Eicon Networks S92 Manuale Utente Scaricare il pdf (Pagina 128)

YuChakTinMichael‘sGIACGCFWProjectAssignment

Page 128

Foradditionalprotection,wewanttosetthefilterstoallowconnectionsonlyfromthe

externalpartners/suppliers’IPnetworks. Thisrequiresthattheexternalclients’IP

configurationsbefullycommunicatedwithGIAC.

ConfigureOutputFilters:

PPTP outputpacketfiltersaretobeconfiguredontheadapterthatisonthesideof the

Internetaswell(192.168.6.2).

Thisinterface’sOutputFiltersshouldbeconfiguredsothatthefilteractionissetto

Dropallpacketsexceptthosethatmeetthecriteriabelow:

n SourceIPaddressoftheVPNserver'sInternetinterface(192.168.6.2),subnet

maskof255.255.255.255,andTCPsourceportof1723.ThisallowsPPTPtunnel

maintenancetrafficfromtheVPNservertotheVPNclients.

n SourceIPaddressoftheVPNserver'sInternetinterface(192.168.6.2),subnet

maskof255.255.255.255,andIPProtocolIDof47.ThisallowsPPTPtunneled

datafromtheVPNservertotheVPNclients.

BasicTesting: 

n ConnectfromavalidVPNclienttoPublic_Servicesbygoingthrough

W2K_VPN.UseL2TPinsteadofPPTP.Theconnectionattemptshouldfail.

n ConnectfromavalidVPNclienttoPublic_Servicesbygoingthrough

W2K_VPN.UsePPTP.AccessthedatabaseapplicationusingHTTP.The

connectionattemptshouldsucceed.

n ConnectfromanonvalidVPNclienttoPublic_Servicesbygoingthrough

W2K_VPN.UsePPTP.AccessthedatabaseapplicationusingHTTP.The

connectionattemptshouldfail.

n InspecttheRASlogfile.

FurthertestingshouldbeconductedattheAuditstage.

1 2 ... 123 124 125 126 127 128 129 130 131 132 133 ... 208 209

Nessun commento

Eicon Networks S92 Manuale Utente Pagina 128