Lab 11: Firewall Rule Based Management

Reflection:

1. Discuss the configuration required on a firewall for a web server providing

1a. HTTP and HTTPS

Http request: It is a hypertext transfer protocol, which is sent in plaintext, without any encryption.

Https request: it is actually http+ssl (secure socket layer), SSL performs encryption and security processing of data

1b. FTP over TLS/SSL

Explicit FTP over TLS, explicit FTP over TLS.

Implicit FTP over TLS, implicit TLS based on TLS.

SFTP, SSH file transfer protocol, port is 22.

1c. SMTP for sending emails from the websites

In this document, we will show you how to use the SMTP service to send emails in VS2005.

By default, the SMTP server recently used port 587 because it is equipped with TLS encryption for secure communication, primarily for mail submission and relaying. Port 25 does not provide secure encryption, but it is still primarily used for mail relay to other web servers. No other services will run on this port. Since the SMTP service of this web server is only used to send e-mail, the outgoing port 25 should be opened.

1d. Remote Administration

Install the Remote Access role

Configure the deployment type as DirectAccess and VPN, DirectAccess only, or VPN only.

Configure the Remote Access server with the security groups that contain DirectAccess clients

Configure the Remote Access server settings.

2.Discuss the configuration required on a firewall for a database server providing

1a. MariaDB

Install MariaDB: 1. Switch to root privileges 2. Use yum installation 3. Installation is complete, start MariaDB 4. Set up to start MariaDB
Configuring MariaDB: Configuring the MariaDB character set
Configure user permissions: 1. Create user 2. Query user permission list

1b. MSSQL

1. Use a secure password policy
2. Use a secure account strategy
3. Strengthen the record of database logs
4. Manage extended stored procedures
5. Use protocol encryption
6. Don’t let people detect your TCP/IP port casually
7. Modify the port used by TCP/IP
8. Reject detection from port 1434
9. IP restrictions on network connections

1c. Remote Administration

1. HBase X-Pack is a low-cost one-stop data processing platform based on HBase and HBase ecosystem.
2. HBase X-Pack support: HBase API (including RestServerThriftServer), relational Phoenix SQL, time series OpenTSDB, full-text Solr, space-time GeoMesa, HGraph, and Spark on HBase, is the first distributed database supporting Alibaba Cloud, and The agreement is 100% compatible with open source protocols.
3. HBase X-Pack realizes the whole process closed loop of data processing, storage and analysis, allowing customers to realize one-stop data processing at the lowest cost.

Critical Thinking Analysis:

From this lab we can learn about the different configuration requirements on different servers.

We can discuss from the school’s point of view that the school firewall network can be implemented on campus to prevent information leakage. There are many complex firewall devices in many commercial areas to protect trade secrets.