Internetworks offers a comprehensive collection of articles and tutorials on computer networks, covering basic to advanced concepts such as data link layer, network layer, network security, and more. It’s a great starting point for beginners and a useful reference for advanced learners. A+ N+ CCNA CCNP CCIE
by Edgar C Francis
NAT is the method of translation of a private IP address into a public IP address. In order to communicate with the internet, we must have a registered public IP address.
Address translation was originally developed to solve two problems:
To handle a shortage of IPv6 addresses
Hide network addressing schemes.
Types of NAT: -Static NAT
Dynamic NAT
Port Address Translation (PAT)
Static NAT- one-to-one mapping was done manually for every private IP needed on registered IP address (one-to-one)
Dynamic NAT- one-to-one mapping is done automatically for every private IP that needs one registered IP address (one-to-one)
Port address translation (Dynamic NAT Overload)- Allows thousands of users to connect to the internet using only one real global IP address. Maps many to one by using different ports. PAT is the real reason we haven’t run out of valid IP addresses on the internet.
Just like the Cisco IOS routers, we can configure NAT / PAT
on our Cisco ASA firewall.
I'm assuming that you already know about NAT, if you don't, please click here
White-hat hackers are also known as ethical hackers
and they are professionals with expertise in cybersecurity. They are authorized
by the company and certified to hack the systems. They hack systems from the
loop to find weaknesses in the system. They never intend to harm the system,
rather than try to find out weaknesses in a computer or a network system as a
part of penetration testing and vulnerability assessments. well, Ethical
hacking is not illegal actually it is one of the most demanding jobs available
in the IT Industry. many companies hire ethical hackers for penetration testing
and vulnerability assessments. ethical hackers' job is to protect the system
network from hackers.
What is hacking?
Hacking is the act of finding the possible entry
points that exist in a computer system or computer network and finally entering
into them. hacking is usually done to gain unauthorized access to a computer
system or a computer network, either to harm the system or to steal sensitive
information available on the computer. Hacking is not always a malicious
activity, but the term has mostly negative connotations due to its association
with cybercrime. hacking is usually legal as long as it is being done to find
weaknesses in a computer or network system for testing purposes.
Types of hacking (BASIC)
we can segregate hacking into different categories, based on what
is being hacked.
here is a set of basic hacking examples:
Social engineering
Social engineering is a manipulation technique. Using
a fake identity and various psychological tricks, hackers can deceive you into
disclosing personal or financial information. They rely on phishing scams, spam
emails or instant messages, or even fake websites to achieve hacking.
Hacking passwords
Hackers use many ways to gain passwords. The
trial-and-error method in which involves hackers trying to guess every possible
combination to obtain access. Hackers also use simple algorithms to generate
different combinations for letters, numbers, and symbols to help them identify
password combinations. Another technique is known as a dictionary attack, which
is a program that inserts common words into password fields to see if one
works.
Malware hacking
Hackers infiltrate
a user’s device to install malware. More likely, hackers will target potential
victims via email, instant messages, and websites with downloadable content or
peer-to-peer networks.
Wireless Networks Hacking
hackers just
simply take advantage of open wireless networks. Many people do not secure
their Wi-Fi routers, and this can be exploited by hackers driving around looking
for open and unsecured wireless connections. This is an activity known as wardriving.
When hackers are connected to an unsecured network, they only need to
bypass basic security to gain access to devices connected to that network.
Website hacking
Website hacking: hacking a website means taking unauthorized
control over a web server and its associated software such as databases and
other interfaces.
Network hacking
Network hacking a network means gathering
information about a network by using tools like telnet, NS lookup, ping,
tracert, netstat, etc. with the intent to harm the network system and hamper
its operation.
Email hacking
Email hacking includes getting unauthorized access to an email
account and using it without taking the consent of its owner.
The advantages of hacking
are quite valuable for the following scenarios:
Whenever you need to recover lost information, especially in case you lost your
password.
When you want to perform penetration testing to strengthen computer and network
security.
when to put adequate preventative measures in place to prevent security
breaches.
to have a computer system that prevents malicious hackers from
gaining access.
The disadvantages of hacking
are quite dangerous if it is done with harmful intent. it
can cause:
massive security breach.
unauthorized system access to private information.
privacy violation.
hampering system operation.
denial of service attacks
malicious attack on the system.
purpose of hacking
there could be various positive and negative intentions behind
performing hacking activities, here is a list of some probable reasons why
people indulge in hacking activities:
A hacker is basically a person who has highly skilled in
information technology. Hacker uses their technical skills to overcome an
obstacle or sometimes even achieve a goal within a computerized system and
networks. However, nowadays, the term hacker is always associated with a
security hacker – someone who is always on the lookout for ways to acquire and
exploit sensitive personal, financial and organizational information, which is
otherwise not accessible to them. Legitimate figures often use hacking for legal
purposes.
