3. COMPANY PROFILE
Bharti Enterprises has been at the forefront of technology and has
revolutionized telecommunications with its world-class products and services.
Today Bharti Teletech is the major PTT supplier in South Asia. It has ISO 9002
accreditation and also an OEM for Sprint Corporation and Siemens.
It’s range of products marketed under the brand name Beetel constitute a 30%
market share in India thereby making it the market leader in the domestic
market.
Firewall Reconciliation 3
4. COMPANY ACHIEVEMENTS & AWARDS
2011
Awarded the Excellence Award for Telecommunication by Geospacial World
Forum 2011.
Awarded as the Global Gamechanger, Innovative VAS provider, Customer
Experience Enhancement at the ET Telecom awards 2011.
Ranked 6th in Asia-Pacific and 5th in India in the list of ‘Top 25 Companies for
Leaders Globally’.
Firewall Reconciliation 4
5. COMPANY ACHIEVEMENTS & AWARDS
Continued …
2012
Beyond Excellence – Improvement of Voice Network Quality by National award
on Economics of Quality by Quality Council of India (QCI).
‘Har Ek Friend Zaroori Hota Hai’ – One of the most loved campaigns was the
second most awarded campaign at the Creative ABBY Awards! It won total of 7
metals including 2 gold, 4 silver and 1 bronze.
‘Product of the Year’ award for Airtel Digital TV (HD).
Firewall Reconciliation 5
7. FIREWALL RECONCILIATION
A firewall is a part of a computer system or network that is designed to block
unauthorized access while permitting authorized communications.
There are several types of firewall techniques:
Packet filter
Application gateway
Circuit-level gateway
Proxy server
Firewall Reconciliation 7
8. FUNCTIONS OF FIREWALL
A firewall is a dedicated appliance, or software running on a computer, which
inspects network traffic passing through it, and denies or permits passage
based on a set of rules.
It is normally placed between a protected network and an unprotected
network and acts like a gate to protect assets to ensure that nothing private
goes out and nothing malicious comes in.
Firewall Reconciliation 8
9. SOFTWARES USED FOR FIREWALL
RECONCILIATION
SOFTWARES BEING USED:
CHECKPOINT SMART DASHBOARD.
CHECKPOINT SMARTVIEW MONITOR.
CHECKPOINT SMARTVIEW TRACKER.
PUTTY SOFTWARE.
SUBNET CALCULATOR.
Firewall Reconciliation 9
10. SOFTWARES BEING USED
CHECKPOINT SMART DASHBOARD
Smart Dashboard is a single, comprehensive user interface for defining and
managing multiple elements of a security policy: firewall security, VPNs,
network address translation, web security.
CHECKPOINT SMARTVIEW MONITOR
SmartView Monitor centrally monitors Check Point and OPSEC devices,
presenting a complete visual picture of changes to gateways, remote users
and security activities. This enables administrators to immediately identify
changes in network traffic flow patterns that may signify malicious activity.
Firewall Reconciliation 10
13. SOFTWARES BEING USED
Continued …
SMARTVIEW TRACKER
Administrators can use SmartView Tracker in order to ensure their products
are operating properly, troubleshoot system and security issues, gather
information for legal or audit purposes, and generate reports to analyze
network traffic patterns.
SUBNET MASK CALCULATOR
With subnet mask you can split your network into subnets. Enter your IP
address and play with the second netmask until the result matches your need.
Firewall Reconciliation 13
15. FIREWALL RECONCILIATION STEPS
In Firewall we apply rules to the network. These rules are applied so as to
increase the security of the network. We have restricted the users from
accessing the network by applying these rules in the firewall.
These rules are applied to the whole network, though only a few IP are being
used in that network. So with this, it gives the other IP to use the service like
http, Telnet etc.
Firewall reconciliation means dividing the rules on the network. By doing
reconciliation we can apply the same rule on the that we want them to use
the service and not the whole network.
