AAA

What is AAA?

 Security for user access to the network and the ability to dynamically define a user’s profile to gain access to network resources is concerning issue in data communication environment. AAA network security services provide the primary framework through which a network administrator can set up access control on network which is usually the function of a router or access server. It is strongly recommended that network and administrative access security in the Cisco environment is based on a modular architecture that has three functional components: authentication, authorization and accounting.

Authentication:  Authentication is the way a user is identified prior to being allowed access to the network and network services. AAA authentication is configured by defining a named list of authentication methods, and then applying that list to various interfaces. The method list defines the types of authentication to be performed and the sequence in which they will be performed; it MUST be applied to a specific interface before any of the defined authentication methods will be performed. All authentication methods, except for local, line password, and enable authentication, MUST be defined through AAA.

Authorization:  Authorization provides the method for remote access control, including one-time authorization or authorization for each service, per-user account list and profile, user group support, Telnet etc.  AAA authorization works by assembling a set of attributes that describe what the user is authorized to perform. These attributes are compared to the information contained in a database for a given user and the result is returned to AAA to determine the user's actual capabilities and restrictions. The database can be located locally on the access server or router, or it can be hosted remotely on a RADIUS or TACACS+ security server.  As with authentication, AAA authorization is configured by defining a named list of authorization methods, and then applying that list to various interfaces.

Accounting: Accounting provides the method for collecting and sending security server information used for billing, auditing, and reporting - user identities, start and stop times, executed commands, number of packets, and number of bytes. Accounting enables tracking of the services users are accessing as well as the amount of network resources they are consuming. With AAA accounting activated, the NAS reports user activity to the RADIUS or TACACS+ security server in the form of accounting records. Each accounting record is comprised of accounting AV pairs and is stored on the access control server. This data can then be analyzed for network management, client billing, and/or auditing. All accounting methods must be defined through AAA. Accounting is configured by defining a named list of accounting methods, and then applying that list to various interfaces.




What is RADIUS?

 RADIUS is an access server that uses AAA protocol. It is a system of distributed security that secures remote access to networks and network services against unauthorized access. RADIUS comprises three components: a protocol with a frame format that utilizes User Datagram Protocol (UDP)/IP, server and client.
A network access server (NAS) operates as a client of RADIUS. The client is responsible for passing user information to designated RADIUS servers, and then acting on the response that is returned. RADIUS servers are responsible for receiving user connection requests, authenticating the user, and returning all configuration information necessary for the client to deliver service to the user. The RADIUS servers can act as proxy clients to other kinds of authentication servers.


Authentication and Authorization checking are bundled together. When the client device requests authentication from the server, the server replies with both authentication attributes and authorization attributes. These functions cannot be performed separately. The accounting features of the RADIUS protocol can be used independently of RADIUS authentication or authorization. RADIUS encrypts only the password in the access-request packet. The remainder of the packet is unencrypted.



What is TACACS+?

 TACACS+ stands for Terminal Access Control Access Control Server. TACACS+ is some enhancement to the TACACS application. The main goal of TACACS+ is to provide a centralized database against which to perform Authentication, Authorization, and Accounting (AAA).
TACACS+ uses a client server model approach. The server is questioned by the client and the server in turn reply by stating whether the user passed or failed the authentication. It is important to note that the client is not the user or the user's machine, but rather the device that is trying to determine if the user should be allowed entry into the network (typically a router or a firewall). TACACS+ uses TCP as the transport protocol –the default port is 49. If required, the server can be configured to listen on other ports. TACACS+ is similar to RADIUS (Remote Access Dial In User Server) with a few key differences.


All three AAA functions (authentication, authorization, and accounting) can be used independently. Therefore, one method such as Kerberos can be used for authentication, and a separate method such as TACACS+ can be used for authorization. While TACACS+ can use usernames and passwords it can also use other mechanisms such as "one time" passwords that prevent hackers from accessing system.
Both TACACS+ and RADIUS use a shared secret key to provide encryption. TACACS+ encrypts entire payload when communicating and the user's password between the client and the server. TACACS+ uses MD5 hash function in its encryption and decryption algorithm.

what is firewall, function and its types

                                                              Firewall 
What is Firewall?

