Assignment Task
You have recently been employed as a Cyber Security Consultant for IT Assurance Services. IT Assurance Services specialises in the provision of ICT services to a range of small and medium enterprises, including the conduct of cyber security vulnerability assessments and the subsequent design and implementation of risk mitigation solutions to secure client systems.
Your employer has asked you to review the existing network infrastructure for their client Jojo Pty Ltd and to design and implement an effective security perimeter. As part of this you are required to document all stages of the network and security perimeter design to explain the purpose and functionality of each aspect.
For your submission, you will provide the following files:
- CISCO Packet Tracer Files
- Documented System Design
Your Task
Using the information in the case study, complete the following steps to design and implement a security perimeter for Jojo Pty Ltd. For all tasks where you are required to configure network devices and services, you must include the configuration scripts and commands that you have used within the Documented System Design. Where possible screenshots should also be taken to confirm that devices and services have been configured and operate correctly.
Initial Assessment and Planning
- Evaluate the security vulnerabilities found in the internetworking system provided above and provide a proposal for the for advanced security technologies to be implemented.
- Build the interworking system shown in the topology diagram for Jojo Pty Ltd using the CISCO Packet Tracer simulation software. In this design you will use Router 1941, switch 2960 and ASA 5505
- Provide a description of the process for configuring secure administrative access to the network.
- Provide a description of the process for the allocation of user command privileges for network devices.
Router and Switch Configuration
- Configure the routers and switches within the network topology.
- Configure the routers to the following settings:
- Configure interface IP addresses as given in addressing table.
- Configure Routing using OSPFv2 and Process ID 1 on R1, R2 and R3.
- Configure the switches to the following settings:
- Change the hostnames from default to S1, S2 and S3 respectively.
- Configure trunking between S1 and S2.
- Configure Vlan1 IP addresses and default gateway as shown in addressing table.
- Ping between the routers and ping between Loopback 1 and PC-C should be successful. Take a screenshot to confirm that this is successful.
- Undertake troubleshooting of peripheral I/O devices including installation and configuration as required.
Configuration of secure site-to-site VPN
- Answer the following in relation to Virtual Private Network (VPN) technologies:
- Provide an explanation of the advantages and operation of VPNs.
- Provide a summary of the operation of Internet Protocol Security (IPSec) VPNs.
- Provide a description of how tunnelling operates in relation to VPNs
- Configure the security of R1 for secure connections.
- Enable the Security Technology Package licence on R1. Save the running configuration before reloading and take a screenshot to confirm this.
Configure the access list:
- Create an access list to identify interesting traffic on R1
- Configure ACL 101 to allow traffic from the R1 Lo1 network to the R3 G0/1 LAN.
- Configure the crypto isakmp policy 10 Phase 1 properties on R1 and the shared crypto key ciscovpnpa55 using the following parameters:
- Key distribution method: ISAKMP
- Encryption: aes 256
- Hash: sha
- Authentication method: pre-shared
- Key exchange: DH Group 5
- IKE SA lifetime: 3600
- ISAKMP key: ciscovpnpa55