Revisión actual |
Tu texto |
Línea 59: |
Línea 59: |
| AND YOU DONT UNDERSTAND THE TECHNOLOGY. | | AND YOU DONT UNDERSTAND THE TECHNOLOGY. |
| --BRUCE SCHNEIER | | --BRUCE SCHNEIER |
|
| |
| ===Ejercicio 07===
| |
|
| |
| <b>El siguiente es un diagrama de una topología de la red interna de la compañía Siliconsec:</b>
| |
|
| |
| Internet
| |
| |
| |
| Firewall
| |
| / \
| |
| Internal Network Server
| |
|
| |
| <b>
| |
| Donde los sevicios provistos por Server son:
| |
|
| |
| -Webserver y HTTP Proxy
| |
|
| |
| -Resolver autoritativo de dominio
| |
|
| |
| -Correo saliente y entrante
| |
|
| |
| Configure el Firewall de tal manera que todos los servicios se encuentren disponibles para internet pero que los usuarios pertenecientes a la red local puedan:
| |
|
| |
| -Acceder a internet vía proxy
| |
|
| |
| -Leer y enviar correos
| |
| </b>
| |
|
| |
| <b>Rta:</b>
| |
|
| |
| Hacia | Internet | Server | Internal Network
| |
| -----------------| | |
| |
| Desde | | |
| |
| ----------------------------------------------------------------------------------
| |
| Internet | XXXXXXXX | Webserver: HTTP | DROP
| |
| | | Resolver: DNS |
| |
| | | Mail: SMTP |
| |
| ----------------------------------------------------------------------------------
| |
| Server | Mail: SMTP | XXXXXXXX | DROP
| |
| | Mail: DNS | |
| |
| | Servidor Proxy: HTTP | |
| |
| | Servidor Proxy: DNS | |
| |
| ----------------------------------------------------------------------------------
| |
| Internal Network | DROP | Servidor Proxy: PROXY| XXXXXXXX
| |
| | | Mail: SMTP |
| |
| | | Mail: IMAP |
| |
| | | Mail: POP3 |
| |
| ----------------------------------------------------------------------------------
| |
|
| |
| Duda, desde internet puedo descargar mails (IMAP, POP3) ?
| |
|
| |
| Se podria agregar reglas par HTTPS(443).
| |
|
| |
| Politica de filtrado por defecto: DROP.
| |
|
| |
| 1 < Internet,*,Web,HTTP(80),TCP >
| |
| 2 < Internet,*,Resolver,DNS(53),UDP >
| |
| 3 < Internet,*,Mail,SMTP(25),TCP >
| |
|
| |
| 4 < Mail,*,Internet,SMTP(25),TCP >
| |
| 5 < Mail,*,Internet,DNS(53),UDP >
| |
| 6 < Servidor Proxy,*,Internet,HTTP(80),TCP >
| |
| 7 < Servidor Proxy,*,Internet,DNS(53),UDP >
| |
|
| |
| 8 < Internal Network,*,Servidor Proxy,PROXY(8080),TCP >
| |
| 9 < Internal Network,*,Mail,SMTP(25),UDP >
| |
| 10 < Internal Network,*,Mail,IMAP(143),TCP >
| |
| 11 < Internal Network,*,Mail,POP3(110),TCP >
| |