Muutke küpsiste eelistusi

Network Attacks and Defenses: A Hands-on Approach [Kõva köide]

(United Arabs Emirates University, Al-Ain), (University of Waterloo, Ontario, Canada), (United Arabs Emirates University, Al-Ain), (University of Adelaide, Australia)
  • Formaat: Hardback, 475 pages, kõrgus x laius: 234x156 mm, kaal: 793 g, 36 Tables, black and white; 527 Illustrations, black and white
  • Ilmumisaeg: 29-Oct-2012
  • Kirjastus: Auerbach
  • ISBN-10: 1466517948
  • ISBN-13: 9781466517943
Teised raamatud teemal:
Network Attacks and Defenses: A Hands-on ApproachSuurem pilt
  • Formaat: Hardback, 475 pages, kõrgus x laius: 234x156 mm, kaal: 793 g, 36 Tables, black and white; 527 Illustrations, black and white
  • Ilmumisaeg: 29-Oct-2012
  • Kirjastus: Auerbach
  • ISBN-10: 1466517948
  • ISBN-13: 9781466517943
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781466517943.html
Märksõnad:

The attacks on computers and business networks are growing daily, and the need for security professionals who understand how malfeasants perform attacks and compromise networks is a growing requirement to counter the threat. Network security education generally lacks appropriate textbooks with detailed, hands-on exercises that include both offensive and defensive techniques. Using step-by-step processes to build and generate attacks using offensive techniques, Network Attacks and Defenses: A Hands-on Approach enables students to implement appropriate network security solutions within a laboratory environment.

Topics covered in the labs include:

  • Content Addressable Memory (CAM) table poisoning attacks on network switches
  • Address Resolution Protocol (ARP) cache poisoning attacks
  • The detection and prevention of abnormal ARP traffic
  • Network traffic sniffing and the detection of Network Interface Cards (NICs) running in promiscuous mode
  • Internet Protocol-Based Denial-of-Service (IP-based DoS) attacks
  • Reconnaissance traffic
  • Network traffic filtering and inspection
  • Common mechanisms used for router security and device hardening
  • Internet Protocol Security Virtual Private Network (IPsec VPN) security solution protocols, standards, types, and deployments
  • Remote Access IPsec VPN security solution architecture and its design, components, architecture, and implementations

These practical exercises go beyond theory to allow students to better anatomize and elaborate offensive and defensive techniques. Educators can use the model scenarios described in this book to design and implement innovative hands-on security exercises. Students who master the techniques in this book will be well armed to counter a broad range of network security threats.

Introduction xxv
1 Switch's CAM Table Poisoning Attack
1(16)
1.1 Introduction
1(2)
1.2 Lab Exercise 1.1: Switch's CAM Table Poisoning
3(7)
1.2.1 Outcome
3(1)
1.2.2 Description
3(2)
1.2.3 Experiment
5(1)
1.2.3.1 Step 1: Assign Static IP Addresses to the Network Hosts
5(1)
1.2.3.2 Step 2: View the Contents of the CAM Table
6(2)
1.2.3.3 Step 3: Generate a Malicious Packet to Corrupt the CAM Table
