Cisco has different types of ACLs, below are most used types : 1. Standard ACL The oldest and simplest type is standard ACL – numbers are 1-99, 1300-1999 – wildcard masks are used – filters only based on SRC IP address/network – ACL can work with IP addresses only, no L4-L7 features example : we[…]
Zone Based Firewall. Let’s say we have a router which is connected to Internet, LAN and also is connected to our office Server Farm. It has 3 interfaces and we create 3 zones — INTERNET, LAN, DMZ. We will have to create in total 6 policies: LAN → INTERNET INTERNET → LAN LAN → DMZ[…]
In today world Ddos attacks are often and one of the simplest is TCP SYN flood. Prevent this attack is easy in Cisco environment. Cisco devices have a feature called “tcp intercept”. To prevent TCP Syn attacks on server we can deploy TCP intercept feature on router which is located between Internet and server. What[…]
I’m using NFP concept in designing of security in networks. It consist of 3 elements – protecting of Data plane (forwarding of packets), Control plane (routing protocols management layer), Management plane (access to device, administration layer). Below is a basic mindmap where were put technologies I’m going to explain in further topics. Also it’s needed[…]
I had a small task to connect two branch offices of a customer, one in Cape and second in JHB. Unfortunately JHB is not part of our MPLS network and has two Uplink connections, each 1 Mbps with Serial interfaces. When I was studying for CCNP I got a lot of Serial links tasks but[…]
For proper RDNS work we have to put information about our Reverse Domain and Name server into RIPE (ARIN, AFRINIC) Database. Before this can be done, we must setup our name server. I’m using BIND name server. Each /24 network is present as a single Reverse Domain. For example, you’ve got a /22 IPv4 network, it[…]
First of all I would like to say that BGP configuration on Mikrotik can be made with CLI and Winbox/Webadmin. I recommend to use CLI with BGP, because this protocol contains a lot of routes and display them in Winbox is painful. Let’s assume that our AS number is – AS12345, IP address is – 192.168.255.25,[…]