Networking & Security Training

Introduction

I have attended Networking & Security Workshop that was 10 days Training in which I have learned many new concepts with practical knowledge of each concept. For Practical work I have used Cisco Packet Tracer. The training was divided into 10 parts consisting of 10 major and minor topics of Networking & Security for beginners. Topics covered in training are given below :→

Day 1 → IP Address , Classes , Subnetting

Day 2 → Advance information of IP Address

Day 3 → Introduction to Routing / Switching

Day 4 → Static Routing

Day 5 → Dynamic Routing

Day 6 → Switching VLAN

Day 7 → ACL & NAT

Day 8 → ASA Firewall

Day 9 → Network Scanning

Day 10 → Honeypot

DAY 1

What is IP Address?

A unique string of characters that identifies each computer using the Internet Protocol to communicate over a network. There are two versions of IP that currently coexist in the global Internet: IP version 4 (IPv4) and IP version 6 (IPv6). IP addresses are made up of binary values and drive the routing of all data over the Internet. IPv4 addresses are 32 bits long, and IPv6 addresses 128 bits long.

IP Address Classes

In the IPv4 IP address space, there are five classes: A, B, C, D and E. Each class has a specific range of IP addresses.

Subnetting

An IP address is an address used in order to uniquely identify a device on an IP network. The address is made up of 32 binary bits, which can be divisible into a network portion and host portion with the help of a subnet mask.

Practical Work

Finding the IP Address of computer , Finding class of a particular IP Address , Checking of connection.

DAY 2

Basics and Use of NID and BID

NID signifies the collective representation of your network. NID cannot be assigned to any computer. Similar in case with BID i.e. Broadcast ID.

NID → Used to scan and get information of all computers in LAN at once.

BID → Used to send a single message to all device within your LAN at once.

Class C Subnets

Class C IP addresses are normally assigned to a very small size network because it can only have 254 hosts in a network. Given below is a list of all possible combination of subnetted Class C IP address −

- https://www.tutorialspoint.com/ipv4/images/class_c_subnets.jpg

Purposes of Subnetting

1.) To minimize cost. 2.) To minimize IP wastage.

Practical knowledge of subnetting using Cisco Packet Tracer.

DAY 3

About Public and Private IP

Public IP → Used outside the LAN , assigned by ISP and we can view it but can’t edit it.

Private IP → Used within LAN , assigned by user/admin and we can view and edit it easily.

Introduction to NAT (Network Address Translation)

It is the process of converting Public IP into Private IP and vice-versa. Conversion happens in background. We don’t do this. Router is responsible for this.

Is IP Address unique?
If public then YES, It’s Unique everywhere; if private then It’s Unique within LAN only, outside LAN it loses its uniqueness.

ROUTER

Is used to find the best path possible.

Concepts:

1. Router Ports

2. Router Rules

3. Router Modes

4. Router Basic Configuration

TYPES OF ROUTING

1. Static routing
2. Dynamic routing

Static Routing VS Dynamic Routing

ROUTER PORTS

On basis of functionality :

1. Interface Port

2. Line Port

Interface Port - Used to connect the router with another devices (switch, router, pc).

TYPES:

a). Ethernet Interface > Old and slow

b). Fast ethernet Interface > New & fast >connect router to switch

c). Gigabitethernet Interface > Advance

d). Serial Interface > Router to router 
Line Port - used to configure the router

TYPES:

a). Console Port > direct configuration
b). Auxiliary Port > remotely configuration

ROUTER RULES:
Rule 1: All interfaces of a router should be in different network or should have different NID.
Rule 2: A serial interface connecting two router should be in same network or should have same NID.

ROUTER MODES:

1. User Mode

2. Privilege Mode

3. Global Configuration Mode

COMMANDS FOR CLI :

Router> ENABLE or EN (User Mode)
Router# CONF T (Privelege Mode)
Router(Config)# INTERFACE GIGABITETHERNET0/0

Router(Config-if)# IP ADDRESS 192.168.1.1 255.255.255.0

Router(Config-if)# NO SHUTDOWN

No shutdown is used to make router live/on.

DAY 4

Routing
It is the process of making two routers communicate with each other.
Router has memory called as IP Table where it stores IP address.

Q. What kind of IP address?
A. Known NID and Unknown NID

TYPES:

Static Routing :

● Filling unknown NID in IP Table

● Used in smaller network (e.g for 10-20 computers)

DORA is a process used by DHCP (Dynamic Host Configuration Protocol). Basically, DHCP is used for providing an automatic IP address to Hosts which want to connect to a network.

Dynamic Routing:
● Filling known NID in IP Table.
● Used in larger network.

DAY 5

DHCP

● stands for Dynamic Host Configuration Protocol

● DHCP Enable - you have to enable the option.

● DHCP SCOPE

● LEASE TIME

● DHCP Client Table

● DHCP Reservation

Dynamic Routing
- Used for known networks / in real time scenario
- Types
1. Distance Vector Protocol (Routing Information Protocol)
a. HOP Count (Minimum)
2. Link State Protocol (Open Shortest Path First)
a. Bandwidth (Maximum)
3. Advance Distance Vector Protocol (Enhanced Interior Gateway Protocol)
a. Bandwidth + Delay + Travel Time

• All the above routing protocols will identify best path in
  different way.
  - This is based on METRIC( based on what criteria best path is
  identified).
  - Based on purpose, we use any one of routing protocol.

DAY 6

SWITCH : To connect many PCs into your LAN.

If am not using router then am building LAN without internet just using switch and PCs.

SWITCHING:

1. Switch Ports

2. Switch Rules

3. Switch Modes

4. Switch Configuration

Switch Ports:

1. Access Port (switch to pc )

2. Trunk Port (switch to switch)

Switch Rules: ( * Not compulsion rules, but basic thing for practical work)

Switch - Router

a). It’s recommended to connect to 1st port i.e 0/1.

Switch - Switch

a).Last port to first port

Switch Modes: (Similar to router modes)

1. User Mode

2. Privilege Mode

3. Global Configuration Mode
** Switch has memory which stores MAC addresses.

Switch Configuration:

CLI:
SWITCH>EN

SWITCH#CONF T

SWITCH(CONFIG)# INTERFACE FASTETHERNET0/2

SWITCH(CONFIG)# SWITCHPORT MODE ACCESS

SWITCH(CONFIG)#EXIT

VLAN : Full form is Virtual LAN. A VLAN is a group of devices on one or more LANs that are configured to communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments. Because VLANs are based on logical instead of physical connections, they are extremely flexible.

SUBNETTING: grouping

Disadvantages :

1. Time consuming - If the number of PCs gets increased then it will create issues.

2. Increase of workload.

VLAN Configuration Steps:
1. Create VLAN Number (0-65535)

2. Create VLAN Name (SALES , HR)

3. Choose an interface of switch

4. Configure interface (ACCESS / TRUNK).

5. Link interface with VLAN.

TO DO:

0/2 and 0/3 - SALES VLAN 10

0/4 and 0/5 - HR VLAN 20

STEP 1:

SWITCH>EN

SWITCH#CONF T

SWITCH(CONFIG)#VLAN 10

SWITCH(CONFIG-VLAN)#NAME SALES

SWITCH(CONFIG-VLAN)#EXIT
STEP 2:

SWITCH(CONFIG)# INTERFACE FASTETHERNET0/2
STEP 3:

SWITCH(CONFIG-IF)# SWITCHPORT MODE ACCESS
STEP4:

SWITCH(CONFIG-IF)# SWITCHPORT ACCESS VLAN 10
If you need to add one more interface go to step2.

** EXIT

If u need to check whether u have added interfaces successfully or not, go with command > show vlan.

DAY 7

ACL

An Access Control List (ACL) is a set of rules that is usually used to filter network traffic. ACLs can be configured on network devices with packet filtering capatibilites, such as routers and firewalls.

• Access Control List
• Conf done in router
• Used to control incoming & outgoing traffic
• How control? Permit or Deny

Wild Custom Mask: →
192.168.1.0 > 0.0.0.255 > for entire network.
192.168.1.10 > 0.0.0.0 > for single computer.

Types of ACL : →
Standard ACL
• Old, not used now, for smaller networks.
• number range: 0-99.
• configured close to destination.
• Permit/ Deny on basis of Source IP.
Extended ACL
• New, used now, for larger networks.
• number range: 100-199.
• configured close to source.
• Permit/ Deny on basis of Source IP, Dest IP, Port No. ,Protocol.

Steps:

ACL CREATION:

#ACCESS-LIST <No.> Permit/Deny <Protocol> <Source IP> <Source WCM> <Destination IP><Destination WCM> <Operator> <Port No.>

EXAMPLE:

#ACCESS-LIST 110 DENY TCP 192.168.1.10 0.0.0.0 10.0.0.2 0.0.0.0 EQ 80

#ACCESS-LIST 110 PERMIT ICMP ANY ANY

ACL IMPLEMENTATION:-

#INTERFACE <TYPE> <No.>

#IP ACCESS-GROUP <No.> IN/OUT

EXAMPLE:

#INTERFACE FASTETHERNET0/0

#IP ACCESS-GROUP 110 IN

NAT
Network Address Translation (NAT) is the process where a network device, usually a firewall, assigns a public address to a computer (or group of computers) inside a private network. The main use of NAT is to limit the number of public IP addresses an organization or company must use, for both economy and security purposes.

WORKING:
NAT allows a single device, such as a router, to act as an agent
between the Internet (or public network) and a local network (or
private network), which means that only a single unique IP
address is required to represent an entire group of computers
to anything outside their network.

NAT Implementation:-

#IP NAT INSIDE SOURCE STATIC 10.0.0.2 200.1.1.2
#INTERFACE GIGABITETHERNET0/0/1
#IP NAT INSIDE
#EXIT

#INTERFACE SERIAL0/3/0
#IP NAT OUTSIDE
#EXIT

DAY 8

ASA Firewall

The ASA in Cisco ASA stands for Adaptive Security Appliance.

In brief, Cisco ASA is a security device that combines firewall, antivirus, intrusion prevention, and virtual private network (VPN) capabilities. It provides proactive threat defense that stops attacks before they spread through the network.

Beyond being a firewall, the Cisco ASA can do the following and more:

• antivirus
• antispam
• IDS/IPS engine
• VPN device
• SSL device
• content inspection

CONFIGURATION OF FIREWALL :

STEP 1: REMOVE DEFAULT IP ADDRESS AND DHCP SCOPE RANGE

ciscoasa(config)# interface vlan 1

ciscoasa(config-if)# np ip address

ciscoasa(config-if)# exit

ciscoasa(config)# np dhcpd address 192.168.1.5 - 192.168.1.15 inside

(We can find this using SHOW command)

STEP 2: ASSIGN IP, NAME AND SECURITY LEVEL TO VLAN 1&2

ciscoasa(config)# interface vlan 1

ciscoasa(config-if)# ip address 172.16.1.1 255.255.255.0

ciscoasa(config-if)# no shutdown

ciscoasa(config-if)# nameif inside

ciscoasa(config-if)# security-level 100

ciscoasa(config-if)# exit

ciscoasa(config)# interface vlan 2

ciscoasa(config-if)# ip address 210.2.2.2 255.255.255.0

ciscoasa(config-if)# no shutdown

ciscoasa(config-if)# nameif outside

ciscoasa(config-if)# security-level 0

ciscoasa(config-if)# exit

STEP 3: LINK CORRESPONDING VLAN 1&2 WITH RESPECTIVE INTERFACE

ciscoasa(config)# interface ethernet0/1

ciscoasa(config-if)# switchport access vlan 1

ciscoasa(config-if)# exit

ciscoasa(config)# interface ethernet0/0

ciscoasa(config-if)# switchport access vlan 2

ciscoasa(config-if)# exit

STEP 4: CONFIGURE DHCP & DNS SERVER

(We can give DHCP range as much as we want, here we give 6 ip’s starting from 1.5 to 1.10)

ciscoasa(config)# dchpd address 172.16.1.5 - 172.16.10 inside

NOTE: Above command allows all computer from inside network to communicate with DNS server.

STEP 5: CONFIGURE DEFAULT ROUTE

(The command will let the firewall communicate with the outside network.)

