Networks Security

 Firewalls:

            It is a basic protection against internet based hackers .firewall is a physical Device that filters packets heading on the network .its filtering basic purpose is to block the attempts to harm our network.If an email is sent and there is an attachment file in it. now when it comes to the network, there is a firewall in the network ,firewall rejects the email and said sorry ,Attachments is not allowed, more ever we don’t know that we had email .                                                By using firewall, we can simply block any particular ip, like if ever request come from x  ip  to exit its traffic then don’t allow it. similarly we can  block any particular port number .more ever we can block any particular protocol.If we want that user not receive email then open pop 3 port .thats happen a lot when new firewalls are put in .if we want that users cant send the email then open Smtp port .if we want stop users to access web, we block http port.

Proxy servers:

                     a proxy server is a  server that acts as an intermediary for requests from the clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resources.If the request is validated by the filter, the proxy provides the resource by connecting to the relevant server and requesting the service on behalf of the client. ble from a different server. The proxy server evaluates the request according to its filtering rules.Through proxy server , communication is fast & secondly  when it stores the copy receive from the server it forwards the copy to the client,more ever it also stores the copy in its cache .

hackers hack  due to following reasons :

1)just for fun

2)lock our hardware and blackmail us for money.

3)to know sensitive info like credit card number.

4)to embarrass some company to show them their network security is nil and they can do them harm if they want .

denial of service attack:

                                  denial-of-service attack (DoS attack) is a network attack attempt.in this attack the attackers overwhelm the server with tcp connection requests.due to these requests, it  make the computer resource unavailable to its intended users due to the congestion .Actually server is so busy to answer these connection requests from the attacker so  it cant answer the genuine users and server may crash down due to the load.its thousands of connection requests .this attack is more to damage the data rather than steal data.

To steal the data we have reconnaissance attacks and access attacks.

In Reconnaissance attacks  ,intruder use different techs to know strengths and weaknesses Of A network.After getting that info ,intruder comes back and attack the network.

In access attacks we steal the data for our personal use or financial use .

Adaptive security appliance (ASA):

                                        Handles vpns connectivity,nw security and works cheap .when see documentation regarding asa  we see term anti x.we gather all stuff in one material like anti virus,anti spam,all antis in it.

Computer security is not something that we add when we need it.for security we need IDS (intruder detection system)& IPS(intruder prevention system).in IDS we watched the packets of data coming across the network  & compared that traffic to the configured rules.if something suspicious is detected then there is an alarm.while IPS has all good features of IDS and it not only detects the malicious traffic but it also stops that traffic.

Now in the end lets talk about viruses,worms & trojan horses.All of them are malicious programes that can cause damage to our computer.but there is a difference among them.

VIRUSES:

computer virus attaches itself to a file/program enabling them to spread from 1 computer to other.and leaves viruses as travel.but a virus cant be spread without the human action.for virus spread ,it needs human action

WORMS:

worms similar in design to viruses & consider sub class of viruses.major difference in viruses and worms is that worms does not need human action.it replicates on its own which is the major danger in worms.an example of worm is to send a copy of itself to everyone listed in a email address book.

TROJAN HORSE:

Trojan horses, also  called as trojans , are programs that pretends to be something else. common scenario is that a person receives what looks like a legitimate email, which may even appear to be from a friend or work colleague.

The file may look like a photograph, sound file or even a game. When user tries to open  it ,it  appears that nothing has happened. If they are unlucky, they may just have installed something quite nasty on their hard drive.
It could be a basic file that deletes a handful of system files, or it may be something a little more advanced, that can even allow other people full access to your system and files.  

pass4sure dumps

click here to download

http://www.4shared.com/rar/WFHmUPXk/Volume_A.html?

http://www.4shared.com/rar/je5OnNOI/Volume_B.html?

http://www.4shared.com/rar/b6J26c8D/Volume_C.html?

http://www.4shared.com/rar/yQbTGLzh/Volume_D.html?

http://www.4shared.com/rar/pNDeFap3/Volume_E.html?

http://www.4shared.com/rar/I4mnnfHc/Volume_F.html?

http://www.4shared.com/rar/TvbaCVDM/Volume_G.html?

http://www.4shared.com/rar/K-Ujtia0/Volume_H.html?

http://www.4shared.com/rar/USFdmKEY/Volume_I.html?

http://www.4shared.com/rar/q4CdPKU5/Volume_J.html?

