Scribd
Upload
22 views

Network Security Example

Uploaded by

Harsh Raval
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
22 views

Network Security Example

Uploaded by

Harsh Raval
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Make this network more secure

Customer

73.24.20.5
Customer-facing
Web app server
(listening on port 443)

73.24.20.3
Customer payment information 73.24.20.7
processor Sales Processing Server
(listening on port 3000) (listening on port 3000)

73.24.20.8 73.24.20.9
Customer credit card information Customer orders
Database database
(listening on port 5432) (listening on port
5432)
Use these (you need to memorize these and
how to use them)
• Private IPs
• NAT
• Include public IP
• Firewall
• rules
• Nat
• rules
• Reverse proxy
• Network access control list
• rules
Results, when no admin access needed NAT: port 443 -> 192.168.20.1
73.24.20.5 Firewall:
Nat, firewall Inbound allow any IP to port 443
Outbound: allow all
Reverse proxy (listens on 443 and connects to 8080)
192.168.20.1
ACL: allow any IP to port 443
192.168.20.5
Customer-facing
Web app server
(listening on port 8080)
Network ACL: allow from 192.168.20.1 port 443 8080>1024

192.168.20.3
Customer payment information 192.168.20.7
processor Sales Processing Server
(listening on port 3000) (listening on port 3000)
Network ACL: allow from Network ACL: allow from
192.168.20.3 port 3000 192.168.20.5 port 3000
192.168.20.8 192.168.20.9
Customer credit card information Customer orders database
Database (listening on port 5432)
(listening on port 5432) Network ACL: allow from
Network ACL: allow from 192.168.20.3 port 5432
192.168.20.7 port 5432
NAT: port 443 -> 192.168.20.1
Result that includes admin access Port 1194 -> 192.168.20.2
73.24.20.5 Firewall:
Inbound allow any IP to port 443
Nat, firewall Allow any IP to port 1194
Outbound: allow all
VPN Server Reverse proxy (listens on 443 and connects to 8080)
192.168.20.2 192.168.20.1
ACL: allow any IP port 1194 ACL: allow any IP to port 443
Allow from 192.168.20.2 to port 22
192.168.20.5
Customer-facing
Web app server
(listening on port 8080)
Network ACL: allow from 192.168.20.1 port 443 8080>1024
Allow from 192.168.20.2 to port 22

192.168.20.3
Customer payment information processor 192.168.20.7
(listening on port 3000) Sales Processing Server
Network ACL: allow from 192.168.20.3 port 3000 (listening on port 3000)
Allow from 192.168.20.2 to port 22 Network ACL: allow from 192.168.20.5 port 3000
Allow from 192.168.20.2 to port 22
192.168.20.8 192.168.20.9
Customer credit card information Customer orders database
Database (listening on port 5432)
(listening on port 5432) Network ACL: allow from 192.168.20.3 port 5432
Network ACL: allow from 192.168.20.7 port 5432 Allow from 192.168.20.2 to port 22
Allow from 192.168.20.2 to port 22

You might also like