SEC450 Security Demands Opnet iLab
Objectives
In this lab, the students will examine the following objectives.
* The use of flow analysis to create required security demands
* Creation of ACLs to meet the requirements of the security demands
* Verification of security demands using web reports
Scenario
A small company is using the topology shown below. Minimal security measures have been implemented. Assume that the 200.100.0.0/16 network represents the Internet. The Dallas and Chicago Hosts need to be protected from specific types of traffic from the Internet.
Topology
The last page of the lab assignment document contains a full page topology. Remove this ...view middle of the document...
As you complete each task of the lab assignment, copy all relevant configuration information, web reports, tables, answered questions, and/or captured screenshots (as specified in the iLab assignment) into this lab document. You will submit the completed SEC450_SecurityDemands_Report.docx file into the this week’s eCollege iLab Dropbox.
Note: RED text indicates the required capture of commands or windows from the OpNet program into your lab document. All completed tables and answered questions in the lab assignment must be transferred to your submitted lab document.
Task 1—Verify Initial Connectivity Between Router and Hosts
* Right-click on the Dallas Router and select OpenVirtualCLI. Enter privileged exec mode and (using the limited IOS commands available), verify the settings on the interfaces. Also display the routing table.
* Enter the IOS command that will verify that there are no ACLs defined on the Dallas Router.
* Verify connectivity between the Dallas Router and the ISP and Chicago Host and server PCs by pinging their IP addresses from the Virtual CLI.
* Select the Task 1 commands in the Virtual CLI using the mouse and click on the Copy button. Use <Ctrl>V) to paste the commands into your lab document.
* Open the Flow Analysis menu and select Run Flow Analysis.
* Close the Flow Analysis Log that appears.
* Select Identify Unreachable Interfaces from the Flow Analysis menu. Select For all nodes in the Choose Nodes dialog and click Compute. Capture the Compute dialog window that says "All demands are routable" in to your lab document.
Task 2—Security Demands Configuration
We will use the Object Palette to create a set of security demands for the network that protects the Dallas and Chicago Servers from all traffic other than FTP and HTTP.
* Open the Object Palette by clicking on the icon.
Expand the Demand Models/By Type/IPSecurity folder and select the ip_security demand model.
* Click on the ip_security icon and then move the mouse cursor to the network topology window.
* Click on the Chicago Host icon, and then click on the Dallas Server icon. You should see a green arrow with the arrowhead on the Dallas Server as shown below. Right-click on a blank area of the network and select Abort Demand Definition.
* Left-click on the green line and select Edit Similar Demands.
*
Click on the icon in the first column of the demand attribute and click Duplicate. Do this once more so that you will have three demand attribute rows in the table.
* Expand the name column. Delete any numbers at the end of the name fields and add the suffix FTP to the name field in the first row, HTTP to the name field in row two, and TELNET to the name field in row three.
* In the Destination Port field, change rows one and two to ftp and http respectively, and set row three as telnet.
* Set the Protocol field for all three rows to TCP....