Monday, 27 July 2020

Understanding Cisco Devices Serial Number

                         

                   LLLYYWWSSSS

 
This is the standard format of the Cisco Device Serial Number

where

LLL = Location code

YY = Year of Manufacture

WW = Week of Manufacture

SSSS = Base-34 Alpha Numeric Unique identiļ¬er= Unique Code


So from Serial Number of an Cisco Device we can figure out its built location and week -year of manufacture .

Location Code
============

CTH — Celestica – Thailand
FOC — Foxconn – Shenzhen, China
JAB — Jabil – Florida
JPE — Jabil – Malaysia
JSH — Jabil – Shanghai , China
TAU — Solectron – Texas
PEN — Solectron – Malaysia

Year of Manufacture Code
=====================

Code  Year
01 = 1997
02 = 1998
03 = 1999
04 = 2000
05 = 2001
06 = 2002
07 = 2003
08 = 2004
09 = 2005
10 = 2006
11 = 2007
12 = 2008
13 = 2009
14 = 2010
15 = 2011
16 = 2012
17 = 2013
18 = 2014
19 = 2015
20 = 2016
21=  2017
22 = 2018

========================
Week Code

1-5 : January 
6-9 : February
10-14 : March
15-18 : April
19-22 : May
23-27 : June
28-31 : July
32-35 : August
36-40 : September
41-44 : October
45-48 : November
49-52 : December
 







Tuesday, 21 July 2020

IPSEC VPN - EASY TO UNDERSTAND


Youtube Videos Playlist on IPSEC VPN


in Hindi




in English





NOTES ON IPSEC VPN


IPSEC VPN CHAPTER 1 VPN (Virtual Private Network)

https://networkengineerstuff.blogspot.com/2020/07/ipsec-vpn-chapter-1-vpn-virtual-private.html

IPSEC VPN CHAPTER 2 Introduction to IPSec

https://networkengineerstuff.blogspot.com/2020/07/ipsec-vpn-chapter-2-introduction-to.html

IPSEC VPN CHAPTER 3 TERMINOLOGY Part 1

https://networkengineerstuff.blogspot.com/2020/07/ipsec-vpn-chapter-3-terminology-part-1.html

IPSEC VPN CHAPTER 4 TERMINOLOGY Part 2

https://networkengineerstuff.blogspot.com/2020/07/ipsec-vpn-chapter-4-terminology-part-2.html

IPSEC VPN CHAPTER 5 TERMINOLOGY Part 3


IPSEC VPN CHAPTER 6 COMPONENTS & MODES OF IPSEC VPN


IPSEC VPN CHAPTER 7 OPERATION & CONFIGURATION OF IPSEC VPN



Site to Site IPSec VPN Configuration


Few Comments










For Networking Videos and Notes Subscribe to my youtube channel

       a m a r t e c h s t u f f


https://www.youtube.com/channel/UCj-TvHAxKZLOInl_bdGcNqQ?sub_confirmation=1

i n s t a g r a m

https://www.instagram.com/amar.techstuff


B l o g

https://networkengineerstuff.blogspot.com

Monday, 20 July 2020

IPSEC VPN CHAPTER 7 OPERATIONS & CONFIGURATION OF IPSEC VPN






Operations of IPSec VPN


Step 1:- Negotiate the IKE Phase 1 Tunnel (ISAKMP Tunnel).

Step 2 :- DH Key Exchange.

Step 3:- Peer Authentication.

Step 4:- Negotiate the IKE Phase 2 Tunnel (IPSEC Tunnel).


Step 1:- Negotiate the IKE Phase 1 Tunnel (ISAKMP Tunnel).

Peers 1st Negotiate over Public (shared ) Network using IKE Phase 1 .
Also know as ISAKMP Tunnel.
Protects only Management Traffic related to IPSec VPN . (No user Data is Transferred over this Tunnel.)

2 Modes –
•Main Mode – Uses 6 messages , More Secure and Default mode.
•Aggressive Mode – Uses 3 messages and Less Secure

Negotiate 5 Parameters –

“ H A G L E “

•Hashing Algorithm - Integrity - MD5 , SHA
•Authentication - Verification of Peer - Preshared Key (PSK), RSA Signature
•DH Group - Secret Key Exchange -DH1 ,2 ,5 ,14 etc.
•Lifetime - Duration of Tunnel – Default 1 Day = 86400 Seconds
•Encryption - Confidentiality - DES , 3DES ,AES (key size)


Step 2 :- DH Key Exchange.

