Thursday, 23 March 2023

Subnetting

An Analogy

Imagine you are a post man. You have a post round on a street with 100 houses, but only 2 of them houses are occupied. You have to walk around the estate to deliver mail to 2 houses. It takes you longer because one is at one house is at one side of the estate and one at the opposite side. Wouldn't it be more efficient if both those houses are next to each other? You also notice all the empty houses have their doors open and its costing a lot of money for the up keep of those empty houses. This is subnetting in a nutshell. On a typical home network you have a maximum of 256 addresses (254 are usable) but if your fortunate your house might only have 10 devices. That's 244 wasted addresses. Now you may get a new Xbox for your birthday or a new tablet so wouldn't it be more efficient to reduce that address space? The subnetting journey starts.....

IPv4 Classes

Before starting on this epic journey, you must understand IP version 4 classes. The first number in an Ip address or the first octet indicates the network class. For example 10.0.0.0 indicates it is a Class A IP address because it falls between 1 and 127.255.255.255. 172.16.0.0 is a class B address because the 172 falls between 128 and 191. 

Classes are important. The class range determines the default subnet mask and the default CIDR notation. 


ClassIP RangeDefault Subnet MaskDefault CIDR notation
Class A1-127.255.255.255255.0.0.0/8
Class B128-191.255.255.255255.255.0.0/16
Class C191-223.255.255.255255.255.255.0/24
Class D224-239.255.255.255N/AN/A
Class E240-255.255.255.255N/AN/A


CIDR notation 

A CIDR notation refers to the amount of bits that are assigned to the network. Subtracting the CIDR notation number from 32 will give you the number of bits that are assigned to hosts. For example;

In a class C IP address the default subnet mask is 255.255.255.0 and the default CIDR notation is /24. This means that 24 bits are being used by the network and the remaining 8 bits can be used for hosts. If you calculate 8 bits in binary you will get 128+64+32+16+8+4+2+1 = 255. This means that on a default class C address you have 256 addresses (0 is a number) and if you subtract the network address and a broadcast address (all addresses follow this rule -2) then you have 254 available/usable addresses for hosts. Another binary representation of this example is;

11111111.11111111.11111111.00000000

The highlighted peach are the network bits and the green the hosts bits. 


Subnetting

Now we have the foundations lets look at some scenarios.

Scenario 1

Lets say you purchase an IP address from an ISP 192.168.1.0. You have two offices each with 100 clients and you don't want to buy another IP address but split this network up into two and reduce the number of available hosts from the default. Lets work through this problem;

If you remember from previous we have 256 available addresses on a default class C address. But we only need 100. We also know that the default subnet of 255.255.255.0 carries a default CIDR notation of /24. Below is the subnet mask highlighted peach are the network bit and highlighted green are the host bits.


128+64+32+16+8+4+2+1 .128+64+32+16+8+4+2+1.128+64+32+16+8+4+2+1. 128+64+32+16+8+4+2+1

So, we need to reduce the number of hosts in this scenario and increase the number of networks. Remember that network bits run from left to right and hosts from right to left. So in this scenario lets take the first bit from the last octet (the green 128). This now means we are using 25 bits and our new CIDR notation is /25. If we add the bits together (the highlighted peach) we will get our new subnet mask of 255.255.255.128


128+64+32+16+8+4+2+1 .128+64+32+16+8+4+2+1.128+64+32+16+8+4+2+1128+64+32+16+8+4+2+1


To now work out the hosts we can simply add the green bits together.
So the IP address we bought was 192.168.1.0.
Our first network address is 192.168.1.0  , then adding the bits in green gives the last address on this network 192.168.1.127 (applying the -2 rule discussed previously 192.168.1.0 is the network address and 192.168.1.127 is the broadcast address therefore we have 126 usable addresses)

Then the second network address is 192.168.1.128 to 192.168.1.255 (as with network 1 we need to subtract 2 so our network address is 192.168.1.128 our broadcast address is 192.168.1.255 and the addresses in between are usable addresses)


Tuesday, 21 March 2023

Port security - Cisco switches

Switchport security associates specific MAC addresses of PCs with specific interfaces on a switch. It gives you the ability to restrict to a switch interface so that only authorised devices can use it. You can define the port action with three different modes : Protect(sends an alert), restrict(discards), shutdown(closes the port)


