01 Service provider connectivity between two or more sites over internet
02 Customer builds his own WAN over internet
03 It is cost effective solution
04 GRE, DMVPN, Ipsec VPN
Generic
Routing Encapsulation (GRE)
01 Allow to have virtually point-to-point tunnel
02 It is used when packets need to be sent from one network to another over
the internet or an insecure network
03 It is a tunneling protocol developed by Cisco
04 It supports encapsulation of a wide variety of network layer protocols
inside point-to-point links (multicast and IPv6)
05 A GRE tunnel are not encrypted
06 GRE tunnels are much easier to configure
Drawbacks of
GRE
01 Classic GRE tunnel is point-to-point
02 Manual tunnels
03 Not scalable (100 end points, we need to build 99 tunnels)
04 No encryption
05 Static IP on all end points
Dynamic Multi
Point VPN
01 It support point to multipoint (uses mGRE)
02 Automatic tunnels can be built between all the sites (no need to manually
configured)
03 Spokes can have dynamic IP
04 Its keeping costs low, minimizing configuration complexity and increasing
flexibility
DMVPN is a combination of the following technologies,
01 Multipoint GRE (mGRE)
02 Next-Hop resolution Protocol (NHRP)
03 Dynamic Routing Protocol (RIP, EIGRP, OSPF, BGP)
04 Dynamic IPSec Encryption
What is
IPSec?
01 Internet Protocol Security (IPSec) is a set of protocols developed by the
Internet Engineering Task Force (IETF)
02 Allows two or more hosts to communicate in a secure manner by
authenticating and encrypting each IP packet of a communication session
03 It scales from small to very large networks
04 It is available in Cisco IOS software version 11.3(T) and later
05 It is also included in PIX Firewall version 5.0, ASA firewalls
IPSec
Security Features
IPSec is the only standard layer 3 technology that provides,
- Confidentiality
- Data integrity
- Authentication
- Replay detection
Data confidentiality (encryption): It means that the contents are not
visible to third parties. No snooping or wiretapping.
Data integrity (Hashing): No one can modify the data (hashing algorithm)
Remote peer & Data origin authentication: It provides confirmation about
DataStream origin.
Replay protection: It ensures packet received only once. In security service
where the receiver can reject old or duplicate packets in order to defeat
replay attacks.
VPN Types:
Site to Site VPN: It allows a company to connect its remote sites to the
corporate backbone securely internet.
Remote site VPN: It allows remote users to securely access the corporate
network wherever and whenever they need to.
- Information Security
- VAPT
- SIEM
- McAfee Nitro
- Splunk
- UF-Installation on Linux
- UF-Installation on Windows
- Splunk Instance Installation
- UF & Receiver Configuration
- HF & Receiver Configuration
- Deployment Server & Client Configuration
- Distributed Search Setup
- Indexer Clustering
- Search Head Clustering
- SH Clustering with Non-clustered Indexer
- SH Clustering with Clustered Indexer
- Splunk Fundamental 1
- Splunk Fundamental 2
- Regular Expression
- Computer Networking
- TCP/IP Vs OSI
- Networking Fundamentals
- Subnetting
- About CISCO Router
- Layer-2 Switching
- Virtual LAN
- Trunking
- Inter VLAN
- Extended & Voice VLAN
- VLAN Trunking Protocol
- Spanning Tree Protocol
- Ether Channel
- Layer-3 Routing
- Static Routing
- Default Routing
- Routing Information Protocol
- Enhanced Interior Gateway Routing Protocol
- Open Shortest Path First
- Access Control List
- Network/Port Address Translation
- WAN Technologies
- Leased Lines
- Frame Relay
- Metro-Ethernet
- Multi Protocol Label Switching
- Virtual Private Network
- Cyber Security Attacks
- WAPT
- Information Gathering(WEB)
- Cookies & Session Management
- SQL Injection
- Cross Site Scripting
- Cross Site Request Forgery
- Insecure Direct Object Request
- Command Injection
- HTML Injection
- File Upload
- URL Redirection
- Local & Remote File Inclusion
- HTTP Authentication
- Web Shells
- Encoding Methods
- Firefox Addons
- Python
- CTF Challenge
No comments:
Post a Comment