Scribd
Upload
107 views4 pages

Sba Inb23304-Network Security Oct2024

Uploaded by

Hamdyie Abdyie
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
107 views4 pages

Sba Inb23304-Network Security Oct2024

Uploaded by

Hamdyie Abdyie
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

OCTOBER 2024 CONFIDENTIAL

Name of Course NETWORK SECURITY

Course Code INB23304

Semester / Year OCTOBER 2024 (2024)

Due Date FRIDAY, 27TH DECEMBER 2024, 11:59PM (23:59)

Name

Assessment SKILL BASED ASSESSMENT

Weightage 10%

Course Outcome to achieve:

1. CLO 2 - Performs network security solution implementation towards an insecure


network.

SECTION A:

INSTRUCTIONS:

1) Answer all questions.

2) Perform this Skill Based Assessment (SBA) by INDIVIDUAL.

3) Rename Packet Tracer file to filename X)_Student-


Name_StudentID_SkillBased_Oct24.pkt, before uploading to VLE for submission.

*Note: Where ‘X’ is your number in this course student name list in ECITIE. Refer name
list in PDF file link (Class_NetSec_Name_List_Oct2024.pdf) available in VLE.

Example: 10)_Abdul-Halim_522198765_SkillBased_Oct24.pkt

1
INB23304 NETWORK SECURITY
OCTOBER 2024 CONFIDENTIAL

Figure 1: Network diagram

Based Figure 1, note that network 192.168.10.0/24 is the local network and network
192.168.20.0/24 is the remote network. The network topology shows three routers. Your task is
to:

1) Perform necessary ‘Router Hardening’ techniques that you have learned to enhance device
security.
2) Use suitable configuration at routers to enable ‘secure’ communication (tunnel) between
local site and the remote site, without R3 (ISP) router able to see pass through packets.

Routers R1 and R2 to support a site-to-site communication when traffic flows to-and-fro their
respective LANs. R3 acts as a pass-through and has no knowledge of communication between
R1 and R2.

You may refer to the Table 1 and Table 2 for ISAKMP and IPSec parameters.

Table 1: ISAKMP Phase 1 Policy Parameter

Parameters R1 R2
Key distribution ISAKMP ISAKMP
method
Encryption algorithm AES AES
Hash Algorithm SHA-1 SHA-1
Authentication method Pre-shared Pre-share
Key exchange DH 2 DH 2
IKE SA Lifetime 86400 86400
ISAKMP Key vpnSTS99 vpnSTS99

2
INB23304 NETWORK SECURITY
OCTOBER 2024 CONFIDENTIAL

Table 2: IPSec Phase 2 Policy parameter

Parameter R1 R2
Transform set VPN-SITE VPN-SITE
Peer Hostname R2 R1
Peer IP Address 172.17.1.1 172.16.1.1
Network to be encrypted 192.168.10.0 192.168.20.0
Crypto Map name VPN-MAP VPN-MAP
SA Establishment ipsec-isakmp ipsec-isakmp

Assessment:

At the end, command show crypto ipsec sa will be used to verify the match interesting
packet between network 192.168.10.0 (local) and 192.168.20.0 (remote).

Remarks:

 Please create the topology above from scratch in packet tracer.


 Upload the completed packet tracer file in VLE based before/on the stated due date.
 Ensure the packet tracer filename uses the file format as stated in
example below. Example: X)_Student-Name_StudentID_SkillBased_Oct24.pkt

*Note: Where ‘X’ is your number in this course student name list in ECITIE. Refer
name list in PDF file link (Class_NetSec_Name_List_Oct2024.pdf) available in VLE.

Example: 10) Abdul-Halim_522198765_SkillBased_Oct24.pkt

 Please use <netsecpa55> as all/any password set at device in your packet tracer to
ease marking process.

3
INB23304 NETWORK SECURITY
OCTOBER 2024 CONFIDENTIAL

ATTACHMENT
SKILL BASED ASSESSMENT (SBA) RUBRICS

INB23304 - NETWORK SECURITY

Bad Low Fair Above average Excellent MAX


CRITERIA Weightage MARKS
0 1 2 3 4
Device hardening at R1 and R2: no device hardeningdevice hardening device hardening isdevice hardening is device hardening is
 Display ability to harden device security. 1.25 is poor satisfactory good excellent 5
 good ports/service +
interface practice
 disable excessive login attempts

Set access list for LAN to LAN: did not set access listwrongly configured access list configured access listconfigured access list
 Set interesting traffic from local site at R1. 0.5 at all configured partially, and completely, but only completely, and 2
 Set interesting traffic from remote site at access list partially correct partially correct correctly
R2.

Configure ISAKMP Phase1: NO ISAKMP ISAKMP1 ISAKMP1 ISAKMP1 ISAKMP1


 configure ISAKMP1 Phase based on given 2 Phase1 configuration configuration configuration complete configuration 8
settings. configured wrongly incomplete and but with some complete
with some configuration and correct
configuration mistakes mistakes

Configure ISAKMP Phase2: NO ISAKMP ISAKMP2 ISAKMP2 ISAKMP2 ISAKMP2


 configure ISAKMP Phase2 based on given 2.5 Phase2 configuration configuration configuration complete configuration 10
settings. configured wrongly incomplete and but with some complete
with some configuration and correct
configuration mistakes
mistakes

- END OF SKILL BASED ASSESSMENT (SBA) RUBRICS –

4
INB23304 NETWORK SECURITY

You might also like