Shorewall Logging - Module 4 Assignment | CS 482, Assignments of Computer Science

Material Type: Assignment; Professor: Aboutabl; Class: SEL TOPICS IN INFO SECURITY; Subject: Computer Science; University: James Madison University; Term: Unknown 1989;

Typology: Assignments

Pre 2010

Uploaded on 02/13/2009

koofers-user-k2f
koofers-user-k2f 🇺🇸

10 documents

1 / 3

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Module 3 Assignment 2 Page 1 of 3
CS 482: Selected Topics in Information Security
Spring 2005 – Section 1
Module 4 Assignment: Shorewall
I. Firewall
One way to test a firewall for durability and vulnerabilities is to make sure it denies or
allows access to certain resources on different computers from different external or
internal sources.
In our configuration of the Shorewall firewall we setup the basic policy for the network
and we defined rules (or exceptions to the policy).
Deliverable
For each of the following test you are to submit the policy and rules file, the results of
the test, how your team implemented the requirement, and any problems that you
encountered during the configuration. State whether or not your team had to
implement the rule unidirectional or bidirectional, in order words were you able to test
the rule going one way or did you have to insert the rules that went in the other
direction as well.
Note: Pinging from the computer that you have denied or allowed access to or from is
not a sufficient test, you must also show if other machines can access the same
resource.
Figure 1: Simplified diagram of the business network
Red Zone
FW
Green Zone
DMZ
pf3

Partial preview of the text

Download Shorewall Logging - Module 4 Assignment | CS 482 and more Assignments Computer Science in PDF only on Docsity!

CS 482: Selected Topics in Information Security

Spring 2005 – Section 1

Module 4 Assignment: Shorewall

I. Firewall

One way to test a firewall for durability and vulnerabilities is to make sure it denies or allows access to certain resources on different computers from different external or internal sources. In our configuration of the Shorewall firewall we setup the basic policy for the network and we defined rules (or exceptions to the policy).

Deliverable

For each of the following test you are to submit the policy and rules file, the results of the test, how your team implemented the requirement, and any problems that you encountered during the configuration. State whether or not your team had to implement the rule unidirectional or bidirectional, in order words were you able to test the rule going one way or did you have to insert the rules that went in the other direction as well. Note: Pinging from the computer that you have denied or allowed access to or from is not a sufficient test, you must also show if other machines can access the same resource.

Figure 1: Simplified diagram of the business network

Red Zone

FW

Green Zone

DMZ

Perform the following test within your team’s business network. The image indicates the direction of the rule.

Unidirectional rule: ¼

Bidirectional rule: »¼

Deny/Allow Access To/From Anywhere

Test 1: Disable the firewall and demonstrate that all the computers can ping each other. Test 2: Now, enable the firewall and show that access is denied of the traffic has to be routed through the Linux-FW machine.

Access Control with Zones Using Ping Request

Test 1: Deny access to the Green Zone and the DMZ from the Red Zone.

RZ GZ RZ DMZ

Test 2: Deny access from the Green Zone to the DMZ but allow access to the FW and the Red Zone.

GZ DMZ GZ RZ

Test 3: Deny access from the DMZ to the FW.

DMZ FW

Test 4: Allow access from the Green Zone to the DMZ; disable access to the Red Zone.

GZ DMZ GZ RZ

Test 5: Allow access from the DMZ to Red Zone only.

DMZ RZ DMZ GZ

Test 6: Allow access from Red Zone to DMZ only.

RZ DMZ RZ GZ

Test 7: Allow access from DMZ to everywhere but deny access from everywhere to DMZ.

DMZ ALL ALL DMZ

Test 8: Allow access from the DMZ and Green Zone only to anywhere.

DMZ ALL GZ ALL