CS 600.443 Assignment 1 Due at the beginning of class on February 20, 2004 This assignment should be done in groups of 1-4. Please put all participants names on the assignment before turning it in. Make sure that all the students in your group are in the same track. Here we go: You are in charge of a small company's network. The company has an external web server, a mail server, and a highly sensitive database of information that it serves over the web. Where specified, you should enforce the policy mentioned. Where not specified, you should come up with policy decisions that make sense. Among others, protocols to consider are DNS, ICMP (various), NTP, UDP, HTTP. Also, think about where you might need to use IPsec or SSL. Finally, consider how you want to treat various protocols that users might use, such as IM, file sharing (Kazaa), email, etc. There are several departments within the company: 1. payroll Payroll has several Windows PCs running a Microsoft database package. Employees can access the payroll information over the web when they are at work, inside the network. However, nobody should ever be able to access payroll information from outside, not even employees. Payroll employees should not be able to browse the web from their work machines. 2. Product design The product design department consists mostly of engineers. They run various platforms. The product design network should not be accessible from anywhere outside of the company, but other internal networks should be able to log in via ssh. People in product design should be able to send and receive email with the outside world, and they should also be able to browse the web. Ssh connections from product design to the outside should be allowed, but inbound ssh should only be allowed to one machine on the inside, and from there, employees should be able to log into other internal machines. 3. Administration The administration network is the one used to configure the web server, the mailer and the network in general. Administrators typically have root on most machines. Figure out what access they need to have and what policy makes sense for this site. The assignment (50 points) -------------- 1. Produce a detailed network diagram for the company. Label all firewalls and routers, as well as subnets. Put in as much detail as possible. 10 points 2. Produce a policy document for the company detailing all of the policies for this organization. 10 pointes 3. Identify all security interfaces and in plain English, describe the filtering policy for that interface. 10 points 4. Using either ipchains or iptables, implement the policy required for each interface, and then use iptables or ipchains built in listing function to list the filtering rules. Turn in a printout of these listings for each interface. 20 points