Section 6.0: IOS Firewall + IOS IDS Configuration(10 points)
6.1: CBAC (6 points)
6.1.1: Basic CBAC Configuration (2 points)
Configure IOS Firewall on R2 to protect the EIGRP network. Ensure it can reach the rest of the network.
6.1.2: Firewall Filtering (2 points)
No access but ICMP is allowed to R2.
R1 should be able to Telnet to R2 using its loopback2 address as source. Configure ingress ACL on WAN links, including anti-spoofing technique. Do not deny RFC1918 address space.
6.1.3: Advanced CBAC Configuration (2 points)
Configure prevention against TCP host-specific denial-of-service on R2. Set the threshold to 200 before the firewall engine starts deleting half-open sessions to the host.
6.2: Intrusion Detection System (IDS) (4 points)
6.2.1: Basic IDS Configuration (2 points)
Configure IDS on R4 to protect the Ethernet network from internal intrusion, and configure to send an alarm for info and attack matching signatures.
Use the following details:
Director Host id 5, Sensor Host-id 4
Org id 100, Org name cisco
Director IP is 192.168.6.60 (create NAT on PIX to 10.50.31.60 to achieve this task)
6.2.2: Signature Tuning (1 point)
The message in the following line is received on the syslog server:
Jun 28 10:52:25.538: %IDS-4-TCP_SYN_ATTACK_SIG: Sig:3050:Half-Open Syn Flood - from 10.50.16.5 to 220.127.116.11
Upon investigation it was discovered that there is a specific application running on this machine. Consider these as false alarms; configure the IDS not to send such alarms in the future.
6.2.3: Spam Attack (1 point)
R4 is experiencing a spam attack. An alarm should only be generated if the spam attack has more than 500 recipients in a mail message.