Difference between revisions of "Netband Project"
(→Passwords) |
(→Passwords) |
||
| Line 133: | Line 133: | ||
===Passwords=== | ===Passwords=== | ||
[[Netband_Project_-_Inet_router|Internet NAT router]](192.168.138.148): cisco<br/> | [[Netband_Project_-_Inet_router|Internet NAT router]](192.168.138.148): cisco<br/> | ||
| − | [[Netband_Project_-_Inet_Switch|Internet Switch]](192.168.0.5) | + | [[Netband_Project_-_Inet_Switch|Internet Switch]](192.168.0.5): cisco<br/> |
| − | [[Netband Project - Ubuntu server|Ubuntu server]]: ciscodisco<br/> | + | [[Netband Project - Ubuntu server|Ubuntu server]] (10.1.1.10): ciscodisco<br/> |
| − | W2k3 Server: ciscodisco<br/> | + | W2k3 Server (10.1.1.11): ciscodisco<br/> |
Revision as of 11:06, 8 April 2009
<accesscontrol>NetBand</accesscontrol>
Netband Project
The main goal of this project is to design and implement some of the newest security functionalities in Cisco IOS and the Asa appliance.
Contents
Course description
A small company setup is used to illustrate and document the various relevant security features on an network infrastructure. The bussiness case evolves around a small to medium sized company with a centralized HQ and a number of remote branch offices. The project will consist mainly of cisco switches, routers and Asa firewall appliances. In order to support and demonstrate selected features, a small number of linux and windows servers are installed. The servers are just used as support so only basic configuration and security are implemented.
The project will touch on the following areas:
- DMVPN
- WLC
- IPSec vpn
- Asa firewall
- Zone based firewall
- IOS firewall
- IOS ips
- SNMPv3
- Embedded event manager
- 802.1x
- Private vlans
- Multicast
- Device hardening
- Syslog
- Layer 2 security features
- Network access control
Ip addresses
HQ
| Vlan name | Ip address range | Vlan number |
| ServerHQ | 10.1.1.0/24 | 3 |
| GuestHQ | 172.16.0.0/24 | 4 |
| ClientHQ | 10.1.2.0/24 | 5 |
| PhoneHQ | 10.1.3.0/24 | 6 |
Branch1
| Vlan name | Ip address range | Vlan number |
| ServerB1 | 10.2.1.0/24 | 3 |
| GuestB1 | 172.16.1.0/24 | 4 |
| ClientB1 | 10.2.2.0/24 | 5 |
| PhoneB1 | 10.2.3.0/24 | 6 |
Misc.
| Purpose | Ip address range |
| Lan p2p links | 10.255.255.x/30 |
| Management | 10.0.0.x/32 |
| Gre p2p links | 10.1.3.x/30 |
/*see the network diagram for the ip address assignments
Equipment list
HQ
1 x Asa5505
1 x Wlc2006
1 x Catalyst 3560 PoE (default IOS:(C3560-IPSERVICES-M), Version 12.2(25)SEE3, RAM 128MB, Flash: 16MB)
1 x 1221 Lap
1 x 2801 (default IOS:(C2801-ADVIPSERVICESK9-M), Version 12.4(13b) RAM: 128MB, Flash: 64MB)
Branch 1
1 x Asa5505
1 x Catalyst 3560 PoE
1 x 1221 Lap
1 x 2801
Cloud
1 x 2801 ((C2801-ADVIPSERVICESK9-M), Version 12.4(9)T, RAM: 128MB, Flash: 64MB)
1 x 3560 ((C3560-IPSERVICES-M), Version 12.2(25)SEB4, RAM:128MB, Flash: 32MB)
Access control
<accesscontrol>NetBand</accesscontrol>
Passwords
Internet NAT router(192.168.138.148): cisco
Internet Switch(192.168.0.5): cisco
Ubuntu server (10.1.1.10): ciscodisco
W2k3 Server (10.1.1.11): ciscodisco