Eicon Networks S92 Instrukcja Użytkownika Pobierz pdf (Strona 104)

YuChakTinMichael‘sGIACGCFWProjectAssignment

Page 104

n DISALLOWAny<IN&OUT,Any >Any

Anotherinterfacewhichrequiresfilterstobesetupistheinterfaceattachedto

RAS_Net,whichis192.168.22.1:

n RAS_Net(192.168.22.0)< IN&OUT,Any >Internal_Servers(192.168.18.0)

n RAS_Net(192.168.22.0) < IN&OUT,HTTP,HTTPSandDNSQuery >

Public_Services(192.168.8.0)

n DISALLOWAny<IN&OUT,Any >Any

Dependingontheneedsoftheusers,additionaltrafficmaybeallowed.Refertothe

“ProductsPreparation”sectionforafulllistofprotocolscommonlyusedina

Windowsbasednetwork.

Itisalwaysagoodpracticetoexplicitlyadda“dropeverything”ruleasthelast

rule.Thisensuresthatallillegitimaterequestsarelogged.

BasicTesting: 

n Fromaninternalclient,accessasharethatbelongstothefileserverinside

Internal_Servers.Theattemptshouldsucceed.

n Fromaninternalclient,accessthedatabaseapplicationserverinside

Critical_Resourcesviatelnet.Theattemptshouldfail.

n Fromaninvalidinternalclient,accesstheintranetserverinsideInternal_Servers

viaHTTP.Theattemptshouldfail.

n Inspectthelogfile.

FurthertestingshouldbeperformedattheAuditstage.

1 2 ... 99 100 101 102 103 104 105 106 107 108 109 ... 208 209

Brak uwag

Eicon Networks S92 Instrukcja Użytkownika Strona 104