Question

[5 marks] An organization has 2 server computers and a number of desktop computers and a few printers. All of them are connected together via an internal network, and the network is connected to the Internet via the border router of the organization. From the outside of the organization, on the Internet, only these 2 server computers are visible. One of them is the email server (IP address: e1.e2.e3.e4), and the other one is the web server (IP address: w1.w2.w3.w4). In other words, only these 2 server computers accept requesting incoming network traffic. All desktop computers are allowed to access the Internet, without any restriction. Therefore, they accept responding incoming network traffic, but not accepting any requesting incoming network traffic.

• [3 marks] Please design the network and draw the network diagram. You have the freedom to assume the internal network structure. In the diagram, in addition to the 2 servers, you should also include a few desktop computers and a printer. Please explain the rationale on why you put a computer or a printer in its designated location, 1 example for each location. A subnet (or a segment) is regarded as the same location. (hint: a firewall or a few firewalls, depending on your design, are needed to regulate the network traffic)

• [2 mark] Please write down the firewall rules to fulfil the access requirement of the organization. Please follow the sample firewall rule (below) format to write down your firewall rules.

action	ourhost	port	their host	port	comment
block	*	*	*	*	default

Answer 1

Rationale for the Network Diagram

All computers are connected to the scanner and the printer. The printers are connected to

one of the computers in the network. The computer is also linked to the network through a switch.

The server will serve both as an email server and file server to the rest of the network. The server

computer has a firewall to configure data as it comes through the network.

Firewall implementation :

The firewall is one of the essential elements in the network security and today's group. The

firewall remains a critical bit in for all intents and purposes any useful framework security

outline, and today's associations have a couple of sorts to discover. It's key that specialists

recognize the kind of firewall that best suits the affiliation's framework security needs. When

picked, one of the fundamental part worries that outlines a security strategy is "The spot should

the firewall be put?" You will find three essential firewall topologies: the bastion has, screened

subnet and two times firewall models. Beginning security relies on in the wake of picking the

right firewall topology.