Category Archives: Network Security

NetGear Firewall

Functions and Features

NetGear firewall functions as a heavy duty firewall that protects your network (either WAN or LAN) against attacks. It allows the computer to access the Web safely. NetGear is a screen of shelter like any firewall; but, unlike the ordinary firewall, it does more than simple screening.

NetGear can cover the following tasks:

  • DoS- Denial of Service
  • VPN- Virtual Private Networking
  • NAT- Network Address Translation
  • SPI- Stateful Packet Inspection
  • Keyword Filtering- Webpage URL
  • IPSec Encryption
  • PKI Support- Public Key Infrastructure

These features in NetGear Firewall make the computers highly secure.

Understanding NetGear Firewall

A NetGear Firewall stands as a security guard between the network you use and the Internet. It is a combination of both hardware and software that are designed by the NetGear company.

The NetGear hardware provides a platform for the NetGear software in order for it to perform effective firewall functions. The software NetGear is a corresponding program that can be suited or custom-made for the specific needs of your server or router. Many networking companies implement NetGear in their systems. The cost of freedom on the Internet is high, because along with that, users and networks must fend off intruders who are hard to track down with lesser types of protection.

NetGear Protection

Hackers do nothing but have fun with the damage they inflict on computer systems and resources. Hence, there is a need to put up security over the computer hardware.

Security problems include the theft of computer data. This is a widespread crime that costs millions of money. It involves the stealing of personal email addresses, credit card numbers, personal and company information.

Another problem is snooping. The act involves prying on the emails of others and other private communications. In addition, sending spam messages on email boxes can also be an abuse on computer resources.

With the spread of viruses, worms and Trojans, the files or the computer are rendered unusable once they get infected and corrupted. NetGear can prevent this from happening to your files.

Port Forwarding

Port forwarding is the method that a firewall or router uses to sort the right network data that would go into a specific port. A computer normally uses ports to organize different kinds of network data.

Each web site, online game and file download has assigned port numbers. A port forwarding program allows either the firewall or the router to send the corresponding data to its correct port.

Directing the Flow of Data

Information that comes into the computer is filtered by the firewall. Anything unauthorized will not gain entry. Those allowed to enter will have to be sorted and assigned and sent to appropriate ports. This is where the port forwarding program comes in. It instructs and gives direction to the data flow.

Where it is Used

Port forwarding is extensively applied in computers with Internet connection. A computer has to have port forwarding within its system, especially if the IP address is a shared address among computer units. If a router is NAT-enabled, computers, whether connected by Ethernet or wireless, will make port forwarding within itself. Doing this will enable the router to share the Internet connection with multiple stations.

Types of Port Forwarding

There are two types of port forwarding variations: double port forwarding and reverse port forwarding.

  1. In double port forwarding, more than one router is
    often used by the network of computers. It is termed “double” in a sense that one router’s ports will forward it to another router within the network. The latter will again forward data to a host on the local area network (LAN).
  2. The reverse port forwarding is composed of a session server and a client. This is only necessary when access to a port behind the router is held up by the firewall.

Disadvantages

When performing port forwarding, only one port is allowed to be used by a computer unit. Some consider it a somewhat unprotected move since incoming data packets are seen by the destination as sent by the router rather than the computer unit that sent it.

Radius Server

As part of the centralized authentication server, the radius server can also be utilized to performing accounting tasks. By centralizing the password management, a RADIUS will enable a network’s level of security to increase dramatically.

Radius hardware and software are sold by various vendors. Hence, users must exercise caution in their selection of the materials they intend to use in their systems.

Most wireless infrastructure utilize the 802.1X authentication scheme to remain secure. This helps enable users to have control of the authentication credentials and track or account the usage of wireless LAN. If users have to set up everything, this can become a very complicated endeavor and that is when an important aspect is often overlooked – the radius server security itself.

As the key to the entire operation, neglecting the radius server can be detrimental. Basically, it is the radius server that controls access within a given network. Plus, it also supplies the keys in order to encrypt a particular station’s traffic.

The system used for the radius server must first be secured. Users can use various techniques to this end, but the most basic approach that can be done is to use single server for this task. By doing this, the exposure of the radius server is limited. This will help avoid any vulnerability from other services and compromising the radius server.

Users must restrict the form of communication that goes through the radius server. Before operations. the radius server must be authenticated within the backend and NAS or Network Access Servers. In order to increase security within the network, users can opt to enforce firewall rules. This limits the number of systems that communicate within your radius server.

Aside from the radius server, the authentication backend and the Aps must also be protected using encryption.

