Sec 572 Week 2 solution Essay Example
Student Name ___________ Date 09/12/13
SEC572 Security Demands Lab Document
Task 1 – Verify Initial Connectivity between Router and Hosts
Select the Task 1 commands in the Virtual CLI using the mouse and click on the Copy button. Use V to paste commands and the output into the textbox provided below:
Select Identify Unreachable interfaces from the Flow Analysis menu. Select For all nodes in the Choose Nodes dialog and click Compute. Capture the Compute dialog window that says "All demands are routable" into this lab document below:
All demands are routable.
Task 2 – Flow Analysis Security Demands Configuration
Click Violations to see what security violation has occurred. As expected, the DENY rule has been violated because no ACL has been applied to the network. Use to Capture the Violations Report window. Use V to paste the window in the space provided below:
Click on the Destination Reachable link for more information. The Security Demand Routing page shows the path taken for the traffic that should have been denied. Use to capture the Security Demand Routing Report window and paste it into this lab document below with V.
Task 3 - Apply the ACL & Verify Security Demands Compliance
If you are applying an extended ACL to deny specific packets, where should you apply it, as close to the source as possible or as close to the destination as possible? Explain your answer.
I am sure the extended always go as close as the source as possible, remember that in a standard ACL we define the source and it is placed as close to the destination as possible, because we do not specify a destination.
Extended ACL's we specify a source and destination address so they are place close to source
Standard source - placed as close to destination
Extended source and destination - place as close to source
Apply the access-list to the F0/0 interface for all inbound traffic. From Global configuration
SEC572 Security Demands Lab Document
Task 1 – Verify Initial Connectivity between Router and Hosts
Select the Task 1 commands in the Virtual CLI using the mouse and click on the Copy button. Use V to paste commands and the output into the textbox provided below:
Select Identify Unreachable interfaces from the Flow Analysis menu. Select For all nodes in the Choose Nodes dialog and click Compute. Capture the Compute dialog window that says "All demands are routable" into this lab document below:
All demands are routable.
Task 2 – Flow Analysis Security Demands Configuration
Click Violations to see what security violation has occurred. As expected, the DENY rule has been violated because no ACL has been applied to the network. Use to Capture the Violations Report window. Use V to paste the window in the space provided below:
Click on the Destination Reachable link for more information. The Security Demand Routing page shows the path taken for the traffic that should have been denied. Use to capture the Security Demand Routing Report window and paste it into this lab document below with V.
Task 3 - Apply the ACL & Verify Security Demands Compliance
If you are applying an extended ACL to deny specific packets, where should you apply it, as close to the source as possible or as close to the destination as possible? Explain your answer.
I am sure the extended always go as close as the source as possible, remember that in a standard ACL we define the source and it is placed as close to the destination as possible, because we do not specify a destination.
Extended ACL's we specify a source and destination address so they are place close to source
Standard source - placed as close to destination
Extended source and destination - place as close to source
Apply the access-list to the F0/0 interface for all inbound traffic. From Global configuration