After IKE Phase 1 negotiation DH ( Diffie Hellman) Key Exchanges are exchange between peers.
Which allows to peers to establish a Shared Secret Key Exchange used by Encryption algorithm (DES ,3DES ) over public network .
It is defined in IKE Phase 1 configuration.

Step 3:- Peer Authentication.

Now Peers Authenticate each other.
The Verification i.e Authentication is done by either using
•Pre-Shared Key (PSK)
•RSA Digital Signature .

Step 4:- Negotiate the IKE Phase 2 Tunnel (IPSEC Tunnel).

IKE Phase 2 is only formed once IKE Phase 1 is formed successfully .
This is also know as IPSec Tunnel.
This Negotiation is not done on public network. It is done on already established secure IKE Phase 1 tunnel . Hence it is completely Private Tunnel.
Here Users traffic is Protected.
Once IKE Phase 2 tunnel is formed then User traffic travel through it .

ALWAYS REMEMBER

In IKE Phase 1 Configuration – We define Policy
In IKE Phase 2 Configuration – We define Transform Set (Encryption – Hashing)

Thanks for Reading

amartechstuff




Friday, 17 July 2020

IPSEC VPN CHAPTER 6 COMPONENTS & MODES OF IPSEC VPN





Components of IPSec VPN

•IPSec uses 3 main protocols to create security framework

•Internet Key Exchange (IKE)


IKE creates a Secure Channel / Tunnel .
Allows 2 devices to exchange Encryption Key and negotiate Security Associations (SA)

•Encapsulating Security Payload (ESP)


Provides – Integrity , Encryption , Authentication & Anti reply
More Secure
Use Protocol Number 50

•Authentication Header (AH)


Provides – Integrity , Authentication & Anti reply
Less Secure
Use Protocol Number 51

ESP AND AH are the IPSec Protocols which provides secure exchange of users data


Modes Of IPSec VPN


•There are 2 modes in which IPSEC VPN can be implemented.
•End –to- End IPSec VPN Tunnel – Transport Mode.
•Site –to- Site IPSec VPN Tunnel - Tunnel Mode.

IPSEC Tunnel Mode VPN


•The original IP Packet (IP Header & Payload) are encapsulated with AH or ESP and an additional IP    Header .
•New IP Header is normally Public IP address.
•Used between Gateways.(Site-to-Site)
•Default Mode of IPSec.



IPSEC Transport Mode VPN


•Only Data Payload is secured by IPSec i.e encapsulated with ESP or AH .
•The IP Headers are the original IP Headers.
•Used for encrypting traffic between 2 Hosts or a host & a VPN gateway i.e End-to-End IP Sec VPN.



Thanks for Reading

amartechstuff




Thursday, 16 July 2020

IPSEC VPN CHAPTER 5 TERMINOLOGY Part 3




Authentication


•IPSec VPN Peer verify each other using Authentication.
•Types –
•RSA Signature
•Pre-shared PSK

RSA Signature


•RSA Signature – Uses digital signature setup.
•Step 1- A creates Public and Private Key .
•Step 2 – A shares its Public with B
•Step 3- A uses a Data packet . Generates a Hash value of same and they encrypt it using Public key . This value is know as Digital Signature.
•Step 4-Digital Signature is send to B.
•Step 5 – B uses A’s Public key to decrypt the Digital Signature get the hash value .
•Hence verify that the data has came from A and not from else.

PSK


•Pre-shared Keys (PSK) – IPSec Peer needs to configured with same pre-shared key.
Here the peers must know each other .
Whereas in Digital Signature authentication is done between peers having no prior knowledge about each other.

Thanks for Reading !!!!

amartechstuff

Tuesday, 14 July 2020

IPSEC VPN CHAPTER 4 TERMINOLOGY Part 2




Diffie-Hellman(DH) Key Exchange


•Published in 1976 by Dr. Diffie & Dr.Hellman
•D-H is a public key cryptography program.
•It allows to peers to establish a Shared Secret Key Exchange used by Encryption algorithm (DES ,3DES ) over public network .
•It is defined in IKE Phase 1 configuration .