The RADIUS shared secret is very important. This will be utilized by the radius server and NAS devices to secure traffic between both devices. However, users could also use an extra layer of defense between the server and APs by using the IPsec. If not, then it is best to have unique shared secrets for either APs. Also, when deciding on a password, make sure to choose a strong one so try including numbers, letters, or symbols. And if there is a maximum length allowed by your radius server, make sure to keep it at the maximum.

RADIUS

RADIUS stands for Remote Authentication Dial in User Service. It is a type of networking protocol used within a network service. This type of protocol provides centralized access, authorization, and accounting so that users can connect to that service. However, users have to pass an authentication process for them to be able to connect to the network service.

The authentication process is often referred to as Triple A. Aside from providing access, the authentication process also recognizes the privileges a user can receive. Authentication is reflected in the server’s accounting feature.

RADIUS is widely used in ISPs, access points, integrated e-mail services, network ports, and Web servers. Meanwhile, the networks used in RADIUS use tools like DSL, modem, VPNs, and wireless.

First Two Steps of the Triple A Process

Your access credentials are necessary if you want to access a particular network resource. This is done by sending a request to the Network Access Server (NAS). Once your access credentials are subjected to the NAS device, they are forwarded to the RADIUS server via an Access Request message. The request demands authorization in the RADIUS protocol.

Your access credentials include your username, password, and other security certificates you can provide. The RADIUS server goes through a series of verification processes to determine if the information you provided are authentic. This is done by comparing the given information to a local file database.

You may receive any of the following responses for the request.

  • Access Reject
  • Access Challenge
  • Access Accept

Accounting: Last of the Triple A Process

Whenever you are granted access by the NAS, there is an automatic Accounting Start request sent to the RADIUS server. Once it is done, you can already access the network. Information like your identification, network address, unique session identifier, and point of attachment, is recorded on the Accounting processes.

Accounting is also done regularly to update patterns of active sessions. It records the duration of these sessions and the information used during these sessions. All data are used for statistical purposes and for analysis of network monitoring.

TCP Sequence Prediction

TCP sequence prediction refers to an attack to a TCP session and is done through the injection of packets that act as if they come from a computer engaged in the original TCP session.

What is TCP?

TCP is a 4-layer protocol concerned with data transmission efficiency. Packet transfers between hosts are accomplished by the TCP when it takes responsibility in delivering the packets properly to their respective layers in correct order. The TCP uses a sequence number field to do this.

TCP Attack

First, observe communications between two systems. One of these systems is your target. This is the top step to having a successful TCP sequence prediction attack. After that, issue packets coming from your own system to your target. Cloak it with the IP address that is used or is trusted by the network.

The issued packets must contain the correct replica of the number that is expected by the target system. Moreover, your packets must also arrive faster than the legitimate packets. To cause delay (to the legitimate packets), you must overflow the trusted system with a fake “access denial” mechanism.

Why Do TCP Sequence Predictions Happen?

When there are new connections, a 32 new bit ISN is selected by an ISN (Initial Sequence Number) generator. This generator can also be bound to a 32bit clock. This clock’s low order bit will be incremented every 3-5 microseconds. Normally, ISN cycles happen every 4.55 hours. The MSL (Maximum Segment Lifetime) is less than 4.55 hours so the segments stay in the network. Therefore, ISNs should be unique.

The makers of BSD Unix TCP/IP deviated from the aforementioned recommendations. TCP/IP stacks increase the number by 128,000 per second and 64,000 for every brand new TCP connection. This makes the sequence number predictable.

Can TCP Sequence Prediction be Avoided?

Yes, TCP sequence prediction attacks can be avoided. In fact, they can even be stopped. You can use a good quality router or a firewall that is designed to disallow packets from one internal IP address to come from external sources.

Although these mechanisms do not really fix the vulnerability of the TCP sequence to unwanted attacks, it still prevents the attacks from reaching their targets.

ISAKMP – Learning the Basics

ISAKMP stands for Internet Security Association and Key Management Protocol. It is a protocol documented in RFC 2408 for launching cryptographic keys and setting up Security Associations (SA) in an Internet environment.

Overview of the Protocol

ISAKMP describes the procedures for the creation and management of Security Associations, threat mitigation, key generation techniques, and verification of a communicating peer.

Creation and Management of Security Associations

It defines packet formats and procedures to set up, negotiate, alter, and remove Security Associations (SAs). These Security Associations contain all the information necessary for the implementation of various network security services such as self-protection of negotiation traffic, IP layer services, and transport or application layer services.

