SEC450 Security Testing Report Document
NOTE: Use carriage returns and page breaks as needed to prevent table contents from extending across page boundaries.
Task 1—Verify Connectivity Between Router and Hosts
· In the CLI window for the ISP router, execute the commands to verify the settings on the interfaces and display the routing table. Note: Use show IP interface brief to check the interfaces.
Paste the Virtual CLI show IP interface brief and show IP route commands here.
Complete the table below based on the dynamic routes displayed in the routing table.
· Verify connectivity between the ISP Router and the Dallas and Chicago Host and Server PCs by pinging their IP addresses from the Virtual CLI.
· Select the Task 1 commands in the Virtual CLI using the mouse. Click on the Copy button. Use <Ctrl>V to paste the commands into your lab document.
Paste Virtual CLI Ping commands here.
Task 2—Flow Analysis Security Port Scans
· Open the permitted services links Public_Server->Dallas_Host and Public_Server->Dallas_Server. Note the TCP and UDP port numbers that are open. Use <Alt<PrtSc> to capture the Public_Server->Dallas_Host and the Public_Server->Dallas_Server windows and use <Ctrl>V to paste the two captured windows into the table cells below.
Paste the Public_Server->Dallas_Host Port Scan window here.
Paste the Public_Server->Dallas_Server Port Scan window here.
What are the UDP and TCP ports that are permitted in traffic from the Public_Server to the Dallas_Host? What are the UDP and TCP ports that are permitted in traffic from the Public_Server to the Dallas_Server?
Dallas_Host
Dallas_Server
Task 3—Deny Upper TCP Ports Public_Server->Dallas Server
Use the Dallas router Virtual CLI (as we did in Task 1) to define an extended ACL that will deny all TCP services with port numbers above 255 from the Public Server to the Dallas Server while allowing all other traffic. Apply the ACL to the outside (S0/1) interface of the Dallas router for all inbound traffic. Execute a show running-config command to verify your configuration. Copy these Virtual CLI commands and the command output into the table cell below.
Paste the Virtual CLI ACL commands here.
Open the Permitted services links Public_Server->Dallas_Host and Public_Server->Dallas_Server. Note the TCP and UDP port numbers that are now open. Use <Alt<PrtSc> to capture the Public_Server->Dallas_Host and the Public_Server->Dallas_Server windows and use <Ctrl>V to paste the two captured windows into the table cells below.
Paste the Public_Server->Dallas_Host Port Scan window here.
Paste the Public_Server->Dallas_Server Port Scan window here.
What are the UDP and TCP ports that are now permitted in traffic from the Public_Server to the Dallas_Host? What are the UDP and TCP ports that are permitted in traffic from the Public_Server to the Dallas_Server?
Dallas_Host
Dallas_Server
Explain the differences between the UDP/TCP Ports tables before and after the ACL has been applied. Explain what affect this ACL has on Security for the Dallas Server.