DH KEY CALCULATION

•It uses Prime Number (P)
•Prime Number can be divided by itself or 1 only without remainder.
•It also user Generator (G) , Secret Number a , b
•DH Algorithm calculates S1 for A and S2 B
•Then S1 AND S2 values exchanges between A & B.
•Using these values DH Algorithm calculates K1 for A and K2 for B.
•K1 AND K2 ARE SAME
•A and B will use this Sceret key.
•Note :- K1 AND K2 ARE NOT SHARED OVER PUBLIC NETWORK
• a and b secret values are also not shared over Public Network
• P and G are values are shared over Public Network


DH KEY CALCULATION EXAMPLE





Diffie-Hellman(DH) Groups.


DH Group determines the strength of the key exchange.



Hashing

•Data Integrity (no modifications / accuracy) is achieve by Hashing .
• Hashing Algorithm process on the data and results into a Hash Value or Checksum Value which is unique

 Step 1 – A will generate checksum value of data using Hashing algorithm.
•Step 2- A will send data along with data’s checksum value to B.
•Step 3 –B receives the data and runs the same Hashing algorithm to generate the Checksum value .
•Step 4 – B compares both the checksum values .
•If both values are same means B received unmodified data .

•Message – this is amartechstuff
•Hash value - 4046cff3102853721535b14ffc7458a9
•Its very difficult to generate message from Hash value.

Message Digest 5 (MD5)


•Designed by Ronald Rivest in 1991.
•Generates 128 bit Hash Value.
•MD5 has been exploited and MD5 hash value can be break .
•Can use in scenarios where there is almost no possibility of explosion
•Collision exists for numerous text / data.
•Can find number online tools for MD5 hashing

Secure Hash Algorithm (SHA) -Family



Thanks for Reading !!!!!

amartechstuff








Friday, 10 July 2020

NTP CONFIGURATION






Server0


Edge_Router>en

Edge_Router#

Edge_Router#

Edge_Router#

Edge_Router#config

Configuring from terminal, memory, or network [terminal]?

Enter configuration commands, one per line. End with CNTL/Z.

Edge_Router(config)#ntp server 115.252.242.1 ?

key Configure peer authentication key

<cr>

Edge_Router(config)#ntp server 115.252.242.1

Edge_Router(config)#^Z

Edge_Router#

%SYS-5-CONFIG_I: Configured from console by console


Edge_Router#

Edge_Router#sh ntp ?

associations NTP associations

status NTP status


Edge_Router#sh ntp associations


address ref clock st when poll reach delay offset disp

*~115.252.242.1 127.127.1.1 1 10 16 7 0.00 -2.00 0.12

* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured

Edge_Router#

Edge_Router#sh ntp stat

Edge_Router#sh ntp status

Clock is synchronized, stratum 2, reference is 115.252.242.1

nominal freq is 250.0000 Hz, actual freq is 249.9990 Hz, precision is 2**24

reference time is E287CFA2.00000054 (20:42:10.084 UTC Wed Jul 8 2020)

clock offset is 0.00 msec, root delay is 0.00 msec

root dispersion is 10.83 msec, peer dispersion is 0.12 msec.

loopfilter state is 'CTRL' (Normal Controlled Loop), drift is - 0.000001193 s/s system poll interval is 4, last update was 1 sec ago.

Edge_Router#



Edge_Router#sh clock

20:43:3.373 UTC Wed Jul 8 2020

Edge_Router#


==================================================================


SW1>en

SW1#config

Configuring from terminal, memory, or network [terminal]?

Enter configuration commands, one per line. End with CNTL/Z.

SW1(config)#ntp server 10.1.1.1

SW1(config)#^Z

SW1#

%SYS-5-CONFIG_I: Configured from console by console


SW1#sh ntp associations


address ref clock st when poll reach delay offset disp

*~10.1.1.1 115.252.242.1 2 7 16 311 0.00 -2.00 0.00

* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured

SW1#

SW1#sh ntp stat

SW1#sh ntp status

Clock is synchronized, stratum 3, reference is 10.1.1.1

nominal freq is 250.0000 Hz, actual freq is 249.9990 Hz, precision is 2**24

reference time is E287D1A5.000002D2 (20:50:45.722 UTC Wed Jul 8 2020)

clock offset is -2.00 msec, root delay is 0.00 msec

root dispersion is 20.84 msec, peer dispersion is 0.00 msec.

loopfilter state is 'CTRL' (Normal Controlled Loop), drift is - 0.000001193 s/s system poll interval is 4, last update was 13 sec ago.

