Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Lab TSIT02
Group member
Abdul Jamal
Mikael Enberg (Absent on Lab time)
Source IP address 192.168.81.114
Destination IP address 192.168.81.111
Question No: 2 A list of all the rules you added, preceded by the number of step where
you added it and there are two rules for step 7.11.
7. Allow all outgoing traffic and incoming traffic that is initiated by you, but block
anything that you have not started.
10. Allow your co-group, but nobody else, access to your internal web page.
-A INPUT –s 192.168.81.111 –p tcp –destination-port 8080 –j ACCEPT
11. You do not want employees in your company to spend their time surfing the web from
the company computer. Block such access.
-A OUTPUT –p tcp –destination-port 80 –j DROP
OR
#-A INPUT –p tcp –source-port 80 –j DROP
12. You realise (if you did not think about the complication already in step 11) that now
your employees cannot access some necessary internal information. Fix this without
violating the goal you should achieve in point 11 above
OUTPUT RULES
-A OUTPUT –s 192.168.80.111 –d 192.168.80.114 –j ACCEPT
-A OUTPUT –p tcp –destination-port 80 –j DROP
-P OUTPUT ACCEPT
FORWARD RULES
-P FORWARD ACCEPT
Question No: 4
a. In what way was your computer vulnerable at the start of the session?
Initially, there was no firewall configured on the systems at the start of the session, we can
access any system and there resources. On the other site any other groups can access anything
from our computer because ports on the system were also open and use for communication with
no restrictions. So the vulnerability can be avoid by implementing firewall polices and rules
b. What unwanted events were protected against at the end of the session?
In the end of the session, the whole network secured. Firewall filters all packets, which is
coming-in and coming-out from our system. we configure firewall rules on the system, which
block unwanted communications ,data and allow that information we need. we apply restriction
on the port and ip address, any one cannot access our secret information without permission.
e. Give an example of how a different order among the rules in your final list would destroy
the expected effect of some rule! Motivate!
Change the order between the rules can affect on the result. If the first rule allow the co-group
(ip) and block the port 8080 to all others. If order is change, the co-group cannot access this port.
The firewall rules will be totally change by changing the order.