Instructions The purpose of this homework assignment is to learn how to audit the LAN-to-WAN domain. You will identify common risks, threats, and vulnerabilities found in the LAN-to-WAN domain. You...

1 answer below »

Instructions

The purpose of this homework assignment is to learn how to audit the LAN-to-WAN domain. You will identify common risks, threats, and vulnerabilities found in the LAN-to-WAN domain. You will assess common risks, threats, vulnerabilities found in the LAN-to-WAN domain, and you will identify network and security policies needed to properly secure the LAN-to-WAN portion of the network infrastructure. You will audit and assess implementation of security controls within the LAN-to-WAN domain, and you will recommend LAN-to-WAN domain hardening solutions by implementing proper security controls at the Internet ingress/egress point within an IT infrastructure. You will use a text document to develop your homework assignment by completing the sections listed below:



Lab 6.1a


Review the following scenario:



You are a security consultant for an information systems security firm and have a new healthcare provider client under HIPAA compliance. Your new client wants to know the requirements and business drivers for securing the LAN-to-WAN domain in its healthcare environment, which requires compliance with HIPAA. Similarly, your firm has a U.S. government DoD client who also wants you to perform a LAN-to-WAN domain compliance audit per the DoD LAN and network hardening guidelines and baseline requirements. Both organizations want you to focus on the LAN-to-WAN domain only, and you are to use the DoD-provided frameworks and STIGs previously found to summarize a network infrastructure hardening strategy.


Launch your Web browser. Navigate to the following website:https://public.cyber.mil/stigs/.





Review the Security Technical Implementation Guides (STIGs) available and the proper implementation of security based on DoD’s workstation/desktop hardening guidelines (i.e., Windows 10, Server 2012, Apple IOS).


In your homework assignment, discuss three STIGs and the DoD’s workstation/desktop hardening guidelines.



Lab 6.1b


Launch your Web browser and navigate to the following website:https://www.sans.org/reading-room/whitepapers/bestprac/network-security-smb-1542


Open the .pdf file and identify the risks, threats, and vulnerabilities commonly found in the LAN-to-WAN domain. List these in your homework assignment.


Using the information you learned in the homework assignment you submitted in Unit II and Internet resources, identify and review the documents available for hardening network infrastructure and the LAN-to-WAN domain as per DoD standards.


List these in your homework assignment.



Lab 6.1c


Launch your Web browser and type in the web addresshttps://public.cyber.mil/stigs/.





Find the STIGs for the routers and switches, network policy, firewalls and IDS/IPS, and other network devices.


Use the following search criteria to find these devices:


Routers





Switches





Network Policy





Firewall





ISD/IPS





Download these ZIP files from the URLs listed in the previous step.


Extract the Overview PDFs from each of the ZIP files listed in the previous step. This PDF is the summary document that supports all of the XML files.


Review the following concepts from this overarching DoD standards document for network infrastructure:



  1. Enclave perimeter


    • enclave protection mechanisms

    • network infrastructure diagram

    • external connections

    • leased lines

    • approved gateway/internet service provider connectivity

    • backdoor connections

    • IPv4 address privacy


  2. Firewall


    • packet filters

    • bastion host

    • stateful inspection

    • firewalls with application awareness


      • deep packet inspection

      • application-proxy gateway

      • hybrid firewall technologies


    • dedicated proxy

    • layered firewall architecture

    • content filtering

    • perimeter protection

    • tunnels



Briefly discuss in these in your homework assignment.



Lab 6.1d

Download the Layer 2 Switch Security Technical Implementation Guide - Cisco Manual XML file, herehttps://www.stigviewer.com/stig/layer_2_switch_-_cisco/. Review some of the following concepts and vulnerabilities for configuring and hardening Cisco switches:



  1. non-registered or unauthorized IP addresses,

  2. in-band Mgt not configured to timeout in 10 min,

  3. exclusive use of privileged and non-privileged,

  4. assign lowest privilege level to user accounts, and

  5. log all in-band management access attempts.


Briefly discuss these in your homework assignment.


Lab 6.1e

Download the Perimeter L3 Switch Security Technical Implementation Guide - Cisco XML file, herehttps://www.stigviewer.com/stig/perimeter_l3_switch_-_cisco/. Review some of the following concepts and vulnerabilities for configuring and hardening Cisco routers:



  1. A log or syslog statement does not follow all deny statements.

  2. DNS servers must be defined for client resolver.

  3. Running and startup configurations are not synchronized.


Briefly discuss these in your homework assignment.



