Tutorial
Physical Layer
Data Link layer
Network Layer
Routing Algorithm
Transport Layer
Application Layer
Network Security
Misc
- Router
- OSI vs TCP/IP
- TCP vs UDP
- Transmission Control Protocol
- TCP port
- IPv4 vs IPv6
- ARP Packet Format
- ARP Table
- Working of ARP
- FTP Client
- FTP Commands
- FTP Server
- I2C Protocol
- Sliding Window Protocol
- SPI Protocol
- IP
- ARP Commands
- ARP
- Address Resolution Protocol
- ARP and its types
- TCP Retransmission
- CAN protocol
- HTTP Status Codes
- HTTP vs HTTPS
- RIP Protocol
- UDP Protocol
- ICMP Protocol
- MQTT protocol
- OSPF Protocol
- Stop and Wait Protocol
- IMAP Protocol
- POP Protocol
- CIFS
- DAS
- DIMM
- iSCSI
- NAS (Network Attached Storage)
- NFS
- NVMe
- SAN
- Border Gateway Protocol
- Go-Back-N ARQ
- RJ Cable
- Difference between Connection-Oriented and Connectionless Service
- CDMA vs. GSM
- What is MAC Address
- Modem vs. Router
- Switch Vs. Router
- USB 2.0 vs 3.0
- Difference between CSMA CA and CSMA CD
- Multiple access protocol- ALOHA, CSMA, CSMA/CA and CSMA/CD
- URI vs URL
- IMAP vs. POP3
- SSH Meaning| SSH Protocol
- UTP vs STP
- Status Code 400
- MIME Protocol
- IP address
- proxy server
- How to set up and use a proxy server
- network security
- WWW is based on which model
- Proxy Server List
- Fundamentals of Computer Networking
- IP Address Format and Table
- Bus topology and Ring topology
- Bus topology and Star topology
- Circuit Switching and Packet switching?
- Difference between star and ring topology
- Difference between Router and Bridge
- TCP Connection Termination
- Image Steganography
- Network Neutrality
- Onion Routing
- Adaptive security appliance (ASA) features
- Relabel-to-front Algorithm
- Types of Server Virtualization in Computer Network
- Access Lists (ACL)
- What is a proxy server and how does it work
- Digital Subscriber Line (DSL)
- Operating system based Virtualization
- Context based Access Control (CBAC)
- Cristian's Algorithm
- Service Set Identifier (SSID)
- Voice over Internet Protocol (VoIP)
- Challenge Response Authentication Mechanism (CRAM)
- Extended Access List
- Li-fi vs. Wi-fi
- Reflexive Access List
- Synchronous Optical Network (SONET)
- Wifi protected access (WPA)
- Wifi Protected Setup (WPS)
- Standard Access List
- Time Access List
- What is 3D Internet
- 4G Mobile Communication Technology
- Types of Wireless Transmission Media
- Best Computer Networking Courses
- Data Representation
- Network Criteria
- Classful vs Classless addressing
- Difference between BOOTP and RARP in Computer Networking
- What is AGP (Accelerated Graphics Port)
- Advantages and Disadvantages of Satellite Communication
- External IP Address
- Asynchronous Transfer Mode (ATM)
- Types of Authentication Protocols
- What is a CISCO Packet Tracer
- BOOTP work
- Subnetting in Computer Networks
- Mesh Topology Advantages and Disadvantages
- Ring Topology Advantages and Disadvantages
- Star Topology Advantages and Disadvantages
- Tree Topology Advantages and Disadvantages
- Zigbee Technology-The smart home protocol
- Network Layer in OSI Model
- Physical Layer in OSI Model
- Data Link Layer in OSI Model
- Internet explorer shortcut keys
- Network Layer Security | SSL Protocols
- Presentation Layer in OSI Model
- Session Layer in OSI Model
- SUBNET MASK
- Transport Layer Security | Secure Socket Layer (SSL) and SSL Architecture
- Functions, Advantages and Disadvantages of Network Layer
- Protocols in Noiseless and Noisy Channel
- Advantages and Disadvantages of Mesh Topology
- Cloud Networking - Managing and Optimizing Cloud-Based Networks
- Collision Domain and Broadcast Domain
- Count to Infinity Problem in Distance Vector Routing
- Difference Between Go-Back-N and Selective Repeat Protocol
- Difference between Stop and Wait, GoBackN, and Selective Repeat
- Network Function Virtualization (NFV): transforming Network Architecture with Virtualized Functions
- Network-Layer Security | IPSec Modes
- Next - Prev Network-Layer Security | IPSec Protocols and Services
- Ping vs Traceroute
- Software Defined Networking (SDN): Benefits and Challenges of Network Virtualization
- Software Defined Networking (SDN) vs. Network Function Virtualization (NFV)
- Virtual Circuits vs Datagram Networks
- BlueSmack Attack in Wireless Networks
- Bluesnarfing Attack in Wireless Networks
- Direct Sequence Spread Spectrum
- Warchalking in Wireless Networks
- WEP (Wired Equivalent Privacy)
- Wireless security encryption
- Wireless Security in an Enterprise
- Quantum Networking
- Network Automation
- Difference between MSS and MTU
- What is MTU
- Mesh Networks: A decentralized and Self-Organizing Approach to Networking
- What is Autonomous System
- What is MSS
- Cyber security & Software security
- Information security & Network security.
