Posts

GRE over IPSEC Tunnel

-
Image
When it comes to enhancing VPN security, the combination of GRE (Generic Routing Encapsulation) and IPsec (Internet Protocol Security) is a powerful duo that significantly boosts data protection and network efficiency. Let’s dive into the benefits: Enhanced Security : By merging GRE with IPsec, network engineers can ensure not only the versatility of GRE tunnels but also the robust security measures provided by IPsec. This amalgamation is crucial for creating secure VPNs that are resilient against cyber threats while maintaining high performance and reliability. Protocol Agnostic : GRE can encapsulate a variety of protocols, making it extremely versatile in multi-protocol environments. It simplifies the setup of VPNs over diverse networks by providing a straightforward way to encapsulate different protocols. Performance Optimization : GRE’s lightweight encapsulation minimizes overhead, resulting in improved performance. It allows efficient transport of packets over heterogeneous networ...
Post a Comment
Read more

IPSEC Encryption Application

-
Image
Goal: Set up a IPSEC Encryption to encrypt traffic between 10.1.1.0/24 to 10.4.1.0/24   IPsec Encryption : Definition : IPsec (Internet Protocol Security) is a suite of protocols that ensures secure communication over IP networks by authenticating and encrypting data packets. Purpose : It protects data flows between two entities (e.g., hosts, gateways) by providing confidentiality, integrity, and authentication. Encryption Algorithms : IPsec supports various encryption algorithms, including AES, Blowfish, Triple DES, ChaCha, and DES-CBC . Why Do We Need IPsec? : Confidentiality : IPsec encrypts data, preventing unauthorized access. Integrity : It ensures data integrity by detecting any tampering or modification. Authentication : IPsec authenticates communication partners, preventing impersonation. Protection from Replay Attacks : IPsec prevents replayed packets from being accepted. Pros and Cons : Pros : Strong Security : IPsec provides robust security features. Flexibility : It su...
Post a Comment
Read more

GRE Tunnel

-
Image
What is a GRE Tunnel? A GRE (Generic Routing Encapsulation) tunnel is a protocol developed by Cisco that encapsulates a wide variety of network layer protocols inside virtual point-to-point links over an IP network . Essentially, it allows for the creation of a private, secure, and isolated path between two endpoints over a public or untrusted network, like the Internet . Why is it Used? GRE tunnels are used for several reasons: Protocol Encapsulation : GRE can encapsulate a variety of network layer protocols, enabling the transport of protocols that might not be natively supported by the underlying network . Multicast Traffic : Unlike some other tunneling protocols, GRE supports multicast traffic, making it suitable for dynamic routing protocols . Simplified Connectivity : It simplifies the setup of VPNs and other network connections by creating a virtual point-to-point link . Interoperability : GRE is defined in RFC 2784, making it widely supported across different vendors . Pros an...
Post a Comment
Read more

OSPF Virtaul Links [Huawei]

-
Image
Why is there a need for a virtual link connecting a non-connected area to the backbone area? In OSPF (Open Shortest Path First), a network is divided into areas to optimize routing and reduce routing protocol traffic. The backbone area (Area 0) is the central core of the OSPF network. All other areas (non-backbone areas) must have at least one physical link to the backbone area. However, in some cases, a non-backbone area might not be able to physically connect to the backbone area. This could be due to network design constraints or other factors. In such cases, a virtual link is used to logically connect the non-connected area to the backbone area. This ensures that all areas in the OSPF network remain connected, which is a requirement for the OSPF routing protocol to function correctly. What is the importance of connecting to the backbone area and how it avoids loops? The backbone area plays a crucial role in OSPF.  It serves as the central core of the OSPF network, connecting al...
Post a Comment
Read more

OSPF Special Areas

-
Image
  OSPF areas and Special Areas Use in Networking: 1. Scalability: As networks grow, the number of routers and links can increase exponentially. This can lead to large routing tables and high CPU utilization due to frequent SPF calculations. By dividing a network into smaller areas, OSPF can limit the impact of topology changes and keep routing tables manageable. 2. Reduced Routing Traffic: OSPF uses Link State Advertisements (LSAs) to share information about network topology. By confining LSAs within an area, OSPF can reduce routing traffic across the network. 3. Security and Administrative Control: Areas can be used to implement administrative boundaries within a network, allowing different departments or locations to manage their own networks. Now, let's discuss the special areas in OSPF: Stub Area: A stub area is an area that does not accept external LSAs. This means that routers in a stub area only know about networks within their area and a default route to the rest of the n...
Post a Comment
Read more

Protocol Vulnerability: Using unsecure protocols like TELNET / HTTP

-
Image
Vulnerability is when you are using unsecure methods in your organization that may open you up to attacks from hackers.This lab provides a simple inside look into why protocols like TELNET/HTTP are not used instead SSH/HTTPS is used. Router 1 Configs: Assign IP on port: Configs for enabling TELNET Enable HTTP R2 Configs: Just configure IP on the port. Now to show as to why using TELNET is a vulnerability we are going to access the R1 using telnet from R2. We will capture packet using Wireshark, and look for Telnet traffic. Go to Router 2 and TELNET into Router 1 and run some commands. Filter for telnet traffic. So I ran 2 commands "show ip interface br" & "show interface summary". Lets see the Wireshark capture. And here you can see if I am a malicious actor, I have gotten access to your account/password and I can also see the commands and configuration that you are making to the router. This is the prime reason why TELNET is discouraged. Now we go the kali linu...
Post a Comment
Read more

MPLS Layer 2 VPN Deployment between Remote Customer Site (Huawei Routers)

-
Image
  Lets consider a basic example of layer 2 VPN deployment  for customers that want to connect remote site that are in the same subnet. Let's divide it into 2 parts: 1- Setting up a basic ISP environment. Enabling an IGP (OSPF/ISIS) Enabling MPLS Enabling MPLS LDP / L2VPN Setting up LDP remote Peering  2- Connecting the customer side with the ISP Let's start by setting up the ISP environment. Configurations of Router (R5, R6, R7, R8): Assign a loopback ip, example R5 has 5.5.5.5. For Interface IPs the scheme is as follows:  The first two octets are constant : 10.1. 3rd Octet is the connecting Routers ascending order,e.g. (R5-R7) : 10.1.57. 4th Octet is the Router Number itself, e.g. (R5): 10.1.57.5  So this would be the interface IP on Router 5 - Gig 0/0/2 Run OSPF on each ISP router:   Run MPLS and MPLS LDP / L2VPN on all the routers. An example from Router 8 is given. Now enable MPLS LDP remote peering on both PEs and give the same VC-ID on both sides Now ...
Post a Comment
Read more