Instructions
The purpose of this homework assignment is to learn how to audit the LAN-to-WAN domain. You will identify common risks, threats, and vulnerabilities found in the LAN-to-WAN domain. You will assess common risks, threats, vulnerabilities found in the LAN-to-WAN domain, and you will identify network and security policies needed to properly secure the LAN-to-WAN portion of the network infrastructure. You will audit and assess implementation of security controls within the LAN-to-WAN domain, and you will recommend LAN-to-WAN domain hardening solutions by implementing proper security controls at the Internet ingress/egress point within an IT infrastructure. You will use a text document to develop your homework assignment by completing the sections listed below:
Lab 6.1a
Review the following scenario:
You are a security consultant for an information systems security firm and have a new healthcare provider client under HIPAA compliance. Your new client wants to know the requirements and business drivers for securing the LAN-to-WAN domain in its healthcare environment, which requires compliance with HIPAA. Similarly, your firm has a U.S. government DoD client who also wants you to perform a LAN-to-WAN domain compliance audit per the DoD LAN and network hardening guidelines and baseline requirements. Both organizations want you to focus on the LAN-to-WAN domain only, and you are to use the DoD-provided frameworks and STIGs previously found to summarize a network infrastructure hardening strategy.
Launch your Web browser. Navigate to the following website: https://public.cyber.mil/stigs/.
Review the Security Technical Implementation Guides (STIGs) available and the proper implementation of security based on DoDs workstation/desktop hardening guidelines (i.e., Windows 10, Server 2012, Apple IOS).
In your homework assignment, discuss three STIGs and the DoDs workstation/desktop hardening guidelines.
Lab 6.1b
Launch your Web browser and navigate to the following website: https://www.sans.org/reading-room/whitepapers/bestprac/network-security-smb-1542
Open the .pdf file and identify the risks, threats, and vulnerabilities commonly found in the LAN-to-WAN domain. List these in your homework assignment.
Using the information you learned in the homework assignment you submitted in Unit II and Internet resources, identify and review the documents available for hardening network infrastructure and the LAN-to-WAN domain as per DoD standards.
List these in your homework assignment.
Lab 6.1c
Launch your Web browser and type in the web address https://public.cyber.mil/stigs/ .
Find the STIGs for the routers and switches, network policy, firewalls and IDS/IPS, and other network devices.
Use the following search criteria to find these devices:
Routers
Switches
Network Policy
Firewall
ISD/IPS
Download these ZIP files from the URLs listed in the previous step.
Extract the Overview PDFs from each of the ZIP files listed in the previous step. This PDF is the summary document that supports all of the XML files.
Review the following concepts from this overarching DoD standards document for network infrastructure:
Enclave perimeter
enclave protection mechanisms
network infrastructure diagram
external connections
leased lines
approved gateway/internet service provider connectivity
backdoor connections
IPv4 address privacy
Firewall
packet filters
bastion host
stateful inspection
firewalls with application awareness
deep packet inspection
application-proxy gateway
hybrid firewall technologies
dedicated proxy
layered firewall architecture
content filtering
perimeter protection
tunnels
Briefly discuss in these in your homework assignment.
Lab 6.1d
Extract the Switch Cisco Manual XML file from the Network L2 Switch ZIP file. Review some of the following concepts and vulnerabilities for configuring and hardening Cisco switches:
non-registered or unauthorized IP addresses,
in-band Mgt not configured to timeout in 10 min,
exclusive use of privileged and non-privileged,
assign lowest privilege level to user accounts, and
log all in-band management access attempts.
Briefly discuss these in your homework assignment.
Lab 6.1e
Extract the Perimeter Router Cisco XML file from the Network Perimeter Router L3 Switch ZIP file. Review some of the following concepts and vulnerabilities for configuring and hardening Cisco routers:
A log or syslog statement does not follow all deny statements.
DNS servers must be defined for client resolver.
Running and startup configurations are not synchronized.
Briefly discuss these in your homework assignment.
Lab 6.1f
Extract the Firewall Cisco PIX ASA XML file from the Network Firewall ZIP file. Review at least three of the concepts and vulnerabilities for configuring and hardening Cisco firewalls as performed previously for switches and routers.
Discuss these in your homework assignment.
Lab 6.1g
Extract the IDS-IPS Manual XML file from the Network IDS-IPS ZIP file. Review at least three of the concepts and vulnerabilities for configuring and hardening IDS/IPS devices as performed previously for switches and routers.
Discuss these in your homework assignment.
Lab 6.1h
Extract the Network Policy Manual XML file from the Network Policy ZIP file. Review at least three of the concepts and vulnerabilities for configuring and hardening network policy as performed previously for switches and routers.
Discuss these in your homework assignment.
Lab 6.2
Write an executive summary on the top LAN-to-WAN domain risks, threats, and vulnerabilities, and include a description of the risk mitigation tactics you would perform to audit the LAN-to-WAN domain for compliance. Use the U.S. DoD LAN-to-WAN hardening guidelines as your example for a baseline definition for compliance. Submit the document to your instructor as a deliverable for this homework assignment.
NOTE: When you submit your homework assignment, you can combine the assignments into one document for grading. Please clearly mark the answers for Lab 6.1a, Lab 6.1b, Lab 6.1c, Lab 6.1d, Lab 6.1e, Lab 6.1f, Lab 6.1g, Lab 6.1h, and Lab 6.2 within your submission by labeling those sections within your assignment.
Your homework assignment should be a minimum of three pages in APA format. Include a minimum of two sources, with at least one source from the Online Library in addition to your textbook.
Adhere to APA Style when constructing this assignment, including in-text citations and references for all sources that are used. Please note that no abstract is needed.