Threat Mitigation

ISAKMP describes payloads or codes for exchanging authentication data and key generation. It provides a consistent framework for conveying key and authentication data that is independent of the encryption algorithm, authentication mechanism, and key generation technique.

Difference from IKE Protocols

ISAKMP often uses Internet key exchange (IKE) Protocol for key exchange, though other methods can also be executed.

ISAKMP is different from Internet Key Exchange (IKE) Protocols which plainly separate the details of key exchange from the details of security association management and key management.

Internet Key Exchange (IKE) Protocols establish a Security Association (SA) in the Internet Protocol Security (IPsec) protocol suite to secure Internet Protocol (IP) communications. This is done by encrypting and authenticating the IP packets in a data stream.

There are a lot of key exchange protocols, each with its own set of security properties. A common framework is essential for negotiating, altering, and deleting Security Associations, and also for favoring to the format of SA attributes. ISAKMP acts as this common framework.

Executed over any Transport Protocol

ISAKMP can be executed over any transport protocol. It must include a send and receive potential for ISAKMP using User Datagram Protocol (UDP) on port 500.

Furthermore, if the source interfaced IP address undergoes network address translation from the assigned IP address to a public IP address, the User Datagram Protocol (UDP) port 4500 must also be permitted at the destination to allow connection to the Internet.

Kerberos

Kerberos refers to a service whose purpose is to enable users and systems to authenticate and confirm their identity.

One of the common techniques related to Kerberos is the use of passwords. The user enters his password on the log-in form provided by the server. The server then checks if the password is valid. If it is, the server will allow the user to access its information.

Kerberos involves innovations which generally state that passwords and similar verification strategies should be viewed as only special cases of a shared secret. Owing to this, Kerberos has developed a new technique in confirming the identity of users. This technique is done through the use of an encryption key.

How Does Kerberos Implement Encryption Keys?

The encryption key is then sent to the server, which will check the user’s identity by decrypting the key. If the user entered the right secret key along with his timestamp, the system will properly decrypt the encryption key. Consequently, the system will accept the user’s login attempt. Otherwise, if the user entered the wrong secret key, the system will not decrypt the information properly and it will deny access to the user.

Kerberos includes additional subsystems to improve its functions. These components address the issues of unexpected problems that may happen during the encryption process and speed up the validation procedures.

Linux Firewall

A Linux firewall serves as a gateway for a computer to communicate outside its local network. It filters the information that comes, whether it is allowed to enter or not. This firewall provides a Web interface for control and security by blocking IP addresses and networks. This is a strong and effective type of firewall built on Linux servers.

It detects unused and unwanted ports and is configured by the system administrator. The way it is configured will direct its rules for disabling or allowing packets into the system to ensure security from outside threats. It looks at the sources, destinations, and the states of packets and is not limited to a subnet. It can be used to handle firewall functions for multiple subnets and set different levels of access for each subnet.

Linux firewall is applied to a stateless environment; which means that previous requests made to the server about the same Web page do not need to be known. It looks at each packet as isolated, hence the stateless form.

If the local area network has users that only require Web access and emails, it can be considered a stateless environment.

A Linux firewall is appropriate if you are using the same IP address all the time through a cable modem or DSL line. It secures the computer because it acts as an email and Web server. This is the best pick for stateless conditions.
However, Linux has a type of firewall capability to allow a higher level of examination for session-based transactions. Operating at the kernel level can increase the system performance. Some examples of Linux- based firewalls are:

  • Astaro Security Linux – This is a new solution for firewalls.
  • Censornet – The Internet Management program for LAN.
  • Sentry Firewall – This is an economical way to maintain IDS, firewall or server.
  • POP3/IMAP – This is good for email servers.

In choosing your Linux firewall, you have to look into some technical considerations, such as the quantity of traffic to be processed and the program’s efficiency and expertise on traffic infection. A good firewall can really fend off attacks from outside and serve as the layer of protection for your system.

Accounting

Accounting (or accountancy) is the process of managing finances through the recording, measuring, interpreting, and conveying of financial data. The term stems from the usage of financial accounts.

Accounting is also a field of study or specialization integral to the operation of all forms of organizations. Also known as “the language of business”, it maintains and processes all pertinent financial information required by an entity for intents of reporting and managing.

Different branches of accounting

  • Financial Accounting – involves processes that record, classify, summarize, interpret, and communicate a business’ financial information.
  • Management Accounting – involves information used in an organization, usually confidential and accessible only to a select group.
  • Tax Accounting – involves compliance with tax regulations within the jurisdiction.