{A hacker has knowledge of computer networking, programming, cryptography, database, and other information technologies. for hacking, there is no particular syllabus. normally ethical hacker in the industry works in the scenario to save the data of the company from the hacker, finds bugs in the system, and inform the developer in a company. }
we can classify hackers into different categories such
as white hat, black hat, and grey hat, based on their intention of hacking
systems we differentiate. These different terms come from the Western style.
where a bad guy wears a black cowboy hat and a good guy wears a white hat.
White hat hackers
White hat hackers are also known as ethical hackers
and they are professionals with expertise in cybersecurity. They are authorized
by the company and certified to hack the systems. They hack systems from the
loop to find weaknesses in the system. They never intend to harm the system,
rather than try to find out weaknesses in a computer or a network system as a
part of penetration testing and vulnerability assessments. well, Ethical
hacking is not illegal actually it is one of the most demanding jobs available
in the IT Industry. many companies hire ethical hackers for penetration testing
and vulnerability assessments. ethical hackers' job is to protect the system
network from hackers.
Black hat hackers.
Black hat hackers are highly skilled and knowledgeable in
computer networks with the wrong intention. Black hat hackers hack another
system to steal private data or destroy the system. They use the stolen data to
profit themselves and sell them on the black market or harass their target
company. As the intentions of the hacker make the hacker a criminal.
Grey hat hackers
The Gray hat hacker falls between the black and white hat
hackers or we can say Grey hat hackers are a blend of both black and white
hat hackers. Grey hat hackers are not certified hackers like white hat hackers.
Keep in mind the intention behind hacking decides the types of hackers. If the
intention is to gain personal data without permission this considers a gray hat
hacker. Well, they act without malicious intent but for their fun, they exploit
a security weakness in a computer system or network without the owner's
permission or knowledge. Their aim is not to rob people and not want to help
the owner, their intent is to bring the weakness to the attention of the owners
and get appreciation or a little bounty from the owners or find fun in
hacking.
Red hat hacker
Red hat hackers are again a blend of both black hat and
white hat hackers, they are usually on the top level of hacking government
agencies: top secret information hub, and generally anything that falls under
the category of sensitive information. The difference between red hat
hackers and white hat hackers is that the process of hacking through intention
remains the same. Red hat hackers are very ruthless when dealing with black hat
hackers or counteracting malware.
Blue hat hackers
A blue hat hacker is someone computer security consulting
firm who is used to bug-test a system prior to its launch, they look for
loopholes that can be exploited and try to close these gaps. Microsoft also
uses the term blue hat to represent a series of security briefing events.
Script kiddies
Script kiddies is a non-expert who breaks into
computer systems by using a pre-packaged automated tool written by others, in
other words, they try to hack the system with scripts from other fellow
hackers. usually with little understating of the underlying concept, hence the
term kiddies.
Hacktivist
A hacktivist is a hacker who utilizes technologies to
announce a social, ideological, religious, or political message. These
types of hackers intend to hack government websites. They pose themselves as
activists, so known as a hacktivist. In general, most hacktivist involves
website defacement or denial of service attacks.
Neophyte
A neophyte, “noob”, or green hat hacker is someone who is
new to hacking or phreaking and has almost no knowledge or experience of the
working of technology and hacking.
By default, Cisco
routers permit and forward all the packets they receive if the route is matched in
their routing table. In case we want to restrict some routes.
We have to
configure some access lists but if we have a lot of access-list rules this becomes
a nightmare to configure on each interface.
.
From the above diagram, our router has two incoming
access-list to deny some routes from the host's LAN. And also, our router has
two access-list to prevent some routes from the internet WAN from entering our
LAN network. its means we have to apply an access list to four interfaces in order to
protect our LAN network. there is another solution that is better is called a
security zone with an ASA firewall.
let's see the example of how a security zone
works.
As you can see above, we have two security zones.
1.INSIDE: which is our LAN network.
2.OUTSIDE: Which is our WAN network (internet)
These security zones have two simple
rules.
The ASA interface has been assigned to the correct
security zone. Security zones have two simple rules:
Traffic coming from a high-security level to a lower security level should be permitted.
The traffic coming from a lower security level to a
high-security level is should be denied.
Security levels –
The ASA interface is by default in routed mode,
operating at layer 3.
ASA firewall interfaces are assigned security level
which is numbers between 0 to 100. The higher number, the more trust in the
network connected to the ASA firewall.
