[Solved]Q3 Clo 4 Total 3 Given Following Rules Firewall Identify Shadowing Correlation Generaliza Q37069727

Q3. (CLO-4). [Total = 3] Given the following rules in afirewall, identify shadowing, correlation, generalization, andredundancy of rules and how to solve it.

For example, your answer should be like this (if it is ashadowing): Problem – RuleX is shadowed by Rule Y
Solution – Delete RuleX

(Note: empty or unused field indicates “Any”): [4 points]

Rules

Dir

Src IP

Dst IP

Prot

Src port

Dest. Port

Syn

Ack

Type

Code

Action

R1

Out

192.168.*.*

TCP

80

1

0

Allow

R2

In

TCP

0

Deny

R3

Out

172.*.*.*

TCP

80

1

0

Allow

R4

In

202.100.*.*

TCP

80

0

Allow

R5

In

TCP

21

Allow

R6

Out

192.168.10.*

TCP

1

Deny

R7

In

172.21.*.*

TCP

1

0

Deny

R8

Out

192.*.*.*

TCP

1

Deny

R9

In

172.20.16.*

TCP

1

Allow

R10

Deny

Q4. (CLO-4). [bonus question, Total = 5]

a. Take any pair of rules from the set of rules in Q3 that has acorrelation problem. Then give an example of a packet which isaffected by the correlation (below).
Give also an example of a packet which is NOT affected by thecorrelation (below).

Also, explain how the first packet is affected by thecorrelation?

Packet

Dir

Src IP

Dst IP

Prot

Src port

Dest. Port

Syn

Ack

Type

Code

Action taken by firewall

affected

NOT affected

b. What is the difference between masked and partially maskedredundancy? Which of these two types is worse in terms ofinefficiency, in other words, is partially masked more inefficientor masked more inefficient? Explain why? (Note: the answer mayvary, and grading will be based on your explanation)

Expert Answer

---

Answer to Q3. (CLO-4). [Total = 3] Given the following rules in a firewall, identify shadowing, correlation, generalization, and r… . . .