...Subsystem .......................................3 Chapter 2 Deploying Cisco ASA IPsec VPN Solutions ............................. 42 Chapter 3 Deploying Cisco ASA AnyConnect Remote-Access SSL VPN Solutions..............................109 Chapter 4 Deploying Clientless RemoteAccess SSL VPN Solutions ................148 Chapter 5 Deploying Advanced Cisco ASA VPN Solutions .............................184 CCNP Security VPN 642-648 Quick Reference Cristian Matei ciscopress.com [2] CCNP Security VPN 642-648 Quick Reference About the Author Cristian Matei, CCIE No. 23684, is a senior security consultant for Datanet Systems, Cisco Gold Partner in Romania. He has designed, implemented, and maintained multiple large enterprise networks, covering the Cisco security, routing, switching, service provider, and wireless portfolios of products. Cristian started this journey back in 2005 with Microsoft technology and finished the MCSE Security and MCSE Messaging tracks. He then joined Datanet Systems, where he quickly obtained his Security and Routing & Switching CCIE, among other certifications and specializations, such as CCNP, CCSP, and CCDP. Cristian has been a Cisco Certified Systems Instructor (CCSI) since 2007, teaching CCNA, CCNP, and CCSP curriculum courses. In 2009, he received a Cisco Trusted Technical Advisor (TTA) award and became certified as a Cisco IronPort Certified Security Professional (CICSP) on E-mail and Web. That same year, he started his collaboration with...
Words: 52748 - Pages: 211
...Microsoft Age of Empires III Readme File September 2005 Welcome to Microsoft® Age of Empires® III! This file contains information to help you install Age of Empires III. It also includes late-breaking information not included in the manual or in-game Help. CONTENTS A. Installing Age of Empires III B. Starting Age of Empires III C. Getting Help D. What's on the Disc? E. Multiplayer Guide F. Shortcut Keys G. Manual Corrections H. Gameplay Troubleshooting I. DirectX Troubleshooting J. Video Troubleshooting K. CD-ROM Drive Troubleshooting L. Audio Troubleshooting M. Processor Troubleshooting N. Performance Troubleshooting O. Multiplayer Troubleshooting P. Age of Empires III Information A. Installing Age of Empires III To install Age of Empires III, you must have administrator rights on your computer and your computer must be running Microsoft Windows® XP. To install Age of Empires III · Insert the Age of Empires III disc into the disc drive. If AutoPlay is enabled, the installation menu will appear; click Install, and then follow the on-screen prompts. —or— · If AutoPlay is disabled, on the Start menu, click My Computer. In the My Computer window, double-click the disc drive icon, and then double-click Setup.exe. On the Setup screen, click Install, and then follow the on-screen prompts. B. Starting Age of Empires III You must have the Age of Empires III disc 1 in your disc drive to play. To start Age of Empires III · Insert the...
Words: 4090 - Pages: 17
...access the file server using an IP address but not a name, then the most likely reason for failure to connect is a name resolution problem. Name resolution can fail for NetBIOS or DNS host names. If the client operating system is NetBIOS dependent, the VPN clients should be assigned a WINS server address by the VPN server. If the client operating system uses DNS preferentially, VPN clients should be assigned an internal DNS server that can resolve internal network host names. When using DNS to resolve internal network host names for VPN clients, make sure that these clients are able to correctly resolve unqualified fully qualified domain names used on the corporate network. This problem is seen most often when non-domain computers attempt to use DNS to resolve server names on the internal network behind the VPN server. 2. Users can't access anything on the corporate network Sometimes users will be able to connect to the remote access VPN server but are unable to connect to any resources on the corporate network. They are unable to resolve host names and unable to even ping resources on the corporate network. The most common reason for this problem is that users are connected to a network on the same network ID as the corporate network located behind the VPN server. For example, the user is connected to a hotel broadband network and is assigned a private IP address on network ID 10.0.0.0/24. If the corporate network is also on network ID 10.0.0.0/24, they won't able...
Words: 1569 - Pages: 7
...Comparing SOHO Hardware Firewalls Routers As more and more individuals start their own small home businesses and technology is becoming a major part of these businesses, it is just as important that they are able to secure their network from attacks the same as enterprises-level businesses. According to Whitman & Mattord (2011), one of the most effective methods of improving computer security in the Small Office/Home Office (SOHO) setting is a SOHO firewall, which serves as stateful firewalls that enable inside-to-outside and can be configured to allow limited TCP/IP port forwarding and/or screened subnet capabilities (p. 256). This paper will compare the Watchguard Firebox SOHO 6 and the Sonic Wall, which are both VPN router that offers similar specifications. This paper will compare these SOHO firewall products that function as packet-filtering firewalls that offer combine features, and provides SOHO users the strong protection from the use of Network Address translation (NAT) services. Watchguard Firebox SOHO 6 verses SonicWall Watchguard Firebox SOHO 6 is a firewall and VPN router for small business and branch offices that allows the sharing of a single broadband connection, and it is supported by all the leading operating systems. This product includes licenses for 10 users, with an upgrade option for 25 to 50 users. Small office owner often have very little experience managing their office hardware. Therefore, the Watchguard Firebox SOHO 6 is a good chose...
