Network Case Study Part A

New York(A) Chicago(B) Detroit(C) Orland(D) Los Angeles(E) Portland(F)

1000 500 500 120 800 250

175.20.0.0 to 175.20.3.232 175.20.10.0 to 175.20.11.244 175.20.20.0 to 175.20.21.244 175.20.30.0 to 175.20.30.119 175.20.40.0 to 175.20.43.32 172.20.50.0 to 175.20.50 249

This might be note that many addresses are left unallocated between the two subnets, this is because for the future addition in the network, i.e. if the number of hosts increases to 1200 from 1000 in New York, we can allocate addresses without disturbing the complete network.

Part B:
Block Chicago branch users to telnet other branches and main office. Allow all communication into Chicago from other locations except http and ftp. BRouterB(config) #access-list 10 deny ip 175.20.0.0 0.0.255.255 eq telnet l RouterB(config) #access-list 10 deny 175.20.255.255 0.235.255.255 eq telnet o c RouterB(config)#access-list 10 permit ip any any access-list 102 remark SDM_ACL Category=256 k access-list 102 remark Outgoing Traffic RouterB(config)#access-list 10 deny ip any any eq http access-list 102 permit ip 175.20.30.0 0.0.3.255 175.20.30.119 0.0.3.255 h RouterB(config)#access-list 10 deny ip any any eq ftp access-list 102 remark Outgoing Traffic t access-list 102 permit ip 175.20.20.0 0.0.3.255 175.20.21.244 t 0.0.3.255 p access-list 102 remark Incoming Traffic access-list 102 permit ip 175.20.0.0 0.0.3.255 175.20.0.0

and ftp traffic from Detroit and Orland to New York office. Allow all other traffic. Also deny ICMP packet from all locations to New York office.

Block telnet sessions to Portland from Los Angeles and Detroit. Also block Portland users from accessing SMTP servers to anywhere.

No Internet traffic should be allowed in to New York and all branch offices except in response to requests initiated by users in the company.

B l o c k a l l t elnet sessions and Ping requests from Portland and Orland to Detroit office.

Part C:

Router>enable Router#configure terminal Router(config)#hostname R1 R1(config)#interface fastethernet 0/0 R1(config-if)#description Student Lab LAN R1(config-if)#ip address 172.16.0.0 255.255.0.0 R1(config-if)#no shutdown

Part D:
One of the major threats regarding security in a WAN or LAN network is Sniffing of packets by Spoofing, i.e. by altering the MAC address and matching with the complete network which redirects all the packets through the attacking system. This is the most vulnerable threat which can be completely blocked at Physical or Data Link Layer only by using good authentication methods. But at Network and Application Layer we can apply IP spoofing filters. These are the filters that are applied at the interface of the routers, which increases the

security with increased complexity of the network. By adding such filter functions using ACLs in routers, we can protect our network. Another threat that one can face in the network is the vulnerable threats at proxy database, VPN or FTP attacks. For that according to the need the ports must be open, and a good injection free proxy servers must be used and also the firewalls that don not allow the VPN or any other tunnels to be formed.