Student Name: Rolando Salas Date: 7/26/14
Database Server Security Demands – iLab3
In this lab, the students will examine the following objectives.
Become familiar with well-known and ephemeral ports
Create ACL to meet requirements on database security demands Learn best practices to create and apply ACLs.
A small company is using the topology shown below. The Public Server is actually an off-site Database Server that contains company records. Assume that the 126.96.36.199/16 network represents the Internet. The Dallas and Chicago Servers and hosts need to access the database server securely. Only users in the Dallas and Chicago LANs should be able to access the database server.
The last page of the lab assignment document contains a full-page topology. Remove this page and use it for reference to the topology and the IP addresses.
The Dallas, Chicago, and ISP Routers’ FastEthernet and Serial interfaces used for the lab have been correctly configured and enabled. Unused interfaces have been shutdown. The RIP routing tables are complete for all routers and hosts. No ACLs have been applied to any of the routers. Below is the initial running-config file in ISP router.
ip address 188.8.131.52 255.255.255.0
ip address 184.108.40.206 255.255.255.0
ip address 220.127.116.11 255.255.255.0
ip address 18.104.22.168 255.255.255.0
line con 0
line aux 0
line vty 0 4
line vty 5 15
Lab Data Collection and Submission
Download and open the lab document file: SEC450_DB-SecurityDemands_Report.docx. Enter your name and date at the top of the lab document. As you complete each task of the lab assignment entering all relevant configuration commands, and, answered questions (as specified in the iLab assignment) into this lab document. You will submit the completed SEC450_DB_SecurityDemands_Report.docx file into the this week’s eCollege iLab Dropbox.
Note: RED text indicates the required questions to answer
Task to Set up Security Policy for Offsite Database Server
The following requirements were given to the network engineer to create and apply ACL 100 in ISP router
1. Permit SQL database traffic from the Public server to the Dallas Host. 2. Permit SQL database traffic from the Public server to the Dallas Server. 3. Permit SQL database traffic from the Public server to the Chicago Host. 4. Permit SQL database traffic from the Public server to the Chicago Server. 5. Deny all other TCP traffic from the Public server to any destination. 6. Permit all other traffic.
#1. Explain the meaning of the "three P's" best practice rule to create ACL in routers
One ACL per protocol, per direction and per interface are the three P’s used for remembering the general rule for applying ACLs on a router. One ACL per protocol is to control the flow of traffic on an interface. Per direction would be considered to have ACLs control traffic going in one direction at a time on an interface. Per interface is having ACLs controlling traffic for an interface.
#2. Explain the difference between the following two access-list commands a) access-list 101 permit tcp any any eq 80
b) access-list 101 permit tcp any eq 80 any
a) This ACL will be permitting all TCP packets from any source IP address to any destination IP address where the source and destination port is 80. b) This ACL will be permitting all TCP packets from any source IP address where the source port is 80 to any destination IP address.
#3. What are well-known, registered, and ephemeral UDP/TCP ports?...
Please join StudyMode to read the full document