A firewall acts as a shield to protect our system from the untrusted, non-reliable systems connected to the Internet. Conceptually, it derives from the barriers made of fire-resistant material- used to prevent the spread of fires. A firewall on your PC, however, listens to all ports on your system for any attempts to open a connection; when it detects such an attempt, it reacts according to a predefined set of rules. Put more technically, a firewall is a piece of software, hardware, or both, that allows only selected packets to pass from the Internet to your private network or system.


Describe the types of Firewall.

Answer: Several types of firewalls exist:

Packet filtering
The system examines each packet entering or leaving the network and accepts or rejects it based on user-defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing.


Advantages:

Simplicity
Transparency to users
High speed
Disadvantages:
Difficulty of setting up packet filter rules
Lack of Authentication

Circuit-level gateway implementation
 This process applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.

Application-level Gateway

A proxy server is a type of gateway that hides the true network address of the computer(s) connecting through it. A proxy server connects to the Internet, makes the requests for pages, connections to servers, etc., and receives the data on behalf of the computer(s) behind it. The firewall capabilities lie in the fact that a proxy can be configured to allow only certain types of traffic to pass (e.g., HTTP files, or web pages). A proxy server has the potential drawback of slowing network performance, since it has to actively analyze and manipulate traffic passing through it.

Advantages:
Higher security than packet filters
Only need to scrutinize a few allowable applications
Easy to log and audit all incoming traffic

Disadvantages:
Additional processing overhead on each connection (gateway as splice point)

Web application firewall

 A web application firewall is a hardware appliance, server plug-in, or some other software filter that applies a set of rules to a HTTP conversation. Such rules are generally customized to the application so that many attacks can be identified and blocked.

What are Inbound and Outbound rules?

Answer: Inbound rules: These are to do with other things accessing your computer. If you are running a Web Server on your computer then you will have to tell the Firewall that outsiders are allowed to connect to it.
Outbound rules: These are so that you can let some programs use the Internet, and Block others. You will want to let your Web Browser (Internet Explorer, Firefox, Safari, Chrome, Opera...) have access to the Internet, so you will tell Windows Firewall that it's allowed.


Some Benefits and limitations of Firewall.

Benefit
  >Prevent intrusion
  >Choke point for security audit
  >Reduce attacks by hackers
  >Hide network behind a single IP address
  >Part of total network security policy


Limitations
Cannot protect against
    >inside attacks
    >malicious insiders
    >connections that circumvent it
    >completely new threats
    >some viruses
    >the administrator that does not correctly set it up
    >Cannot block attacks at higher level of the protocol stack.

Firewall vs. IDS 

Firewall - A device or application that analyzes packet headers and enforces policy based on protocol type, source address, destination address, source port, and/or destination port. Packets that do not match policy are rejected.

Intrusion Detection System - A device or application that analyzes whole packets, both header and payload, looking for known events. When a known event is detected a log message is generated detailing the event.

Network Topology

Star topology:

In a star topology, each device has a dedicated point-to-point link only to a central controller, usually called a hub. The devices are not directly linked to one another. Unlike a mesh topology, a star topology does not allow direct traffic between devices. The controller acts as an exchange: Ifone device wants to send data to another, it sends the data to the controller, which then relays the data to the other connected device 

Advantages of Star Topology

1)  As compared to Bus topology it gives far much better performance, signals don’t necessarily get transmitted to all the workstations. A sent signal reaches the intended destination after passing through no more than 3-4 devices and 2-3 links. Performance of the network is dependent on the capacity of central hub.
2)  Easy to connect new nodes or devices. In star topology new nodes can be added easily without affecting rest of the network. Similarly components can also be removed easily.
3)  Centralized management. It helps in monitoring the network.
4)  Failure of one node or link doesn’t affect the rest of network. At the same time its easy to detect the failure and troubleshoot it.

