL must be defined for each
    protocol enabled on the interface.
    One ACL per direction- ACLs control traffic in one direction at a time on an interface. Two
    separate ACLs must be created to control inbound and outbound traffic.
    One ACL per interface- ACLs control traffic for an interface, for example, Fast Ethernet0/0.

    #2. Explain the difference between the following two access-list commands
    a) access-list 101 permit tcp any any eq 80
    b) access-list 101 permit tcp any eq 80 any
    a) Allows any traffic with a destination TCP port
    b) Allows any traffic with a source TCP port

    #3. What are well-known, registered, and ephemeral UDP/TCP ports?


    Well-known and registered port numbers are needed for server processes since a client must know
    the servers port number to initiate contact. In contrast, client processes can use any port number.
    Each time a client process initiates a UDP or TCP communication it is assigned a temporary,
    or ephemeral, port number to use for that conversation. These port numbers are assigned in a
    pseudo-random way, since the exact number used is not important, as long as each process has a
    different number. The numbers are defined as 1,024 to 4,999, providing 3,976 ephemeral ports.

    #4. What is wrong with ACL 105?


    access-list 105 permit tcp any any
    access-list 105 deny tcp host 201.141.0.3 any
    3

    With the access-list 105 permit tcp any any, the eq was not specified.
    On access-list 105 deny tcp host 201.11.0.3 any, it should have been input like this:
    access-list 105 deny tcp any host 201.141.0.3

    #5. What well-known TCP port does Oracle Database (sql net) server use?
    TCP Port 1521

    #6. A company is managing an Oracle Database located in a Public Server to support day-to-day
    operations in Dallas and Chicago networks. The company has requested its Internet Access Provider
    (ISP) to create the necessary ACL at the ISP router securing that only responses from Oracle server to
    certain hosts are allowed to enter Dallas and Chicago LANs.
    ISP network engineers decided to use extended ACL, and applies it to F0/0 interface in ISP router. Why
    did they decide to create an extended ACL and apply it in interface F0/0 for inbound traffic?
    They decided to do this because if the access list is inbound, when the router receives a packet, the
    Cisco IOS software checks the criteria statements of the access list for a match. If the packet is
    permitted, the software continues to process the packet. If the packet is denied, the software discards
    the packet.

    #7. Copy below ISP routers initial running-config file from page 2, and add the commands
    needed to create and apply the ACL in the ISP router.

    ISP_Router>enable
    ISP_Router#config t
    Enter configuration commands, one per line.

    End with CNTL/Z.

    Rerun simulation if changes are made to the router's configuration.


    ISP_Router(config)#access-list 100 permit tcp host 200.100.0.10 eq 66 host
    192.168.100.10
    ISP_Router(config)#access-list 100 permit tcp host 200.100.0.10 eq 66 host
    192.168.100.11
    ISP_Router(config)#access-list 100 permit tcp host 200.100.0.10 eq 66 host
    192.168.200.10
    ISP_Router(config)#access-list 100 permit tcp host 200.100.0.10 eq 66 host
    192.168.200.11
    ISP_Router(config)#access-list 100 deny tcp host 200.100.0.10 any
    ISP_Router(config)#access-list 100 permit ip any any
    ISP_Router(config)#int f0/0
    ISP_Router(config-if)#ip access-group 100 in

    Answer all questions in the iLab Report document and upload it in Week 3 iLab Dropbox.

    You might also like