Frame Relay

Frame relay is Cheap and realiable.there are some acronyms in frame relay described as below:

Committed information rate(cir):

amount of bw that a fr service provider guaranted us that it will be available to user  at any time.

Frame relay is packet switching protocol and there is no dedicated path in it .it may take different paths to reach the remote device.In circuit switching,we have dedicated path .

Virtual Circuits:

There are 2 types of vc

1)pvc (permanent virtual circuit): it available all the time

2)svc(switch virtual circuit) :its up only when certain criteria met .

now a days we use pvc

fr nw can also be called as nbma networks (non-broadcast multi access )

fr topologies can be full mesh or partial mesh

in full mesh every single router has a logical connection to the other router

while in partial mesh its reverse,not logical connection to all,in it there is 1 hub and others spoke ,all info goes through hub

lmi(local management interface ):

                                            lmi messages are sent  between fr router and fr switch,lmi status messages serve as keepalives ,if  dte or dce not receive keepalives then connection will be dropped ,lmi also indicates the pvc status to the router ,as active or inactive ,lmi types must match on dte and dce for pvc to be established ,3 types

cisco(default)

ansi

q933a

command for it is

frame-relay lmi type (cisco/ansi/q933a)

router sends 3 lmi..cisco,ansi,q933a…as a result it will receive only 1 reply,it will now send further only 1 lmi which it receive.

but these lmi must be match

dlci(data link connection identifier ) :

         frame relay vcs use dlcis as their addresses ,dlci is L-2 address and routers dont know the dlci of other routers,same dlci can be use on let say 3 routers.

Frame relay can be configured as static or dynamic:

It can be done through inverse arp (address resolution protocol )

if inverse arp is enable then its dynamic & if it is  disable then its static mapping

Inverse arp is enable by default

Now  for configuration

First enter interface mode

Then run command

Encapsulation frame –relay

Give on all the routers

Show frame-relay mapping

It will show the mapping between routers

But this method is not suitable,its unbelieveable ,sometimes mapping mapping is done or  sometimes not,so better to use static method

 So for static mapping we use command no frame-relay inverse-arp

Then command

Frame-relay map ip (remote router ip) (local dlci)

Rule in frame relay is

Always map the local dlci to the remote ip

Now run on all routers

And verify with the command

Sh frame-relay mapping

Now there is an issue with frame-relay,when we run protocol like rip over frame relay we don’t get our packets from remote side,in order to avoid it we use broadcast In the end of the command .

similarly when we run rip in a frame relay network then we do not see some routes.its due to the split horizon.in split horizon ,interfaces don’t let the traffic goes out from the interface from which they receive,they do so to prevent loops

split horizon is an issue in distance vector protocols,to remove it,we have 3 methods

1)use full mesh topology which is really a non practical issue

2)use command no ip split-horizon  ,this is  practical but we not use it  because it creats loops then

3)use multi pt. or pt to pt interfaces

for point to point configuration,we use following commands

first of all enter into interface mode,do encapsulation frame relay command and no shut down command,then enter on sub interfaces with this command

interface serial  (subinterface)

give ip command after this,then give this command instead of frame-relay map ip

frame-relay interface-dlci 112

remember we do this only on hub routers,other routers treated in old fashion

for verification,we have following commands

frame-relay lmi

frame-relay mapping

frame-relay pvc

for debugging,we have following commands

debug frame-relay lmi

debug frame-relay packet

 if we want to clear all,mean starts from zero send and receive then it has following commands

clear counters

there are 2 types of encapsulations

cisco and ietf which is an industry standard ,cisco runs by default

3 types of congestion in frame relay

1-fecn(forward explicit congestion notification  )