8(1)
1.2.3.4 MAC Flood Attack for Traffic Sniffing
9(1)
1.3 Lab Exercise 1.2: Prevention of CAM Table Poisoning Attack
10(5)
1.3.1 Outcome
10(1)
1.3.2 Description
10(1)
1.3.3 Experiment
11(1)
1.3.3.1 Step 1: Assign Static IP Addresses to the Network's Hosts
11(1)
1.3.3.2 Step 2: Configure the Restrict Mode Security Port in the Switch
11(1)
1.3.3.3 Step 3: Generate a Malicious Packet to Corrupt the CAM Table
12(2)
1.3.3.4 Step 4: Configure the Shutdown Mode Security Port in the Switch
14(1)
1.4
Chapter Summary
15(2)
2 ARP Cache Poisoning-Based MiM and DoS Attacks
17(28)
2.1 Introduction
17(3)
2.1.1 Address Resolution Protocol (ARP)
17(1)
2.1.2 ARP Cache
18(2)
2.2 Lab 2.1: ARP Cache Poisoning Attack
20(8)
2.2.1 Outcome
20(1)
2.2.2 Description
20(1)
2.2.3 Static ARP Cache Update
21(4)
2.2.4 Experiment
25(1)
2.2.4.1 Network Architecture
25(1)
2.2.4.2 Step 1: Assign Static IP Addresses to the Network's Hosts
26(1)
2.2.4.3 Step 2: View the ARP Caches of the Hosts
26(1)
2.2.4.4 Build a Malicious ARP Request Packet to Corrupt a Target Host's ARP Cache
26(2)
2.3 Lab 2.2: DoS Attack Based on ARP Cache Poisoning
28(5)
2.3.1 Outcome
28(1)
2.3.2 DoS Attack Based on ARP Cache Poisoning
28(2)
2.3.3 Experiment
30(1)
2.3.3.1 Step 1: Assign Static IP Addresses to the Network's Hosts
30(1)
2.3.3.2 Step 2: View Host A's ARP Cache
30(1)
2.3.3.3 Step 3: Build the Malicious ARP Request Packet
31(1)
2.3.3.4 Step 4: Test the DoS Attack
32(1)
2.4 Lab 2.3: MiM Attack Based on ARP Cache Poisoning
33(11)
2.4.1 Outcome
33(1)
2.4.2 MiM Attack Based on ARP Cache Poisoning
33(3)
2.4.3 Experiment
36(1)
2.4.3.1 Step 1: Assign Static IP Addresses to the Network's Hosts
37(1)
2.4.3.2 Step 2: Enable IP Routing at Host C
37(2)
2.4.3.3 Step 3: View the ARP Caches of Host A and Host B
39(1)
2.4.3.4 Step 4: Build Two Malicious ARP Request Packets
39(2)
2.4.3.5 Step 5: Test the MiM Attack
41(1)
2.4.3.6 Step 6: Sniff and Analyze the Traffic between Hosts A and B
41(3)
2.5
Chapter Summary
44(1)
3 Abnormal ARP Traffic Detection and Prevention
45(44)
3.1 Introduction
45(1)
3.2 Abnormal ARP Packets
46(5)
3.3 Experiments
51(7)
3.3.1 Cross-Layers ARP Inspection
55(1)
3.3.2 ARP Stateful Inspection
55(1)
3.3.3 ARP Request Storm and ARP Scan
56(1)
3.3.3.1 ARP Request Storm
56(1)
3.3.3.2 ARP Scan
56(1)
3.3.4 Experimental Results Analysis
57(1)
3.4 Lab 3.1: Abnormal ARP Traffic Detection
58(11)
3.4.1 Outcome
58(1)
3.4.2 XArp 2 Detection Tool
58(1)
3.4.3 Experiment
59(1)
3.4.3.1 Network Architecture
59(1)
3.4.3.2 Step 1: Assign Static IP Addresses to the Network's Hosts
60(1)
3.4.3.3 Step 2: Install the XArp 2 Tool
60(1)
3.4.3.4 Step 3: Configure a SPAN Port in the Cisco Switch
61(1)
3.4.3.5 Step 4: Generate and Detect Abnormal ARP Packets
61(8)
3.5 Lab 3.2: Abnormal ARP Traffic Prevention Using Dynamic ARP Inspection for a Non-DHCP Network Environment
69(13)
3.5.1 Outcome
69(1)
3.5.2 Dynamic ARP Inspection
69(1)
3.5.3 Experiment
70(1)
3.5.3.1 Network Architecture
70(1)
3.5.3.2 Step 1: Assign Static IP Addresses to the Network's Hosts
71(1)