Implement Port security 

Build a simple topology and assign IP addresses to the PCs:

In the below command list I have:
-set the switchport as an access port 
-enabled port security
-defined which mac addresses are allowed through the interface (sticky dynamically learns of mac addresses currently connected to the host






Now we can define the action that the switch will take when it receives a frame from an unauthorised device. This is done using the switchport port-security violation (protect, or restrict or shutdown) 
Then define the maximum number of MAC addresses that can be received on the switch using the following command switchport port-security maximum 1 (1 is the number that can be changed)



That's the configuration done for fa0/1 we just need to repeat it for Fa0/2. Interface range fa0/1-2 would have done this together to avoid doing two separate configs.

Finally if we ping between the two pcs and run the show port-security interface fa0/1 command on the switch .You can now see the maximum allowed devices, port status and the mac address that has passed through.




AAA - Authentication, Authorisation, Accounting

802.1X authentication

802.1X authentication involves ensuring something is what its saying it is.

Features

Supplicant - (client-end user) - Devices that are trying to connect to an 802.1X need to have software installed on them and this is known as a supplicant. The supplicant initiates the connection by activating EAP (Extensible Authentication Protocol) between the device and switch

Authenticator - A device on a network that connects a client to a network. It blocks and allows traffic. A switch is an example of an authenticator.

Authentication Server - deals with requests for access to the network. The server tells the authenticator to allow or deny the traffic. Authentication servers usually run on the RADIUS protocol.


AAA

AAA is a requirement of network security. It is a process from start to finish of network access and monitoring

Authentication: uses challenge and response methodology for granting access. This identifies users by username and password

Authorisation: After initial authentication, authorisation uses the RADIUS protocol to allow access to resources based on permission levels

Accounting: After access users can be be monitoring for billing, reporting and auditing. You can observe what users do after they have been authenticated and authorised for example when they log in and when they log out.


The next steps are to look at a practical scenario using the AAA methodology.

Topology addressing:

Server: 192.168.2.2

G/0/0/1: 192.168.2.1

G/0/0/0: 192.168.1.1

PC0: 192.168.1.2 (Default Gateway 192.168.1.1)




Configure IP addressing on the router:



Assign a valid IP address to your Radius Server:


Turn on AAA on the services tab, add the the router details for the network the server is on ands specify a passkey - here I have used "hello"



Configuring AAA on the router, specify the server address and the passkey you used. (note the passkey I used is not very secure so something with multiple characters, number etc may be better)


Enable remote login:


Assign an IP address for your PC:


Test the telnet connection:



Note here: To use the more secure SSH connection you would need to add the ssh configurations into the router and it is also good practice to enable passwords on your router which was discussed in previous posts. 


Monday, 13 March 2023

Hyper - V - Virtualisation

What is Hyper - V?

Hyper - V is a virtualization technology. This allows you to run multiple operating system instances at any one time. You can run Linux, Microsoft, Server and desktop operating systems all together. This is a great solution for testing software on multiple platforms or just playing around with a different OS. 

Hyper V is specifically a hardware virtualisation technology. This means whatever you assign to your VMs you take that hardware away from your host. For example if your laptop or PC has 500GB of storage and 8GB Ram, you may want to tactically decide how you allocate the hardware to the VM. If you give the VM too much RAM for example it will severely impact the performance of the host. And the same with storage, VMs are usually assigned low storage, just enough for the Operating system and a few software installs (dependent on your requirements). If you have have spec tech, you can run many VMs much like a datacentre.

Enabling Hyper V in Windows 11

To enable hyper v;
1. Type Windows features into the start bar
2. Check both, Hyper V management tools and Hyper V platform
3. Restart your PC, it will install Hyper V much like a Windows update



Begin your lab journey....

Once you have Hyper V installed, embark on your lab journey. Below is a playlist for  creating a replica of a domain management structure, I will keep adding to it over time...

Playlist


Wednesday, 8 March 2023

Hot Standby Routing Protocol ( HSRP)

HSRP is a Cisco proprietary protocol that provides redundancy within a subnet. A virtual router is created which acts as the default gateway and a priority number is assigned to the physical routers to determine which is active and which is a standby router. 

