The need for setting up a home network

The driving force behind the explosion of home networks is the need for information and resource sharing. By having your computers, and other information resources, networked within your home, you have the following benefits:

  • Internet Connection Sharing: Multiple home users can access the Internet simultaneously.
  • File Sharing: Share music, files, photos etc between home computers.
  • Printer Sharing: Install a network printer and share it.
  • Home Entertainment and Multimedia Sharing: Stream music or video stored in a Network Storage Device and play them through your Multimedia Center.
  • Multi-player Games: Use your home LAN network to organize home game parties !!!.
  • Use VoIP Telephony: With Voice over IP Telephony you can easily utilize exploding Internet Telephony applications (such as Skype), use software phones, share multimedia on the phone device etc.
  • Use Wireless Security Cameras: You can install a wi-fi wireless IP security camera to monitor your home remotely. You can connect from the Internet (while at work for example) on your home security camera to watch whats going on inside your home.
  • Use Network Attached Storage: A NAS (Network Attached Storage) is a hard disk device connected to your home network for file sharing. Advanced NAS units (such as Synology and QNAP) offer also a Bit-torrent/HTTP/FTP software for downloading files directly on the hard disk without using a PC.

A typical home network topology is shown on the diagram below: Continue reading “The need for setting up a home network”

FTP Disconnects Through Cisco ASA Firewall. MSS Exceeded Problem.

Each TCP device on a network has an associated ‘ceiling’ on TCP Data Size, called the MSS (Maximum Segment Size). The TCP MSS is negotiated between two communicating devices via the TCP SYN and SYN-ACK packets. After this negotiation, each TCP device must comply with the advertised MSS of the peer device, and should not send data on the segment that is larger than the advertised MSS of the device to which it is sending.

Unfortunately, there are cases that even if the two TCP endpoints negotiate a certain size of TCP MSS, one of the devices sends data to the other device which is larger than the MSS. With the new version of the Cisco ASA (or PIX) firewall with software version 7.x and up, the above situation is not accepted by the firewall which drops the packets that do not adhere to the negotiated MSS size. The firewall does this to protect the devices from buffer overflow attacks.

The problem addressed here is when an FTP Client located on the INSIDE of a Cisco ASA firewall, can not access an FTP Server machine located on the OUTSIDE of the firewall, as shown on the diagram below. The same problem can also happen with any TCP application (e.g HTTP), not just FTP.

ASA MSS Exceeded

Continue reading “FTP Disconnects Through Cisco ASA Firewall. MSS Exceeded Problem.”

Troubleshooting IPSEC VPN

This post discusses the most basic steps needed to troubleshoot a LAN-to-LAN IPSEC tunnel between Cisco Routers.

A Cisco Router with the proper IOS version can make an excellent IPSEC VPN termination device, and can be used to securely connect two distant LANs over an untrusted network, such as the Internet. In our example below, we use two Cisco 800 series broadband routers to create an IPSEC VPN tunnel between two offices over a DSL broadband connection via the Internet.

ipsec vpn

Continue reading “Troubleshooting IPSEC VPN”

Top 10 Freeware Network Security Tools

1. Nessus DOWNLOAD

Nessus is a Network Vulnerability Scanner tool based on a client-server model. It features high speed discovery, configuration auditing, asset profiling, and vulnerability analysis of your network and systems. It is constantly updated with more than 11,000 plugins for the free version. Every audit in Nessus is coded as a plugin : a simple program which checks for a given flaw. Plugins can be enabled or disabled accordingly, depending on the kind of Vulnerability analysis required for the specific network. Nessus works on Windows, Linux, OpenBSD, FreeBSD and other Unix flavors.

2. Snort DOWNLOAD

Arguably one of the best network intrusion detection and prevention systems (IDS) is the free and open source Snort toolkit. Through protocol analysis, content searching, and various pre-processors, Snort detects thousands of worms, vulnerability exploit attempts, port scans, and other suspicious behavior. Snort works on many operating systems, including Windows, Linux, Solaris, FreeBSD etc. Snort utilizes a rule-based language that combines the benefits of signature inspection, protocol inspection, and anomaly-based inspection. You can configure Snort to run in a few different modes such as Sniffer mode, Packet Logger mode, and Network Intrusion Detection (NIDS) mode. Continue reading “Top 10 Freeware Network Security Tools”

Top 5 Freeware Tools for Network Admins

1. PuTTY for SSH Access DOWNLOAD

PuTTY is a Secure Shell (SSH) client that runs on Windows. You can use PuTTY to access remote network devices (Routers, switches, firewalls, Unix Servers etc) using the secure SSH protocol. With an increased emphasis on security, most network devices can now be remotely accessed via SSH. PuTTY supports SSH versions 1 and 2 along with Data Encryption Standard (DES), Triple DES (3DES), and Advanced Encryption Standard (AES). With a single click of a button, you can also log a session for later review. PuTTY also supports Telnet.

2. PumpKIN TFTP Server DOWNLOAD

Most network devices use the Trivial File Transfer Protocol (TFTP) as the primary way to transfer system image files or configuration files, so a simple, stable TFTP server is an essential part of a network administrator toolkit. PumpKIN TFTP server provides a simple, easy to use GUI and runs on all versions of Windows. PumpKIN also plays .wav files to provide audio alerts indicating the state of a TFTP transfer- A feature that is very handy for multitasking network administrators. Continue reading “Top 5 Freeware Tools for Network Admins”

How to secure your small business with a PIX Firewall

One of the most popular firewall products for the small business market is the Cisco PIX 501. Out of the box it requires just a few configuration entries and you are up and running.

In this guide, we will walk through the steps for configuring your brand new pix at the network edge.

This guide is written for the user who has no knowledge of the PIX firewall. As such, it is not a treatise on network security, but a quick, by-the numbers guide to configuring a PIX firewall with as little jargon as possible. Continue reading “How to secure your small business with a PIX Firewall”