Hands-On Steps
1. From your computer workstation, create a new text document called LAN-to-WAN Domain Lab #7.
2. Consider the following scenario:
You are a security consultant for an information systems security firm and have a new health care
provider client under HIPAA compliance. Your new client wants to know the requirements and
business drivers for securing the LAN-to-WAN domain in its health care environment, which requires
compliance with HIPAA. Similarly, your firm has a U.S. government DoD client who also wants you to
perform a LAN-to-WAN domain compliance audit per the DoD LAN and network hardening guidelines
and baseline requirements. Both organizations want you to focus on the LAN-to-WAN domain
only, and you are to use the DoD-provided frameworks and STIGs previously found to summarize a
network infrastructure hardening strategy. Just as you researched STIGs in Lab #6, do the same at the
following url: http://iase.disa.mil/stigs/net_perimeter/index.html#.
3. Review the U.S. Department of Defense (DoD) network hardening guidelines and other NIST standards
that you identified in Lab #3.
4. Launch your Web browser and type in the Web address http://www.sans.org. Use the Custom Search
box in the upper right corner to identify the risks, threats, and vulnerabilities commonly found in the
LAN-to-WAN domain. List these in your text document.
5. Using the information you learned in Lab #2 and the Internet, identify and review the documents
available for hardening network infrastructure and the LAN-to-WAN domain as per DoD standards.
List these in your text document.
6. On the IASE/DISA website, find the STIGs for the routers and switches, network policy, firewalls and
IDS/IPS, and other network devices. Use the following Web addresses to find these:
http://iase.disa.mil/stigs/net_perimeter/network_infra/routers_switches.html
http://iase.disa.mil/stigs/net_perimeter/network_infra/policy.html
http://iase.disa.mil/stigs/net_perimeter/network_infra/firewall.html
http://iase.disa.mil/stigs/net_perimeter/network_infra/other.html
7. Download the available ZIP files from the URLs listed in the previous step, including:
a. Network Infrastructure Router L3 Switch
b. Network Perimeter Router L3 Switch
c. Network L2 Switch
d. Network Policy
e. Network Firewall
f. Network IDS/IPS
g. Network Other Devices
8. Extract the Overview PDFs from each of the ZIP files listed in the previous step. This PDF is the
summary document that supports all of the XML files. Review the following concepts from this
overarching DoD standards document for network infrastructure:
• ENCLAVE PERIMETER
• Enclave Protection Mechanisms
• Network Infrastructure Diagram
• External Connections
• Leased Lines
• Approved Gateway/Internet Service Provider Connectivity
• Backdoor Connections
• IPv4 Address Privacy
Hands-On Steps 55
7
38412_Lab07_Pass1.indd 55 3/7/13 6:04 PM
• FIREWALL
• Packet Filters
• Bastion Host
• Stateful Inspection
• Firewalls with Application Awareness
• Deep Packet Inspection
• Application-Proxy Gateway
• Hybrid Firewall Technologies
• Dedicated Proxy
• Layered Firewall Architecture
• Content Filtering
• Perimeter Protection
• Tunnels
Briefly discuss these in your text document.
9. Extract the Switch Cisco Manual XML file from the Network L2 Switch ZIP file. Review some of the
following concepts and vulnerabilities for configuring and hardening Cisco switches:
• Non-registered or unauthorized IP addresses
• In-band Mgt not configured to timeout in 10 min
• Exclusive use of privileged and non-privileged
• Assign lowest privilege level to user accounts
• Log all in-band management access attempts
Briefly discuss these in your text document.
10. Extract the Perimeter Router Cisco XML file from the Network Perimeter Router L3 Switch ZIP file. Review
some of the following concepts and vulnerabilities for configuring and hardening Cisco routers:
• A log or syslog statement does not follow all deny statements
• DNS servers must be defined for client resolver
• Running and startup configurations are not synchronized
Briefly discuss these in your text document.
11. Extract the Firewall Cisco PIX ASA XML file from the Network Firewall ZIP file. Review at least three of the
concepts and vulnerabilities for configuring and hardening Cisco firewalls as performed previously for
switches and routers. Discuss these in your text document.
12. Extract the IDS-IPS Manual XML file from the Network IDS-IPS ZIP file. Review at least three of the
concepts and vulnerabilities for configuring and hardening IDS/IPS devices as performed previously
for switches and routers. Discuss these in your text document.
13. Extract the Network Policy Manual XML file from the Network Policy ZIP file. Review at least three of the
concepts and vulnerabilities for configuring and hardening network policy as performed previously for
switches and routers. Discuss these in your text document.
14. Write an executive summary summarizing the top LAN-to-WAN domain risks, threats, and vulnerabilities
and include a description of the risk mitigation tactics you would perform to audit the
LAN-to-WAN domain for compliance. Use the U.S. DoD LAN-to-WAN hardening guidelines as your
example for a baseline definition for compliance.
15. Submit the text document to your instructor as a deliverable for this lab.
56 Lab #7 | Auditing the LAN-to-WAN Domain for Compliance
38412_
What Students Are Saying About Us
.......... Customer ID: 12*** | Rating: ⭐⭐⭐⭐⭐"Honestly, I was afraid to send my paper to you, but splendidwritings.com proved they are a trustworthy service. My essay was done in less than a day, and I received a brilliant piece. I didn’t even believe it was my essay at first 🙂 Great job, thank you!"
.......... Customer ID: 14***| Rating: ⭐⭐⭐⭐⭐
"The company has some nice prices and good content. I ordered a term paper here and got a very good one. I'll keep ordering from this website."