3.5.3.3 Step 2: Configure Dynamic ARP Inspection for a Non-DHCP Environment in a Cisco Catalyst 3560 Switch
71(3)
3.5.3.4 Step 3: Generate and Prevent Abnormal ARP Packets
74(8)
3.6 Lab 3.3: Abnormal ARP Traffic Prevention Using Dynamic ARP Inspection and DHCP Snooping for a DHCP Environment
82(6)
3.6.1 Outcome
82(1)
3.6.2 DHCP Snooping
82(1)
3.6.3 Experiment
83(1)
3.6.3.1 Network Architecture
83(1)
3.6.3.2 Step 1: Enable DHCP Snooping
84(1)
3.6.3.3 Step 2: Configure Dynamic ARP Inspection for a DHCP Environment
85(1)
3.6.3.4 Step 3: Generate and Prevent Abnormal ARP Packet
86(2)
3.7
Chapter Summary
88(1)
4 Network Traffic Sniffing and Promiscuous Mode Detection
89(28)
4.1 Introduction
89(5)
4.2 Lab 4.1: Promiscuous Mode Detection
94(22)
4.2.1 Outcome
94(1)
4.2.2 Description
94(1)
4.2.3 Tests
95(6)
4.2.4 Promiscuous Mode Detection Tools
101(2)
4.2.5 Experiment
103(1)
4.2.6 Network Architecture
103(1)
4.2.7 Experiment
103(1)
4.2.7.1 Step 1: Assign Static IP Addresses to the Network's Hosts
103(1)
4.2.7.2 Step 2: Run Host B's NIC in Promiscuous Mode
104(1)
4.2.7.3 Step 3: Generate Trap ARP Request Packets
104(2)
4.2.7.4 Step 4: Analyze the ARP Response Packets
106(4)
4.2.8 Wireless Network Sniffing
110(1)
4.2.8.1 WEP Key Cracking and Network Traffic Decryption
111(5)
4.3
Chapter Summary
116(1)
5 IP-Based Denial-of-Service Attacks
117(34)
5.1 Introduction
117(3)
5.1.1 Distributed Denial-of-Service (DDoS) Attack
118(2)
5.2 Lab 5.1: Land Attack
120(6)
5.2.1 Outcome
120(1)
5.2.2 Description
120(1)
5.2.3 Experiment
120(1)
5.2.3.1 Step 1: Configure the Network Interfaces in the Juniper Networks Device
121(1)
5.2.3.2 Step 2: Set the Security Policies (Filtering Rules)
122(1)
5.2.3.3 Step 3: Enable Protection against the Land Attack
122(1)
5.2.3.4 Step 4: Build Land Attack Packets
123(1)
5.2.3.5 Step 5: Sniff the Generated Traffic
124(1)
5.2.3.6 Step 6: View Results in the Log File of the Juniper Networks Device
125(1)
5.3 Lab 5.2: SYN Flood Attack
126(7)
5.3.1 Outcome
126(1)
5.3.2 Description
126(1)
5.3.3 Experiment
127(1)
5.3.3.1 Step 3: Enable Protection against the SYN Flood Attack
128(1)
5.3.3.2 Step 4: Build SYN Flood Attack Packets
128(3)
5.3.3.3 Step 5: Sniff the Generated Traffic
131(1)
5.3.3.4 Step 6: View Results in the Log File of the Juniper Networks Device
132(1)
5.4 Lab 5.3: Teardrop Attack
133(5)
5.4.1 Outcome
133(1)
5.4.2 Description
133(1)
5.4.3 Experiment
134(1)
5.4.3.1 Step 3: Enable Protection against the Teardrop Attack
134(1)
5.4.3.2 Step 4: Build Teardrop Attack Packets
135(2)
5.4.3.3 Step 5: View Results in the Log File of the Juniper Networks Device
137(1)
5.5 Lab 5.4: UDP Flood Attack
138(6)
5.5.1 Outcome
138(1)
5.5.2 Description
138(1)
5.5.3 Experiment
139(1)
5.5.3.1 Step 3: Enable Protection against the UDP Flood Attack
139(1)
5.5.3.2 Step 4: Build UDP Flood Attack Packets
140(2)
5.5.3.3 Step 5: Sniff the Generated Traffic
142(1)
5.5.3.4 Step 6: View Results in the Log File of the Juniper Networks Device
143(1)
5.6 Lab 5.5: Abnormal IP Packets
144(5)
5.6.1 Outcome
144(1)
5.6.2 Description
144(1)
5.6.2.1 ICMP Fragmented Packet
144(1)
