Active and Passive Scanning on Access Points

When a wireless device wants to connect to an access point (AP), it must first scan for available APs. There are two types of scanning that a wireless device can use: active scanning and passive scanning.

Active Scanning

In active scanning, the wireless device sends out a probe request frame. This frame contains the wireless device's SSID and other information. If an AP receives the probe request frame, it will respond with a probe response frame. The probe response frame will contain the AP's SSID, BSSID, security settings, and other information.
Active scanning is more efficient than passive scanning because it allows the wireless device to quickly find APs that are broadcasting their SSID. However, active scanning can also be more disruptive to other wireless devices on the same channel.

Passive Scanning

In passive scanning, the wireless device does not send out any frames. Instead, it listens for beacon frames that are broadcast by APs. Beacon frames are periodically sent by APs to announce their presence and to provide information about their SSID, BSSID, security settings, and other information.
Passive scanning is less disruptive than active scanning because it does not require the wireless device to send out any frames. However, passive scanning can be slower than active scanning because the wireless device must wait for APs to broadcast beacon frames.

Which Type of Scanning Should You Use?

The type of scanning that you should use depends on your needs. If you need to quickly find APs, then active scanning is the best option. However, if you are concerned about disrupting other wireless devices, then passive scanning is the better option.
Here are some additional things to consider when choosing between active and passive scanning:

• Battery life: Active scanning uses more battery power than passive scanning.

• Security: Active scanning can be more disruptive to other wireless devices on the same channel.

• Speed: Passive scanning is slower than active scanning.

SNMP

What is SNMP?

SNMP stands for Simple Network Management Protocol. It is a widely used protocol for monitoring and managing devices on a network. SNMP uses a client-server architecture, with a central management station (NMS) that polls devices for information and receives notifications from them when events occur.

SNMP Features

SNMP offers a number of features that make it a valuable tool for network management, including:

• Scalability: SNMP is designed to be scalable to large networks. It can be used to monitor thousands of devices simultaneously.
• Ease of use: SNMP is relatively easy to use and configure. It does not require any special knowledge of networking to get started.
• Security: SNMP can be configured to use a variety of security mechanisms, including authentication, authorization, and encryption.

SNMP Applications

SNMP is used for a variety of network management tasks, including:

• Device discovery: SNMP can be used to discover devices on a network. This information can be used to build a network inventory.
• Health monitoring: SNMP can be used to monitor the health of devices on a network. This information can be used to identify potential problems before they cause outages.
• Performance monitoring: SNMP can be used to monitor the performance of devices on a network. This information can be used to identify bottlenecks and optimize network performance.
• Event notification: SNMP can be used to receive notifications when events occur on devices on a network. This information can be used to quickly identify and respond to problems.

SNMP Security

SNMP is a relatively secure protocol, but it is important to take steps to protect your network from attack. Some of the things you can do to improve the security of your SNMP implementation include:

• Use strong passwords: SNMP uses community strings to authenticate devices. Make sure to use strong passwords that are difficult to guess.
• Restrict access: You can restrict access to SNMP on a per-device basis. This will help to prevent unauthorized users from accessing your network devices.
• Use encryption: You can encrypt SNMP traffic to protect it from eavesdropping.

CAPWAP - Activity

Control and Provisioning of Wireless Access Points (CAPWAP) - is a protocol that enables a wireless access controller to manage a collection of termination points. Lets run through this in Cisco's packet tracer:

Build a topology

Build a topology like the below, lets refrain from wiring up the access points now. Imagine this is a company office and the wireless access points are on corridors to provide better wireless services to devices across the company. 

Server config

Assign an IP address to your server:

Under services, check DHCP, turn it on and configure IP addresses like the below making sure they match your topology outline.

DNS: create a DNS entry of your choice and again make sure the IP address matches your topology. 

Configure the wireless lan controller (WLC)

Again make sure your IP addresses match your topology.

Enable DHCP on your PC

Check you can communicate with the WLC

ON the PC enter the IP address in the web browser of your WLC (once you press go it make take a few minutes to connect)

Create a user name and password. (your password will need to have requirements ie capitals and numbers)

Name your WLC and assign the IP addresses from your topology. I have left the management VLAN for now as this would form part of a wider activity.