Some key concepts with HSRP;

Priority

By default the priority number is 100. The highest priority number configured is assigned the active router if that fails then the next highest takes over which is the standby router. For example a priority number of 150 would be the active and 100 would be the standby router. 

Preempt

Is a state which activates the active router automatically

Hello messages

Are exchanged periodically to activate the standby router if it detects a failure on the network.


Virtual IP address 

A logical IP address that each host uses as the default gateway within a local subnet. 


Practical activity

In the below video, there is a full run through of HSRP in action. There is also the side effect concept of OSPF which is a routing protocol that dynamically routes traffic based on administrative distance. 




Technical timewasters

Below are a list of articles that made me lol...

Banking industry vs Security development

Here is a funny email exchange when the banking industry tried to influence the development of TLS - Link

MAC Address Basics

Each of a hosts network interfaces has a link layer MAC address that distinguishes it from other machines on the physical network. IP addresses are assigned to network interfaces and not machines. A mac address is made up of 48 bits or 6 bytes and is split into two parts. The first 3 bytes identify the manufacturer and the last 3 bytes are a unique serial number, so in this example the green sections are the vendor id and the black section is the interfaces unique number 32-03-C8-73-DC-A1. This is important for network engineers in spotting devices or vendors that are causing havoc on the network. 

Broadcasting

Broadcasting is a send once to all method of communication. A MAC address needs to be assigned to a broadcast frame. This address is made up of all binary 1s and when converted to hexadecimal gives you FF:FF:FF:FF:FF:FF

Multicasting

Multicasting works similar to broadcasting, but instead of sending data to all it sends it to a targeted group, often called one to many transmission. Common applications that use multicasting are streaming channels like Twitch and Youtube live. To avoid collisions when an ethernet switch receives a multicast frame it floods it out of all ports except the incoming port.

MAC address tabling

A switch stores mac addresses in a table. This table is called a mac address table or a content addressable memory (CAM table).  A switch stores information about other ethernet interfaces which are connected on the network. When a switch receives a frame it correlates the device sending with interface where it was received. 

A MAC address table maps each and every port to a MAC address and it does this in two ways;

Static - Have higher priority than dynamic as they can be added, removed or changed by an administrator

Dynamic - Added to the table automatically by a process called MAC learning. Once a switch receives a frame it automatically updates it mac address information. There is a brief video below showing how a mac address table works in practice. 



Monday, 6 March 2023

Network Ports and Protocols Cheat Sheet

Network communications are governed by a set of rules called protocols. Each protocol is assigned a port to allow applications to communicate. Below is a list of common protocols;