5.6.2.2 Large ICMP Packet
145(1)
5.6.2.3 Unknown Protocol Packet
145(1)
5.6.3 Experiment
145(1)
5.6.3.1 Step 3: Enable Protection against the Three Abnormal Packets
146(1)
5.6.3.2 Step 4: Generate the Three Abnormal Packets
147(2)
5.6.3.3 Step 5: View Results in the Log File of the Juniper Networks Device
149(1)
5.7
Chapter Summary
149(2)
6 Reconnaissance Traffic
151(30)
6.1 Introduction
151(2)
6.2 Lab 6.1: IP Address Sweeping
153(3)
6.2.1 Outcome
153(1)
6.2.2 Description
153(1)
6.2.3 Experiment
153(1)
6.2.3.1 Step 3: Enable Protection against IP Address Sweeping
154(1)
6.2.3.2 Step 4: Perform IP Address Sweeping
155(1)
6.2.3.3 Step 5: Sniff the Generated Traffic
155(1)
6.2.3.4 Step 6: View Results in the Log File of the Juniper Networks Device
156(1)
6.3 Lab 6.2: TCP Port Scanning
156(5)
6.3.1 Outcome
156(1)
6.3.2 Description
157(1)
6.3.3 Experiment
158(1)
6.3.3.1 Enable Protection against Port Scanning
158(1)
6.3.3.2 Step 4: Perform TCP Port Scanning
159(1)
6.3.3.3 Step 5: Sniff the Generated Traffic
160(1)
6.3.3.4 Step 6: View Results in the Log File of the Juniper Networks Device
161(1)
6.4 Lab 6.3: Remote Operating System Identification
161(9)
6.4.1 Outcome
161(1)
6.4.2 Description
161(1)
6.4.2.1 NetScanTools Pro
162(1)
6.4.2.2 Nmap Tool
163(2)
6.4.3 Experiment
165(2)
6.4.3.1 Step 3: Enable Protection against the Three TCP Packets
167(1)
6.4.3.2 Step 4: Generate the Three TCP Probe Packets
167(1)
6.4.3.3 Step 5: Sniff the Generated Traffic
167(2)
6.4.3.4 Step 6: View Results in the Log File of the Juniper Networks Device
169(1)
6.5 Lab 6.4: Traceroute
170(9)
6.5.1 Outcome
170(1)
6.5.2 Description
171(2)
6.5.3 Preventing Techniques
173(1)
6.5.3.1 Experiment 6.4.1: Analyze Traffic Generated by the Tracert Command
174(3)
6.5.3.2 Experiment 6.4.2: Deny Traceroute Traffic
177(2)
6.6
Chapter Summary
179(2)
7 Packet Filtering and Inspection
181(92)
7.1 Introduction
181(1)
7.2 Lab 7.1: Basic Packet Filtering
182(9)
7.2.1 Outcome
182(1)
7.2.2 Basic Packet Filtering
183(1)
7.2.3 Experiment
184(1)
7.2.4 Network Architecture
184(1)
7.2.5 Experiment Steps
185(1)
7.2.5.1 Step 1: Configure the Network Interfaces in the Juniper Networks Device
185(1)
7.2.5.2 Step 2: Set Up Web, FTP, and Telnet Servers
185(2)
7.2.5.3 Step 3: Implement Filtering Rules for Security Policies
187(3)
7.2.5.4 Step 4: Test the Filtering Rules and View the Results in the Log File of the Juniper Networks Device
190(1)
7.3 Lab 7.2: Nonstandard Services Filtering
191(6)
7.3.1 Outcome
191(1)
7.3.2 Nonstandard Services Filtering
191(1)
7.3.3 Experiment
192(1)
7.3.4 Network Architecture
193(1)
7.3.5 Experiment Steps
193(1)
7.3.5.1 Step 1: Configure the Network Interfaces in the Juniper Networks Device
193(1)
7.3.5.2 Step 2: Set Up a Nonstandard Web Server Running on Port 3000
193(1)
7.3.5.3 Step 3: Create a Nonstandard Service Profile in the Juniper Networks Device
194(1)
7.3.5.4 Step 4: Implement Filtering Rules to Filter Traffic Targeting the Nonstandard Service
195(1)
7.3.5.5 Step 5: Test the Filtering Rules and View the Results in the Event Log of the Juniper Networks Device