Disadvantages of Star Topology

1)  Too much dependency on central device has its own drawbacks. If it fails whole network goes down.
2)  The use of hub, a router or a switch as central device increases the overall cost of the network.
3)   Performance and as well number of nodes which can be added in such topology is depended on capacity of central device.


Mesh Topology

Mesh In a mesh topology, every device has a dedicated point-to-point link to every other device. The term dedicated means that the link carries traffic only between the two devices it connects. To find the number of physical links in a fully connected mesh network with n nodes, we first consider that each node must be connected to every other node. Node 1must be connected to n - I nodes, node 2 must be connected to n - 1 nodes, and finally node n must be connected to n - 1 nodes. We need n(n - 1) physical links. However, if each physical link allows communication in both directions (duplex
mode), we can divide the number of links by 2. In other words, we can say that in a mesh topology, we need
                                            n(n -1) /2

Advantages of Mesh topology

1) Data can be transmitted from different devices simultaneously. This topology can withstand high traffic.
2) Even if one of the components fails there is always an alternative present. So data transfer doesn’t get affected.
3) Expansion and modification in topology can be done without disrupting other nodes.

Disadvantages of Mesh topology

1) There are high chances of redundancy in many of the network connections.
2) Overall cost of this network is way too high as compared to other network topologies.
3) Set-up and maintenance of this topology is very difficult. Even administration of the network is tough.

Ring Topology

In a ring topology, each device has a dedicated point-to-point connection with only the two devices on either side of it. A signal is passed along the ring in one direction, from device to device, until it reaches its destination. Each device in the ring incorporates a repeater. When a device receives a signal intended for another device, its repeater regenerates the bits and passes them along

Advantages of Ring Topology

1)   This type of network topology is very organized. Each node gets to send the data when it receives an   empty token. This helps to reduces chances of collision. Also in ring topology all the traffic flows in only one  direction at very high speed.
2)   Even when the load on the network increases, its performance is better than that of Bus topology.
3)   There is no need for network server to control the connectivity between workstations.
4)   Additional components do not affect the performance of network.
5)   Each computer has equal access to resources.

Disadvantages of Ring Topology

1)   Each packet of data must pass through all the computers between source and destination. This makes it slower than Star topology.
2)   If one workstation or port goes down, the entire network gets affected.
3)   Network is highly dependent on the wire which connects different components.
4)   MAU’s and network cards are expensive as compared to Ethernet cards and hubs.


Bus Topology

In Bus Topology One long cable acts as a backbone to link all the devices in a network.Nodes are connected to the bus cable by drop lines and taps. A drop line is a connection running between the device and the main cable. A tap is a connector that either splices into the main cable or punctures the sheathing of a cable to create a contact with the metallic core. As a signal travels along the backbone, some of its energy is transform into heat. Therefore, it becomes weaker and weaker as it travels farther and farther. this reason there is a limit on the number of taps a bus can support and on the distance between those taps.

Advantages of  Bus Topology

1)  It is easy to set-up and extend bus network.
2)  Cable length required for this topology is the least compared to other networks.
3)  Bus topology costs very less.
4) Linear Bus network is mostly used in small networks. Good for LAN.

Disadvantages of Bus Topology

1)  There is a limit on central cable length and number of nodes that can be connected.
2)  Dependency on central cable in this topology has its disadvantages.If the main cable (i.e. bus ) encounters   some problem, whole network breaks down.
3)  Proper termination is required to dump signals. Use of terminators is must.
4)  It is difficult to detect and troubleshoot fault at individual station.
5)  Maintenance costs can get higher with time.
6)  Efficiency of Bus network reduces, as the number of devices connected to it increases.
7)  It is not suitable for networks with heavy traffic.
8)  Security is very low because all the computers receive the sent signal from the source.

Basic of Networking

Netowrk 

In computer Science network is a set of computers connected together for the purpose of sharing resources. The most common resource shared today is connection to the Internet. Other shared resources can include a printer or a file server.

A network Computers  can be connected through twisted pair cables, telephone lines, radio waves, satellites or optical fiber cables. The first computer network was designed by ‘Advanced Research Projects Agency Network (ARPANET)’ in the United States Department of Defense. There are three type of network technologies.

