Question

Design a network for a small organization THAT would like to run several services and have its servers securely positioned within its network to do that. pick the best network architecture/design to ensure that services are provided for internal and external clients as required by the organization policies. Use only packet filter firewall to ensure secure communication between internal/external clients and internal and external servers.

Organization Rules:

1. The organization will have 10 clients as hosts.
2. The organization should have packet filter firewalls only as part of its network.
3. The organization will run two Web servers (Web-I and Web-E). Web-I can only be accessed by internal clients and Web-E can be accessed by anyone (internal or external).
4. Any internal client should be able to access any external web server.
5. An internal FTP server is configured to be accessed by only internal clients using both active and passive mode.
6. Internal clients should be able to access any external FTP server only in passive mode.
7. Rules on the firewalls must be configured to prevent any IP spoofing.
8. Ping from external machines should only be allowed to Web-E and should be denied if the destination machines is any other machine within the LAN.

Phase 1:
Part 1: Provide a full description of the proposed network and a list of filtering rules to be configured based on the organization policies/rules.

Part 2: Provide a possible network design for the proposed network and discuss the advantages and disadvantages of the provided design.

Answer 1

A possible network design for a small organization that wants to run several services can involve setting up a local area network (LAN) with internal and external segments. Packet filter firewalls should be used to ensure secure communication between internal and external clients and servers. The network design has advantages such as secure communication and the ability for internal clients to access both internal and external services.

Step-by-step explanation:

A possible network design for the proposed network could involve setting up the organization with a local area network (LAN) consisting of the 10 client hosts, two web servers (Web-I and Web-E), and an internal FTP server. The network can be divided into two segments: the internal network and the external network. The internal network will connect the client hosts, Web-I, and the internal FTP server, while the external network will connect Web-E.

To ensure secure communication between internal and external clients and servers, a packet filter firewall should be used. The filtering rules should be configured based on the organization's policies and rules. The rules should include allowing internal clients to access Web-I, allowing anyone (internal or external) to access Web-E, allowing internal clients to access any external web server, and allowing internal clients to access the internal FTP server using both active and passive mode.

Advantages of this network design include secure communication through the use of packet filter firewalls, the ability for internal clients to access both internal and external services, and the ability to prevent IP spoofing. However, a disadvantage of this design is that it only allows ping from external machines to Web-E and denies ping to any other machine within the LAN.