Scribd
Upload
13 views12 pages

Tarmoq 2 A, A, I

The document outlines practical assignments related to network security, including configuring ACLs, NAT/PAT technologies, and setting up a DMZ on routers. It emphasizes the importance of these configurations in enhancing network security and managing IP addresses effectively. Additionally, it discusses the implementation of VPNs for secure communications and DHCP snooping as a security measure against malicious DHCP servers.

Uploaded by

abrorbekabdurahimov20003
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
13 views12 pages

Tarmoq 2 A, A, I

The document outlines practical assignments related to network security, including configuring ACLs, NAT/PAT technologies, and setting up a DMZ on routers. It emphasizes the importance of these configurations in enhancing network security and managing IP addresses effectively. Additionally, it discusses the implementation of VPNs for secure communications and DHCP snooping as a security measure against malicious DHCP servers.

Uploaded by

abrorbekabdurahimov20003
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 12

Kompyuter injiniringi

va sun’iy intelekt
fakulteti
611 22 - guruh talabasi
Abdurahimov
Abrorbekning
Tarmoq xavfsizligi
fani

Deadline topshiriqlari
6-10 gacha amaliy topshiriqlari
6-topshiriq
ACL RO`YXATINI SOZLASH (STANDART, EXTENDED)

Router#conf t
Router(config)#ip access-list ?
extended Extended Access List
standard Standard Access List
Router(config)#ip access-list standard ?
<1-99> Standard IP access-list number
WORD Access-list name
Router(config)#ip access-list standard 5
Router(config-std-nacl)# ?
<1-2147483647> Sequence Number
default Set a command to its defaults
deny Specify packets to reject
exit Exit from access-list configuration mode
no Negate a command or set its defaults
permit Specify packets to forward
remark Access list entry comment
Router(config-std-nacl)#deny host 192.168.1.2
Router(config-std-nacl)#permit any
Router(config-std-nacl)#exit
Router(config)#int f0/0
Router(config-if)#ip access-group 5 in
Router(config-if)#exit
Router(config)#exit
Router#show access-lists

Xulosa
Ushbu konfiguratsiya orqali tarmoq administratorining
maqsadi — 192.168.1.2 manzildagi qurilmaning
tarmoqqa kirishini cheklash, ammo boshqa barcha
qurilmalarga erkin ruxsat berishdir. Bu turdagi access-
list tarmoq xavfsizligini nazorat qilish va ayrim
qurilmalarni bloklashda keng qo‘llaniladi.

7-topshiriq
MARSHRUTIZATORLARDA NAT/PAT TEXNOLOGIYASINI SOZLASH

Router(config)#

Router(config)#interface FastEthernet0/1

Router(config-if)#ip address 192.168.0.1 255.255.255.0

Router(config-if)#no shutdown

Router(config-if)#exit

Router(config)#interface FastEthernet0/0
Router(config-if)#ip address 10.0.0.1 255.0.0.0

Router(config-if)#no shutdown

Router(config-if)#exit

Router(config)#ip nat inside source static 192.168.0.10 10.0.0.10

Router(config)#ip nat inside source static 192.168.0.11 10.0.0.11

Router(config)#ip nat inside source static 192.168.0.12 10.0.0.12

Router(config)#int fa0/0

Router(config-if)#ip nat inside

Router(config-if)#exit

Router(config)#int fa0/1

Router(config-if)#ip nat outside

Router(configif)#exit

Xulosa
Amaliy ish davomida, men marshrutizatorlarda NAT (Network Address
Translation) va PAT (Port Address Translation) texnologiyalarini
sozlashni o‘rgandim. Ushbu texnologiyalar tarmoq xavfsizligini
ta'minlash va tarmoq resurslarini samarali boshqarish uchun muhim
vositalar hisoblanadi.
NAT va PAT texnologiyalari tarmoq xavfsizligini oshiradi va IP
manzillarni samarali boshqarish imkonini beradi. Tarmoq resurslarini
tejash va xavfsizlikni ta'minlashda ushbu texnologiyalar muhim rol
o'ynaydi. Amaliy holda, NAT/PAT texnologiyasini sozlash orqali,
tarmoqni himoya qilish va tarmoq manzillarini samarali taqsimlashni
ta'minladim. Bu tarmoq boshqaruvchilari uchun zarur vositalarni
yaratadi va tarmoqning ishonchliligini ta'minlashga yordam beradi.
8-topshiriq
Tarmoq marshurizatorida DMZ ni o’rnatish

Router(config)#hostname R0
R0(config)#no ip domain-lookup
R0(config)#interface fastEthernet 0/0
R0(config-if)#ip address 192.168.101.1 255.255.255.0
R0(config-if)#no sh
R0(config-if)#ex

R0(config)#interface fastEthernet 0/1


R0(config-if)#ip address 192.168.102.1 255.255.255.248
R0(config-if)#no sh
R0(config-if)#ex

R0(config)#interface Serial 0/0/0


R0(config-if)#ip address 10.1.101.1 255.255.255.252
R0(config-if)#no sh
R0(config-if)#do wr
R0(config-if)#ex

Router(config)#hostname R1
R1(config)#no ip domain-lookup
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip address 10.10.110.1 255.255.255.0
R1(config-if)#no sh

R1(config)#interface Serial 0/0/0


R1(config-if)#ip address 10.1.101.2 255.255.255.252
R1(config-if)#no sh
R1(config-if)#do wr

R0(config)#ip route 10.10.110.0 255.255.255.0 10.1.101.2


R0(config)#do wr

R1(config)#ip route 192.168.101.0 255.255.255.0 10.1.101.1


R1(config)#ip route 192.168.102.0 255.255.255.248 10.1.101.1
R1(config)#do wr

R0(config)#interface fastEthernet 0/0


R0(config-if)#ip nat inside
R0(config)#interface Serial 0/0/0
R0(config-if)#ip nat outside

