Difference between revisions of "Netband Project"

From Teknologisk videncenter
Jump to: navigation, search
m (Equipment list)
m (Equipment list)
Line 110: Line 110:
 
1 x Asa5505<br/>
 
1 x Asa5505<br/>
 
1 x Wlc2006<br/>
 
1 x Wlc2006<br/>
1 x Catalyst 3560 PoE(default IOS:(C3560-IPSERVICES-M), Version 12.2(25)SEE3, RAM 128MB, Flash: 16MB)<br/>
+
1 x Catalyst 3560 PoE (default IOS:(C3560-IPSERVICES-M), Version 12.2(25)SEE3, RAM 128MB, Flash: 16MB)<br/>
 
1 x 1221 Lap<br/>
 
1 x 1221 Lap<br/>
1 x 2801(default IOS:(C2801-ADVIPSERVICESK9-M), Version 12.4(13b) RAM: 128MB, Flash: 64MB)<br/>
+
1 x 2801 (default IOS:(C2801-ADVIPSERVICESK9-M), Version 12.4(13b) RAM: 128MB, Flash: 64MB)<br/>
  
 
'''Branch 1<br/>'''
 
'''Branch 1<br/>'''

Revision as of 13:44, 7 April 2009

<accesscontrol>NetBand</accesscontrol>

Netband Project

The main goal of this project is to design and implement some of the newest security functionalities in Cisco IOS and the Asa appliance.


Course description

A small company setup is used to illustrate and document the various relevant security features on an network infrastructure. The bussiness case evolves around a small to medium sized company with a centralized HQ and a number of remote branch offices. The project will consist mainly of cisco switches, routers and Asa firewall appliances. In order to support and demonstrate selected features, a small number of linux and windows servers are installed. The servers are just used as support so only basic configuration and security are implemented.


Network diagram


The project will touch on the following areas:

  • DMVPN
  • IPSec vpn
  • Asa firewall
  • Zone based firewall
  • IOS firewall
  • IOS ips
  • SNMPv3
  • Embedded event manager
  • 802.1x
  • Private vlans
  • Multicast
  • Device hardening
  • Syslog
  • Layer 2 secyrity features
  • Network access control

Ip addresses

HQ

Vlan name Ip address range Vlan number
ServerHQ 10.1.1.0/24 3
GuestHQ 172.16.0.0/24 4
ClientHQ 10.1.2.0/24 5
PhoneHQ 10.1.3.0/24 6

Branch1

Vlan name Ip address range Vlan number
ServerB1 10.2.1.0/24 3
GuestB1 172.16.1.0/24 4
ClientB1 10.2.2.0/24 5
PhoneB1 10.2.3.0/24 6

Misc.

Purpose Ip address range
Lan p2p links 10.255.255.x/30
Management 10.0.0.x/32
Gre p2p links 10.1.3.x/30

/*see the network diagram for the ip address assignments

Equipment list

HQ
1 x Asa5505
1 x Wlc2006
1 x Catalyst 3560 PoE (default IOS:(C3560-IPSERVICES-M), Version 12.2(25)SEE3, RAM 128MB, Flash: 16MB)
1 x 1221 Lap
1 x 2801 (default IOS:(C2801-ADVIPSERVICESK9-M), Version 12.4(13b) RAM: 128MB, Flash: 64MB)

Branch 1
1 x Asa5505
1 x Catalyst 3560 PoE
1 x 1221 Lap
1 x 2801

Cloud
1 x 2801
1 x 3560

Access control

<accesscontrol>NetBand</accesscontrol>


Passwords

Internet NAT router(192.168.138.148): cisco
Internet Switch(192.168.0.5): : cisco
Ubuntu server: ciscodisco
W2k3 Server: ciscodisco