196(1)
7.4 Lab 7.3: Consistency and Efficiency Verification of Firewall Filtering Rules
197(14)
7.4.1 Outcome
197(1)
7.4.2 Consistency and Efficiency of Filtering Rules
197(4)
7.4.3 Importance of the Filtering Rules Order
201(2)
7.4.4 Experiment: Juniper Networks Device
203(1)
7.4.5 Network Architecture
203(1)
7.4.6 Experiment Steps
203(1)
7.4.6.1 Step 1: Configure the Network Interfaces in the Juniper Networks Device
203(1)
7.4.6.2 Step 2: Implement Inconsistent and Inefficient Filtering Rules
204(1)
7.4.6.3 Step 3: Verify the Consistency and Efficiency of the Filtering Rules
204(1)
7.4.7 Experiment: FirePAC Tool
205(1)
7.4.8 Experiment Steps
205(1)
7.4.8.1 Step 1: Acquire the Firewall Configuration File
206(1)
7.4.8.2 Step 2: Verify the Consistency and Efficiency of the Filtering Rules
207(1)
7.4.8.3 Step 3: Analysis of the FirePAC Tool's Findings
207(4)
7.5 Lab 7.4: Packet Content Filtering
211(13)
7.5.1 Outcome
211(1)
7.5.2 Packet Content Filtering
211(2)
7.5.3 Experiment
213(1)
7.5.4 Network Architecture
214(1)
7.5.5 Experiment Steps
214(1)
7.5.5.1 Step 1: Configure the Network Interfaces in the Juniper Networks Device
215(1)
7.5.5.2 Step 2: Set Up Web, FTP, and E-Mail Servers
215(1)
7.5.5.3 Step 3: Implement Filtering Rules for Security Policies
215(3)
7.5.5.4 Step 4: Test the Filtering Rules and View the Results in the Log File of the Juniper Networks Device
218(6)
7.6 Lab 7.5: Stateless versus Stateful Packet Filtering
224(21)
7.6.1 Outcome
224(1)
7.6.2 Security Issues with Stateless Packet Filtering
224(6)
7.6.3 Stateful TCP Packet Filtering
230(2)
7.6.4 Stateful UDP Packet Filtering
232(2)
7.6.5 Stateful ICMP Packet Filtering
234(3)
7.6.6 Experiment
237(1)
7.6.7 Network Architecture
237(1)
7.6.8 Experiment Steps
238(1)
7.6.8.1 Part 1: Stateful TCP Packet Filtering Testing
238(4)
7.6.9 Part 2: Stateful ICMP Packet Filtering Testing
242(3)
7.7 Lab 7.6: Active and Passive FTP Modes
245(26)
7.7.1 Outcome
245(1)
7.7.2 Active and Passive FTP Modes
246(1)
7.7.2.1 Active FTP Mode
246(1)
7.7.2.2 Active FTP Traffic Filtering
247(1)
7.7.2.3 Filtering Rules Implementation for Active FTP Traffic
248(5)
7.7.2.4 Security Issue with Active FTP Mode
253(1)
7.7.3 Passive FTP Mode
253(1)
7.7.3.1 Passive FTP Traffic Filtering
254(2)
7.7.3.2 Filtering Rules Implementation for Passive FTP Traffic
256(2)
7.7.3.3 Security Issue with the Passive FTP Mode
258(2)
7.7.4 Experiment: Active FTP Traffic Sniffing and Analysis
260(1)
7.7.5 Network Architecture
260(1)
7.7.6 Experiment Steps---Part 1: Active FTP Session
260(1)
7.7.6.1 Step 1: Connect to the FTP Server Using the Active FTP Mode and Sniff the Session Packets
261(1)
7.7.6.2 Step 2: Analyze the Active FTP Session Packets
261(4)
7.7.7 Experiment Steps---Part 2: Passive FTP Mode
265(1)
7.7.7.1 Step 1: Configure LeapFTP as a Passive FTP Client
265(1)
7.7.7.2 Step 2: Connect to the FTP Server and Sniff the Session Packets
266(1)
7.7.7.3 Step 3: Analyze the Passive FTP Session Packets
266(5)
7.8
Chapter Summary
271(2)
8 Router Security
273(52)
8.1 Introduction
273(2)
8.2 Lab 8.1: AAA Model Basics
275(11)
