You have been hired as a consultant for an e-commerce company.They want you to design the network Security Zones including firewall pseudo code rules and IDS placement for an E-commerce network.The following have been identified as components or requirements for the web application:
There is a web server (apache), a database server, and a commerce (application)
server. The web server needs to be accessible from the internet.
There is an internal network which must be protected. Internal users must be
allowed to access internet resources freely.
The web server may be administered remotely by a single Apache user (“admin”)
using a web interface. The administration site URL points to
“/var/www/admin/admin.htm” on the Web Server. Remote access to the URL
should be restricted to hosts located on the protected network subnet.
Internal users must be able to access both the web server and commerce server
using SSH (port 22)
The Database Administrator needs to be able to access the database server on
port 3306 from the protected network.
The web server must be able to communicate with the database server on a
custom port 2345
The web server must be able to communicate with the commerce server on port
a custom port 2723
The IPv4 network address is 220.127.116.11/16 or 74.121
You can assign each security zone its own network address range using a 24 bit subnet mask
You will need to provide design documentation that includes at least one network layout
schematic indicating the security zones, their network IP address ranges, and firewall and IDS
sensor placements. In addition, you must provide the firewall pseudo-code rules necessary to
enforce your schematic as well as any Apache directives necessary to implement the access
controls indicated for the administration link of the website (admin/admin.htm).