Give your Wireless network an SSID and set the encryption method and passphrase.

The virtual IP address can remain the same.

Check and confirm your settings: 

You can now connect your access points wait until they have all turned green. Make sure you have used the Lightweight access points

You will need to drag the power supply into the power socket from the bottom this LAP does not support POE

Now when you go back into the browser on the PC you will need to use https before your IP address

Once logged in you should be presented with the status of your access points and lots more information such as system time, uptime access. There is a lot that can be done here such as added guest networks or different forms or authenticated networks but that's for another day :) 

Basic Wireless Home Security

Wireless security is generally controlled through a nice GUI these days. It is relatively straight forward to administer as most users are home users. Home networks are configured for the masses and are not necessarily secure especially if used in business. Below are some key features exampled using Cisco Packet Tracer's WRT300N Router

SSID Cloaking

By default home routers display their SSID (ie BT7891XN). The SSID is the name of the network. This is a security risk and should be hidden to avoid an open door. In the below image the SSID broadcast is set to disabled which prevents the SSID being displayed to available devices and it will need to be entered manually in order to connect.

Access Restrictions

To edit access restrictions and only allow certain IP addresses and MAC addresses to connect, under access restrictions click edit list.

This will allow you to enter the IP ranges or specific IP addresses allowed to connect to your wireless networks

Further down on the access restriction tab you can block websites, applications or keywords (packet tracer is a bit restrictive in this department

Configuring keyword blocking is important these days if you have young children, but also certain websites that you may not want to see your colleagues or family members access are also very important measures.

Wireless Standards

Wireless standards are a set of specifications that define how wireless devices communicate with each other. There are many different wireless standards in use today, each with its own strengths and weaknesses.

The most common wireless standard is IEEE 802.11, which is also known as Wi-Fi.. Wi-Fi is available in many different speeds, including 802.11b (11 Mbps), 802.11g (54 Mbps), 802.11n (300 Mbps), 802.11ac (1.3 Gbps), and 802.11ax (up to 10 Gbps). (See table) You will also notice the frequencies in the table. Wireless standards are either dual or single band. Single band on 2.4Ghz will be able to travel further and are less prone to wireless interference than 5Ghz but 5Ghz has can deal with higher data rates. Dual band can switch between the two.

Backward compatibility list

Wireless bands also operate on different channels;

Band	Channels
2.4 GHz	1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11
5 GHz	36, 40, 44, 48, 149, 153, 157, 161, 165

Another common wireless standard is Bluetooth. Bluetooth is a short-range wireless technology that is used for connecting devices that are close together, such as smartphones, headphones, and speakers. Bluetooth is available in different speeds, including Bluetooth 1.0 (723 kbps), Bluetooth 2.0 (3 Mbps), Bluetooth 3.0 (24 Mbps), Bluetooth 4.0 (2 Mbps), Bluetooth 4.1 (1 Mbps), Bluetooth 4.2 (1 Mbps), Bluetooth 5.0 (5 Mbps), and Bluetooth 5.1 (2 Mbps).

There are also many other wireless standards in use today, such as Zigbee, Z-Wave, and WiMAX. Each of these standards has its own strengths and weaknesses, so it is important to choose the right standard for your needs.

When to Choose Other Wireless Standards

Other wireless standards, such as Zigbee, Z-Wave, and WiMAX, are good choices for specific applications. For example, Zigbee is a good choice for connecting low-power devices in home automation networks. Z-Wave is a good choice for connecting security devices, such as door locks and motion sensors. WiMAX is a good choice for providing broadband internet access in rural areas.

Choosing the Right Wireless Standard

The best way to choose the right wireless standard is to consider your needs. If you need to connect devices to the internet, Wi-Fi is a good choice. If you need to connect devices that are close together, Bluetooth is a good choice. If you need to connect devices for a specific application, such as home automation or security, consider other wireless standards.

