Answers

This section contains the answers to the exercises and the Chapter review section in this chapter.

Exercise 7-1

The diagram should look similar to the following:

This figure shows an example of a typical enterprise network infrastructure with specific features to address the exercise. To the far left is the Internet. To the right is an external firewall with NAT support that connects the enterprise to the Internet. To the right of the external firewall is an internal firewall that bounds a region of the network labeled Perimeter network. It holds the web server, application server, the email server, and public DNS server. To the right of the internal firewall is the enterprise LAN, labeled Zone 1 - Internal Network, where the bulk of information assets reside, such as resource servers and client computers. A firewall isolates the lower-trust level Zone 1 area from the higher-security Zone 2 - Administrative Network security zone. Administrative workstations and consoles reside on this Zone 2 network. Within the Zone 2 - Administrative Network is another firewall that isolates the Zone 2 area from the highest-security Zone 3 - Confidential Network security zone. Confidential workstations and resource servers reside on this Zone 3 network. Collectively, security zones 1, 2, and 3 are labeled Intranet. Connected to the Zone 1 security zone is a firewalled and persistent connection to two wireless networks, one labeled Lobby Wireless, one labeled Internal Wireless. The Lobby Wireless network supports visitors in the lobby. A firewall rule is applied, enabling Lobby connection to only the Internet. Internal wireless client computers connect to the internal wireless network. Also connected to the Zone 1 security zone is a firewalled and persistent connection to the branch office. This connection is labeled Extranet. Workstations and resource servers reside on this branch office network.

Figure 7-35. Exercise 7-1 network diagram

Exercise 7-2

At least two public IP addresses must be used on the public interface of the external firewall/NAT server. One address will be used to provide Internet access for internal users (many to one) and to provide public access to the web server, DNS server, and SMTP server using port forwarding (PAT), mapping port 80 and 443 to the private IP address of the web server, 53 to the private IP address of the DNS server, and 25 to the private ...

Get CISSP Training Kit now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial