Instructions

You will download a fully working copy of the network file from the exam folder that is available
during the examination. All routing and addressing is set up for you, however you may re-design
as you see fit.
Part 1 (50%)
You must examine this network in conjunction with the security problems that are given below and
design a security solution to overcome the security issues. You will use the next 90 minutes to
rebuild the network in Packet Tracer 6.0.1and apply the configurations that you have written to the
routers.
Part 2 (50%)
During the last 30 minutes, you will be asked to perform the TEN tasks on page 6 using IOS and
PC commands within your network and then write a BRIEF critique of the network. Please save
your responses to the questions on page 6 in this word document by use of screenshots or copy
and paste. Add your critique to page 7 of this document. This does not need to exceed 500 words
and must be concise. You will save this file along with your Packet Tracer file in the exam
directory that is provided in My Computer.
You must remain in the examination room until your network test results in this word document and
your .pkt file has been saved appropriately.
You may login to your PC now and download the examination files but you may not begin
reconfiguring the Packet Tracer file until you are told.

Insecure Starting Network

You will download a pre-configured network as shown in the diagram below from your exam folder.
Important when adding any hardware:
You should use appropriate routers throughout the network.
You may need to add appropriate interfaces to the routers.
Use 2950-24 Switches for all switches in the network.
Use Generic PCs for all workstations.
Use Generic Server-PT for any additional servers in the network remember to turn OFF
unnecessary services on these machines.

External
Network

So-Knee Network

Network Re-Design Value 50%

Time allowed 90 minutes
Instructions
You will be given NINETY MINUTES to redesign your network. Please put ALL details on the A3 paper
provided.
Please refer to the diagram on page 3 when reading the instructions below.
There is NO NEED to redesign the External Network
You may use the Ciscopedia installed on your PCs or your notes to help you with the required commands.
Be sure to draw a clear diagram of your re-designed network on the A3 paper supplied with ALL security
details. You may also write pertinent configurations for the routers on the A3 paper.

Subnetting the Network

You may add any IPv4 address blocks to your network.
You may subnet as you see fit using appropriate subnetting techniques.
__________________________________________________________________

Network Problems
The So-Knee Paystation gaming company has been hacked recently. One of its branch offices has been
tested for security and has several problems. The So-Knee network border is the router tagged ASBR.
A hacker (Hacker PC is included ) has managed to gain access to the entire So-Knee network and is able to
TELNET into the ASBR router and can ping all machines in the So-Knee network.
The hacker has also managed to gain access to the company Intranet Server at 192.168.1.2.
The public webserver can be pinged from the outside and can therefore be susceptible to a DDoS attack

Switch Configuration
No configuration or naming is required for any of the switches. You are not required to design VLANs to
solve this network problem

Server Configuration
You should not need to change the configuration or purpose of the servers in your network but you may need
to move them to different networks if appropriate.

PC configuration
You do not need to name or add to the PCs. You may set the PCs to become DHCP clients or give them
static addresses.
Remember to turn OFF the DHCP service on any extra servers as this service is turned ON by default and
will cause problems with your DHCP configuration.

Re-designing the network

Open Packet Tracer 6.0.1on your PC and download the network as shown on page 3. Refer to your diagram
for details.
You must create a Two Tier network security solution that places the Public Webserver into a Demilitarised
Zone (DMZ) on its own.
No external machine may be able to gain access to any machine in the So-Knee network using ICMP.
No external machine may have any access whatsoever to any So-Knee resource EXCEPT the Public
Webpage.
All external PCs must be able to access the Public Webpage ONLY.
No external PCs may gain access to the Intranet & FTP Server.
The Finance and Web Management PCs must be able to access the DMZ using SNMP and FTP and be able
to ping the Public Webserver.
All PCs in the So-Knee network must be able to access the DNS Local Server with ICMP.
IMPORTANT:
You must save your configurations on the routers regularly and also to save your .pkt file regularly in the
Packet Tracer application in the exam folder.
You will not be given extra time if you forget to save and your configurations are lost.
Test your re-designed network for connectivity throughout. Only when you are satisfied that you have full
connectivity should you proceed with applying your Access Control Lists (ACLs).
Do not apply your security until you are happy that the re-designed network has complete connectivity.

Time allowed 30 minutes.

When you have completed the network re-configuration, you will need to show that the new
network setup works correctly. Use screenshots and cut and paste where appropriate to
answer the following questions.
Make sure that you include sufficient information to prove that you have answered the
question as you were asked. This may mean showing the command and the response.
You must add a written critique of the network after answering the questions below.
1
2
3
4
5
6
7
8
9
10

Task to perform
Show the result when the Hacker PC tries to access the ASBR router
using telnet
Show the response on the webpage when the hacker tries to access
the company intranet webpage using its IP address
Prove that the hacker cannot ping any destination on the So-Knee
network
Show that the hacker can access the public webserver on the SoKnee network using its canonical name (URL)
Show that the Web Management PC can access the Public
Webserver
Show that the Finance PC can ping the DNS local server
Show that the Web Management PC can access the Intranet
Webserver by its canonical name (URL)
Prove that one of your Access Control List statements has operated
correctly using a show command.
Show that you have increased the security of the ASBR router
Show that SNMP traffic is able to reach the Intranet Server from the
Web Management PC

Network Critique
Add a concise network critique to show the basic problems and solutions that you have created to the
problems. The critique should be less than 500 words. Please write your critique below.

My Network Critique