Wireless antenna types 

• Omnidirectional antennas: Omnidirectional antennas radiate in all directions, providing a 360-degree coverage. Omnidirectional antennas are a good choice for applications where you need to cover a wide area, such as in a home or office.
• Directional antennas: Directional antennas radiate in a specific direction, providing a more focused signal. Directional antennas are a good choice for applications where you need to extend the range of your wireless signal, such as in a point-to-point link or a wireless bridge.
• Patch antennas: Patch antennas are a type of planar antenna that is typically mounted on a flat surface. Patch antennas are a good choice for applications where you need a low-profile antenna, such as in a laptop or a smartphone.
• Yagi antennas: Yagi antennas are a type of directional antenna that is made up of a series of parallel elements. Yagi antennas are a good choice for applications where you need a high-gain antenna, such as in a wireless access point or a satellite dish.
• Log-periodic antennas: Log-periodic antennas are a type of broadband antenna that is made up of a series of elements that are logarithmically spaced. Log-periodic antennas are a good choice for applications where you need a wide bandwidth antenna, such as in a Wi-Fi router or a cellular base station.

Dynamic ARP Inspection (DAI)

Address Resolution Protocol (ARP) is a layer 2 protocol. It simply maps an IP address to a mac address.

When a PC communicates with another the arp table is updated with the command arp -a (shown below)

Why DAI?

Within a man-in the middle attack - typically arp spoofing. A rogue pc/laptop sends a spoof arp message which associates the attackers mac address with that of the router or other device on the network so that it can intercept and alter traffic. DAI on the switch compares the incoming ARP packet and entries should be matched in the DHCP snooping binding table, and any ARP access control lists. If the ARP doesn't match the switch will disregard the ARP request. 

Configurations

To configure DAI and validate the source mac address against the sender's mac address within the ARP body we use this can be seen in the show ip arp inspection image that src mac address is validated; 

To enable DAI on a VLAN 1 we use :

If we now run the show ip inspection vlan 1 command we see source mac validation is enabled:

To enable the trust interface state on fast ethernet 0/1:

And verify the configuration:

Access control 

Cisco packet tracer doesn't currently support the creation of ARP access lists but essentially it is permitting the access of an IP address and MAC address through an interface just like the below

Public vs Private IP Addresses: What's the Difference?

When you connect to the internet, your device is assigned an IP address. This IP address is a unique identifier that allows your device to communicate with other devices on the internet. There are two types of IP addresses: public and private.

Public IP addresses are assigned to devices that are directly connected to the internet. This includes devices like your home router, your office computer, and your smartphone. Public IP addresses are unique and cannot be reused.

Private IP addresses are assigned to devices that are not directly connected to the internet. This includes devices like your home printer, your home security system, and your gaming console. Private IP addresses are not unique and can be reused on different networks.

The Internet Assigned Numbers Authority (IANA) has reserved the following private IP address ranges for use on private networks:

• Class A: 10.0.0.0 - 10.255.255.255
• Class B: 172.16.0.0 - 172.31.255.255
• Class C: 192.168.0.0 - 192.168.255.255

Some examples:

192.168.1.1 - Private

193.1.1.1 - Public

10.0.0.1 - Private

15.0.0.0 - Public

Basic routing types

 

Static, Default, and Dynamic Routing: What's the Difference?

When it comes to routing, there are three main types: static, default, and dynamic. Each type has its own advantages and disadvantages, so it's important to choose the right one for your network.

Static routing is the simplest type of routing. In static routing, the network administrator manually configures the routes in the routing table. This means that the administrator must manually add or remove routes as needed. Static routing is easy to configure and maintain, but it can be time-consuming to manage large networks.

Default routing is a type of static routing that uses a single route to all destinations that are not explicitly defined in the routing table. This is a good option for small networks with a single exit point to the internet. Default routing is easy to configure and maintain, but it can be less efficient than dynamic routing.

Dynamic routing is a more complex type of routing that uses algorithms to automatically update the routing table. This means that the network administrator does not need to manually add or remove routes. Dynamic routing is more efficient than static routing, but it can be more complex to configure and maintain.

Which type of routing is right for you?

The best type of routing for you will depend on the size and complexity of your network. If you have a small network with a single exit point to the internet, then default routing may be a good option. If you have a large network with multiple exit points to the internet, then dynamic routing may be a better option.