8.2.1 Outcome
275(1)
8.2.2 Description
275(2)
8.2.3 Experiment
277(1)
8.2.4 Network Architecture
277(1)
8.2.5 Experiment Steps
277(1)
8.2.5.1 Step 1: Basic Router Set-Up Commands
278(1)
8.2.5.2 Step 2: Configure the Loopback Interface
279(1)
8.2.5.3 Step 3: Console Default Authentication and Authorization
280(1)
8.2.5.4 Step 4: VTY (Telnet) Default Authentication and Authorization
280(1)
8.2.5.5 Step 5: Configure the AAA Model: Authentication
281(1)
8.2.5.6 Step 6: Apply Authentication to VTY
281(1)
8.2.5.7 Step 7: Apply Authentication to the Console
282(1)
8.2.5.8 Step 8: Test the Console and Telnet Authentication
282(1)
8.2.5.9 Step 9: Configure the AAA Model: Authorization
283(1)
8.2.5.10 Step 10: Apply Authorization to VTY
283(1)
8.2.5.11 Step 11: Apply Authorization to the Console
284(1)
8.2.5.12 Step 12: Test the Console and Telnet Authorization
284(1)
8.2.5.13 Step 13: Configure Console Logging
285(1)
8.3 Lab 8.2: Secure Network Services
286(17)
8.3.1 Outcome
286(1)
8.3.2 Description
286(2)
8.3.3 Experiment
288(1)
8.3.4 Network Architecture
288(1)
8.3.5 Experiment Steps
289(1)
8.3.5.1 Step 1: Initialization of the PC and Router
289(2)
8.3.5.2 Step 2: Sniff ICMP Traffic
291(2)
8.3.5.3 Step 3: Sniff Telnet Traffic
293(4)
8.3.5.4 Step 4: Sniff SSH Traffic
297(2)
8.3.5.5 Step 5: Sniff HTTP Traffic
299(2)
8.3.5.6 Step 6: Sniff HTTPS Traffic
301(2)
8.4 Lab 8.3: Packet Filtering on a Border Router
303(20)
8.4.1 Outcome
303(1)
8.4.2 Description
303(2)
8.4.3 Experiment
305(1)
8.4.4 Network Architecture
305(1)
8.4.5 Experiment Steps
305(1)
8.4.5.1 Step 1: Basic Router Set-Up Commands
306(1)
8.4.5.2 Step 2: Enable Buffered Logging at the Debug Level
306(1)
8.4.5.3 Step 3: Initialize Routers and PCs: IPs and Hostnames
307(4)
8.4.5.4 Step 4: Run Dynamic Routing: OSPF Area 0 with Redistribution
311(4)
8.4.5.5 Step 5: Run HTTP and Telnet Servers on Both Routers
315(3)
8.4.5.6 Step 6: Implement the Security Policies on Border Router FW
318(2)
8.4.5.7 Step 7: Test the Security Policies Created in Step 6
320(3)
8.5
Chapter Summary
323(2)
9 Site-to-Site VPN Tunnel Implementation against Eavesdropping Attacks
325(42)
9.1 Introduction
325(4)
9.1.1 IKE Protocol Phases
327(1)
9.1.2 IPsec Modes
328(1)
9.1.3 IPsec Protocols
328(1)
9.1.4 VPN Types
328(1)
9.2 Lab 9.1: Site-to-Site VPN --- First Implementation
329(24)
9.2.1 Outcome
329(1)
9.2.2 Description
330(1)
9.2.3 Experiment
330(1)
9.2.3.1 Step 1: Reset the Firewall to the Default Setting
331(1)
9.2.3.2 Step 2: Assign IP Addresses of the Machines and the Firewall Interfaces for Both Sites
332(6)
9.2.3.3 Step 3: Assign the Network IP Addresses of the Two LANs (Al-Ain and Dubai) for Both Sites
338(3)
9.2.3.4 Step 4: Configure the VPN from the Al-Ain Site to the Dubai Site, and Vice Versa
341(5)
9.2.3.5 Step 5: Route from the Al-Ain Site to the Dubai Site Gateway, and Vice Versa
346(2)
9.2.3.6 Step 6: Set the Policies for Both Sites
348(3)
9.2.3.7 Step 7: Ping from Al-Ain to Dubai, and Vice Versa, to Test VPN Tunnel Establishment
351(1)
9.2.3.8 Step 8: Verify VPN Tunnel Establishment
351(2)
