1 CYB 220 Project Two Guidelines and Rubric Overview One of the projects for this course is the creation of a network segmentation strategy in which you will create host-based and network-based...

To complete this assignment, review the prompt and grading rubric in theProject Two Guidelines and Rubric PDFdocument.


1 CYB 220 Project Two Guidelines and Rubric Overview One of the projects for this course is the creation of a network segmentation strategy in which you will create host-based and network-based firewall policies in a provided network and explain how the network achieves isolation, segmentation, and least privilege. As a security analyst, you will often be asked to evaluate and suggest solutions that require this type of network security design, so this project demonstrates competency in the field. The audience for this strategy is your IT security manager. The project leverages the skills that you have built in Module Four. The project will be submitted in Module Six. In this assignment, you will demonstrate your mastery of the following course competency:  CYB-220-03: Describe the fundamental principles and practices of network traffic flow policy and enforcement Scenario As a security analyst, you are tasked with creating a network segmentation strategy for your IT security manager. This includes configuration tasks in a network as well as a written rationale of the network segmentation strategy. Your instructor will post a real-world scenario that includes the minimum specifications on which your work will be based. You will also be provided with a Packet Tracer native file (.pkt) that you will import into the Packet Tracer application to use as the base diagram for your network. You will use the scenario and the provided Packet Tracer lab environment to do your work. Prompt You must address the critical elements listed below. The codes shown in brackets indicate the course competency to which each critical element is aligned. Network Segmentation Strategy I. Configuration A. Configure the host-based firewall policy to meet project specifications. Provide a screenshot of the configured policy. [CYB-220-03] B. Configure the FTP server to meet project specifications for access control. Provide a screenshot of the configured FTP server. [CYB-220-03] C. Configure the network-based firewall policy to meet project specifications for the extended access control list. Provide a screenshot of the configured policy. [CYB-220-03] 2 II. Rationale A. Describe how network segmentation is achieved after meeting the configuration requirements for the host-based firewall. [CYB-220-03] B. Describe how the concept of least privilege is achieved in the configuration of the FTP server. [CYB-220-03] C. Describe an approach of employing a network-based firewall to achieve network isolation to meet project specifications. [CYB-220-03] Project Two Rubric Guidelines for Submission: Your submission should be 1 to 2 pages in length (not including screenshots) and should be written in APA format. Use double spacing, 12-point Times New Roman font, and one-inch margins. Use a filename that includes the course code, the assignment title, and your name—for example, CYB_100_Project_One_Neo_Anderson.docx. Critical Elements Exemplary Proficient Needs Improvement Not Evident Value Configuration: Host- Based Firewall Policy [CYB-220-03] Configures the host-based firewall policy to meet project specifications and provides a screenshot of the configured policy (100%) Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail (55%) Does not address critical element, or response is irrelevant (0%) 16 Configuration: FTP Server [CYB-220-03] Configures the FTP server to meet project specifications for access control and provides a screenshot of the configured FTP server (100%) Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail (55%) Does not address critical element, or response is irrelevant (0%) 16 Configuration: Network-Based Firewall Policy [CYB-220-03] Configures the network-based firewall policy to meet project specifications for the extended access control list and provides a screenshot of the configured policy (100%) Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail (55%) Does not address critical element, or response is irrelevant (0%) 16 Rationale: Segmentation [CYB-220-03] Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner (100%) Describes how network segmentation is achieved after meeting the configuration requirements for the host-based firewall (85%) Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail (55%) Does not address critical element, or response is irrelevant (0%) 16 3 Critical Elements Exemplary Proficient Needs Improvement Not Evident Value Rationale: Least Privilege [CYB-220-03] Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner (100%) Describes how the concept of least privilege is achieved in configuration of the FTP server (85%) Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail (55%) Does not address critical element, or response is irrelevant (0%) 16 Rationale: Isolation [CYB-220-03] Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner (100%) Describes an approach of employing a network-based firewall to achieve network isolation to meet project specifications (85%) Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail (55%) Does not address critical element, or response is irrelevant (0%) 16 Articulation of Response Submission is free of errors related to grammar, spelling, and organization and is presented in a professional and easy-to-read format (100%) Submission has no major errors related to grammar, spelling, or organization (85%) Submission has some errors related to grammar, spelling, or organization that negatively impact readability and articulation of main ideas (55%) Submission has critical errors related to grammar, spelling, or organization that prevent understanding of ideas (0%) 4 Total 100% CYB 220 Project Two Scenario One You work at an information technology consulting firm, Byte Sized Solutions, as a network administrator. Your firm has been hired as a consultant for a land surveying company, GeoResults. Your team has created a plan to suit the company’s needs and has provided you with the project specifications to implement. GeoResults has a contract to survey land and soil samples for eight months. The company will need a kiosk at its work site that connects to the internal GeoResults network. The FTP server is intended to be used for file storage for field-uploaded files. You are tasked with creating a proof of concept to make sure your solutions are appropriate. Project Specifications A. Ensure the admin network is the only network that can communicate with the FTP server. B. The users below should be added to the FTP server and should have the permissions listed. User Password Permissions jsmith PassW0rd User should be able to read and list content. bjones Password1234 User should be able to read and list content. admin01 Pa$$w0rD1234 Admin should be able to read/write, delete, rename, and list. C. All web traffic originating from the kiosk on port 80 needs to be pointed to the web server.