Words: 794 - Pages: 4
...Student Name _________________________________ Date _____________ SEC450 Database Traffic Load iLab Objectives In this lab, the students will examine the following objectives. • Creating Database traffic using the traffic generator • Specifying link statistics to monitor traffic flow • Running discrete event simulation (DES) • Adjusting link speeds to handle Database traffic. Scenario A small company is using the topology shown below. The Public Server is actually an offsite Database Server that contains company records. Assume that the 200.100.0.0/16 network represents the Internet. The Dallas and Chicago Servers and Hosts need to access the database server. Only users in the Dallas and Chicago LANs should be able to access the database server. Topology The last page of the lab assignment document contains a full page Topology. Remove this page and use it for reference to the topology and the IP addresses. Initial OpNet Preparation The Week 5 iLab is entitled Database Traffic Load. The following steps show how to create the project required for the Week 5 iLab. • Log into the Citrix iLab Environment (lab.devry.edu). • Click on the OpNet 17 icon. • Click the Accept button to Open OpNet 17. • Click File/Open and navigate to the F:\op_models\SEC450\SEC450.project\SEC450 file and click Open. • In OpNet 17 with the SEC450 project open, click File/Save As. • Save the project in...
Words: 1003 - Pages: 5
...Firewalls are devices or programs that control the flow of network traffic between networks or hosts that employ differing security postures. While firewalls are often discussed in the context of Internet connectivity, they may also have applicability in other network environments. For example, many enterprise networks employ firewalls to restrict connectivity to and from the internal networks used to service more sensitive functions, such as accounting or personnel. By employing firewalls to control connectivity to these areas, an organization can prevent unauthorized access to its systems and resources. Inclusion of a proper firewall provides an additional layer of security (Broida, 2011). This research paper will give a background on firewalls. The background will cover an overview of firewall technologies, as well as firewall technologies, the common requirements of firewalls, and firewall policies. This paper will also give an analysis of firewalls which will consist of what I have learned in doing this research and my opinion on the research. Overview of Firewall Technologies Several types of firewall technologies are available. One way of comparing their capabilities is to look at the Transmission Control Protocol/Internet Protocol [TCP/IP] layers that each is able to examine. TCP/IP communications are composed of four layers that work together to transfer data between hosts. When a user wants to transfer data across networks, the data is passed from the highest layer through...
Words: 3077 - Pages: 13
...____________ Scott Blough Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview In this lab, you used common applications to generate traffic and transfer files between the machines in this lab. You captured data using Wireshark and reviewed the captured traffic at the packet level, and then you used NetWitness Investigator, a free tool that provides security practitioners with a means of analyzing a complete packet capture, to review the same traffic at a consolidated level. Lab Assessment Questions & Answers 1. Why would a network administrator use Wireshark and NetWitness Investigator together? Wireshark - it is better at performing analysis NetWitness - it is better at performing captures 2. What was the IP address for LanSwitch1? 172.16.8.5 3. When the 172.16.8.5 IP host responded to the ICMP echo-requests, how many ICMP echo-reply packets were sent back to the vWorkstation? 23 4. What was the terminal password for LanSwitch 1 and LanSwitch 2? Cisco 5. When using SSH to remotely access a Cisco router, can you see the terminal password? Why or why not? No, one could not view the passcode so no one should be able to hack into it. 6. What were the Destination IP addresses discovered by the NetWitness Investigator analysis? 172.30.0.8, 172.30.0.2, 172.16.0.2, 172.16.8.5, 172.17.0.2 2 | Lab #5 Performing Packet Capture and Traffic Analysis ...
Words: 294 - Pages: 2
...Microsoft Age of Empires III Readme File September 2005 Welcome to Microsoft® Age of Empires® III! This file contains information to help you install Age of Empires III. It also includes late-breaking information not included in the manual or in-game Help. CONTENTS A. Installing Age of Empires III B. Starting Age of Empires III C. Getting Help D. What's on the Disc? E. Multiplayer Guide F. Shortcut Keys G. Manual Corrections H. Gameplay Troubleshooting I. DirectX Troubleshooting J. Video Troubleshooting K. CD-ROM Drive Troubleshooting L. Audio Troubleshooting M. Processor Troubleshooting N. Performance Troubleshooting O. Multiplayer Troubleshooting P. Age of Empires III Information A. Installing Age of Empires III To install Age of Empires III, you must have administrator rights on your computer and your computer must be running Microsoft Windows® XP. To install Age of Empires III · Insert the Age of Empires III disc into the disc drive. If AutoPlay is enabled, the installation menu will appear; click Install, and then follow the on-screen prompts. —or— · If AutoPlay is disabled, on the Start menu, click My Computer. In the My Computer window, double-click the disc drive icon, and then double-click Setup.exe. On the Setup screen, click Install, and then follow the on-screen prompts. B. Starting Age of Empires III You must have the Age of Empires III disc 1 in your disc drive to play. To start Age of Empires III · Insert the...
Words: 4090 - Pages: 17
...Procedures: 3 Experience: 3 Conclusion: 4 Data Table Error! Bookmark not defined. Questions 5 Objective: The objective of this lab is to configure DNS client settings, for Linux and Windows Stations, to observe DNS in action, and to observe NAT in action. Procedures: 1. First, verify that workstation 1 and workstation 2 have the correct IP addresses and default route. 2. Configure DNS servers for workstation 1 and workstation 2. After, configure workstation 2 to use 131.94.131.43 as a DNS resolver by entering the command: echo “nameserver 131.94.133.43” > /etc/resolv.conf. Afterwards, configure workstation 1by going to TCP/IP Properties and adding 131.94.133.43 as the DNS server. 3. Next, find the public IP address of the eth0 interface on the monitor workstation by using the ifconfig command. As a root on the monitor, input: tcpdump -i eth0 -n -s 0 -w /tmp/public.pcap host PUBLICIPADDRESS & tcpdump -i eth1 -n -s 0 -w /tmp/private-net1.pcap & tcpdump -i eth2 -n -s 0 -w /tmp/private-net2.pcap & 4. Then, connect to port 7 and source port 2000 on workstation 1 with the command: nc -p 2000 cgs4285.cs.fiu.edu 7 Type in three or four lines of random data and repeat the same process for workstation 2. Enter “ctrl+c” afterwards to stop the process on workstation 1 and 2. 5. On the monitor station, enter this command to stop the ‘tcpdump’ process: kill %1 %2 %3 ...
Words: 932 - Pages: 4
...Project Network address Translation (NAT) is a technology that can be used by network administrators to configure IP addresses of network communication. NAT permits a network device like a router to act as an agent between public and private networks. NAT provides the capability for enterprises and home users to use a single IP address to represent a group of computers on a public domain. The translation part of NAT between private and public addresses, allows a node or a group of nodes already setup with internal addresses to be stamped with an outside address, therefore permitting them to communicate over the Internet. Moreover, NAT helps in managing the private and public portion of the network because it can isolate the internal and exterior address spaces. This address isolation makes devices in a private network independent of the IP address hosts in the public network. There should be a distinction between NAT solution and firewall solution. The confusion comes from the fact that a large number of software packages do both function within the same device which is labelled a NAT box (Balchunas, 2013). NAT is a solution that allows the connection several nodes by using a single public IP address that is often confused with a firewall solution, which is intended to implement the security procedures of the organization. The scheme of NAT is centred on the point that only a few dedicated nods in the interior network are interacting outside the network. In a private network, the...
Words: 2865 - Pages: 12
...the wireless medium such as a network adapter or NIC) that communicates with each other. ESS - An Extended Service Set (ESS) is a set of two or more BSSs that form a single sub network. 6.1.2 6.1 review 1. How the service works is that it allows you to connect to the network. 2. Radio frequency is superior because it is fast cause it through a satellite. 3. WLAN is used in home because there easier to maintain and to take care of it I could be private. 6.2.1 The information that it’s giving me is that its showing the wireless networks around my area. A security key. 6.2.2 the information that given on the command line is it shows all your information on the router you have and it shows you in details. Its allows you to see in-depth allowing your to see information on your router. 6.2 review 1. The biggest problem would be collision if multiple routers are using the same channel a common example of this is Comcast routers are set to use a channel close to the signal for the ps3 so you get a depredation of signal and loss of data packets as the connection goes on. 2. If a previously stated standard is not compatible with your adapter you could have issues with your connection not connecting. 6.3.1 For a secure connection 6.3.2 The IP config show you everything you need to know from your IP address and your gateway and basically it shows you your networking. 6.3.3 Event viewer. 6.3 review 1. A guest having access to your network could result in any imaginable...