Investors, lenders, managers, and tax authorities among others, use accounting to allocate resources within and among entities such as agencies, companies and organizations.

Accountancy practitioners (known archaically as “bookkeepers”) are termed as accountants. Various professional bodies for accountants have long existed throughout the world. Early histories define the bookkeeper as an integral and valued member of an organization. As businesses evolved and became complex, and more cautious evaluation of financial data was required, the profession of public accounting arose.

Accountants usually have particular sub-specializations. Community colleges, four-year colleges, secondary schools, post-secondary business schools, and universities provide preparation for this line of work.

Accounting encompasses many disciplines including auditing, financial statement analysis, managerial accounting, and taxation.

Functions related to accounting include Cost Accounting, Financial Accounting, Financial Planning, and Not-for-profit Accounting.

The system central to modern financial accounting is known as double-entry bookkeeping. Two entries (at minimum) are involved in each transaction: a debit and a corresponding credit per account. Debit sums should always be equal to all credit sums, thus providing a straightforward method to verify errors.

LDAP

LDAP refers to Lightweight Directory Access Protocol. This is an Internet protocol that e-mail applications and other Web-based programs use to locate a specific piece of information from a server. LDAP was developed to provide a more “lightweight” protocol based on a complex directory system known as X.500.

The main purpose of LDAP is to give client programs the ability to ask servers to look up information through several means. To do so, however, the server should first be able to support the LDAP technology.

In finding a certain piece of information, the server first makes an index of the data found in its entries. It then uses filters to select only the piece of information required by the client program. Once the information has been identified and selected, it will then be sent to the program that requested it.

LDAP allows a user to look up e-mail addresses of individuals who have never sent him e-mail, even if the e-mail addresses are not included in his address book. This protocol also enables companies to have one centralized and updated address book that all members can access.

Apart from supplying contact information, LDAP is used by systems to locate pointers for printers, encryption certificates, and other similar network services. In addition to this, LDAP provides single sign-on. This is a feature that allows a user to have one password, which he can utilize for several services. LDAP does not include features for encryption or security, so systems using LDAP require additional protection such as an encrypted SSL connection.

LDAP is also used to define network permissions. This is a set of statements created by the administrator to give certain users access to the LDAP database.

Cisco VPN Error 412

VPNs are Virtual Private Networks. These are similar to LANs (Local Access Networks) except that they don’t use actual routers or cables. A VPN is created in a larger network by using virtual circuits or open connections. This allows administrators to segment certain systems of the network to manage them separately.

The Cisco VPN Client is a program that allows users to create VPNs for their organization. It is included in a Cisco’s 5500 Series of security appliances.

The Cisco VPN Error 412 is an error message generated by the Cisco VPN client-side software. The precise error message may vary based on the different versions of the Cisco VPN client. The error message usually reads: “Cisco – Reason 412: The remote peer is no longer responding”.

This means the VPN Client software has detected that the VPN server has deleted the connection and is not responding anymore.

Causes of the Error

  • A firewall is blocking the VPN traffic;
  • The user is behind a firewall blocking the ports ESP and/or the UDP 4500/500;
  • There is poor Internet connection;
  • The port 1000 is blocked. This is the default setting for VPN. If the client attempts to connect to TCP, a blocked port will not grant it with access;
  • The responses from the server/concentrator aren’t reaching the client;
  • Packets of information are not able to reach the VPN concentrator/server. As a result, the client thinks the server is no longer accessible;
  • There is a general loss of package;
  • Hardware malfunctions either in a network device or a network interface card;
  • ACL (Access Control List) is being blocked, thus, requiring the following ports or protocols:

– For PPTP, the TCP port 1723 IP and the protocol 47 are required.

– For IPSec, the IP protocol 51 and the UDP port 500 are required.

  • The VPN client is using a NAT (Network Address Translation), making it incompatible with the server. A client with a NAT device should be used with a NAT-T enabled server. The user will not be able to receive or send any traffic at all. VPN can attempt connection but the software will ultimately close it.

Solutions You Can Use

Here are some solutions that you can use to solve Error 412.

  • If you are using a wireless connection, try using a cable;
  • Turn off your firewall then test the connection to determine whether the problem is still occurring. If the problem is resolved, you can turn your firewall back on and add exceptions for the ports 4500 and 500, as well as for the ESP protocol;
  • Switch on NAT-T/TCP in your profile and remember to unblock the port 10000; or
  • Revise your profile with your editor and change ForceKeepAlive=0 to 1.

More Articles on Cisco VPN Error 412