R0(config)#ip access-list standard PAT


R0(config-std-nacl)#permit 192.168.101.0 0.0.0.255
R0(config)#ip nat inside source list PAT interface Serial 0/0/0 overload

R0(config)#ip access-list extended Outside


R0(config-ext-nacl)#permit icmp any host 192.168.102.2
R0(config-ext-nacl)#permit tcp any host 192.168.102.2 eq www
R0(config-ext-nacl)#permit tcp any host 192.168.102.2 eq www
R0(config-ext-nacl)#deny ip any any
R0(config-ext-nacl)#do wr

R0(config)#interface Serial 0/0/0


R0(config-if)#ip access-group Outside in
R0(config-if)#do wr

R0(config)#ip inspect name In-Out http


R0(config)#ip inspect name In-Out icmp
R0(config)#ip inspect name In-Out tcp
R0(config)#do wr

R0(config)#interface fastEthernet 0/0


R0(config-if)#ip inspect In-Out in
R0(config-if)#do wr

R0(config)#ip access-list extended DMZ


R0(config-ext-nacl)#deny ip host 192.168.102.2 192.168.101.0 0.0.0.255
R0(config-ext-nacl)#permit ip any any
R0(config-ext-nacl)#ex
R0(config)#interface fastEthernet 0/1
R0(config-if)#ip access-group DMZ in
R0(config-if)#do wr

Xulosa
Amaliy ish davomida men tarmoq marshurizatorida DMZ
(Demilitarized Zone) ni o‘rnatish jarayonini o‘rgandim. DMZ
— bu tashqi tarmoqdan (Internet) ichki tarmoqka xavfsiz
kirishni ta'minlash uchun ishlatiladigan maxsus tarmoq zonasi
bo‘lib, u odatda tashkilotlar uchun qo‘shimcha xavfsizlik
qatlamini yaratadi. DMZ ni o‘rnatish orqali, tashqi tarmoqdan
ichki tarmoqqa o‘tish imkoniyati cheklangan va faqat kerakli
xizmatlar uchun ruxsat berilgan bo‘ladi.

Korxona va tashkilot axborot-kommunikatsiya tizimlarida


VPN tarmoq qurish9-topshiriq
Router(config)#hostname R0
R0(config)#no ip domain-lookup

Router(config)#hostname R1
R1(config)#no ip domain-lookup

Router(config)#hostname R2
R2(config)#no ip domain-lookup

Router(config)#hostname R3
R3(config)#no ip domain-lookup

R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#no auto-summary
R1(config-router)#passive-interface fa 0/0
R1(config-router)#do sh ip ro
R1(config-router)#network 192.168.11.0
R1(config-router)#network 192.168.12.0
R1(config-router)#do wr
R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#no auto-summary
R2(config-router)#passive-interface fa 0/0
R2(config-router)#do sh ip ro
R2(config-router)#network 192.168.12.0
R2(config-router)#network 192.168.14.0
R2(config-router)#do wr

R0(config)#do sh ip rou (tekshirish)


R1(config)#do sh ip rou (tekshirish)

R0(config)#ip route 0.0.0.0 0.0.0.0 192.168.11.2


R0(config)#do wr

R3(config)#ip route 0.0.0.0 0.0.0.0 192.168.14.1


R3(config)#do wr

R0(config)#interface tunnel 1
R0(config-if)#ip address 10.1.0.1 255.255.255.252
R0(config-if)#tunnel source fa 0/1
R0(config-if)#tunnel destination 192.168.14.2
R0(config-if)#do wr

R3(config)#interface tunnel 2
R3(config-if)#ip address 10.1.0.2 255.255.255.252
R3(config-if)#tunnel source fa 0/1
R3(config-if)#tunnel destination 192.168.11.1
R3(config-if)#do wr

R0(config)#ip route 192.168.201.0 255.255.255.0 10.1.0.2


R0(config)#do wr

R3(config)#ip route 192.168.101.0 255.255.255.0 10.1.0.1


R3(config)#do wr

Xulosa
Amaliy ish davomida, men korxona va tashkilotlarning axborot-kommunikatsiya
tizimlarida VPN (Virtual Private Network) tarmog‘ini qurish jarayonini o‘rgandim.
VPN texnologiyasi tarmoqdagi ma'lumotlarni himoya qilish va uzoq masofadagi
foydalanuvchilar uchun xavfsiz aloqani ta'minlashda juda muhim rol o'ynaydi.
VPN tarmog‘ini qurish orqali, korxona va tashkilotlar uchun uzoq masofada
xavfsiz va ishonchli aloqalarni ta'minlash mumkin. Bu texnologiya, ma'lumotlar
xavfsizligini oshirish va tarmoqni samarali boshqarish uchun juda muhim vosita
hisoblanadi. Amaliy holda, VPN tarmog‘ini sozlash orqali, men tashkilotning
axborot-kommunikatsiya tizimlarida xavfsiz ulanishni yaratdim va tarmoqning
ishonchliligini ta'minladim. Bu, tashkilotning samarali ishlashiga katta hissa
qo‘shadi.

10-topshiriq
DHCP snooping — xavfsizlik texnologiyasi
Xulosa
DHCP snooping texnologiyasi tarmoqni himoya qilish uchun
samarali vosita bo'lib, u DHCP serverlariga kirishni faqat
ma'lum qurilmalar orqali ruxsat berish imkonini yaratadi. Bu
amaliy holda tarmoq xavfsizligini oshiradi va zararli DHCP
serverlarining tarmoqda ishlashiga yo'l qo'ymaydi. Tarmoqning
ishonchliligini ta'minlashda muhim rol o'ynaydi.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy