Transport Layer Security (TLS)

Transport Layer Security (TLS): it relies on Reliable Transport Layer (e.g TCP), transparently supports any application protocols. One advantage of TLS is that it is application protocol independent. Higher level protocols can layer on top of the TLS Protocol transparently. The TLS standard, however, does not specify how upper layer protocols add security with TLS; …

Continue reading ‘Transport Layer Security (TLS)’ »

RADIUS

Remote Authentication Dial-In User Service (RADIUS) Designed for Centralized AAA Service: RADIUS is a widely deployed protocol enabling centralized authentication, authorization, and accounting (AAA) for network access. Originally developed for dial-up remote access. However,  RADIUS is now supported by virtual private network (VPN) servers, wireless access points, authenticating Ethernet switches, Digital Subscriber Line (DSL) access, …

Continue reading ‘RADIUS’ »

Configuring 802.1x & IBNS

Before a port enters an authorized state, 802.1X allows only Extensible Authentication Protocol over LAN (EAPOL), Cisco Discovery Protocol (CDP), and Spanning Tree Protocol (STP) packets to traverse the port. Configuring 802.1X port authentication is supported on Layer 2 static access ports, voice VLAN–enabled ports, and Layer 3 routed ports. It is not supported on …

Continue reading ‘Configuring 802.1x & IBNS’ »

Identity-Based Networking Service (IBNS) and IEEE 802.1x

IEEE 802.1x Overview It is a data link layer (Layer 2) protocol designed to provide port-based network access control using authentication unique to a device or user in Ethernet or WLAN. This service is called port-level authentication. Cisco IBNS is an IEEE 802.1x-based technology solution that increases network security by authenticating users based on personal …

Continue reading ‘Identity-Based Networking Service (IBNS) and IEEE 802.1x’ »

Threats, Vulnerability Analysis and Mitigation

Switched Data Plane Attack Types VLAN Hopping: a packet from one VLAN hopped over to another VLAN without aid of Layer 3 routing. there are 2 types of VLAN hopping attack. Switch Spoofing: a device spoofs as a switch taking with connected switch port using DTP, and finally form a trunk link with all VLAN …

Continue reading ‘Threats, Vulnerability Analysis and Mitigation’ »

Network Protocol Concepts

Ethernet Frame Struncture Note: minimal octets for payload is 42 when 802.1Q tag exists, otherwise it is 46 octets. Dynamic Trunking Protocol (DTP) DTP is used by interface to automatically negotiate trunking with neighboring interface who resides in the same VTP domain. Switch interface support below trunk configurations. Form ISL or 802.1Q trunk automatically, DTP …

Continue reading ‘Network Protocol Concepts’ »

EIGRP Concepts

EIGRP Manual Route Summary   Route summary command is configured on the interface which faces all the subordinate subnets, and only the summary route is broadcasted in all other interfaces.  Whenever route summary configured, the summary route will be injected into local routing table with an outgoing interface of Null0, which is called “discard route”. …

Continue reading ‘EIGRP Concepts’ »

Policy Based Routing

By default, most cisco routers performs CEF. After the de-encapsulation of received packets on incoming interface, router can perform PBR before matching the packet’s destination with the CEF table, or reverse order depends on configuration. Basic PBR configuration steps Standard or Extended ACL: access-list 101 permit ip host 10.1.1.2 10.1.3.0 0.0.0.255 Route Map Configuration: route-map …

Continue reading ‘Policy Based Routing’ »