LAN: Local Area Network

A Local Area Network (LAN) is a network that is bound to a smaller physical areas like a university, house or a small office. Approximately all current LANs whether wired or wireless are based on Ethernet. On a ‘Local Area Network’ data transfer speeds are higher than WAN and MAN that can extend to a 10.0 Mbps (Ethernet network) and 1.0 Gbps (Gigabit Ethernet).

MAN:Metropolitan Area Network

We can take Bank network as a example of Metropolitan Area Network where all branches located in different districts are interconnected through head office by using fiber optic cables. In one sentense A Metropolitan Area Network (MAN) is a network that connects two or more computers, communicating devices or networks in a single network that has geographic area larger than that covered by even a large ‘Local Area Network’ but smaller than the region covered by a ‘Wide Area Network’.

WAN:Wide Area Network 

Internet is a perfect exaple of WAN. Wide Area Network is a computer network that covers relatively larger geographical area such as a state or country. It provides a solution to companies or organizations operating from distant geographical locations who want to communicate with each other for sharing and managing central data or for general communication.

WAN is made up of two or more Local Area Networks (LANs) or Metropolitan Area Networks (MANs) that are interconnected with each other, thus users and computers in one location can communicate with users and computers in other locations.


Basic IT Questions for exam

EIGRP Routing Protocols

EIGRP use five types of packets to communicate:

  > Hello    : used to identify neighbors. They are sent as periodic multicasts

  > Update : used to advertise routes, only sent as multicasts when something is changed

  > Ack      : acknowledges receipt of an update. In fact, Ack is Hello packet without data. It is always unicast and uses   UDP.

  > Query  : used to find alternate paths when all paths to a destination have failed

  > Reply  : is sent in response to query packets to instruct the originator not to recompute the route because feasible successors exist. Reply packets are always unicast to the originator of the query

Advertised distance(AD):	the cost from the neighbor to the destination.
Feasible distance (FD):	The sum of the AD plus the cost between the local router and the next-hop router
Successor:	The primary route used to reach a destination. The successor route is kept in the routing table. Notice that successor is the best route to that destination.
Feasible successor:	The backup route. To be a feasible successor, the route must have an AD less than the FD of the current successor route

EIGRP Neighbor,Topogoly and Routing Table

EIGRP routers will start sending hello packets to other routers just like OSPF does, if you send hello packets and you receive them you will become neighbors. EIGRP neighbors will exchange routing information which will be saved in the topology table. The best path from the topology table will be copied in the routing table.

Neighbor table: The neighbor relationships are tracked in this table which are the basis for EIGRP routing and convergence activity. The address and the interface of a neighbor is discovered and recorded in a new entry of the neighbor table, whenever a new neighbor is discovered. These tables are used for reliable and sequenced delivery of packets.

Topology table: Routers use topology table which route traffic in a network. All routing tables inside the autonomous system are available in this table, where the router is positioned. Each router uses routing protocol and maintains a topology table for each configured network protocol. The routes leading to a destination are found in the topology table.

Route Table: The routes of particular destinations are stored in the routing tables. The information contains the network topology that is immediately around it. The primary goal of routing protocols and routes is the construction of routing tables. Network id, cost of the packet path and next hop are the details are available in the routing table.



Normal Configuration:

**************
      R1
**************

Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#inter g0/0
Router(config-if)#ip address 1.1.1.1 255.255.255.252
Router(config-if)#exit
Router(config)#router eigrp 100
Router(config-router)#network 1.1.1.0
Router(config-router)#exit
Router(config)#exit
Router#
%SYS-5-CONFIG_I: Configured from console by console

Router#

**************
      R2
**************

Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#inter g0/0
Router(config-if)#ip address 1.1.1.2 255.255.255.252
Router(config-if)#exit
Router(config)#router eigrp 100
Router(config-router)#network 1.1.1.0
Router(config-router)#exit
Router(config)#exit
Router#

  In CCNA Exam Lab troubleshoot the eigrp with just changing AS number of this topology

Thats all. Thanks