- Question 1: Firewall Rule Design [10 marks]
The following diagram shows the topology of the network of a small company. There are three servers
located in a DMZ (Demilitarized Zone).
The web server can directly accept requests (HTTP or HTTPS) from the Internet or from the internal
network.
The DNS server can directly accept requests from the Internet. The DNS server can also directly
accept requests from the internal network. However, if the DNS server cannot resolve a domain name
requested by the internal network, it will contact the DNS servers on the Internet directly for the name
resolution.
On behalf of the users on the internal network, the email server sends emails to and receives emails from
the Internet. The users on the internal network use IMAP (Internet E-mail Access Protocol) to read and
organize their emails on the email server.
The users on the internal network are allowed to access the Internet only for HTTP, HTTPS and FTP
services. However, the users of the internal network are never allowed to connect the Internet directly.
Based on the above network configuration and application scenarios, answer the following three
questions.
Page 1 of 3
A. The firewall services are installed on the router. Create the firewall rules to implement the packet
filtering and only allow the specified traffic. The firewall rules are to be created in the following
format.
Application
Protocol
Transport
Protocol
Source IP Source
Destination IP Destination
Port
B. Briefly explain each rule in the rule base that you have created.
C. The proxy services are also installed on the router to conceal the users of the internal network
(192.168.1.0/25) from the Internet. Suppose that users on the internal computers send the
following requests to the Internet. The proxy services perform the Port Address Translation
(PAT). Complete the following connection table to show how PAT is working for requests from
the users on the internal network.
Packet Addressing on internal network Packet Addressing on external network
Source IP Source
192.168.1.2 1033 203.206.209.7
192.168.1.2 1035 210.10.102.19
192.168.1.5 2301 203.206.209.5
192.168.1.5 2302 202.2.59.40 443
192.168.1.5 4123 72.5.124.55 80
192.168.1.8 4128 72.5.124.35 21
192.168.1.8 1033 150.101.16.25
192.168.1.9 1035 150.101.16.25
Marking Criteria
Parts A & B (6 Marks)
6 Marks: All rules present and in appropriate order; explanations clear and correct
4-5 Marks: A few rules missing or incorrect however the explanations justify the intent.
3 Marks: Passable solution but with a number of missing rules and/or incorrect explanations
1-2 Marks Most rules missing/incorrect and/or explanations are not correct.
0 Marks Essentially nothing is correct
Part C (4 Marks)
1/2 mark per correct table entry
Destination IP Destinatio
Port
7
6
5
n Port
80
443
21
Source
IP
Source
Port
Destinatio
n IP
0
0
80
443
Page 2 of 3
Question 2: Attack and Defence Research [9 marks]
DNS and ARP poisoning attacks are similar; however there are fundamental differences between the
two. You are to research these specific differences contrasting the way the attacks are conducted and
some of the countermeasures available. Ensure you use at least three in-text academic references to
contrast these attacks (include neither your textbook nor Wikipedia in these references. Failure to do so
may not give you marks).
Remember that you are not to repeat in your research what DNS and ARP poisoning attacks are. We
already know that from our discussions in class. In writing about the differences between the two
types of attacks, contrast for example the complexity of the attacks (which one is easy to conduct
and why), the impact (consequences) of the attacks, which one is more common and the different
mechanisms available to counter the attacks. Write no more than 300 words (about a page including in-
text references).
Question 2 Marking Criteria
2.5 Marks for contrasting the complexity of the two type of attacks
2.5 Marks for contrasting the impact (consequences) of the attacks
2.5 Marks for contrasting the countermeasures
1.5 Marks for the format of the writing (referencing, grammar and structure)