Cisco Router password security basics

In the below screenshot we have created two simple passwords for two different modes. The highlighted yellow is a password for user mode whereas the password in green is for privileged mode. Following on from creating the passwords good practice is to encrypt the passwords

Now when we run the show running-config command we don't see the passwords in plain text but in an encrypted format.

Here are a couple of video walkthroughs configuring what was previously mentioned. 

Video1

Video2

Some basic network troubleshooting commands

Below are some every day, useful commands to use when troubleshooting your own device and network issues

ipconfig /all

This command shows the current TCP/IP configurations for all adapters. This can be both logical and physical addresses. Below is a simple screenshot with the results. Notice the default gateway is shown, this is the router address on the same network as the device. Without the default gateway being configured we will not be able to communicate remotely or with other networks. 

show ip interface brief

This is a router command it shows all IPv4 interface configurations and their current status

ping

Ping verifies IP connectivity to another networked device by sending Internet Control Message Protocol (ICMP) echo Request messages. When a successful ping happens you get the below pieces of information. In the example 127.0.0.1 is a loopback address to check if the local PC's TCP/IP address is configured correctly. If an IP address is not available you will get a timed out message.

tracert

Trace route will diagnose the path taken to a destination. Again ICMP is used, and echo requests are feedback when a different network is identified. This is used to pinpoint where network failures occur

These are just some small examples of commands that can be used at a fundamental level. Microsoft have published a detailed list of commands here

VLAN Hopping

In today's world, where network security is crucial, VLAN hopping is one of the most common and dangerous threats to network infrastructure. VLAN hopping is a network security vulnerability that occurs when an attacker gains unauthorized access to a network by exploiting VLAN tagging protocols.

VLANs or Virtual Local Area Networks are a type of network that allows the creation of multiple logical networks within a single physical network. Each VLAN is identified by a unique VLAN ID, which is used to tag and separate traffic from different VLANs. VLAN tagging is done at the data link layer of the OSI model and is used to allow network administrators to create separate broadcast domains within a single physical network.

VLAN hopping occurs when an attacker gains unauthorized access to a VLAN by exploiting the vulnerabilities in the VLAN tagging protocol. There are several ways that an attacker can carry out a VLAN hopping attack, including Double Tagging, Switch Spoofing, and VLAN Injection.

Double Tagging:

In this type of VLAN hopping attack, the attacker sends a frame with two VLAN tags to the switch. The first tag is the attacker's VLAN ID, and the second tag is the target VLAN ID. The switch reads the first tag and places the frame in the attacker's VLAN. However, the switch also reads the second tag and forwards the frame to the target VLAN, giving the attacker access to the target VLAN.

Switch Spoofing:

In a switch spoofing attack, the attacker sends a frame with a spoofed MAC address of the switch to the target VLAN. The target VLAN receives the frame and forwards it to the switch, which reads the MAC address and places the frame in the appropriate VLAN. However, the switch does not realize that the frame has been spoofed, and it sends the frame to the attacker's VLAN as well, giving the attacker access to the target VLAN.

VLAN Injection:

In a VLAN injection attack, the attacker sends a frame to the switch with a VLAN tag that does not exist on the network. The switch reads the VLAN tag and creates a new VLAN for the frame. The attacker can then use this VLAN to gain unauthorized access to the network.

To prevent VLAN hopping attacks, network administrators should implement VLAN security best practices. These best practices include:

1. Implementing Port Security: Port security can be used to restrict the number of MAC addresses that can be learned on a port. This prevents attackers from spoofing MAC addresses and gaining access to other VLANs.

2. VLAN Access Control Lists (ACLs): VLAN ACLs can be used to restrict traffic between VLANs, preventing attackers from moving between VLANs.

3. VLAN Trunking Protocol (VTP) Security: VTP is a protocol used to manage VLANs on a network. Implementing VTP security prevents unauthorized changes to VLAN configurations.

4. Regular Security Audits: Regular security audits can help network administrators identify vulnerabilities and implement security measures to prevent VLAN hopping attacks.

In conclusion, VLAN hopping is a serious threat to network security that can be exploited by attackers to gain unauthorized access to a network. By implementing VLAN security best practices, network administrators can prevent VLAN hopping attacks and keep their networks secure.