9.3 Lab 9.2: Site-to-Site VPN --- Second Implementation
353(12)
9.3.1 Outcome
353(1)
9.3.2 Description
353(1)
9.3.3 Experiment
353(1)
9.3.3.1 Step 1: Reset the Firewall to the Default Setting for Both Sites
354(1)
9.3.3.2 Step 2: Assign IP Addresses to the Machines and the Firewall Interface for Both Sites
355(1)
9.3.3.3 Step 3: Define the Traffic That Must Be Protected
356(1)
9.3.3.4 Step 4: Create a Static Route from the Al-Ain Site to the Dubai Site, and Vice Versa
357(1)
9.3.3.5 Step 5: Enable IKE Protocol at Both Sites
357(1)
9.3.3.6 Step 6: Define the Phase 1 Parameters of IKE
358(1)
9.3.3.7 Step 7: Define the Pre-Shared Key That Will Be Used by Both Sites
358(1)
9.3.3.8 Step 8: Define the IKE Phase 2 Parameters of the IPsec Protocol
359(1)
9.3.3.9 Step 9: Bind the Parameters of the Two Phases with Each Other
359(1)
9.3.3.10 Step 10: Apply the Crypto Map on the Outside Interface (GigabitEthernet 0/0)
360(1)
9.3.3.11 Step 11: Ping from the Al-Ain Site to the Dubai Site, and Vice Versa
360(1)
9.3.3.12 Step 12: Study the Parameters That Are Set in the Security Association
361(4)
9.4
Chapter Summary
365(2)
10 Remote Access VPN Tunnel Implementation against Eavesdropping Attacks
367(54)
10.1 Introduction
367(2)
10.2 Lab 10.1: Remote Access VPN --- First Implementation
369(23)
10.2.1 Outcome
369(1)
10.2.2 Description
369(1)
10.2.3 Experiment
370(1)
10.2.3.1 Step 1: Reset the Firewall to the Default Setting
371(1)
10.2.3.2 Step 2: Assign IP Addresses to the Machines and the Firewall Interface
371(4)
10.2.3.3 Step 3: Create Users
375(3)
10.2.3.4 Step 4: Configure the Phase 1 Proposal
378(2)
10.2.3.5 Step 5: Configure the Phase 2 Proposal
380(1)
10.2.3.6 Step 6: Create the Security Policy
381(1)
10.2.3.7 Step 7: Configure the Juniper NetScreen Remote VPN Client and Test the Connectivity
382(9)
10.2.3.8 Step 8: Verify VPN Tunnel Establishment
391(1)
10.3 Lab 10.2: Remote Access VPN --- Second Implementation
392(27)
10.3.1 Outcome
392(1)
10.3.2 Description
392(1)
10.3.3 Experiment
392(2)
10.3.3.1 Step 1: Reset the Firewall to the Default Setting
394(1)
10.3.3.2 Step 2: Assign IP Addresses to the Machines and the Firewall Interfaces
394(3)
10.3.3.3 Step 3: Choose the VPN Tunnel Type That Is Remote Access and Select the Remote Access Clients
397(2)
10.3.3.4 Step 4: Specify the VPN Tunnel Group Name and Authentication Method
399(1)
10.3.3.5 Step 5: Configure User Accounts
400(1)
10.3.3.6 Step 6: Configure the Pool of Addresses
401(1)
10.3.3.7 Step 7: Configure the Client Attributes
401(1)
10.3.3.8 Step 8: Configure the IKE Policy
402(1)
10.3.3.9 Step 9: Configure IPsec Encryption and Authentication Parameters
402(1)
10.3.3.10 Step 10: Address Translation Exception and Split Tunneling
403(1)
10.3.3.11 Step 11: Install Cisco VPN Client Software
404(1)
10.3.3.12 Step 12: Launch the Software and Test the Connectivity
405(5)
10.3.3.13 Step 13: Verify VPN Tunnel Establishment
410(2)
10.3.3.14 Step 14: Monitor the VPN Tunnel in the ASA
412(7)
10.4
Chapter Summary
419(2)
Index 421
Zouheir Trabelsi and Kadhim Hayawi are with United Arab Emirates University.