Special Publication 800-41 Guidelines on Firewalls and Firewall Policy Recommendations of the National Institute of Standards and Technology John

1. First, you need a firewall policy to guide you in developing and deploying a solution. Remember that a firewall policy tells you how the firewall is set up, managed, and updated; the policy also tells you how applications traffic should be handled, which certainly includes Web traffic. Draft a basic firewall policy. Some links to get ideasNIST Guidelines on Firewalls and Firewall Policy (FILE ATTACHED)Standards in desktop firewall policies (FILE ATTACHED)2. Create an application traffic matrix. (Refer to the following Traffic Matrix table below for help.) (FILE ATTACHED) Which applications are needed? Which direction does traffic from each application need to travel and how should that traffic be controlled in each direction? (Hint: Your risk-analysis documentation should contain most of this information)Application Traffic Matrix3. Based on your firewall policy, the traffic matrix, and the stated requirement for security of Web and e-commerce servers (allowing for scalability), draft a basic rule base for inbound and outbound traffic.4. Now examine your current design. How can you incorporate a Web server and an e-commerce server yet allow for future growth and controlled access from internal and external sources.5. What software do you need? What equipment do you need to purchase? (Remember to include items such as additional IDS sensors.)6. Modify your network design to reflect your solutions. (Remember to update previous installations, such as IDS sensors and remote access, to account for the revision) * TIP: Use your network diagram and plenty of scratch paper to chart the current logical and physical flow of traffic. This helps you visualize where controls must be placed and how rules should work. Don’t try to visualize the entire network at once, start with a single piece, such as a logical segment or physical office. Follow the flow of traffic through the internal network, being careful to account for mobile devices or unauthorized connections. Next, follow the flow of traffic outbound from all internal locations, noting all interfaces leading out of the trusted network. Then follow the flow of traffic inbound. Remember that you don’t need to secure everything through hardware. File and folder level permissions, group and role access controls, and authentication play an important role, too. Task 1Make sure you review your design for accuracy and update your policies and procedures. Be prepared to justify you choices and include any references used. Your submission should include* Firewall policy draft* Application traffic matrix* Draft rule base* Hardware and software inventory listing everything you need to deploy this solution* Updated network design Carefully review your work, save the file as YourName_U4_DMZ.doc, and submit it below.Task 2Security Plan Updates* Continue to refine your document and appendices with any changes.* You will not submit this document until Unit 5. Keep this file! It will become part of your final Security Policies and Procedures Manual submitted at the end of the course!