IS3220 Lab 9
ITT Technical Institute, Tampa FL
Instructor: Sherman Moody
18 November, 2014
1. Briefly explain how the Gufw internal Ubuntu host IP ststeful firewall can be used in a layered security strategy at the Workstation Domain level. Go to System>Administration>Firewall configuration. It supports common tasks such as allowing or blocking pre-configured, common P2P, or individual ports. Gufw is powered by UFW, runs on Ubuntu, and anywhere else Python, GTK, and UFW are available. 2. Briefly explain how each of the Linux-based tools demonstrated in this lab can be used to monitor bandwidth, protocol, and network traffic information. bmon is a portable bandwidth monitor and rate estimator. It supports various input methods for different architectures. Various output modes exist including an interactive curses interface,lightweight HTML output but also formatable ASCII output. iftop listens to network traffic on a named interface and displays a table of current bandwidth usage by pairs of hosts. Pktstat displays a real-time list of active connections seen on a network interface, and how much bandwidth is being used by what. Partially decodes HTTP and FTP protocols to show what filename is being transferred. X11 application names are also shown. Iperf is a tool to measure maximum TCP bandwidth, allowing the tuning of various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, datagram loss. Tcptrack is a sniffer which displays information about TCP connections it sees on a network interface. 3. Given that the Ubuntu internal firewall is not installed by default, should you enable this firewall if your organization already has a firewall? Why or why not? Yes, because it is still critical to protect the LAN-WAN edge. However, network firewalls now must also keep communications between internal network segments in check so that internal employees cannot access network and data resources that corporate policy dictates are off-limits to them. By partitioning the corporate intranet with firewalls, departments within an organization are offered additional defenses against threats originating from other departments. 4. How do you block specific ports and IP ranges from communicating via TCP/IP to and from your Ubuntu Target VM using Gufw? The Simple tab of the Add Rule dialog allows incoming and outgoing rules to be defined simply by referencing the corresponding TCP/IP port. The ports used by known application and services represent only a small subset of the ports available for use by applications and for which firewall rules may need to be defined. A third party application might for example use port 5700 to communicate with a remote server. That being the case, it may be necessary to allow traffic on this specific port using the Simple panel. The rule may be configured to filter either TCP, UDP or both traffic types. In addition the port may be specified as a single port number, as multiple individual ports separated by commas (e.g. 22,45,66) or as a range of ports with the start and end ports separated by a colon (1000:1500, for example, would apply the rule to all ports between 1000 and 1500). Commas may also be used to declare a mixture of individual ports and ranges, for example 22,45,66,1000:1500 5. Other than Deny or Allow incoming connections, what other options are available in Ubuntu’s internal firewall? Why would they include any additional option? Enable, disable, default reject, status, help, bash, reset and many more. 6. What usefulness is there in monitoring IP traffic to and from an individual workstation or server? Monitoring log data from workstations can give you insight into the state of the system - if a user calls and complains about something not working correctly, the event log and recent history of activity can provide a lot of useful data. Unexpected users logging on to workstations that are more likely to have sensitive...
Please join StudyMode to read the full document