Firewall Reconciliation 15
16. FIREWALL RECONCILIATION
Continued …
RULEBASE AT PRESENT
Firewall Reconciliation 16
SOURCE DESTINATION PORT ACTION
IT Tech IP 80 Accept
Tech IT IP 8080 Accept
Tech Tech DMZ 443 Accept
Tech Internet 8080 Accept
Tech network subnets
group for circle
10.X.X.X Any Accept
Any Any Any Drop
17. FIREWALL RECONCILIATION STEPS
Continued …
We do firewall reconciliation by taking logs from the firewall, from which we
can come to know about the all the IPs are trying to use the service and who
are using that service. From there we can take the necessary IPs and delete
the unnecessary ones.
With this reconciliation the network security is increased as only the few IPs
are allowed to use that particular service, thus avoiding the other IPs to use
the same service to access the routes switches.
Firewall Reconciliation 17
18. FIREWALL RECONCILIATION
Continued …
PROPOSED RULEBASE
Firewall Reconciliation 18
SOURCE DESTINATION PORT ACTION
IT Tech subnets inside XX Accept
IT Tech subnets DMZ XXX Accept
Tech subnets Tech subnets DMZ /
internet
XXX Accept
Tech DMZ Tech subnets XXX Accept
Tech DMZ Tech DMZ XXX Accept
10.X.X.X Tech NW subnets
group for circle
Any Drop
Tech NW subnets group
for circle
Any Accept
Any Any Any Drop
20. ACTIVITY PERFORMED
Requirement: Installation of two new Cisco 3750 Switches (in stack)
Host name: PUN_AS14_MOH
IP Address: 10.20.6.29
Description: Presently PUN_AS09_MOH (10.20.6.25) & PUN_AS10_MOH
(10.20.6.26) are directly connected to PUN_CS01_MOH (10.20.6.2) &
PUN_CS02_MOH (10.20.6.3) respectively.
Requirement is to connect the new Cisco 3750 switches in stack & connect
the direct cables from Core switches to new switch as per attached PPT.
PUN_AS09_MOH & PUN_AS10_MOH will take the connectivity from this new
switch.
Firewall Reconciliation 20
22. DETAILED ANALYSIS OF INDIVIDUAL
MODULE
INTERNETWORKING
Internetworking involves connecting two or more computer networks via
gateways using a common routing technology. The result is called an
internetwork (often shortened to internet).
The original term for an internetwork was catenet. Internetworking started as
a way to connect disparate types of networking technology, but it became
widespread through the developing need to connect two or more local area
networks via some sort of wide area network.
Firewall Reconciliation 22
24. DETAILED ANALYSIS OF INDIVIDUAL
MODULE
ETHERNET CABLING
Straight-through cable
• Host to switch or hub
• Router to switch or hub
Crossover cable
• Switch to switch
• Hub to hub
• Host to host
• Hub to switch
• Router direct to host
Firewall Reconciliation 24
25. DETAILED ANALYSIS OF INDIVIDUAL
MODULE
ETHERNET CABLING Continued …
Rolled cable
• For display
Firewall Reconciliation 25
26. IP ADDRESS CLASSES
Class A addresses begin with 0xxx, or 1 to 126 decimal.
Class B addresses begin with 10xx, or 128 to 191 decimal.
Class C addresses begin with 110x, or 192 to 223 decimal.
Class D addresses begin with 1110, or 224 to 239 decimal.
Class E addresses begin with 1111, or 240 to 254 decimal.
Firewall Reconciliation 26
27. SUBNETTING
204.17.5.0 255.255.255.224 host address range 1 to 30
204.17.5.32 255.255.255.224 host address range 33 to 62
204.17.5.64 255.255.255.224 host address range 65 to 94
204.17.5.96 255.255.255.224 host address range 97 to 126
204.17.5.128 255.255.255.224 host address range 129 to 158
204.17.5.160 255.255.255.224 host address range 161 to 190
204.17.5.192 255.255.255.224 host address range 193 to 222
204.17.5.224 255.255.255.224 host address range 225 to 254
Firewall Reconciliation 27
28. BIBLIOGRAPHY
BOOKS
• CCNA By Todd Lamle
• Networking for dummies
• CCENT by Matt Walker
INTERNET
• Wikipedia.com
• Computerhope.com
• computer.howstuffworks.com
• airtel.in
• checkpoint.com
Firewall Reconciliation 28