Scribd
Upload
72 views

Laboratory Activity Firewall IDS Encryption

activity

Uploaded by

jpermano24
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
72 views

Laboratory Activity Firewall IDS Encryption

activity

Uploaded by

jpermano24
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Laboratory Activity

Configuring a Firewall, Intrusion Detection System (IDS), and Encryption in Cisco Packet Tracer

Instructor's Demonstration Lab

Objective:
Students will learn how to configure a basic firewall, set up an Intrusion Detection System (IDS),
and practice encryption techniques using Cisco Packet Tracer.

Materials:
Cisco Packet Tracer 8.0 or later
A computer with administrative rights

Scenario:
You are a network administrator tasked with securing a small office network. The network consists
of a router, a switch, and two PCs. Your goal is to:

1. Configure a firewall on the router to block unwanted traffic.

2. Set up an IDS to monitor traffic for potential security threats.

3. Implement encryption between two devices to secure communication.

Step-by-Step Instructions

Step 1: Setting Up the Network Topology


1. Open Cisco Packet Tracer.
2. Create a simple network with the following components:

- 1 Router: Cisco 1941 Router (Model: 1941, Type: Router).

- 1 Switch: Cisco 2960 Switch (Model: 2960, Type: Switch).

- 2 PCs: Generic PC (Model: PC-PT, Type: End Device).

3. Connect the devices:

- Connect Router0 to Switch0 using a copper straight-through cable.

- Connect PC0 and PC1 to Switch0 using copper straight-through cables.

Step 2: Configuring IP Addresses


1. Click on Router0, go to the CLI tab, and configure the following:

Router> enable
Router# configure terminal
Router(config)# interface gigabitEthernet 0/0

Router(config-if)# ip address 192.168.1.1 255.255.255.0


Router(config-if)# no shutdown
Router(config-if)# exit
Router(config)# exit

2. Configure PC0:
- IP Address: 192.168.1.2
- Subnet Mask: 255.255.255.0
- Default Gateway: 192.168.1.1

3. Configure PC1:

- IP Address: 192.168.1.3
- Subnet Mask: 255.255.255.0
- Default Gateway: 192.168.1.1

Step 3: Configuring a Basic Firewall


1. On Router0, access the CLI and configure an access control list (ACL) to block ICMP (ping) traffic
from PC0 to PC1:

Router# configure terminal


Router(config)# access-list 100 deny icmp host 192.168.1.2 host 192.168.1.3

Router(config)# access-list 100 permit ip any any


Router(config)# interface gigabitEthernet 0/0

Router(config-if)# ip access-group 100 in


Router(config-if)# exit
Router(config)# exit

2. Test the firewall:

- Try to ping PC1 from PC0. The ping should fail due to the firewall blocking ICMP traffic.

Step 4: Setting Up an Intrusion Detection System (IDS)


1. Add an IDS device to the network:

- Use a Server-PT (Model: Server-PT, Type: End Device), and label it as IDS.

- Connect IDS to Switch0 using a copper straight-through cable.

2. Configure the IDS:

- Click on the server, go to the Services tab, select IDS/IPS, and enable it.

- Set the monitoring interface to the one connected to Switch0.

3. Test the IDS:

- Attempt to perform suspicious activities (like a port scan) from PC0 to PC1.

- Check the IDS logs to see if the activity is detected.

Step 5: Implementing Encryption


1. On PC0, open the Command Prompt and use the crypto ipsec transform-set command to create
an encryption policy:

PC0> crypto ipsec transform-set MY_TRANSFORM esp-aes esp-sha-hmac

2. On Router0, apply the encryption policy:

Router# configure terminal


Router(config)# crypto isakmp policy 1
Router(config-isakmp)# encryption aes
Router(config-isakmp)# hash sha
Router(config-isakmp)# authentication pre-share

Router(config-isakmp)# group 2
Router(config-isakmp)# exit
Router(config)# crypto ipsec transform-set MY_TRANSFORM esp-aes esp-sha-hmac

Router(config)# crypto map MY_MAP 10 ipsec-isakmp


Router(config-crypto-map)# set peer 192.168.1.2

Router(config-crypto-map)# set transform-set MY_TRANSFORM


Router(config-crypto-map)# match address 101
Router(config-crypto-map)# exit

Router(config)# interface gigabitEthernet 0/0


Router(config-if)# crypto map MY_MAP
Router(config-if)# exit
Router(config)# exit

3. Verify the encryption:

- Send traffic from PC0 to PC1.


- Use Packet Tracer's simulation mode to inspect the traffic and confirm that it is encrypted.
Student Lab Activity

Objective:
Students will apply the concepts learned by configuring a firewall, setting up an IDS, and
implementing encryption independently.

Scenario:
You are a network administrator tasked with securing another small office network. The network
consists of a router, a switch, and two PCs. Your goal is to:

1. Configure a firewall on the router to block unwanted traffic.

2. Set up an IDS to monitor traffic for potential security threats.

3. Implement encryption between two devices to secure communication.

Instructions:
1. Set Up the Network Topology using the following components:

- 1 Router: Cisco 1941 Router (Model: 1941, Type: Router).

- 1 Switch: Cisco 2960 Switch (Model: 2960, Type: Switch).

- 2 PCs: Generic PC (Model: PC-PT, Type: End Device).

2. Configure IP Addresses on the router and PCs as demonstrated in the instructor’s lab.

3. Configure a Basic Firewall to block HTTP traffic from PC1 to PC0.

4. Set Up an IDS on the network and monitor for any FTP traffic.

5. Implement Encryption on the traffic between PC0 and PC1.

Questions:
1. What is the purpose of using an access control list (ACL) in the firewall configuration?

2. How does the IDS contribute to network security?

3. Why is encryption important in network communication?

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy