Week 3 iLab

Topics: IP address, Transmission Control Protocol, TCP and UDP port Pages: 7 (1035 words) Published: August 12, 2014
Student Name: Rolando Salas Date: 7/26/14

Database Server Security Demands – iLab3

In this lab, the students will examine the following objectives.

Become familiar with well-known and ephemeral ports
Create ACL to meet requirements on database security demands Learn best practices to create and apply ACLs.

A small company is using the topology shown below. The Public Server is actually an off-site Database Server that contains company records. Assume that the network represents the Internet. The Dallas and Chicago Servers and hosts need to access the database server securely. Only users in the Dallas and Chicago LANs should be able to access the database server.


The last page of the lab assignment document contains a full-page topology. Remove this page and use it for reference to the topology and the IP addresses.

Initial Configuration
The Dallas, Chicago, and ISP Routers’ FastEthernet and Serial interfaces used for the lab have been correctly configured and enabled. Unused interfaces have been shutdown. The RIP routing tables are complete for all routers and hosts. No ACLs have been applied to any of the routers. Below is the initial running-config file in ISP router.

version 12.3(4)T7
hostname ISP_Router
interface FastEthernet0/0
ip address
interface FastEthernet1/0
ip address
interface Serial0/0
ip address
interface Serial0/1
ip address
router rip
line con 0
line aux 0
line vty 0 4
password cisco
line vty 5 15
password cisco

Lab Data Collection and Submission
Download and open the lab document file: SEC450_DB-SecurityDemands_Report.docx. Enter your name and date at the top of the lab document. As you complete each task of the lab assignment entering all relevant configuration commands, and, answered questions (as specified in the iLab assignment) into this lab document. You will submit the completed SEC450_DB_SecurityDemands_Report.docx file into the this week’s eCollege iLab Dropbox.

Note: RED text indicates the required questions to answer

Task to Set up Security Policy for Offsite Database Server

The following requirements were given to the network engineer to create and apply ACL 100 in ISP router

1. Permit SQL database traffic from the Public server to the Dallas Host. 2. Permit SQL database traffic from the Public server to the Dallas Server. 3. Permit SQL database traffic from the Public server to the Chicago Host. 4. Permit SQL database traffic from the Public server to the Chicago Server. 5. Deny all other TCP traffic from the Public server to any destination. 6. Permit all other traffic.

#1. Explain the meaning of the "three P's" best practice rule to create ACL in routers

One ACL per protocol, per direction and per interface are the three P’s used for remembering the general rule for applying ACLs on a router. One ACL per protocol is to control the flow of traffic on an interface. Per direction would be considered to have ACLs control traffic going in one direction at a time on an interface. Per interface is having ACLs controlling traffic for an interface.

#2. Explain the difference between the following two access-list commands a) access-list 101 permit tcp any any eq 80
b) access-list 101 permit tcp any eq 80 any

a) This ACL will be permitting all TCP packets from any source IP address to any destination IP address where the source and destination port is 80. b) This ACL will be permitting all TCP packets from any source IP address where the source port is 80 to any destination IP address.

#3. What are well-known, registered, and ephemeral UDP/TCP ports?...
Continue Reading

Please join StudyMode to read the full document

You May Also Find These Documents Helpful

  • NETW 204 week 3 iLab Essay
  • Week 3 Ilab Essay
  • Ilab Week 3 Essay
  • Week 3 iLab Report Essay
  • Essay on Week 2 iLab
  • Essay about Week 3 Ilab
  • Essay on Stat 221 week 6 ilab
  • MAT540 Week 3 Homework Essay

Become a StudyMode Member

Sign Up - It's Free