SW1#

SW1#sh clock

20:51:7.338 UTC Wed Jul 8 2020

SW1#



Thanks for Reading



amartechstuff

Wednesday, 8 July 2020

IPSEC VPN CHAPTER 3 TERMINOLOGY Part 1






Eavesdropper

The attacker who listens to communication between nodes (Here Node A & Node B)

Eavesdropper


Encryption

Encryption is a process of converting clear text into cipher text which help of key and encryption algorithm.

Encryption


Decryption

Decryption is a process of converting cipher text into clear text which help of key and encryption algorithm.

Decryption


Types of Encryption

•Symmetric Encryption

•Asymmetric Encryption

Symmetric Encryption

•In Symmetric Encryption same key is used for Encryption and Decryption.

•Problem with exchange of key .

•Process is fast.

•Cipher Text size is less.

Asymmetric Encryption

•Asymmetric Encryption different keys are used for Encryption and Decryption.

•Public Key-Encryption is done.

•Private Key- Decryption is done.

•No Problem with Exchange of key.

•Cipher Text is large

•More Secure .

Symmetric Encryption Algorithms

•Data Encryption Standard (DES)
-Uses single 56 bits key.
- Weak Security .

•3 Data Encryption Standard (3DES)
- Uses three 64 bits keys.
- Moderate Security.

•Advanced Encryption Standard (AES)
• -Uses Rijndael Alogrithm.
• - Capable of using 128 bits , 192 bits and 256 bits keys.
• - Most Secure Symmetric Encryption Algorithm.

Asymmetric Encryption Algorithms

Rivesh Shamir Adlemen (RSA)

-Was Released in 1978 by Ron Rivest , Adi Shamir & Len Adlemen

-Includes 4 Operational Steps

> Key Generation
> Key Distribution
> Encryption
> Decryption


Thanks for Reading

amartechstuff













Monday, 6 July 2020

IPSEC VPN CHAPTER 2 Introduction to IPSec






IPSec  = Internet Protocol Security

Let's first understand why we need IPSec before moving towards what is IPSec


Why we need IPSec?

• If Data of Enterprise Network is Hacked – It results into Huge Financial Loses .

• Very Important to Securely Transfer Data from Source location to Destination location. 

• TCP/IP Protocol Suite Drawback - Security • IPSec overcomes the same .  


IPSec (Internet Protocol Security)

• IPSec is a Protocol Suite which is a set of Network Security Protocols.

• Developed by IETF (Internet Engineering Task Force)

• Can use on multi Vendor devices e.g – Cisco ,Checkpoint , Juniper etc.

• IPSec is a L3 VPN 
                                     
How IPSec Helps ?

• IPSec helps to Securely transfer Data from Source to Destination.

• Provides – CIAA • Confendiality - Privacy - Encryption

• Integrity – No Modification -Hashing

• Authentication –Sender Receiver Identify each other – Digitial Signature / Preshared key.

• Anti-Replay – Each packet is Unique   

Thanks for Reading

amartechstuff      

Sunday, 5 July 2020

IPSEC VPN CHAPTER 1 VPN (Virtual Private Network)






Consider a company named xyz who have offices across India .

Now Connecting offices across Different locations we need to go for

• WAN technologies  

When we talk about WAN we would consider

• Leased Lines

But the issue with Leased line (which are very secure) is

• Cost  which is very high

Solution to is that we can use

• Internet connectivity to connect offices across different locations.

But the

• Challenge – To transfer Private traffic on Public/ shared network 

• Solution – VPN

VPN (Virtual Private Network)

• Allow the users to send private data over public / shared network securely .

• Provide data confidentiality and data integrity

• Lower operational cost .

• Examples – IPSec VPN , MPLS VPN etc.   
                                                                                                                                                                               
VPN TYPES

• Site to Site VPN – Allows HQ to connects to remote sites offices.

• Remote VPN-Allows remote users to access the corporate network securely.  

Thanks for Reading

amartechstuff