PORT NUMBERSERVICE NAMETRANSPORT PROTOCOLDESCRIPTION
20FTP-dataTCP, SCTPFile Transfer Protocol data transfer
21FTPTCP, UDP, SCTPFile Transfer Protocol command control
22SSH/SCP/SFTPTCP, UDP, SCTPSecure Shell, secure logins, file transfers (scp,sftp), and port forwarding
23TelnetTCPTelnet protocol, for unencrypted text communications
25SMTPTCPSimple Mail Transfer Protocol, used for email routing between mail servers
42WINS ReplicationTCP, UDPMicrosoft Windows Internet Name Service, vulnerable to attacks on a local network
43WHOISTCP, UDPWhois service, provides domain-level information
49TACACSUDP; can also use TCP but not necessarily on port 49Terminal Access Controller Access-Control System, provides remote authentication and related services for network access
53DNSTCP, UDPDomain Name System name resolver
67DHCP/BOOTPUDPDynamic Host Configuration Protocol and its predecessor Bootstrap Protocol Server; server port
68DHCP/BOOTPUDPDynamic Host Configuration Protocol and its predecessor Bootstrap Protocol Server; client port
69TFTPUDPTrivial File Transfer Protocol
80HTTPTCP, UDP, SCTPHypertext Transfer Protocol (HTTP) uses TCP in versions 1.x and 2. HTTP/3 uses QUIC, a transport protocol on top of UDP
88KerberosTCP, UDPNetwork authentication system
102Microsoft Exchange ISO-TSAPTCPMicrosoft Exchange ISO Transport Service Access Point (TSAP) Class 0 protocol
110POP3TCPPost Office Protocol, version 3 (POP3)
113IdentTCPIdentification Protocol, for identifying the user of a particular TCP connection
123NTPUDPNetwork Time Protocol
135Microsoft RPC EPMAPTCP, UDPMicrosoft Remote Procedure Call (RPC) Endpoint Mapper (EPMAP) service, for remote system access and management
137NetBIOS-nsTCP, UDPNetBIOS Name Service, used for name registration and resolution
138NetBIOS-dgmTCP, UDPNetBIOS Datagram Service, used for providing access to shared resources
139NetBIOS-ssnTCP, UDPNetBIOS Session Service
143IMAPTCP, UDPInternet Message Access Protocol (IMAP), management of electronic mail messages on a server
161SNMP-agents (unencrypted)UDPSimple network management protocol; agents communicate on this port
162SNMP-trap (unencrypted)UDPSimple network management protocol; listens for asynchronous traps
179BGPTCPBorder Gateway Protocol
194IRCUDPInternet Relay Chat
264BGMPTCP, UDPBorder Gateway Multicast Protocol
318TSPTCP, UDPTime Stamp Protocol
389LDAPTCP, UDPLightweight directory access protocol
427SLPTCPService Location Protocol
443HTTPS (HTTP over SSL)TCP, UDP, SCTPHypertext Transfer Protocol Secure (HTTPS) uses TCP in versions 1.x and 2. HTTP/3 uses QUIC, a transport protocol on top of UDP.
445Microsoft DS SMBTCP, UDPMicrosoft Directory Services: TCP for Active Directory, Windows shares; UDP for Server Message Block (SMB) file-sharing
464KerberosTCP, UDPFor password settings on Kerberos
465SMTP over TLS/SSL, SSMTCPAuthenticated SMTP over TLS/SSL (SMTPS), URL Rendezvous Directory for Cisco’s Source Specific Multicast protocol (SSM)
497Dantz RetrospectTCP, UDPA software suite for backing up operating systems
500IPSec / ISAKMP / IKEUDPInternet Protocol Security / Internet Security Association and Key Management Protocol / Internet Key Exchange
513rloginTCPThe Unix program rlogin allows users to log in on another host using a network.
514syslogUDPSyslog Protocol, for collecting and organizing all of the log files sent from the various devices on a network
515LPD/LPRTCPLine Printer Daemon protocol, or Line Printer Remote protocol
520RIPUDPRouting Information Protocol, used to find the optimal path between source and destination networks
521RIPng (IPv6)UDPRouting Information Protocol next generation, the IPv6 compatible version of RIP
554RTSPTCP, UDPReal Time Streaming Protocol
546DHCPv6TCP, UDPDynamic Host Configuration Protocol version 6. DHCPv6 Clients listen for DHCPv6 messages on UDP port 546.
547DHCPv6TCP, UDPDHCPv6 Servers and DHCPv6 Relay Agents listen for DHCPv6 messages on UDP port 547.
560rmonitorUDPRemote Monitor
563NNTP over TLS/SSLTCP, UDPNetwork News Transfer Protocol with encryption and verification
587SMTPTCPFor email message submission via SMTP
636LDAP over TLS/SSLTCP, UDPLightweight Directory Access Protocol over TLS/SSL
639MSDP (PIM)TCPMulticast Source Discovery Protocol, which is part of the Protocol Independent Multicast (PIM) family
646LDP (MPLS)TCP, UDPLabel Distribution Protocol, applies to routers capable of Multiprotocol Label Switching (MPLS)
691Microsoft ExchangeTCPMicrosoft Exchange Routing
860iSCSITCPInternet Small Computer Systems Interface
873rsyncTCPThe rsync file synchronization protocol efficiently transfers and synchronizes files between devices and networked computers.
902VMware ServerTCP, UDPVMware ESXi, a hypervisor
989FTPSTCPFile Transfer Protocol (data) over TLS/SSL
990FTPSTCPFile Transfer Protocol (control) over TLS/SSL
993IMAP over SSL (IMAPS)TCPInternet Message Access Protocol over TLS/SSL
995POP3 over SSL (POP3S)TCP, UDPPost Office Protocol 3 over TLS/SSL

Fast switching vs Process switching

Process Switching: Process switching is the traditional method of packet forwarding used in early routers. When a packet arrives at a router...