Project – Assignment 2 | My Assignment Tutor

ITNE2005RNETWORK SECURITY IMPLEMENTATIONProject – Assignment 2March 2021INTE2005R NETWORK SECURITY IMPLEMENTATIONCopyright © 2021 VIT, All Rights Reserved.The purpose of project is to assess students on the following Learning Outcomes:LO2: Analyse and configure routers on the network perimeter with router software securityfeaturesLO3: Evaluate and configure firewall protocols and features to perform basic securityoperations on a networkLO4: Critically review the enterprise network requirements and configure site-to-site VirtualPrivate Networks using standard router software featuresLO5: Analyse the enterprise security requirements and configure intrusion prevention systemson network routers.LO6: Monitor network traffic and implement security policies to control access, resist attacks,and protect network devices__________________________________________________________________________________Objective(s)This assessment item relates to the unit learning outcomes as in the unit descriptors. Thepurpose of this assignment is to enable students to work in teams and expand their thinkingthrough reading and sharing ideas.__________________________________________________________________________________Case StudyIn 2018, FunTech (PRIVATE) Limited is recorded as a the top 10 fastest growing company with800% EPS growth in a year. Recently, the company has added 50 part time and 100 full timeemployees. The company has expanded 3 new branches in different cities. The networkexpansion is almost completed, and all the offices are connected with each other via WAN(Internet). Data’s from all the offices are stored and executed from the main data centrewhich is located in the head office. This data centre even holds highly confidential andsensitive data. The CTO of the company is worried since there are only few security devicesinstalled in the network and there is a high risk of the network getting compromised.Based on the report presented by IT department, some abnormal traffic pattern wasmonitored in company’s network both from inside and outside the network. Initialinvestigation shows that 1) some of the company’s hardware has some major loopholes (notsecured) which was not expected 2) the head office network is being constantly receiving aransomware message 3) strange network traffic patterns can be seen. It’s also observed thatthe capacity of mail server is 30 mails per second, but the server is sometimes receiving morethan 100 mails in a second which is not normal. IT department is highly suspicious about thisWeightage: 45% (Project Report – 30% + Final Presentation / Demo – 15%)Project Report: Due Session 12Final Presentation / Demo: Due Session 12INTE2005R NETWORK SECURITY IMPLEMENTATIONCopyright © 2021 VIT, All Rights Reserved.abnormal traffic and to clarify what is going on, the company is hiring a third-party securitycompany to conduct a risk assessment. Implementing an IT security risk assessment is highlyrecommended and can prevent security breaches and its impacts.* 1 main office (Melbourne)*5 regional office across AustraliaThe small segment of network design of FunTech (private) Limited is provided. Based on thenetwork diagram, complete the following task.(You are free to make necessary assumption if required)INTE2005R NETWORK SECURITY IMPLEMENTATIONCopyright © 2021 VIT, All Rights Reserved.Part ATask 1: Fill the addressing table before you start your configuration DeviceInterfaceIP AddressSubnet MaskDefault GatewaySwitch PortR1-StudentIDN/AN/AN/ALoopback 1172.20.1.1255.255.255.0N/AN/AR2–StudentIDN/AN/AN/AN/AR3–StudentIDN/AN/AN/AS1–StudentIDVLAN 1N/AS2–StudentIDVLAN 1N/AS3–StudentIDVLAN 1N/AASAVLAN 1(Et0/2)N/AVLAN 2(Et0/0)N/AVLAN 3(Et0/1)N/APC-ANICPC-BNICPC-CNICPC-DNICPC-ENICPC-FNIC INTE2005R NETWORK SECURITY IMPLEMENTATIONCopyright © 2021 VIT, All Rights Reserved.Task 2: Configure Basic Device Settings• Configure host names as shown in the topology plus your student ID.• Configure interface IP addresses as achieved from IP Addressing Table.• Configure static and dynamic routing• Verify connectivity among devices before another configuration.Task 3: Configure Secure Router Administrative Access• Configure encrypted passwords and a login banner.• Configure the EXEC timeout value on console and VTY lines.• Configure login failure rates and VTY login enhancements.• Configure Secure Shell (SSH) access and disable Telnet.• Configure local authentication, authorization, and accounting (AAA) user authentication.• Secure the router against login attacks and secure the IOS image and the configurationfile.• Configure a router NTP server and router NTP clients.• Configure router syslog reporting and a syslog server on a local host.Task 4: Configure a Zone-Based Policy Firewall and Intrusion Prevention System• Configure a Zone-Based Policy Firewall (ZPF) on an R3 using the CLI.