Scribd Logo
Unggah

Selamat datang di Scribd!

  • Network Security Case Study

    Diunggah oleh

    Anonymous JKmJLl
    11 tayangan6 halaman
    ccna

    Judul Asli

    Network Security Case study

    Hak Cipta

    © © All Rights Reserved

    Format Tersedia

    TXT, PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini
    ccna

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai TXT, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    11 tayangan6 halaman

    Network Security Case Study

    Diunggah oleh

    Anonymous JKmJLl
    ccna

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai TXT, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 6

    PART 2:

    R1:
    !
    no ip domain-lookup
    !
    line con 0
    logg syn
    exit
    !
    hostname R1
    !
    interface g0/0
    description ASA e0/0
    ip add 209.165.200.225 255.255.255.248
    no shut
    exit
    !
    interface s0/0/0
    ip add 10.1.1.1 255.255.255.252
    clock rate 64000
    no shut
    exit
    !
    interface loopback 1
    ip add 172.20.1.1 255.255.255.0
    exit
    !
    ip route 0.0.0.0 0.0.0.0 s0/0/0
    !
    end
    R2:
    !
    no ip domain-lookup
    !
    line con 0
    logg syn
    exit
    !
    hostname R2
    !
    interface s0/0/0
    ip add 10.1.1.2 255.255.255.252
    clock rate 64000
    no shut
    exit
    !
    interface s0/0/1
    ip add 10.2.2.2 255.255.255.252
    clock rate 64000
    no shut
    exit
    !
    ip route 209.165.200.224 255.255.255.248 s0/0/0
    !
    ip route 172.16.3.0 255.255.255.0 s0/0/1
    !
    end
    R3:
    !
    no ip domain-lookup
    !
    line con 0
    logg syn
    exit
    !
    hostname R3
    !
    interface g0/1
    description S3 f0/5
    ip add 172.16.3.1 255.255.255.0
    no shut
    exit
    !
    interface s0/0/1
    ip add 10.2.2.1 255.255.255.252
    clock rate 64000
    no shut
    exit
    !
    ip route 0.0.0.0 0.0.0.0 s0/0/1
    !
    end
    S1:
    !
    no ip domain-lookup
    !
    line con 0
    logg syn
    exit
    !
    hostname S1
    !
    interface vlan 1
    ip add 192.168.2.11 255.255.255.0
    exit
    !
    ip default-gateway 192.168.2.1
    !
    end
    S2:
    !
    no ip domain-lookup
    !
    line con 0
    logg syn
    exit
    !
    hostname S2
    !
    interface vlan 1
    ip add 192.168.1.11 255.255.255.0
    exit
    !
    ip default-gateway 192.168.1.1
    !
    end
    S3:
    !
    no ip domain-lookup
    !
    line con 0
    logg syn
    exit
    !
    hostname S3
    !
    interface vlan 1
    ip add 172.16.1.11 255.255.255.0
    exit
    !
    ip default-gateway 172.16.3.1
    !
    end

    PCA: see instruction


    PCB: see instruction
    PCC: see instruction
    PART3 :
    R3:
    !
    service password-encryption
    !
    banner motd $Unauthorized access strictly prohibited$
    !
    !
    line con 0
    exec-timeout 5 0
    exit
    !
    line vty 0 4
    exec-timeout 5 0
    exit
    !
    !
    !
    login block-for 15 attempts 5 within 60
    !
    !
    !
    ip domain-name ccnasecurity.com
    !
    username admin privilege 15 algorithm-type scrypt secret cisco12345
    !
    line vty 0 4
    login local
    transport input ssh
    exit
    !
    crypto key zeroize rsa
    !
    crypto key generate rsa general-keys modulus 1024
    !
    ip ssh version 2
    !
    !
    aaa new-model
    !
    aaa authentication login default local
    !
    !
    service timestamps log datetime msec
    !
    logging host 172.16.3.3
    !
    logging trap warnings
    !
    end
    TODO: PART4 IPS:
    TODO: PART5 Secure S1:
    S1:
    !
    enable algorithm-type scrypt secret class
    !
    line con 0
    password cisco
    login
    exit
    !
    line vty 0 4
    password cisco
    login
    exit
    !
    banner motd $Unauthorized access strictly prohibited$
    !
    !
    ip domain-name ccnasecurity.com
    !
    username admin privilege 15 algorithm-type scrypt secret cisco12345
    !
    crypto key generate rsa general-keys modulus 1024
    !
    ip ssh version 2
    !
    line vty 0 4
    privilege level 15
    login local
    transport input ssh
    exit
    !
    line vty 5 15
    transport input none
    exit
    !
    !
    interface range f0/1-24, g0/1-2
    switchport mode access
    shutdown
    exit
    !
    interface range f0/6, f0/24
    no shut
    exit
    !
    interface f0/6
    spanning-tree portfast
    spanning-tree bpduguard enable
    exit
    !
    !
    interface range f0/6, f0/24
    shutdown
    switchport port-security
    switchport port-security mac-address sticky
    no shutdown
    exit
    !
    !
    !vlan 20
    ! name Users
    !exit
    !
    !interface range f0/6, f0/24
    ! switchport access vlan 20
    !exit

    PART6 ASA:
    ASA#write erase
    ASA#reload
    ciscoasa(config)#
    <Copy script>
    !
    hostname ASA
    !
    domain-name ccnasecurity.com
    !
    enable password class
    passwd cisco
    !
    clock set 08:15:00 march 01 2017
    !
    interface vlan 1
    nameif inside
    ip address 192.168.1.1
    security-level 100
    !
    interface vlan 2
    nameif outside
    ip address 209.165.200.226
    security-level 0
    !
    interface e0/1
    switchport access vlan 1
    no shut
    !
    interface e0/0
    switchport access vlan 2
    no shut
    !
    object network inside-net
    subnet 192.168.1.0 255.255.255.0
    nat (inside,outside) dynamic interface
    !
    dhcpd address 192.168.1.5-192.168.1.36 inside
    dhcpd enable inside
    !
    username admin password cisco123
    aaa authentication telnet console LOCAL
    aaa authentication ssh console LOCAL
    !
    telnet 192.168.1.0 255.255.255.0 inside
    !
    crypto key generate rsa modulus 1024
    !
    ! STOP HERE
    !
    write mem
    ssh 192.168.1.0 255.255.255.0 inside
    ssh 172.16.3.3 255.255.255.255 outside
    !
    route outside 0.0.0.0 0.0.0.0 209.165.200.225
    !
    interface vlan 3
    ip address 192.168.2.1 255.255.255.0
    no forward interface vlan 1
    nameif dmz
    security-level 70
    no shut
    !
    interface e0/2
    switchport access vlan 3
    no shut
    !
    object network dmz-server
    host 192.168.2.3
    nat (dmz,outside) static 209.165.200.227
    !
    access-list OUTSIDE-DMZ permit ip any host 192.168.2.3
    access-group OUTSIDE-DMZ in interface outside
    !

    Verify:
    ASA#sh nat
    ASA#sh xlate
    ASA#clear nat counters
    PC-C>ping 192.168.1.3
    PC-C>ping 192.168.2.3
    R3#ping 192.168.1.3
    R3#ping 192.168.2.3

    Anda mungkin juga menyukai