Week 3 iLab

1026 Words Aug 4th, 2014 5 Pages
Student Name: Rolando Salas Date: 7/26/14

Database Server Security Demands – iLab3

Objectives
In this lab, the students will examine the following objectives.

Become familiar with well-known and ephemeral ports
Create ACL to meet requirements on database security demands
Learn best practices to create and apply ACLs.

Scenario
A small company is using the topology shown below. The Public Server is actually an off-site Database Server that contains company records. Assume that the 200.100.0.0/16 network represents the Internet. The Dallas and Chicago Servers and hosts need to access the database server securely. Only users in the Dallas and Chicago LANs should be able to access the database
…show more content…
The ephemeral UDP/TCP ports range from 49152 to 65535.

#4. What is wrong with ACL 105? access-list 105 permit tcp any any access-list 105 deny tcp host 201.141.0.3 any

On this ACL you listing first to permit all TCP traffic from any source IP address to any destination IP address before putting first the hosts IP address except you don’t want. In other words, the second line should have been first and the first line secondly to specify that to deny all TCP packets from the host 201.141.0.3 from any source IP addresses.

#5. What well-known TCP port does Oracle Database (sql net) server use?

Oracle uses 1521 as a standard default port but doesn’t outright own the port since the port lies within the registered port number range.

#6. A company is managing an Oracle Database located in a Public Server to support day-to-day operations in Dallas and Chicago networks. The company has requested its Internet Access Provider (ISP) to create the necessary ACL at the ISP router securing that only responses from Oracle server to certain hosts are allowed to enter Dallas and Chicago LANs.

ISP network engineers decided to use extended ACL, and applies it to F0/0 interface in ISP router. Why did they decide to create an extended ACL and apply it in interface F0/0 for inbound traffic?

An extended ACL was created to filter traffic closer to the source and so traffic coming from the Host will be filtered.

More about Week 3 iLab

Open Document