In: Categories » Electronics and communication » Network security » Creating Asynchronous, ISDN, PPP, DDR, Dial Backup, AAA, and Security Labs
|
You can use any Cisco router with an auxiliary port, a rolled RJ-45 cable, an adapter marked "MODEM" (Cisco part number CAB-25AS-MMOD), and any modem that is V.34-capable or better to build this lab. If you have one of the following routers, you can also use a SCSI-II 68-pin async port, an eight-to-one octopus cable, and a 25-pin adapter to build this lab:
The part number for the octopus cable is CAB-OCTAL-KIT. It also includes modem head-shells for any asynchronous devices, such as modems. It might not be feasible to order ISDN lines from your service provider. Getting two physical lines can prove costly, because there is an installation charge for the ISDN circuits, as well as the ongoing call charges as you use and test ISDN within your lab. You still might want to do some research and find out if ISDN cost for your location is reasonable enough for short-term testing. ISDN simulators are also expensive, around $800. You might be able to pick up a secondhand ISDN simulator or even rent one for a couple of months. Investing in an ISDN simulator is definitely worthwhile if you are considering pursuing CCIE certifications such as Routing/Switching and Security in the future. Cisco Secure Access Control Server software can be downloaded for evaluation from the Cisco website. It offers centralized control from a web-based graphical interface to manage AAA functionality. Routers are the basic requirement for the CCNP remote-access lab. Three routers should be enough for you to practice most of the areas covered in the CCNP Building Cisco Remote Access Networks (BCRAN) exam. Ideally, you should look for 2600XM routers. They are Cisco's current product line. They support all the new technologies, such as VoIP and VPN acceleration through hardware, and they also have software support to allow current Cisco IOS software images to be used. These are modular routers that allow a number of different modules to be included. Older routers such as the 2500 and the 4000/4500/4700 might also be an option. These routers are less expensive than the 2600XM models and offer a range of interfaces. Memory restrictions on these models might hinder future proofing when newer processor- and memory-intensive Cisco IOS software releases are introduced. All routers in the lab should have enough DRAM and Flash memory to load and use at least the IP PLUS IPSEC 56 Cisco IOS software feature set. This feature set has all the software functions required for the CCNP remote-access lab, including IPSec.
|
legal disclaimer
1) Our website is not responsible for the information contained by this article as well for any and all copyright infringements by authors and writers. E-articles is a free information resource. If you suspect this article for any copyright infringements, please read the Terms of service and contact us to investigate the problem.
2) The E-articles directory team is not responsible for inaccuracies, falsehoods, or any other types of misinformation this tutorial may contain and will not be liable for any loss or damage suffered by a user through the user's reliance on the information gained here. Please read the Terms of service
Useful tools and features
If you like this article (tutorial), please link to it from your web page using the information above. Linking to this page, this is the only way to help us improve our service, the same time providing your visitors with a way to improve their online experience.
related articles
The article devoted to the proprietary and standards-based improvements for currently vulnerable 802.11 safeguards. The most publicized 802.11 vulnerability is the insecurity of WEP. We have already reviewed the cryptographic weaknesses of WEP linked to the key IV space reuse and insecure key-from-string generation algorithm. There are also well-known WEP key management issues: All symmetric cipher implementations suffer secure key distribution problems. WEP is no exception. In the original design,...
2. Penetration Testing as Your First Line of Defense
It is hard to overemphasize the importance of penetration testing in the overall information security structure and the value of viewing your network through the cracker's eyes prior to further hardening procedures. There are a variety of issues specific to penetration testing on wireless networks. First of all, the penetration tester should be very familiar with RF theory and specific RF security problems (i.e., signal leak and detectability, legal regulations pertaining to the transmitter power output, and characteris...
3. Asymmetric Cryptography
Message authentication using HMACs works just fine, but how do we distribute symmetric cipher keys among the users? We can pass them around on floppies or fancy USB pen-drives with encrypted partitions on them, but what if many users live all over the world? What if the physical key distribution method takes time and the keys must be frequently changed? This is the case with the traditional WEP, which should be rotated every few minutes. Key-encrypting keys (KEKs) were offered as symmetric cipher keys used only to encrypt...
4. Examples and Analysis of Common Wireless Attack Signatures
The best way of knowing these signatures is trying out the tools in question and sniffing out their output: "Attack through defending, defend through attacking" (Dr. Mudge). The best source on wireless network intrusion tool detection and attack signatures we are aware of is Joshua Wright's "Layer 2 Analysis of WLAN Discovery Applications for Intrusion Detection" and "Detecting Wireless LAN MAC Address Spoofing" papers. A large part of this tutorial is inspired by these brilliant articles and our experience of analyzing WLAN tr...
How many IDS solutions that implement the recommendations and follow the guidelines we have already discussed are present on the modern wireless market? The answer is none. There are many wireless IDS solutions that look for illicit MAC addresses and ESSIDs on the monitored WLAN. Some of these solutions are even implemented as specialized hardware devices. Although something is better than nothing, in our opinion such "solutions" are a waste of both money and time. They might also give you a false sense of security. Let's...
6. Hash Functions Their Performance and HMACs
Other widely used hash functions include 128-bit MD5 from RSA Data Security, Inc., which is a very fast and commonly implemented hash. MD5 is traditionally used to encrypt Linux user passwords (hashes start with the "$1$" character), authenticate routing protocols like RIPv2 and OSPF, create checksums of binaries in RPMs, and verify the integrity of Free/OpenBSD ports files. The specifications of MD5 are available in RFC 1321. Host intrusion detection tools like Tripwire (http://www.tripwire.com) use MD5 to take snapshots of a syst...
7. Introduction to Applied Cryptography and Steganography
One can set up a reasonably secure wireless or wired network without knowing which ciphers are used and how the passwords are encrypted. This, however, is not an approach endorsed by us and discussed here. Hacking is about understanding, not blindly following instructions; pressing the buttons without knowing what goes on behind the scenes is a path that leads nowhere. Besides, security and quality of service are tightly interwoven, incorrect selection of the cipher and its implementation method can lead to a secure but sluggish...
8. Streaming Ciphers and Wireless Security
Streaming algorithms were designed to avoid speed and throughput penalties due to the implementation of block symmetric ciphers in CFB and OFB modes when bit-by-bit data encryption is required. Streaming ciphers are based on generating identical keystreams on both encrypting and decrypting sides. The plaintext is XORed with these keystreams to encrypt and decrypt data. To generate the keystream, pseudo-random generators (PRNGs) are used, thus placing stream algorithms somewhere between easy-to-break simple XORing with a predefi...
9. Deploying a Linux Based Custom Built Hardened Wireless Gateway
We have to ensure the security of the gateway that separates our AP or bridge or wireless-connected VLAN from the wired side. Such gateways are nothing more (or less) than a flexible stateful or proxy firewall that treats the interface connected to the WLAN side as an interface connecting the LAN to an insecure public network. The only specific requirement for the gateway is a capability to forward VPN traffic if VPN is implemented on the WLAN. Alternatively, the gateway can be a VPN concentrator if you want to cut s...
10. Wireless attacks at Corporations Small Companies and Home Users
There is a general misconception that only large enterprises are at risk from cracking, wireless cracking included. This is a myth, but it is very prevalent. Large corporations are where the money and sensitive data are. However, every experienced attacker first looks after his or her own safety in regards to future legal responsibility, so he or she would start by looking for an easy target for anonymous access. At the same time, an inexperienced cracker goes for anything "crackable" without considering whose network it is and w...