• Configure an intrusion prevention system (IPS) on an R3 using the CLI.Task 5: Configure ASA Basic Settings and Firewall• Configure basic settings, passwords, date, and time.• Configure the inside and outside VLAN interfaces.• Configure port address translation (PAT) for the inside network.• Configure a Dynamic Host Configuration Protocol (DHCP) server for the inside network.• Configure administrative access via Telnet and SSH.• Configure a static default route for the Adaptive Security Appliance (ASA).• Configure Local AAA user authentication.• Configure a DMZ with a static NAT and ACL.• Verify address translation and firewall functionality.Task 6: Configure a Site-to-Site VPN between the ASA and R3• Configure an IPsec site-to-site VPN between the ASA and R3-S0000 using ASDM and theCLI.• Activate and verify the IPsec site-to-site VPN tunnel between the ASA and R3.__________________________________________________________________________________INTE2005R NETWORK SECURITY IMPLEMENTATIONCopyright © 2021 VIT, All Rights Reserved.Part BConclude your reportAnalyse the project security before and after the implementation of provided configuration.Write an executive summary on the output of this project of the provided project(in your own word)__________________________________________________________________________________General Instructions• The project is a Group assessment. The students are required to work in teams ofmaximum of 5 members• Please note that the incidents of plagiarism will be penalized. Late penalty applieson late submission, 10% per day would be deducted.• It is worth 45% of the total marks for the unit.o Case Study Project Report – Worth 30%§ The final project report will take the form of an academic report ofapproximately 2500 words not including references. Your reportshould present as a collective effort, not a series of submissions byvarious team members. It is expected to FLOW as one document.Each team member’s contribution should be clearly identified inthe report, with a notation about which section he/she wroteabout.o Presentation – Worth 15%§ Provide a summary of each team’s Case Study Project findings andthe developed diagrams to the class. Each team’s presentation isexpected to take between 15 minutes and 20 minutes. All teammembers must contribute almost equally to the presentation, andeach team member’s contribution must be clearly indicated in thepresentation plan that is submitted to the lecturer.*Please note that Final presentation/ Demo is marked as huddle in this unit. Students are requiredto achieve at least 40% in those hurdle components in addition to an overall mark of 50% toachieve a pass grade in the unit.• To complete the Assignment, refer to Assignment Supplementary document.Please note that this document is not a solution but a reference. You are allowedto make any necessary assumptions if necessary.__________________________________________________________________________________INTE2005R NETWORK SECURITY IMPLEMENTATIONCopyright © 2021 VIT, All Rights Reserved.Submission Guidelines• Your report should include the following:o The report should have a consistent, professional, and well-organizedappearance with 12point font size and at least single line spacing withappropriate section headings.o The cover page must identify student names and the ID number(s), unitdetails, assignment details and lecturer details.o Screens-shots evidence of your configuration work with a description (Part2).o Executive summary of the project• In-text referencing in IEEE style must be cited in the text of the report and listedappropriately at the end in a reference list (if required).• The report must be submitted in soft (electronic) copy as a Microsoft Worddocument on the LMS in Turnitin dropbox. Assignments submitted on the LMS willonly be accepted. Group Submission – One submission per group• The presentation file must be submitted in soft (electronic) copy as a PowerPointpresentation on the LMS. Group Submission – One submission per group• Late penalty applies on late submission, 10% per day would be deducted.• The assignments will go through Turnitin and plagiarism penalty will be applied.__________________________________________________________________________________Marking Guide: 100 Marks DescriptionMarksPart AImplementationTask 1: Fill the addressing table before you start yourconfigurationTask 2: Configure Basic Device SettingsTask 3: Configure Secure Router Administrative AccessTask 4: Configure a Zone-Based Policy Firewall and IntrusionPrevention SystemTask 5: Configure ASA Basic Settings and FirewallTask 6: Configure a Site-to-Site VPN between the ASA and R3(Provide screen shots of each implementation)101020101010Part BConclusionAnalyse the project security before and after the implementationof provided configuration.Executive summary of your understanding about the output ofthis project (500 words) at the end of the report.20The report style, language and structure should be appropriate.10Total100