Final report firewall reconciliation

Firewall Reconciliation(Six Months Industrial Training Report)

By- Gurjan Singh

Roll no.- 1054

Firewall Reconciliation 1

COMPANY PROFILE

Firewall Reconciliation

COMPANY PROFILE

Bharti Enterprises has been at the forefront of technology and has

revolutionized telecommunications with its world-class products and services.

Today Bharti Teletech is the major PTT supplier in South Asia. It has ISO 9002

accreditation and also an OEM for Sprint Corporation and Siemens.

It’s range of products marketed under the brand name Beetel constitute a 30%

market share in India thereby making it the market leader in the domestic

market.


COMPANY ACHIEVEMENTS & AWARDS

2011

Awarded the Excellence Award for Telecommunication by Geospacial World

Forum 2011.

Awarded as the Global Gamechanger, Innovative VAS provider, Customer

Experience Enhancement at the ET Telecom awards 2011.

Ranked 6th in Asia-Pacific and 5th in India in the list of ‘Top 25 Companies for

Leaders Globally’.


COMPANY ACHIEVEMENTS & AWARDSContinued …

2012

Beyond Excellence – Improvement of Voice Network Quality by National award

on Economics of Quality by Quality Council of India (QCI).

‘Har Ek Friend Zaroori Hota Hai’ – One of the most loved campaigns was the

second most awarded campaign at the Creative ABBY Awards! It won total of 7

metals including 2 gold, 4 silver and 1 bronze.

‘Product of the Year’ award for Airtel Digital TV (HD).


PROJECT UNDERTAKEN


FIREWALL RECONCILIATION

A firewall is a part of a computer system or network that is designed to block

unauthorized access while permitting authorized communications.

There are several types of firewall techniques:

Packet filter

Application gateway

Circuit-level gateway

Proxy server


FUNCTIONS OF FIREWALL

A firewall is a dedicated appliance, or software running on a computer, which

inspects network traffic passing through it, and denies or permits passage

based on a set of rules.

It is normally placed between a protected network and an unprotected

network and acts like a gate to protect assets to ensure that nothing private

goes out and nothing malicious comes in.


SOFTWARES USED FOR FIREWALL

RECONCILIATION

SOFTWARES BEING USED:

CHECKPOINT SMART DASHBOARD.

CHECKPOINT SMARTVIEW MONITOR.

CHECKPOINT SMARTVIEW TRACKER.

PUTTY SOFTWARE.

SUBNET CALCULATOR.


SOFTWARES BEING USED

CHECKPOINT SMART DASHBOARD

Smart Dashboard is a single, comprehensive user interface for defining and

managing multiple elements of a security policy: firewall security, VPNs,

network address translation, web security.

CHECKPOINT SMARTVIEW MONITOR

SmartView Monitor centrally monitors Check Point and OPSEC devices,

presenting a complete visual picture of changes to gateways, remote users

and security activities. This enables administrators to immediately identify

changes in network traffic flow patterns that may signify malicious activity.


SOFTWARES BEING USEDContinued …

SMARTVIEW TRACKER

Administrators can use SmartView Tracker in order to ensure their products

are operating properly, troubleshoot system and security issues, gather

information for legal or audit purposes, and generate reports to analyze

network traffic patterns.

SUBNET MASK CALCULATOR

With subnet mask you can split your network into subnets. Enter your IP

address and play with the second netmask until the result matches your need.


FIREWALL RECONCILIATION STEPS

In Firewall we apply rules to the network. These rules are applied so as to

increase the security of the network. We have restricted the users from

accessing the network by applying these rules in the firewall.

These rules are applied to the whole network, though only a few IP are being

used in that network. So with this, it gives the other IP to use the service like

http, Telnet etc.

Firewall reconciliation means dividing the rules on the network. By doing

reconciliation we can apply the same rule on the that we want them to use

the service and not the whole network.


FIREWALL RECONCILIATIONContinued …

RULEBASE AT PRESENT


SOURCE DESTINATION PORT ACTION

IT Tech IP 80 Accept

Tech IT IP 8080 Accept

Tech Tech DMZ 443 Accept

Tech Internet 8080 Accept

Tech network subnets

group for circle

10.X.X.X Any Accept

Any Any Any Drop

FIREWALL RECONCILIATION STEPSContinued …

We do firewall reconciliation by taking logs from the firewall, from which we

can come to know about the all the IPs are trying to use the service and who

are using that service. From there we can take the necessary IPs and delete

the unnecessary ones.

With this reconciliation the network security is increased as only the few IPs

are allowed to use that particular service, thus avoiding the other IPs to use

the same service to access the routes switches.


FIREWALL RECONCILIATIONContinued …

PROPOSED RULEBASE


SOURCE DESTINATION PORT ACTION

IT Tech subnets inside XX Accept

IT Tech subnets DMZ XXX Accept

Tech subnets Tech subnets DMZ /

internet

XXX Accept

Tech DMZ Tech subnets XXX Accept

Tech DMZ Tech DMZ XXX Accept

10.X.X.X Tech NW subnets

group for circle

Any Drop

Tech NW subnets group

for circle

Any Accept

Any Any Any Drop

WHATSUP GOLD


ACTIVITY PERFORMED

Requirement: Installation of two new Cisco 3750 Switches (in stack)

Host name: PUN_AS14_MOH

IP Address: 10.20.6.29

Description: Presently PUN_AS09_MOH (10.20.6.25) & PUN_AS10_MOH

(10.20.6.26) are directly connected to PUN_CS01_MOH (10.20.6.2) &

PUN_CS02_MOH (10.20.6.3) respectively.

Requirement is to connect the new Cisco 3750 switches in stack & connect

the direct cables from Core switches to new switch as per attached PPT.

PUN_AS09_MOH & PUN_AS10_MOH will take the connectivity from this new

switch.


DETAILED ANALYSIS OF INDIVIDUAL

MODULE



MODULE

INTERNETWORKING

Internetworking involves connecting two or more computer networks via

gateways using a common routing technology. The result is called an

internetwork (often shortened to internet).

The original term for an internetwork was catenet. Internetworking started as

a way to connect disparate types of networking technology, but it became

widespread through the developing need to connect two or more local area

networks via some sort of wide area network.



MODULE



MODULE

ETHERNET CABLING

Straight-through cable

• Host to switch or hub

• Router to switch or hub

Crossover cable

• Switch to switch

• Hub to hub

• Host to host

• Hub to switch

• Router direct to host



MODULE

ETHERNET CABLING Continued …

Rolled cable

• For display


IP ADDRESS CLASSES

Class A addresses begin with 0xxx, or 1 to 126 decimal.

Class B addresses begin with 10xx, or 128 to 191 decimal.

Class C addresses begin with 110x, or 192 to 223 decimal.

Class D addresses begin with 1110, or 224 to 239 decimal.

Class E addresses begin with 1111, or 240 to 254 decimal.


SUBNETTING

204.17.5.0 255.255.255.224 host address range 1 to 30









BIBLIOGRAPHY

BOOKS

• CCNA By Todd Lamle

• Networking for dummies

• CCENT by Matt Walker

INTERNET

• Wikipedia.com

• Computerhope.com

• computer.howstuffworks.com

• airtel.in

• checkpoint.com


Thank You


Final report firewall reconciliation

Technology

Transcript of Final report firewall reconciliation