School of Business and Tourism Unit Securing Networks Unit code CSC72005 Assignment 1 Practical network security setup Mode Individual assignment Due Date 06 April 2020 10:00 PM Learning Outcomes LO2 Graduate Attributes GA2, GA4 Weight 30% of overall unit assessment Suggestion This assignment is developmental and cumulative. You are strongly advised to start doing this assignment from Week-1 in your study. Leaving your starting date to the week before the due date is a very poor strategy for success in the unit. Follow the provided guidelines to help you successfully direct your efforts. Task Description In this assignment, you will perform necessary setup to install, configure and troubleshoot an SME network. You must successfully implement the network on eNSP (or similar) network simulation software and perform important steps to manage the network security configuration. In particular, you will complete the following tasks: Task 1: Install and connect the devices into a network as shown in the diagram. Task 2: Set up and test the security Task 3: Network testing and troubleshooting Task 4: Network documentation Page 1 of 9 CSC72005 – Securing Networks Assignment 1, 2020 _______________________________________________________________________________________________ Scenario You are a junior network administrator and because of your ongoing experience your manager has assigned you a new client to assist them setup their new network. The design and requirements have been provided to you in a simple diagram and instruction set. You have been advised of the following criteria: 1. Routers and default gateways are always set to the first IP address in the range. 2. Switches will always get the second IP address in the range. 3. End devices (servers and workstations etc.) will get an IP address starting at 20 for the host address. 4. Servers will have their MAC address stored on the switch. The following networks will be set up: DMZ – Used for placing internet facing devices to be able to be reached from the internet as well as the internal corporate network (CorpNet). Server Network (ServerNet) – used for storing the internal company data that only the internal corporate users are able to access. Corporate Network (CorpNet) – used by the normal users of the company in the head office that are able to access the internet, the internal servers network and the DMZ. There are multiple departments in the head office and each should not be able to communicate with computers in other departments. Remote Network (RemoteNet) – is for a remote office that are able to access the DMZ, the Server Net and the internet. Your task is to configure the network in simulation software so that it can be tested before it is implemented. You must devise any security options you deem appropriate to meet the requirements and configure and document them so they can be used when the network is implemented. Page 2 of 9 CSC72005 – Securing Networks Assignment 1, 2020 _______________________________________________________________________________________________ Page 3 of 9 CSC72005 – Securing Networks Assignment 1, 2020 _______________________________________________________________________________________________ Assignment 1 marking guidelines The following are the major assessment criteria of this assignment. Task 1: Network environment setup Set up the routers, switches and PC’s with the appropriate connections Perform basic configuration of the devices Test connectivity Task 2: Security setup and performance Add the required security including any of the following: o Switch port security o VLAN’s o ACL’s (most likely basic ACL’s) o static or dynamic routing Task 3: Network testing and troubleshooting Correctly propose the hypothesis to be tested at each step e.g. connectivity between devices, security is working to stop X from occuring. Correctly identify the type of information that should be collected at each step Test the configuration using correct methodology You must document what tests you will carry out, what the test is for and the result. Task 4: Network Documentation Document the devices including: o Host Devices (PC’s and servers) Name/ID Link technology e.g. Ethernet Port Address e.g. Eth0 Physical address e.g. MAC address Page 4 of 9 CSC72005 – Securing Networks Assignment 1, 2020 _______________________________________________________________________________________________ IP Address Subnet Mask Default Gateway DNS o Network Devices Interface configuration Name/ID Link technology e.g. Ethernet Port address e.g. G0/0/1 Physical address e.g. MAC address Logical address e.g. IP Address / subnet mask Security applied Security Configuration Switch port security VLANs ACLs Routes o Save the configurations o Export the configurations (or copy/paste to a text file). Format and Presentation Task 1 and Task 2: Provide your eNSP saved topology (including all saved files and folders in the project topology) in a zip file. Your eNSP files (zipped) must be named in the format: filename = FirstInitialYourLastName_CSC72005_A1_eNSP.zip (i.e. FJones_CSC72005_A1_eNSP.zip) In the below screenshot the folder was zipped and the name changed. You must supply ALL files and folders in the project. Page 5 of 9 CSC72005 – Securing Networks Assignment 1, 2020 _______________________________________________________________________________________________ Note: All device names must include your name in the format of FirstInitialYourLastName (I.e. FJones Router 1) Note: All ACL’s or VLAN’s must include the last 2 digits of your student number in the configuration in the second and third place. The last place can be used for consecutive numbering. In the below screenshot your student number ends in 67. Page 6 of 9 CSC72005 – Securing Networks Assignment 1, 2020 _______________________________________________________________________________________________ e.g. Your student number ends in 67 so the first basic ACL becomes 2671. The second (2 nd ) ACL would be 2672 and the fifth (5 th ) would be 2675. Task 2 and Task 3: Use the template provided with this assignment for this task. Submission Format When you have completed the assignment, you are required to submit the following: 1. Your assignment in the PDF/DOC format. The file will be named using the following convention: filename = FirstInitialLastName_CSC72005_A1.pdf (i.e. FJones_CSC72005_A1.pdf) 2. Your eNSP files (zipped) with devices configured named in the format: filename = FirstInitialLastName_CSC72005_A1_eNSP.zip (i.e. FJones_CSC72005_A1_eNSP.zip) Original work It is a University requirement that a student’s work complies with the Academic Policy, Chapter 4.20 on Student Academic Integrity. It is a student’s responsibility to be familiar with the Policy. Failure to comply with the Policy can have severe consequences in the form of University sanctions. For information on this Policy please refer to Chapter 4.20 on Student Academic Integrity at the following website: Page 7 of 9 CSC72005 – Securing Networks Assignment 1, 2020 _______________________________________________________________________________________________ http://www.scu.edu.au/governance/academicboard/policy/ As part of a University initiative to support the development of academic integrity, assessments may be checked for plagiarism, including through an electronic system, either internally or by a plagiarism checking service, and be held for future checking and matching purposes. Retain duplicate copy Before submitting the assignment, you are advised to retain electronic copies of original work. In the event of any uncertainty regarding the submission of assessment items, you may be requested to reproduce a final copy. School Extension Policy In general, I will NOT give extensions unless where there are exceptional circumstances. Students wanting an extension must make a request at least 24 hours before the assessment item is due and the request must be received by Student Administration in writing via the MyEnrolment page. Extensions within 24 hours of submission or following the submission deadline will not be granted unless supported by a doctor’s certificate or where there are exceptional circumstances. This will be at the discretion of Student Services and the unit assessor’s discretion and will be considered on a case by case basis. Extensions will be for a maximum of 48 hours (longer extensions supported by a doctor’s certificate or alike to be considered on a case by case basis). Please see the Special Consideration page for more information available at https://www.scu.edu.au/current-students/studentadministration/special-consideration/ A penalty of 5% of the total available grade will accrue for each 24- hour period that an assessment item is submitted late. Therefore, an assessment item worth 30 marks will have 1 marks deducted for every 24-hour period and at the end of 15 days will receive a maximum of 15 marks or 50%. Students who fail to submit following the guidelines in this Unit Information Guide will be deemed to have not submitted the assessment item and the above penalty will be applied until the specified submission guidelines are followed. Page 8 of 9 CSC72005 – Securing Networks Assignment 1, 2020 _______________________________________________________________________________________________ Marks and Feedback All assessment materials submitted during the semester will normally be marked and returned within two weeks of the required date of submission (provided that the assessment materials have been submitted by the due date). Marks will be made available to each student via the MySCU Grade book. Page 9 of 9