Earlier we have seen some names like INSIDE, OUTSIDE, or DMZ
Also, note that we can assign names to the ASA
interface like inside, outside, or DMZ. As soon as we assign these names to an
interface, it automatically assigns a security level to itself. For example, if
we have assigned a name inside an interface, it will assign 100 (Security
level) to itself i.e most trusted network. If we assign the name Outside or DMZ
or any other name to an interface, it will assign security level 0 automatically. These are default values and can be changed.
It is a good practice to give a security level of 100
(maximum) to inside (most trusted network), 0(least) to outside (untrusted or
public network), and 50 to DMZ (organization public device network).
Note –
It is not mandatory to assign a name (INSIDE, OUTSIDE, or DMZ) to the ASA
interface but it is good practice to assign these names as they are simple and
meaningful.
Our LAN is our trusted network, which would have a
high-security level. The WAN is untrusted so it will have a low-security level.
This means that traffic from our LAN > WAN will be permitted. Traffic from
the WAN to our LAN will be denied. Since the firewall is stateful, it keeps
track of outgoing connections and will permit the return traffic from our LAN.
If you want to make an exception and permit
traffic from the WAN to the LAN then this can be accomplished with an access list.
Most companies will have one or more servers that
should be reachable from the Internet. Perhaps a mail or web server. Instead of
placing these on the INSIDE, we use a third zone called the DMZ
(Demilitarized Zone).
DMZ security level is between INSIDE and OUTSIDE.
Traffic coming from INSIDE going to OUTSIDE is
permitted.
Traffic coming from DMZ going to OUTSIDE is
permitted.
Traffic coming from INSIDE going to DMZ is permitted.
Traffic coming from DMZ to going to INSIDE is
denied.
Traffic is coming from OUTSIDE going to INSIDE is
denied.
In order to provide full connectivity between DMZ
and OUTSIDE we will use access list which only permits traffic to the IP or port
numbers. If something happened to one of our servers (hacked), our inside
network will still secure.
Let’s see the configurations: -
Topology:-
Goal:
configure the topology as per the diagram
configure IP address to their ports
configure gig1/1 to outside zone
configure gig1/3 to the inside zone
configure gig 1/2 to DMZ
ciscoasa(config)#interface gigabitEthernet 1/1
ciscoasa(config-if)#nameif outside
INFO: Security level for "outside" set to 0 by default.
The firewall is a barrier between LAN and WAN networks (trusted
and untrusted networks), we configure the firewall in the forwarding path of the
network so each packet have to be checked by our firewall.
There are two kinds of firewalls one is software firewalls
just like preinstalled with Microsoft Windows. The second one is the hardware firewall
which we are going to see.
From the above diagram, we have LAN with two host PC and a cisco switch. On the other hand, you
can see a router that is connected to the ISP for an internet connection. We place
our firewall in between to protect our LAN network.
Stateless and
stateful filtering.
You can use a router
as a firewall but it's not a good choice because most the router does not spend
much time on filtering, the router checks the access list for the port number source
and destination IP address if it matches in the entry of access-list router is
going to permit or deny the packet and router do not keep track of the
packet this is called stateless filtering but the firewall uses stateful
filtering, the firewall keeps track of all incoming and outgoing connections.
ASA (Adaptive
Security Appliance) is a cisco security device that combines the classic firewall with VPN, IPS (Intrusion Prevention System), and antivirus
capabilities. ASA is capable of providing threat defense before most of the
attacks spread into our LAN network.
I think we have done
enough talking rest of the theory we will see in the next section.
The leak-map name keyword configures the stub
router to advertise selected EIGRP-learned routes which are not ordinarily
advertised. The name refers to a route map that matches one or more ACLs or
prefix lists and permits the matched subnets or addresses to be leaked.
The EIGRP Stub feature is very useful when we want to
prevent unnecessary EIGRP queries and want to filter a few routes that we
advertise but when we want to configure our EIGRP router as a stub and still we
want to make an exception to some routes (network) to advertise this is
possible with the help of Leak-map.
In summary route-
Whenever we configure our EIGRP summary route, all the networks
within the range of our summary are no longer advertised on interfacing the only
this is left is a summary route, but we want to advertise some networks separately
next to our summary route this can also be done with summary leak-map. Let's see
how to configure the leak map.
Topology: -
Goal:
Configure the topology as per the diagram.
Assigning the IP addresses to their interfaces.
Configure EIGRP 1234 on all the routers.
Configure EIGRP STUB connected on router 3.
Configure Leak-Map on router 3 with the exception that network 192.168.32.1 network only advertises to all the routers.
