Almost every Internet user has their home network that every family member use to Internet access.For your home network security you can follow a few simple steps to eliminate the chances of your network being compromised. Before diving deep into the home network security issues, you may have a look at the vulnerability points in your network, including your client machine. [Read more…]
Site to Site VPN Between Cisco VPN Concentrator and Router
At times, it is economical to build a VPN tunnel with the available networking resources. For example, if you have a VPN concentrator and you need to connect a small office securely with your network, you can do so by installing a low priced Cisco router in the remote office. This post will demonstrate how you can build VPN using a VPN concentrator and a Cisco router. [Read more…]
Cisco Router Security Check for Auditor
Since router is the key to access an organization’s network from the outside world, the maximum security priority should be given to routers that are connected to the Internet and to the important application servers. ISO-27001 has already defined standard router security checklist, which any organization can use to improve their router securities. This post aims to familiarize you with some critical router security checklist so that you can have an in-depth and clear understanding of router security standards.
HSRP Configuration(Hot Standby Routing Protocol)
HSRP or hot standby routing protocol provides network redundancy solutions to routers.By configuring HSRP in a number of routers in a network you can offer your customers the opportunity to enjoy seamless network or Internet access opportunity. HSRP is mainly used in the perimeter network or in a network where high-available is a must or has zero tolerance to network downtime.
Cisco VPN Configuration in IOS Routers
How to Configure VPN in Cisco Routers
Virtual private network can be configured with most of the Cisco routers( 800 to 7500 series) with IOS version 12 or higher.VPN can be implemented in a number of ways–with various level of security measures and configuration. To determine the right VPN configuration for your network, you need to have a solid understanding in cryptographic system and encryption algorithm.Besides, one needs to know which type of VPN is suitable for remote clients and which type of VPN is used to create secure site-to-site connection. This article explains the necessary steps with configuration script to setup VPN in Cisco routers. This configuration can be simulated in Cisco packet tracer software as well. [Read more…]
Access Control List Configuration on Cisco Router
What is ACL: Access control list or ACLs are a set of if-then rules set on a router to allow or deny a specific group of IP to send or receive traffic from your network into another network.
When you apply an ACL to a route interface for incoming traffic then every incoming packets will be compared with your ACL first, if a match is found then either permit or deny action will take place according to your configuration of the ACL. If there are more than one ACL and if there is no match after comparing the incoming packets with the first ACL, then the second ACL will be matched and so on. Remember there is an implicit deny after an ACL. That is why after permit or denies any IP or IP range you must add the command: access-list ip permit any any.
For example in your network you want that no computer or devices from 172.16.0.0 network can send traffic to your network. To implement this rule you need to write and ACL that will tell your router to discard all the traffic from 172.16.0.0. Now, let see how to implement this ACL into a router.
Rourter#configure terminal
Router(config)# access-list 10 deny ip 172.16.0.0 0.0.255.255
Router (config) #access-list 10 permits ip any any
Screening Router Security Test
Much small-scale business does not use firewall as their first line of defense any web attacks to their internal network. Instead, they use a router between the Internet and Internal network to control incoming and outgoing traffic flow- this type of use of router is known as screening router. In fact, configuring ACLs inside a router can be a viable and effective solution to deny any incoming malicious packets to your LAN. If you have to test one such type of network router that is used a screening router, then you have to identify the type of router and its features. List all the ACL policy and the types of data packets that are permitted to enter your network. What are the router responses to various types of incoming traffic? Finally list all the live systems The following are the list of activity the you have to perform to test a screening router
1. Identify router type
2. List NAT, if there is any
3. Use TTL setting test by using port scanning
4. Test all the ACLs in the router
5. Verify if the address spoofing is being detected by the router
6. Test inverse scanning
7. If the router is filtering local traffic(egress filtering)
8. How the router is handling small size packets
9. How over-sized packets are being handled in the router
10. How router responding to overlapped packets. Normally overlapped fragments are used in TEARDROP attack.
