Tech-labs

 Operating System: Centos 6.3 Squid is a proxy server for caching and filtering web content.  Squid Proxy caches requested web pages from ISP and reuses the pages if similar requests are made in the future. This has a huge impact on the response time and bandwidth usage since web content is getting delivered from the local network. Bandwidth usage is lowered and response time is fast. I NSTALLATION AND CONFIGURATION OF SQUID PROXY Installation: Update you yum repositories [root@telweb]# yum update Install squid: [root@telweb]# yum install squid –y By default configuration, squid has the capability to do web content caching. The default configuration file for squid is   /etc/squid/squid.conf Start squid service: [root@telweb]# service squid start Enable squid startup on boot [root@telweb]# chkconfig –levers 235 squid on Set your Local machine web browser to access internet via proxy. Default port for proxy is 3128 Firefox : Options / Pref...

Operating System: Centos 6.3 In this setup, client machines on the LAN are assigned IP addresses automatically unlike the previous setup where IP addresses were being assigned manually. To configure; Install dhcp package via terminal; [root@telweb]#  yum install dhcp* -y Copy the available sample dhcp configuration at /usr/share/doc/dhcp* [root@telweb]#  Cd  /usr/share/doc/dhcp* [root@telweb]#  Cp dhcpd.conf.sample /etc/dhcp/dhcpd.conf If asked to replace the existing dhcpd.conf at /etc/dhcp/ , answer with an yes. To configure the dhcp, edit the file /etc/dhcp/dhcp.conf [root@telweb]#  Vi /etc/dhcp/dhcpd.conf Go to the section highlighted below and edit it to suit your network; -------------------------------------------------------------------------------------------------------------------- # A slightly different configuration for an internal subnet. subnet  192.168.2.0  netmask  255.255.255.0  {   range...

Operating System: Centos 6.3 You need two network cards on your Linux box. Iptables are then used to share the WAN interface of the box onto the Local Interface where network users are connected to. The setup should be; Internal LAN network card (eth1) assigned a static private IP address (192.168.2.1). External network card (eth0) assigned a public IP address and connected to the ISP. In our case we have assigned it a private IP address for the purpose of demonstration (192.168.1.5) Configurations: ENABLE PACKET FORWARDING By default this is disabled. Edit /etc/sysctl.conf Change the statement in the file reading ; --------------------------------------------------------------------- Net.ipv4.conf.default.forwarding=0 -------------------------------------------------------------------- To; ------------------------------------------------------------------- Net.ipv4.conf.default.forwarding=1 ---------------------------------------------------------------...

This article covers on the basic setup of Cisco ASA 5500 series firewall. This configurations is more than enough to provide secure and restricted access to the internet. It also covers on secure access and management of ASA Firewall. To configure your new ASA 5505, plug in your console and you will see the following: Type help or '?' for a list of available commands. ciscoasa> Here you type the command “enable” to get in enabled mode. Type help or '?' for a list of available commands. ciscoasa> enable Password: ciscoasa# You will get a password prompt. Simply hit enter here because there is no enable password configured. The 1st thing you want to do is to erase the default configurations Cisco made for you. There is a lot of default configurations are made for you that can cause network issues if the device is connected to a DHCP enabled network. To erase, use below commands and then reload the device . ciscoasa# write erase E...

IPSEC VERSUS IPSEC GRE As we mentioned, GRE provides no form of payload confidentiality or encryption. If the packet are sniffed over the public transit networks, their contents are in plain-text. IPSec solves this security concerns in GRE by encrypting part or all of the GRE packets GRE OVER IPSEC TUNNEL: GRE over IPSec tunnels supports multicast traffic whiles the standalone IPSec does not. It is for this reason why it is advisable to implement GRE over IPSec tunnels where routing protocols like EIGRP or OSPF are in use. Such protocols which need to send routing information across the tunnel through multicast, GRE over Multicast would be the most suitable since it allow and provide secure transport via the tunnel for these services. There are two IPSec tunnel modes – tunnel and transport. This configuration example will show the default, tunnel-mode IPSec encryption which protects the entire GRE header and payload. Setup: Steps to follow : - Create GRE ...

IPSec: Scalable, Manageable Remote Connectivity Providing secure remote access to corporate resources by establishing an encrypted tunnel across the Internet which ensure confidentiality of the data transmitted between the two sites is adhered to. Cisco IP Security (IPsec) VPNs enables you to: ·          Enhance productivity by extending access to your corporate network and applications ·          Reduce communications costs and increase flexibility ·          Provide access rights tailored to individual users and departments Cisco IPsec remote access solutions also enable you to provide customized VPN access through SSL VPN without adding hardware or complexity to your network. Cost-effective, easy to use, and easy to customize, Cisco IPsec VPNs deliver scalability, high security, and simple VPN client management. This article will show how to setup...