2-becn(backward explicit congestion notification  )

   

3-de(discard eligibility )

if device A is sending frame to device B across a frame relay network ,and intermediate frame relay switch senses that there is congestion.then it will send fecn bit to the receiver (device b) that there is a congestion.And sent becn bit to the sending (device a ) that its congestion in a network-

frames with de bit set will be drop before without the de bit set frames,so frames with de bit are considered less important.

now these are pvc status messages

1-active(every thing is fine)

2-inactive(its other guy problem)

3-delete(its our fault)

inter vlan routing

For communication between different vlans, we need a L-3 Device. here we have 2 options

1-L-3 switch

2-router on a stick(ROAS)

we can make switch L-3.L-3 switch performs switching as well as routing .we can run different protocols in L-3 switch.

But at introductory level we mainly need to know about ROAS. In roas we use subinterfaces at fast ethernet port .subinterfaces are logical interfaces and can be operated like a normal interface .each sub interface must have a different network id. remember that not to use Ethernet port because it does not work for roas.  in roas, trunk needs to be formed in switch port  with the router fast Ethernet port.obviously there will be an access port between the hosts and switch port. The encapsulation of the router needs to be match with the switch. while The ip address  of the subinterfaces and the hosts in that vlan must be in the same subnet.the hosts in roas needs to be give a default gateway which is the address of router subinterface.  Since inter vlan is mainly performed at router so we should mainly focus at router but it does not mean we give up switch and hosts,so there might be an issue on switches and hosts as well.

Lets talk about its configuration. first of all we configure router and then switches.

On router we give first encapsulation and then an ip on sub interfaces. in encapsulation command we also use 1 number in the end which is a representation of a  vlan  & defined for which vlan this encapsulation is using .then next step is to switches.in switches we first of all configure vlans.then made the port connected to router as trunk and configure same encapsulation as we made in router. then come on the ports connected to hosts and made them access and then put them in their corresponding vlans .now our configuration is finish  and should come up for testing.

vlans and vtp

Vlans are use for logically grouping of the hosts .vlans actually reduces the broadcasts and broadcasts only send to the hosts of same vlans.so it’s a really plus of vlans .we can divide the traffic of an office by putting them in different vlans.as switches have by default 1 vlan so we can make different vlans and point to remember here is that as different vlans created the more will be the broadcast domains .if there are 4 vlans then we have 4 broadcast domains.communication between different vlans is not carrying on without the contribution of a L-3 switch or router on a stick.for L-3 switch we can run different routing protocols on a switch .while for .

Now lets talk about trunking.trunking is a procedure in which traffic is carrying on between  switches. Now to know the destination vlan of a frame received by trunking port of a switch,a tag is placed on frame which indicated the destination vlan of a transmitting frame.this is called as frame tagging.for trunking we have 2 protocols

1-isl

2-802.1q

Isl is cisco proprietary protocol and used between cisco switches and in this protocol the entire frame is encapsulated across the trunk.

While 802.1q is a industry standard protocol & if non-cisco switch is used then we used this protocol .in this protocol we does not encapsulate entire frame,instead of that we add 4 byte header indicating about which vlan its for.

The basic difference between them is that how they handle native vlan. native vlan is default vlan.when dot1q ready to transmit frame for destined native vlan then it will not put its 4 byte header even.so frame transmitted as it is .this will reduce overhead.

In trunking the port can be auto ,desirable, on, no negotiate .when one trunking port is auto then it does not form a trunk if other side is also auto,other port needs to be desirable ,on or no negotiate. In desirable port will be trunk it remote switch is auto,desireable or on. in on port, trunk is formed unconditionally whether remote trunk likes it or not.for nonegotiate means that local port will be trunk but  no negotiate dtp (dynamic trunking protocol) frames are not sent across the trunk..