- Security Engineer & Security Architect
- Protection Methods for Network Security
- Trusted Systems in Network Security
- What are Authentication Tokens in Network security
- Cookies in Network Security
- Intruders in Network Security
- Network Security Toolkit (NST) in virtual box
- Pivoting-Moving Inside a Network
- Security Environment in Computer Networks
- Voice Biometric technique in Network Security
- Advantages and Disadvantages of Conventional Testing
- Difference between Kerberos and LDAP
- Cyber security and Information Security
- GraphQL Attacks and Security
- Application Layer in OSI Model
- Applications of Remote Sensing
- Seven Layers of IT Security
- What is Ad Hoc TCP
- What is Server Name Indication(SNI)
Context based Access Control (CBAC)
Access-lists (ACL) have recently been used for packet filtering and protection. ACL operates using the administrator's list of rules in order. The regulations include a number of permit and deny requirements. The only drawback of ACL is that it only filters traffic at the transport layer.
Therefore, a Cisco router with the appropriate IOS version is used for low-cost firewall functionality. There are two ways to implement an IOS-based firewall:
- Features of Context Based Access Control (CBAC).
- Firewall based on zones.
Context access based control (CBAC) -
In contrast to how ACLs protect and filter traffic at the transport layer, CBAC extends that protection to the application layer. The router can function as a firewall with CBAC configuration.
Working -
While CBAC only functions as a reflexive Access-list, it also keeps a state table where the sessions are stored in memory. A dynamic entry is added to the state table and outbound (going out) traffic is permitted to pass through the router when a session is started by a device within the network (IoS based firewall). As the router (an IoS-based firewall) has an entry for traffic initiated within the network, it can pass the reply of outbound traffic with the aid of this entry. The IoS-based firewall CBAC mechanism accomplishes this by temporarily opening gaps in the access list (applied to the inbound traffic) to let reply packets through.
ACLs are a set of rules for regulating network traffic and minimising network attacks. Using a set of rules specified for the network's incoming or outgoing traffic, ACLs are used to filter traffic.
Features -
The CBAC has some features, including:
- Examining traffic: CBAC keeps track of the TCP/UDP information required for more thorough packet payload inspection.
- Traffic filtering: CBAC only permits replies if they have an entry in the state table. It filters traffic that originates from trusted networks and leaves the firewall. It is capable of layer 7 intelligent traffic filtering.
- Intrusion detection: To identify attacks like Dos attacks and TCP syn attacks, the CBAC looks at the speed at which the connection was established. Based on this, the CBAC mechanism has the ability to either drop or reestablish a connection in response to malicious packets.
- Creating alerts and audits: The router's CBAC mechanism records data about connections made, the amount of data sent, and the IP addresses of the source and destination.
Configuration -
There are three routers: router1 (10.1.1.1/24 on fa0/0), router2 (10.1.1.2/24 on fa0/0 and 10.1.2.1/24 on fa0/1) and router3 (10.1.2.2/24). To enable pinging between routers, we will first assign routes via EIGRP to every router.
Following that, we will configure router 3 as an ssh server, and router 2 (on which CBAC will be running) will only permit traffic after it has been examined by router 2.
Setting up EIGRP on router 1 initially:
- router1(config)#router eigrp 100
- router1(config-router)#network 10.1.1.0
- router1(config-router)#no auto-summary
Next, set up EIGRP on router 2 to connect to other networks:
- router2(config)#router eigrp 100
- router2(config-router)#network 10.1.1.0
- router2(config-router)#network 10.1.2.0
- router2(config-router)#no auto-summary
Now, configuring eigrp on router3:
- router3(config)#router eigrp 100
- router3(config-router)#network 10.1.2.0
- router3(config-router)#no auto-summary
We will now set up SSH on router 3:
- router3(config)#ip domain name GeeksforGeeks.com
- router3(config)#username saurabh password cisco
- router3(config)#line vty 0 4
- router3(config-line)#transport input ssh
- router3(config-line)#login local
- router3(config)#crypto key generate rsa label Cisco.com modulus 1024
On router 2, we will now create an Access-list through which we will block all traffic aside from EIGRP because EIGRP ensures that all routers can still communicate with one another.
- router2(config)#ip Access-list extended 100
- router2(config-ext-nacl)#permit eigrp any any
- router2(config-ext-nacl)#deny ip any any
Applying it now to the user interface:
- router2(config)#int fa0/1
- router2(config-if)#ip access-group 100 in
Now that we have applied access-list, which will only accept Eigrp packets and deny all other packets, router1 will no longer be able to ssh router3.
Now, set up CBAC on router 2 to examine ssh traffic (Only traffic that will be examined by the IoS router operating CBAC will be permitted.)
- router2(config)#!cbac
- router2(config)#ip inspect name Cisco ssh
While the second command will examine the ssh traffic, the first command (!cbac) will enable the cbac feature.
Now, examining the interface through inspection
- router2(config)#int fa0/1
- router2(config-if)#ip inspect cisco out
Now that the ssh packet has been examined by router2 before leaving the outbound (fa0/1) interface, router1 will be able to ssh router3 (as we have configured).
This is corroborated by:
- router2#show ip inspect all
Note: Because we only want traffic coming from outside the network that was started by the inside network, Access-list has been applied inbound and CBAC has been applied out (10.1.1.1). To temporarily allow return packets to pass through the Access-list applied to the interface (into fa0/1) when CBAC is applied outbound, temporary holes are created on the ACL.
Limitations -
Some of the cbac mechanisms' drawbacks include:
- Because it requires in-depth knowledge of the protocols and operations we want to carry out, CBAC is not easy to understand.
- The CBAC mechanism is unable to inspect traffic that originates from the router (on which CBAC has been configured).
- No support for stateful table fail over. As a CBAC firewall, another redundant router can be used if one fails, but because the state table cannot be duplicated, it must be rebuilt, which requires rebuilding some connections.
- Unlike IPsec, it does not inspect encrypted packets.