Instructions
The purpose of this homework assignment is to learn how to audit the LAN-to-WAN domain. You will identify common risks, threats, and vulnerabilities found in the LAN-to-WAN domain. You will assess common risks, threats, vulnerabilities found in the LAN-to-WAN domain, and you will identify network and security policies needed to properly secure the LAN-to-WAN portion of the network infrastructure. You will audit and assess implementation of security controls within the LAN-to-WAN domain, and you will recommend LAN-to-WAN domain hardening solutions by implementing proper security controls at the Internet ingress/egress point within an IT infrastructure. You will use a text document to develop your homework assignment by completing the sections listed below:
Lab 6.1a
Review the following scenario:
You are a security consultant for an information systems security firm and have a new healthcare provider client under HIPAA compliance. Your new client wants to know the requirements and business drivers for securing the LAN-to-WAN domain in its healthcare environment, which requires compliance with HIPAA. Similarly, your firm has a U.S. government DoD client who also wants you to perform a LAN-to-WAN domain compliance audit per the DoD LAN and network hardening guidelines and baseline requirements. Both organizations want you to focus on the LAN-to-WAN domain only, and you are to use the DoD-provided frameworks and STIGs previously found to summarize a network infrastructure hardening strategy.
Launch your Web browser. Navigate to the following website:https://public.cyber.mil/stigs/.
Review the Security Technical Implementation Guides (STIGs) available and the proper implementation of security based on DoD’s workstation/desktop hardening guidelines (i.e., Windows 10, Server 2012, Apple IOS).
In your homework assignment, discuss three STIGs and the DoD’s workstation/desktop hardening guidelines.
Lab 6.1b
Launch your Web browser and navigate to the following website:https://www.sans.org/reading-room/whitepapers/bestprac/network-security-smb-1542
Open the .pdf file and identify the risks, threats, and vulnerabilities commonly found in the LAN-to-WAN domain. List these in your homework assignment.
Using the information you learned in the homework assignment you submitted in Unit II and Internet resources, identify and review the documents available for hardening network infrastructure and the LAN-to-WAN domain as per DoD standards.
List these in your homework assignment.
Lab 6.1c
Launch your Web browser and type in the web addresshttps://public.cyber.mil/stigs/.
Find the STIGs for the routers and switches, network policy, firewalls and IDS/IPS, and other network devices.
Use the following search criteria to find these devices:
Routers
Switches
Network Policy
Firewall
ISD/IPS
Download these ZIP files from the URLs listed in the previous step.
Extract the Overview PDFs from each of the ZIP files listed in the previous step. This PDF is the summary document that supports all of the XML files.
Review the following concepts from this overarching DoD standards document for network infrastructure:
- Enclave perimeter
- enclave protection mechanisms
- network infrastructure diagram
- external connections
- leased lines
- approved gateway/internet service provider connectivity
- backdoor connections
- IPv4 address privacy
- Firewall
- packet filters
- bastion host
- stateful inspection
- firewalls with application awareness
- deep packet inspection
- application-proxy gateway
- hybrid firewall technologies
- dedicated proxy
- layered firewall architecture
- content filtering
- perimeter protection
- tunnels
Briefly discuss in these in your homework assignment.
Lab 6.1d
Download the Layer 2 Switch Security Technical Implementation Guide - Cisco Manual XML file, herehttps://www.stigviewer.com/stig/layer_2_switch_-_cisco/. Review some of the following concepts and vulnerabilities for configuring and hardening Cisco switches:
- non-registered or unauthorized IP addresses,
- in-band Mgt not configured to timeout in 10 min,
- exclusive use of privileged and non-privileged,
- assign lowest privilege level to user accounts, and
- log all in-band management access attempts.
Briefly discuss these in your homework assignment.
Lab 6.1e
Download the Perimeter L3 Switch Security Technical Implementation Guide - Cisco XML file, herehttps://www.stigviewer.com/stig/perimeter_l3_switch_-_cisco/. Review some of the following concepts and vulnerabilities for configuring and hardening Cisco routers:
- A log or syslog statement does not follow all deny statements.
- DNS servers must be defined for client resolver.
- Running and startup configurations are not synchronized.
Briefly discuss these in your homework assignment.
Lab 6.1f
Download the Firewall Security Requirements Guide, herehttps://www.stigviewer.com/stig/firewall_security_requirements_guide/. Review at least three of the concepts and vulnerabilities for configuring and hardening Cisco firewalls as performed previously for switches and routers.
Discuss these in your homework assignment.
Lab 6.1g
Download the IDS/IPS Security Technical Implementation Guide, herehttps://www.stigviewer.com/stig/idsips/. Review at least three of the concepts and vulnerabilities for configuring and hardening IDS/IPS devices as performed previously for switches and routers.
Discuss these in your homework assignment.
Lab 6.1h
Download the Network Infrastructure Policy Security Technical Implementation Guide XML file, herehttps://www.stigviewer.com/stig/network_infrastructure_policy/. Review at least three of the concepts and vulnerabilities for configuring and hardening network policy as performed previously for switches and routers.
Discuss these in your homework assignment.
Lab 6.2
Write an executive summary on the top LAN-to-WAN domain risks, threats, and vulnerabilities, and include a description of the risk mitigation tactics you would perform to audit the LAN-to-WAN domain for compliance. Use the U.S. DoD LAN-to-WAN hardening guidelines as your example for a baseline definition for compliance. Submit the document to your instructor as a deliverable for this homework assignment.
NOTE: When you submit your homework assignment, you can combine the assignments into one document for grading. Please clearly mark the answers for Lab 6.1a, Lab 6.1b, Lab 6.1c, Lab 6.1d, Lab 6.1e, Lab 6.1f, Lab 6.1g, Lab 6.1h, and Lab 6.2 within your submission by labeling those sections within your assignment.
Your homework assignment should be a minimum of three pages in APA format. Include a minimum of two sources, with at least one source from the CSU Online Library in addition to your textbook.
Adhere to APA Style when constructing this assignment, including in-text citations and references for all sources that are used. Please note that no abstract is needed.
Thisformal paper exampleprovided by the CSU Writing Center, shows this type of formatting.