Question

In your LAN, you want to allow the external host to communicate only with your internal Telnet server (TCP / 23). External hosts are not allowed to establish TCP connection with other internal servers. Write the appropriate filtering rules for the security policy. [15 points]

Required fields for the filtering rule:

RuleID, SourceIP, DestIP, SourcePort, DestPort, Protocol, SYN, ACK, Action

Answer 1

RuleID:

Well in this case Firewall rule ID applied to the connection traffic.

SourceIP:

IP address from which the connection for the source IP address was established.

DestIP(Destination IP):

IP address to which the connection was established.

SourcePort:

Port through which the connection was established for the source IP address.

DestPort(Destination Port):

Port to which the connection was established for the source IP address.

Protocol:

Protocol used by the traffic.

SYN:

SYN attack is one of the most popular DDOS attacks which target the hosts that run TCP processes and exploit the normal TCP three-way handshake process. SYN packets are normally generated when a client attempts to start a TCP connection to a server, the client and server exchange a series of messages which normally runs like this: The client requests a connection by sending an SYN (synchronize) message to the server.

ACK:

It is the name of the signal that data has been received successfully.for example if  If the source fails to receive the ACK signal, it either repeats the block of data or else ceases transmission, depending on the protocol.

Action:

Turn on your firewall and Activate your anti-virus software install if needed, Restrict access to physical ports for colleagues who don’t need it.Give all staff access to a password manager (there’s lots available via the AppStore) so they can store their passwords safely .Backup data to a secure platform like portable hard drive. arrange some automated back ups only on certain times when u need.the password will protect all your devices.Activate your tracking tools.Encrypt all office equipment using a Trusted Platform Module (TPM), e.g. Bitlocker for Windows, with a PIN or FireVault (on MAC OS)

Hey hope this helps, if do give a thumbs up .if you have any doubt regarding this please do comment i'll be sure helping you .