Question No

Firewalls Lab TSIT02 Group member Abdul Jamal Mikael Enberg (Absent on Lab time)

Source IP address

192.168.81.114

Destination IP address 192.168.81.111

Question No: 1 what does the command in 7.6 achieve? The command “ INPUT -m state --state ESTABLISHED -j ACCEPT ” depicts that packets related to alive existing connections, will be allowed. Question No: 2

A list of all the rules you added, preceded by the number of step where

you added it and there are two rules for step 7.11. 7. Allow all outgoing traffic and incoming traffic that is initiated by you, but block anything that you have not started. -A INPUT -s 192.168.81.114 –j ACCEPT -A INPUT –m state –state ESTABLISHED -j ACCEPT 8. Allow yourself access to all your web pages. -A INPUT -s 192.168.81.114 –j ACCEPT 9. Allow everybody access to your public web page. -A INPUT –p tcp --destination-port 80 –j ACCEPT 10. Allow your co-group, but nobody else, access to your internal web page. -A INPUT –s 192.168.81.111 –p tcp –destination-port 8080 –j ACCEPT 11. You do not want employees in your company to spend their time surfing the web from the company computer. Block such access.

-A OUTPUT –p tcp –destination-port 80 –j DROP OR #-A INPUT –p tcp –source-port 80 –j DROP 12. You realise (if you did not think about the complication already in step 11) that now your employees cannot access some necessary internal information. Fix this without violating the goal you should achieve in point 11 above -A OUTPUT –s 192.168.80.111 –d 192.168.80.114 –j ACCEPT Question No: 3 Your final rule list as an appendix. INPUT RULES A INPUT –p tcp –source-port 80 –j DROP -A INPUT –s 192.168.81.111 –p tcp –destination-port 8080 –j ACCEPT -A INPUT –p tcp --destination-port 80 –j ACCEPT -A INPUT -s 192.168.81.114 –j ACCEPT -A INPUT –m state –state ESTABLISHED -j ACCEPT -P INPUT DROP OUTPUT RULES -A OUTPUT –s 192.168.80.111 –d 192.168.80.114 –j ACCEPT -A OUTPUT –p tcp –destination-port 80 –j DROP -P OUTPUT ACCEPT FORWARD RULES -P FORWARD ACCEPT Question No: 4 a. In what way was your computer vulnerable at the start of the session? Initially, there was no firewall configured on the systems at the start of the session, we can access any system and there resources. On the other site any other groups can access anything from our computer because ports on the system were also open and use for communication with no restrictions. So the vulnerability can be avoid by implementing firewall polices and rules b. What unwanted events were protected against at the end of the session? In the end of the session, the whole network secured. Firewall filters all packets, which is coming-in and coming-out from our system. we configure firewall rules on the system, which

block unwanted communications ,data and allow that information we need. we apply restriction on the port and ip address, any one cannot access our secret information without permission. c. Give examples of what a filter firewall cannot protect against? Filter firewall can only protect against that for which it was designed. Firewall can only filter that data which passes through firewall. eg Flashes drive, Magnetic tape. It can offer no shield from internal attacks on local network. Firewall cannot protect well against viruses,spyware which are unknown or new for firewall. d. What is a good basic strategy for setting up a firewall? Motivate! When implementing security for the network of an organization. We first to know all the security threats, which can be accomplish, when we meet to each and every employ in the organization. When we find the all security requirements than it time to apply these on the firewall. e. Give an example of how a different order among the rules in your final list would destroy the expected effect of some rule! Motivate! Change the order between the rules can affect on the result. If the first rule allow the co-group (ip) and block the port 8080 to all others. If order is change, the co-group cannot access this port. The firewall rules will be totally change by changing the order.