Ch 6 Homework
2. Using <LINK>Figure 6-18</LINK>, create one or more rules necessary for both the internal and external firewalls to allow a remote user to access an internal machine from the Internet using the Timbuktu software. Your answer requires researching the ports used by this software packet.
Answer: Exact rules will vary, but the following information is necessary: Timbuktu uses UDP 407 and 1419 for Connection setup and handshaking, TCP 1417 for Send commands, TCP 1418 for View screen, TCP 1419 for Send file, and TCP 1420 for Receive file.
3. Suppose management wants to create a “server farm” for the configuration in <LINK>Figure 6-18</LINK> that allows a proxy firewall in the DMZ to access an internal Web server (rather than a Web server in the DMZ). Do you foresee any technical difficulties in deploying this architecture? What are the advantages and disadvantages to this implementation?
Answer: A good solution is to place Web servers that contain critical data inside the network and use proxy services from a DMZ (screened network segment). This solution protects the Web servers themselves from compromise and places proxies in the DMZ to carry requests. This solution also allows HTTP traffic to reach the Web server and prevents non-HTTP traffic from reaching the Web server. The advantage of this approach is that it screens the Web server from external attacks and non-Web traffic. The disadvantages are that the approach slows Web response time and increases traffic through the internal firewall.
The next morning at 8 a.m., Kelvin called the meeting to order. The first person to address the group was Susan Hamir, the network design consultant from Costly & Firehouse, LLC. She reviewed the critical points from the design report, going over its options and outlining the trade-offs in the design choices.
When she finished, she sat down and Kelvin addressed the group again: “We need to break the logjam on this design issue. We have all the right people in this room to make the right choice for the company. Now here are the questions I want us to consider over the next three hours.” Kelvin pressed the key on his PC to show a slide with a list of discussion questions on the projector screen.
1. What questions do you think Kelvin should have included on his slide to start the discussion?
Answer: Some of the question should be, why are there differences in opinion on internet architecture? What is the level of security that needs to be implement, how can it be achieved, and what is the cost of this implantation?
2. If the questions were broken down into two categories, they would be cost versus maintaining high security while keeping flexibility. Which is more important for SLS?
Answer: It would be more beneficial to invest into security because it can help prevent future lost and protects potential investments of the future and your putting everything up front instead of maybe being potential harmed later because your company is vulnerable which you don’t how costly it could be when fixing the damages.
Ethical Decision Making
Suppose that Ms. Hamir stacked the deck with her design proposal. In other words, she pur- posefully under-designed the less expensive solution and produced a cost estimate for the higher-end version that she knew would come in over budget if it were chosen. She also knew that SLS had a tendency to hire design consultants to do build projects. Is it unethical to produce a consulting report that steers a client toward a specific outcome?
Answer: Assume that Ms. Hamir stacked the deck with her plan proposition, at the end of the day, she intentionally under-planned the more affordable arrangement and delivered a cost gauge for the better-quality form that she knew would come in overspending plan on the off chance that it was. Picked she likewise realized that SLS tended to contract structure experts to do assembler ventures.
Suppose instead that Ms. Hamir had prepared a report that truthfully recommended the more expensive option as the better choice for SLS in her best professional opinion. Further suppose that SLS management decided on the less expensive option solely to reduce costs without regard to the project’s security outcomes. Would she be ethically sound to urge reconsideration of such a decision?
Answer: In case if Ms. Hamir produced a fair report, which recommends the expensive option. She is ethically sound to urge to reconsider the decision.