Lab 6.1f


Download the Firewall Security Requirements Guide, herehttps://www.stigviewer.com/stig/firewall_security_requirements_guide/. Review at least three of the concepts and vulnerabilities for configuring and hardening Cisco firewalls as performed previously for switches and routers.


Discuss these in your homework assignment.



Lab 6.1g


Download the IDS/IPS Security Technical Implementation Guide, herehttps://www.stigviewer.com/stig/idsips/. Review at least three of the concepts and vulnerabilities for configuring and hardening IDS/IPS devices as performed previously for switches and routers.


Discuss these in your homework assignment.



Lab 6.1h


Download the Network Infrastructure Policy Security Technical Implementation Guide XML file, herehttps://www.stigviewer.com/stig/network_infrastructure_policy/. Review at least three of the concepts and vulnerabilities for configuring and hardening network policy as performed previously for switches and routers.


Discuss these in your homework assignment.



Lab 6.2


Write an executive summary on the top LAN-to-WAN domain risks, threats, and vulnerabilities, and include a description of the risk mitigation tactics you would perform to audit the LAN-to-WAN domain for compliance. Use the U.S. DoD LAN-to-WAN hardening guidelines as your example for a baseline definition for compliance. Submit the document to your instructor as a deliverable for this homework assignment.


NOTE: When you submit your homework assignment, you can combine the assignments into one document for grading. Please clearly mark the answers for Lab 6.1a, Lab 6.1b, Lab 6.1c, Lab 6.1d, Lab 6.1e, Lab 6.1f, Lab 6.1g, Lab 6.1h, and Lab 6.2 within your submission by labeling those sections within your assignment.


Your homework assignment should be a minimum of three pages in APA format. Include a minimum of two sources, with at least one source from the CSU Online Library in addition to your textbook.


Adhere to APA Style when constructing this assignment, including in-text citations and references for all sources that are used. Please note that no abstract is needed.


Thisformal paper exampleprovided by the CSU Writing Center, shows this type of formatting.

Answered 3 days AfterApr 04, 2021

Answer To: Instructions The purpose of this homework assignment is to learn how to audit the LAN-to-WAN domain....

Amit answered on Apr 08 2021
148 Votes
Title of the assignment:
Student’s name:
Student ID:
Professor’s name:
Course title:
Date: 4/8/2021
Table of Contents
1.    Lab 6.1 A    3
2.    Lab 6.1 B    3
3.    Lab 6.1 C    4
4.    Lab 6.1 D    6
5.    Lab 6.1 E    6
6.    Lab 6.1 F    
6
7.    Lab 6.1 G    7
8.    Lab 6.1 H    7
9.    Lab 6.2    7
10.    References:    8
1. Lab 6.1 A
The points showing three STIG desktop hardening guidelines are:
1. These guidelines helps in ensuring the security of workstation with PHI and HIPPA implementations.
2. Maintaining the privacy and confidentiality of stored data on these desktops is defined by them.
3. The security while making information distribution and sharing is also defined with these guidelines.
The points showing three DOD desktop hardening guidelines are:
1. As it is related to department of defense, each information stored on such system is considered confidential and NIST standards are used for maintaining its confidentiality.
2. The implementation of DFARS along with NIST ensures the security to these work stations.
3. These guidelines helps in identification of security bridges and encryption implementation. The reports of occurred security bridges is also defined by these guidelines.
2. Lab 6.1 B
The LAN to WAN domain maintains following vulnerabilities, threats and risks in its implementation:
· Making unauthorized accesses to the implemented LAN services.
· Making unauthorized access to the stored data and installed applications.
· The vulnerabilities related to OS of the LAN server are also possible.
· The confidentiality related vulnerabilities in data transmission can occur for the WAN services.
For hardening the LAN to WAN infrastructure following things can be done on bases DOD standards:
· The improved physical security of server room can help in mitigating such issues.
· The implementation of DOD guidelines, defined standards and control polices for accessing systems and network can also mitigate these issues.
· Using the network keys while making the broadcast of WLAN can also secure the network against such vulnerabilities and issues.
3. Lab 6.1 C
1. Enclave perimeter
· Enclave protection mechanisms: When the attacker is very strong and using malicious...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here