Details of this Paper

homework 6 part 1

Description

solution


Question

Hands-On Steps;1. From your computer workstation, create a new text document called LAN-to-WAN Domain Lab #7.;2. Consider the following scenario;You are a security consultant for an information systems security firm and have a new health care;provider client under HIPAA compliance. Your new client wants to know the requirements and;business drivers for securing the LAN-to-WAN domain in its health care environment, which requires;compliance with HIPAA. Similarly, your firm has a U.S. government DoD client who also wants you to;perform a LAN-to-WAN domain compliance audit per the DoD LAN and network hardening guidelines;and baseline requirements. Both organizations want you to focus on the LAN-to-WAN domain;only, and you are to use the DoD-provided frameworks and STIGs previously found to summarize a;network infrastructure hardening strategy. Just as you researched STIGs in Lab #6, do the same at the;following url: http://iase.disa.mil/stigs/net_perimeter/index.html#.;3. Review the U.S. Department of Defense (DoD) network hardening guidelines and other NIST standards;that you identified in Lab #3.;4. Launch your Web browser and type in the Web address http://www.sans.org. Use the Custom Search;box in the upper right corner to identify the risks, threats, and vulnerabilities commonly found in the;LAN-to-WAN domain. List these in your text document.;5. Using the information you learned in Lab #2 and the Internet, identify and review the documents;available for hardening network infrastructure and the LAN-to-WAN domain as per DoD standards.;List these in your text document.;6. On the IASE/DISA website, find the STIGs for the routers and switches, network policy, firewalls and;IDS/IPS, and other network devices. Use the following Web addresses to find these;http://iase.disa.mil/stigs/net_perimeter/network_infra/routers_switches.html;http://iase.disa.mil/stigs/net_perimeter/network_infra/policy.html;http://iase.disa.mil/stigs/net_perimeter/network_infra/firewall.html;http://iase.disa.mil/stigs/net_perimeter/network_infra/other.html;7. Download the available ZIP files from the URLs listed in the previous step, including;a. Network Infrastructure Router L3 Switch;b. Network Perimeter Router L3 Switch;c. Network L2 Switch;d. Network Policy;e. Network Firewall;f. Network IDS/IPS;g. Network Other Devices;8. Extract the Overview PDFs from each of the ZIP files listed in the previous step. This PDF is the;summary document that supports all of the XML files. Review the following concepts from this;overarching DoD standards document for network infrastructure;? ENCLAVE PERIMETER;? Enclave Protection Mechanisms;? Network Infrastructure Diagram;? External Connections;? Leased Lines;? Approved Gateway/Internet Service Provider Connectivity;? Backdoor Connections;? IPv4 Address Privacy;Hands-On Steps 55;7;38412_Lab07_Pass1.indd 55 3/7/13 6:04 PM;? FIREWALL;? Packet Filters;? Bastion Host;? Stateful Inspection;? Firewalls with Application Awareness;? Deep Packet Inspection;? Application-Proxy Gateway;? Hybrid Firewall Technologies;? Dedicated Proxy;? Layered Firewall Architecture;? Content Filtering;? Perimeter Protection;? Tunnels;Briefly discuss these in your text document.;9. Extract the Switch Cisco Manual XML file from the Network L2 Switch ZIP file. Review some of the;following concepts and vulnerabilities for configuring and hardening Cisco switches;? Non-registered or unauthorized IP addresses;? In-band Mgt not configured to timeout in 10 min;? Exclusive use of privileged and non-privileged;? Assign lowest privilege level to user accounts;? Log all in-band management access attempts;Briefly discuss these in your text document.;10. Extract the Perimeter Router Cisco XML file from the Network Perimeter Router L3 Switch ZIP file. Review;some of the following concepts and vulnerabilities for configuring and hardening Cisco routers;? A log or syslog statement does not follow all deny statements;? DNS servers must be defined for client resolver;? Running and startup configurations are not synchronized;Briefly discuss these in your text document.;11. Extract the Firewall Cisco PIX ASA XML file from the Network Firewall ZIP file. Review at least three of the;concepts and vulnerabilities for configuring and hardening Cisco firewalls as performed previously for;switches and routers. Discuss these in your text document.;12. Extract the IDS-IPS Manual XML file from the Network IDS-IPS ZIP file. Review at least three of the;concepts and vulnerabilities for configuring and hardening IDS/IPS devices as performed previously;for switches and routers. Discuss these in your text document.;13. Extract the Network Policy Manual XML file from the Network Policy ZIP file. Review at least three of the;concepts and vulnerabilities for configuring and hardening network policy as performed previously for;switches and routers. Discuss these in your text document.;14. Write an executive summary summarizing the top LAN-to-WAN domain risks, threats, and vulnerabilities;and include a description of the risk mitigation tactics you would perform to audit the;LAN-to-WAN domain for compliance. Use the U.S. DoD LAN-to-WAN hardening guidelines as your;example for a baseline definition for compliance.;15. Submit the text document to your instructor as a deliverable for this lab.;56 Lab #7 | Auditing the LAN-to-WAN Domain for Compliance;38412

 

Paper#64374 | Written in 18-Jul-2015

Price : $22
SiteLock