Vtp (vlan trunking protocol) allows switches to advertise the vlan info between other members of same domain.When a vlan is created then it is notified to other members of the vtp domain .with server modes in vtp switches,have knowledge of all vlans even they dont have any member on that switch.

In vtp there are 3 modes.

1-server

2-client

3-transparent

In vtp server mode,vlans can be originated, modified and deleted  .when this action takes place then the summary is send to everyone in same vtp domain.vtp servers keeps vlan info in nvram.actually vtp advertisement summary is sent across the switches in server mode

In client mode ,vlans cant be created ,modified and deleted.vtp clients keep the vlan info in ram and when reloaded then they have no info of vlans.and then they send request to the server mode for the vlan information.

In transparent mode vlans can be created ,modified or deleted ,but these info cant be advertise to other switches so they are locally significant but transparent mode can forward the vtp advertisements of other switches.

There is an important to remember here is that the vtp domain name must be match .it is case sensitive and when value change from null to something else then its mean that earlier there was no domain name.

Now I am introducing here an important concept and that is of revision number. how switches know that the summary advertisement they are receiving is updated .its by the revision number. .when incoming advertisement revision number is greater than the switch advertisement then the advertisement will be accepted  ,otherwise it will be not. for transparent mode revision number is always zero. And whenever local database change ,the revision number increments by one

 As trunking port has all the information of all the vlans so it broadcasts all the vlans traffic,we can control this traffic by vtp  prunning. with this feature ,only traffic that has vlan in the remote switch will be goes there and other vlans traffic will be blocked. great feature to save our resources and bandwidth.

spanning tree protocol

                                         

Stp is a layer 2 protocol used for the prevention of the switching loops. it is defined by ieee 802.1d and only the best path will be available for the frames to be forwarded & all other paths in the blocking mode. once stp converges ports are either in forwarding mode or in blocking mode. now if anything happens to the best then stp will run stp algo and recalculates the best path and put that into forwarding mode from the blocking mode.

In stp we have an election for root bridge.all the switches participates in this election by sending their bpdu’s (bridge protocol data unit).this election takes place on the basis of following parameters.

1-priority

2-mac address

Switches with lowest priority will win the election regardless of the mac.default priority is 32768.now if selection does not takes place on the basis of priority then selection is on the basis of mac address .switches with lowest mac will win the election and becomes the root bridge and all other switches will be non root bridge .

In order to went from blocking to forwarding ,port does not goes straight away .for this  we have 1 procedure to follow.

First of all port went from blocking to listening .in listening state no frames are forwarded and no mac table is being built.and his take 20 seconds. this is defined as max age on cisco switches

From listening port goes to learning ,where no frames forwarded but mac is being learn.this takes 15 seconds.this is defined as forward delay .

From learning port goes to forwarding where frames are forwarded.this takes 15 seconds.it is also called as forward delay.

So total 50 seconds it take to go from blocking to forwarding.

Stp considers the path cost to selected the best path . cost is related to the speed. greater the speed then less the cost. and less the cost then best the path.and its important to remember that physically shortest path is not always be the best .it depends on cost , Some costs of the link are as follow

10 mbps-100

100 mbps-19

1 gbps-4

10 gbps-2

There are three types of ports in stp

1-root port

2-designated  port

3-blocking port

Root port is always in non root bridge and is the port with the best path to the root bridge.this port always forwards the traffic towards root bridge .there is one root port per non root bridge.

Ports of root bridge is always  designated ports while for non root bridge designated port is a port that  receives and forward the frames  towards bridge. there is one designated port per segment  .

If we turn off stp then it results into a broadcast storms.in broadcast storms one broadcast answer by multiple broadcasts which is really an alarming situation .

50 seconds is much time to go from blocking into forwarding ,now to bypass this time we can use port fast.port fast is used in access mode & do not used them in a trunking mode.

ccnp route dumps

click here to download  http://www.4shared.com/file/Gc9Nfm7W/CiscoPassguide642-902v2011-09-.html?