Network Security
Pre-Competition Activity
Task 1
You have been given the task of improving the security for an accountancy firm,
Dunn & Co. Following a security audit, you have been asked to complete the
following tasks to help improve their security.
The physical layout of the network is as follows:
Router
Server
Switch
ASA
1) Perform a basic configuration on the router and ASA including:
 Interface configurations
 IP address settings
 OSPF routing with md5 authentication
2) Perform device hardening on the router and ASA by completing the following
tasks:
 Block all telnet access
 Allow SSH access from the management workstations from the server
 Create a local user with the following details:
 Name: support
 Password: support
 Privilege level 3
 Able to view the device startup configuration
 Configure an encrypted enable password of cisco.
 Block CISCO Discovery Protocol (CDP)
1
3) Configure the Server as a Domain Controller with the following settings:
 Domain name: dunn.co.uk
 Server name: Server1
 All passwords must be P@ssw0rd
4) Create the following users on Server1:
Name
Danielle Smith
Karen Murphy
William Lee
David Smith
Cameron Jones
Christine Jones
Job title
Senior Partner
Senior Partner
Accountant
Accountant
Admin Support
IT Support
Username
All passwords must be P@ssw0rd
5) Passwords security must be set to achieve the following:
o Passwords must be changed every 24 days
o You cannot use any of the previous 10 passwords
o Passwords must have a minimum of 6 characters
o Passwords must be complex
6) Account security must be set to achieve the following:
 Accounts will be locked after 2 bad password attempts
 The number of bad password attempts will reset after 1 hour.
 Once locked, accounts can only be unlocked by an administrator.
7) Configure the following restrictions for all user accounts except the
Administrator and IT Support accounts:


Users are not allowed to access control panel
The C drive should be hidden from users.
8) Display the following messages for all users when the log on to the
computers:
“Dunn and Co. Authorised users only”
2
9) Set up the following shared folders on the server:
 Business accounts
 Letters
 Shared documents
10) Plan and implement the permissions for these folders to achieve the following:
 IT Support and Senior partners have full control of all folders
 Accountants are allowed to modify the content of the Business
Accounts and Letters folders
 Accountants are allowed to read the Shared Documents folders
 Administrative staff are allowed to modify the Letters folders
 Administrative staff are allowed to read the Shared Documents folder
11) Use Wireshark to capture ping packets between the router and the ASA.
Save the packet capture on the c:\ drive of the Server with a name of Trace1
12) Configure a site to site (lan to lan) VPN between the router and ASA with the
following settings:
Setting
Encryption
Hashing
Diffie Hellman
Pre-shared key
Key lifetime
Value
AES-256
SHA-1
Group 5
Worldskills
14400
13) Use Wireshark to capture encrypted packets between the router and the ASA.
Save the packet capture on the c:\ drive of the Server with a name of Trace2
3