Words: 469 - Pages: 2
...lab, you’ll learn how to use and interpret the show ip route connected command. You’ll begin with R1’s interfaces fully configured. R2’s interfaces are partially configured and both are shut down. You’ll bring them up and see the effects. Topology S0/0/0 R1 Fa0/0 S0/0/1 R2 Fa0/0 Fa0/11 SW1 Fa0/1 Fa0/1 SW2 Fa0/2 PC1 PC2 Figure 1 Network Topology for This Lab Detailed Lab Steps Step 1. Step 2. Connect to R1 from the simulator user interface; use password ciscopress. Enter privileged exec mode by issuing the enable command; use password ciscopress. page 1 © 2009 Pearson Education, Inc. All rights reserved. This publication is protected by copyright. Step 3. Issue the show ip route connected command and view the output. How many connected routes do you see? Which ones are they? 0 Step 4. Connect to R2 from the simulator user interface and enter privileged exec mode using the enable command. All passwords are ciscopress. Repeat Step 3 on R2. How many connected routes do you see? Which ones are they? 0 Step 5. Step 6. Use the show ip interface brief command. Is there an IP address listed for interface S0/0/1? Interface Fa0/0? yes no Routers cannot add a connected route to the routing table unless the interface is in an “up and up” state. The following steps enable R2’s two interfaces: Step 7. Move into interface configuration mode for interface S0/0/1 by using the configure terminal command followed by the interface s0/0/1...
Words: 647 - Pages: 3
...Associate Level Material Appendix E TCP/IP Network Planning Table Refer to appendix E1. Identify the problems with the TCP/IP network and complete the table. |Problem |Explanation of Proposed Solution | |Group A and D have incorrect subnet addresses. |All subnet addresses should be corrected to: 255.255.0.0 | | |This would be corrected by changing the subnet addresses from computer A to match computers B and C.| |Group H, I, J, and K have incorrect IP addresses. |D also needs to be changed to the correct subnet to match the other computers. | | | | |Group B has an incorrect gateway address. |All of the IP addresses for Groups: H, I, J, K should start with the same numbers: 135.137.0. 0. | | |Changing this will now make it so the gateway address has to be corrected. Computer 1, Router 2 IP | | ...
Words: 337 - Pages: 2
...CHaPTer Firewall Fundamentals 2 T O SOME NETWORK ADMINISTRATORS, A FIREWALL is the key component of their infrastructure’s security. To others, a fi rewall is a hassle and a barrier to accomplishing essential tasks. In most cases, the negative view of fi rewalls stems from a basic misunderstanding of the nature of fi rewalls and how they work. This chapter will help dispel this confusion. This chapter clearly defi nes the fundamentals of fi rewalls. These include what a fi rewall is, what a fi rewall does, how it performs these tasks, why fi rewalls are necessary, the various fi rewall types, and fi ltering mechanisms. Once you understand these fundamentals of fi rewalls, you will able to look beyond the unschooled opinions, common mythology, and marketing hype surrounding them, and the crucial benefi ts of effective fi rewall architecture will become clear. Like any tool, fi rewalls are useful in solving a variety of particular problems and in supporting essential network security. Chapter 2 Topics This chapter will cover the following topics and concepts: • What a fi rewall is • Why you need a fi rewall • How fi rewalls work and what they do • What the basics of TCP/IP are • What the types of fi rewalls are • What ingress and egress fi ltering is • What the types of fi rewall fi ltering are • What the difference between software and hardware fi rewalls is • What dual-homed and triple-homed fi rewalls...
Words: 15354 - Pages: 62
...maintaining its own in-house Linux Web server for a Web application. The Web application will allow the bank’s customers to login, view their loan details, and check and save account balances. The company sends you a request for your services as a Linux and open source consultant. You grab the opportunity because you are dissatisfied with your current job. It is your first day in the community bank, and you are told that your role as a consultant will be to analyze all probable risks related to the prospective Web application. Your manager introduces you to the other employees, including Bob, who is an intern working on the development of the Web application. Bob is also the system administrator as he currently supports the local area network (LAN) environment. You discuss the Web application and its functioning in detail with Bob. Bob tells you that the server will be hosted at the bank’s location since the other servers are presently supporting their Microsoft Windows-based LAN. The Web application will run on any of the popular open source servers. Knowing your background, Bob is very excited to learn Linux and use this learning to make the Web application more effective and less vulnerable. Bob shares the following server requirements with you: * A Web server * A database server * A Simple Mail Transfer Protocol (SMTP) server * A file server for customers’ loan applications and other personal data files Your manager asks you to prepare a brief presentation...
Words: 967 - Pages: 4