SCP Exam SC0-502 Topic 1 Question 20 Discussion

For three years you have worked with MegaCorp doing occasional network and security consulting. MegaCorp is a small business that provides real estate listings and data to realtors in several of the surrounding states. The company is open for business Monday through Friday from 9 am to 6 pm, closed all evenings and weekends. Your work there has largely consisted of advice and planning, and you have been frequently disappointed by the lack of execution and follow through from the full time staff. On Tuesday, you received a call from MegaCorp's HR director, "Hello, I'd like to inform you that Purple (the full time senior network administrator) is no longer with us, and we would like to know if you are interested in working with us full time." You currently have no other main clients, so you reply, "Sure, when do you need me to get going?" "Today," comes the fast and direct response. Too fast, you think. " What is the urgency, why can this wait until tomorrow?" "Red was let go, and he was not happy about it. We are worried that he might have done something to our network on the way out." "OK, let me get some things ready, and Il be over there shortly." You knew this would be messy when you came in, but you did have some advantage in that you already knew the network. You had recommended many changes in the past, none of which would be implemented by Purple. While pulling together your laptop and other tools, you grab your notes which have an overview of the network:

MegaCorp network notes:

Single Internet access point, T1, connected to MegaCorp Cisco router. Router has E1 to a private web and ftp server and E0 to the LAN switch. LAN switch has four servers, four printers, and 100 client machines. All the machines are running Windows 2000. Currently, they are having their primary web site and email hosted by an ISP in Illinois. When you get to MegaCorp, the HR Director and the CEO, both of whom you already know, greet you. The CEO informs you that Purple was let go due to difficult personality conflicts, among other reasons, and the termination was not cordial. You are to sign the proper employment papers, and get right on the job. You are given the rest of the day to get setup and running, but the company is quite concerned about the security of their network. Rightly so, you think, if these guys had implemented even half of my recommendations this would sure be easier.You get your equipment setup in your new oversized office space, and get started. For the time you are working here, your IP Address is 10.10.50.23 with a mask of \16. One of your first tasks is to examine the router configuration. You console into the router, issue a show running-config command, and get the following output:

MegaOne#show running-config Building configuration Current configuration:

! version 12.1 service udp-small-servers service tcp-small-servers ! hostname MegaOne ! enable secret 5 $1$7BSK3$H394yewhJ45JAFEWU73747. enable password clever ! no ip name-server no ip domain-lookup ip routing ! interface Ethernet0 no shutdown ip address 2.3.57.50 255.255.255.0 no ip directed broadcast ! interface Ethernet1 no shutdown ip 10.10.40.101 255.255.0.0 no ip directed-broadcast ! interface Serial0 no shutdown ip 1.20.30.23 255.255.255.0 no ip directed-broadcast clockrate 1024000 bandwidth 1024 encapsulation hdlc ! ip route 0.0.0.0 0.0.0.0 1.20.30.45 ! line console 0 exec-timeout 0 0 transport input all line vty 0 4 password remote login ! End After analysis of the network, you recommend that the router have a new configuration. Your goal is to make the router become part of your layered defense, and to be a system configured to help secure the network. You talk to the CEO to get an idea of what the goals of the router should be in the new configuration. All your conversations are to go through the CEO; this is whom you also are to report to. "OK, I suggest that the employees be strictly restricted to only the services that they must access on the Internet." You begin. "I can understand that, but we have always had an open policy. I like the employees to feel comfortable, and not feel like we are watching over them all the time. Please leave the connection open so they can get to whatever they need to get to. We can always reevaluate this in an ongoing basis." "OK, if you insist, but for the record I am opposed to that policy." "Noted," responds the CEO, somewhat bluntly. "All right, let see, the private web and ftp server have to be accessed by the Internet, restricted to the accounts on the server. We will continue to use the Illinois ISP to host our main web site and to host our email. What else, is there anything else that needs to be accessed from the Internet?" "No, I think that's it. We have a pretty simple network, we do everything in house." "All right, we need to get a plan in place as well right away for a security policy. Can we set something up for tomorrow?" you ask. "Let me see, Il get back to you later." With that the CEO leaves and you get to work. Based on the information you have from MegaCorp; knowing that the router must be an integral part of the security of the organization, select the best solution to the organization's router problem:}