Network Topology

The WAN

Cisco 2921 Integrated Services Router

•Security Embedded hardware-accelerated VPN encryption•Secure collaborative communications with Group Encrypted Transport VPN, Dynamic Multipoint VPN, or Enhanced Easy VPN•Integrated threat control using Cisco IOS Firewall Cisco IOS Zone-Based Firewall, Cisco IOS IPS, and Cisco IOS Content Filtering•Identity management: Intelligently protecting endpoints using authentication, authorization, and accounting (AAA), and public key infrastructure

Beyond Our Network

With Private IP Enhanced Traffic Management, our Private IP Layer 3 MPLS-based VPN puts all your traffic on a reliable, private network with Quality of Service (QoS) routing. And with Private IP Layer 3, you can build a hybrid solution between your public and private networks while enabling automated business processes, including e-commerce, VoIP, converged solutions, shared intranets, and extranets.Advanced TechnologyWhether you outsource service to us or manage it yourself, our Cisco-powered, private, MPLS network meets your enterprise's rigorous demands, including:Global availability - over 121 countries/territoriesQoS routingEnhanced Visibility & Network Management SolutionsMulticasting for improved bandwidth conservationSeamless Frame Relay/ATM integrationStringent SLAsRemote access (via Secure Gateway)Multiple access options including DSL, satellite, and EthernetAny-to-any connectivityStreamlines network management, planning, and expansion.Six IP Classes of Service (CoS)Six Classes of Service (CoS) let you prioritize traffic (voice, video, data) while consolidating your traffic on a single network. This offers you additional flexibility that lets you dictate how traffic is handled across the network, giving priority to mission critical traffic.

Using the PIX 501 Firewall to provide traffic filtering entering or leaving

the network.

Reducing the processing load on the Cisco Router.

Providing another layer of security defense for your network.

The following traffic will be allow on the network and all other traffic will

be denied:

HTTPSMTPFTPSQL

ITSY 2300Hardening the Windows host

Windows FirewallMicrosoft Windows operating systems and related applications

such as Internet Explorer contain thousands of security-related software flaws that can be exploited by malicious programs.

A fraction of those errors have been discovered, fewer have been repaired by Microsoft (in the form of “patches”).

Average loss to Fortune 500 companies is $2M per worm

Windows FirewallWindows Firewall is installed and enabled by default for all

dial-up, network, IEEE 1394 (FireWire), and wireless connections on a computer

Windows Firewall does not control outgoing connections unless Advanced Security controls are used. Because of this, Windows Firewall allows any program running on your computer to connect to the network.

Windows FirewallGeneral Configures general firewall settings, including

whether the firewall is turned on and whether all programs are blocked when connected to public networks in less.

Advanced  Configures protected connections, security logging, and allowed types of control messages.

Configuring Security Logging When logging is enabled, the security log is created as a standard text file and stored in the %System-Root%\ folder as pfirewall.log.

Demilitarized Zone (DMZ)• What is it and why is a

DMZ used?• Benefits vs Drawbacks• How is it

implemented?

Internal User Accessing Web Server in DMZ

External User Accessing Web Server in DMZ

•Internal client requests web page•Packet is routed out firewall to ISP DNS•Packet enters back through firewall to DMZ

•External user requests web page•Firewall checks packet for source and destination•Packet is sent to the Web Server in the DMZ

Accessing the DMZ Servers

Intrusion Prevention System