Cybersecurity Assignment 3: Network Protection Mechanisms

🛠️ Task 1: Perimeter Defense (Firewall & Port Security)

Demonstrate how to lock down the server's ports to ensure only authorized traffic can access the system resources.

The Action: Using the Ubuntu CLI or a visual interface like Cockpit, configure the UFW (Uncomplicated Firewall) to implement the following rules:

• Block all incoming traffic by default.
• Allow incoming traffic only on Port 80 (HTTP) and Port 443 (HTTPS) for the public student portal.
• Restrict Port 22 (SSH management) so it only accepts connections from your specific secure admin IP address.

Student Deliverable: Submit a screenshot of the active firewall rules using the command sudo ufw status verbose along with a brief explanation of why keeping unused ports closed is vital.

🛡️ Task 2: Intrusion Prevention (Deploying Fail2Ban)

Firewalls block unauthorized ports, but active defenses are required to protect open web ports from application-layer abuse.

The Action: Configure Fail2Ban (or an equivalent containerized engine like CrowdSec) on your network stack.

• Set up the system logic to closely monitor the student portal's authentication logs.
• Configure a rule: If any single IP address fails to log in 5 times within 2 minutes, the system must automatically inject a temporary firewall rule to ban that malicious IP for 24 hours.

Student Deliverable: Submit the configuration file snippet displaying your defined maxretry and bantime parameters, alongside a log capture demonstrating a successfully banned attack IP.

🔒 Task 3: Data-in-Transit Protection (SSL/TLS Encryption)

An unencrypted HTTP web application passes data in plain text, rendering user credentials vulnerable to local credential sniffing attacks.

The Action: Configure a modern Reverse Proxy (such as Nginx Proxy Manager or Caddy via Docker) to manage traffic routing.

• Request and bind a free, trusted Let’s Encrypt SSL Certificate to your active student portal domain.
• Implement a strict server configuration rule forcing all insecure inbound traffic to automatically redirect from HTTP to encrypted HTTPS.

Student Deliverable: A high-resolution screenshot showing the secure "padlock" verification icon visible within the web browser address bar when successfully loading your deployed portal application.

📝 Task 4: Security Executive Summary (Analysis)

Answer the following high-level analytical questions to demonstrate your underlying theoretical understanding of the lab:

1. Defense in Depth: Explain how combining a Firewall (Task 1), an Intrusion Prevention System (Task 2), and Encryption (Task 3) creates a comprehensive "Layered Defense." Why is relying on just one of these protection mechanisms a major security failure?
2. The Human Element: If an external attacker utilizes social engineering tactics (such as a malicious WhatsApp phishing link) to successfully deceive a student into voluntarily surrendering their login password, which of your implemented network protection mechanisms will stop the attack? Explain your reasoning.

📊 Assignment Evaluation Rubric