NOTE: 0.0.0.0 means any source IP can communicate with any destination IP through router IP 210.2.2.1

cisocasa(config)# route outside 0.0.0.0 0.0.0.0 210.2.2.1

STEP 6: OBJECT NETWORK CREATION & ENABLING NAT

(This will allow INSIDE network to communicate with OUTSIDE network (& vice-versa) with public IP address.

ciscoasa(config)# object network LAN

ciscoasa(config-network-object)# subnet 172.16.1.0 255.255.255.0

ciscoasa(config-network-object)# nat (inside,outside) dynamic interface

STEP 7: CREATE ACL

NOTE: Here we are using EXTENDED NAMED ACL( i.e 3rd type of ACL apart from previous two where we use alphabets instead of numbers)

This ACL allows both TCP and ICMP traffic to be allowed outside the network.

cisco(config)# access-list inside_to_internet extended permit tcp any any

cisco(config)# access-list inside_to_internet extended permit icmp any any

cisco(config)#access-group inside_to_internet in interface outside

STEP 8: CONFIGURE ROUTER

ASSIGN IP ADDRESS TO ROUTER

Configure OSPF for ISP Router

router(config)# router ospf 1

router(config)# network 210.2.2.0 0.0.0.255 area 0

router(config)# network 210.2.20.20 0.0.0.255 area 0

router(config)# exit

STEP 9: Go to PC > DHCP

DAY 9

Network scanning refers to the use of a computer network to gather information regarding computing systems. Network scanning is mainly used for security assessment, system maintenance, and also for performing attacks by hackers.

Tools that we can used for network scanning are : →

1. Fing App to identify connected devices, troubleshoot network and device issues,scan network , detect network intruders and run Wi-Fi and internet speed tests anywhere.
2. NMAP (Network Mapper) is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service up time. NMAP uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. NMAP runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X.

The purpose of network scanning is to manage, maintain, and secure the system using data found by the scanner. Network scanning is used to recognize available network services, discover and recognize any filtering systems in place, look at what operating systems are in use, and to protect the network from attacks.

DAY 10

What is a honeypot?

A honeypot is a computer or computer system intended to mimic likely targets of cyber attacks. It can be used to detect attacks or deflect them from a legitimate target. It can also be used to gain information about how cyber criminals operate.

You may not have heard of them before, but honeypots have been around for decades. The principle behind them is simple: Don’t go looking for attackers. Prepare something that would attract their interest — the honeypot — and then wait for the attackers to show up.

Like mice to cheese-baited mousetraps, cyber criminals are attracted to honeypots — not because they’re honeypots. The bad guys think the honeypot is a legitimate target, something worthy of their time. That’s because the bait includes applications and data that simulate a real computer system.

How do honeypots work?

If you, for instance, were in charge of IT security for a bank, you might set up a honeypot system that, to outsiders, looks like the bank’s network. The same goes for those in charge of — or researching — other types of secure, internet-connected systems.

By monitoring traffic to such systems, you can better understand where cyber criminals are coming from, how they operate, and what they want. More importantly, you can determine which security measures you have in place are working — and which ones may need improvement.

Honeypot example

In 2015, internet security experts set up an online railway control system as honeypot bait. The goal was to study how criminals would attack projects where they could put the public at risk. In this case, the only damage done was to a model train set at a German technology conference. Over two weeks, the so-called “HoneyTrain” suffered 2.7 million attacks.

What is Splunk?

Splunk is a software platform widely used for monitoring, searching, analyzing and visualizing the machine-generated data in real time. It performs capturing, indexing, and correlating the real time data in a searchable container and produces graphs, alerts, dashboards and visualizations.

IDS and IPS : →

• Intrusion Detection Systems (IDS): analyze and monitor network traffic for signs that indicate attackers are using a known cyberthreat to infiltrate or steal data from your network. IDS systems compare the current network activity to a known threat database to detect several kinds of behaviors like security policy violations, malware, and port scanners.
• Intrusion Prevention Systems (IPS): live in the same area of the network as a firewall, between the outside world and the internal network. IPS proactively deny network traffic based on a security profile if that packet represents a known security threat.

The main difference between them is that IDS is a monitoring system, while IPS is a control system. IDS doesn’t alter the network packets in any way, whereas IPS prevents the packet from delivery based on the contents of the packet, much like how a firewall prevents traffic by IP address.

The Differences Between IDS and IPS

Both IDS/IPS read network packets and compare the contents to a database of known threats. The primary difference between them is what happens next. IDS are detection and monitoring tools that don’t take action on their own. IPS is a control system that accepts or rejects a packet based on the ruleset.

IDS requires a human or another system to look at the results and determine what actions to take next, which could be a full time job depending on the amount of network traffic generated each day. IDS makes a better post-mortem forensics tool for the CSIRT to use as part of their security incident investigations.

The purpose of the IPS, on the other hand, is to catch dangerous packets and drop them before they reach their target. It’s more passive than an IDS, simply requiring that the database gets regularly updated with new threat data.

Thank You