How to Secure Your VPN Access

You can create SSL VPN in FortiGate either web mode using a web browser or tunnel mode using FortiClient. this allow users to access network resources from outside network.

We assume that Network or Fortinet admin knows the configuration of SSL VPN through tunneling mode & how to make it secure.

If you create a user & groups in the Firewall , it is not more secure because Network administrator have to take care to change password after periods. second each user can access from any outside location if end user know the password & it is very difficult for Network admin to know who is using the VPN which could cause an issue. The simple & easy way to identify the users to sync the LDAP & create group in the active directory to allow to permitted users only. any other users can’t access who is not included in the AD group & network admin could easily find the users and end user password no need to ask password every time for the network team because he knows when change in the active directory or window & he can use the same password. it will be more secure than to create Local user and group in the Firewall.

How to Restrict Cisco Router from Outside Network

Researchers have developed a several drawbacks to allow SSH for both inbound & outbound traffic. Most of the companies prefered to allow SSH for network admin from both LAN and WAN because to solve an urgent issue from outside Network but it could be a disaster. Your network or ISP Routers could be hacked each and every time to allow for outbound traffic.

It is the most important to allow SSH only for your LAN to make configuration or changes.

How to Restrict SSH from Outside Network 

Use access control list to allow SSH traffic to your LAN or desired IP addresses. Bear in mind don’t allow such traffic to your home DSL IP address because it always change. use the below configuration to allow to desired IP addresses.

• access-list 150 permit x.x.x.x
• access-list 150 permit Y.Y.Y.Y
• access-list 150 deny any

you can use the following access-list to deny SSH to outside traffic.

• IP access-list extended ACL
• Permit tcp host X.X.X.X host Y.Y.Y.Y eq 22 log
• deny tcp any host Y.Y.Y.Y eq 22 log
• permit ip any any

X.X.X.X represents destination where you want to allow SSH and Y.Y.Y.Y represent the Source IP address (Router/Subnet).

 

 

 

 

Is Your Network Really Secure ?

Network Security should be on the mind of every business decision maker. security is very important role from your business factor. A kind of breach that has leaked sensitive customer data, causing the compromised company to scramble as they attempt to minimize the disaster. This places a huge risk on the company’s financial liability. Customers may even choose to walk away from these companies due to the loss of trust.

Some industries have adopted standards around information security (HIPPA,PCI)  which companies must meet. Companies should ask themselves, is our security strategy in place just so we can check a box at audit time, or do we really have an understanding of our potential risks?

The list below is by no means all inclusive, but does focus on some of the main network security appliances that all businesses should be investigating

Firewall

 

How to fix,’No internet Secured’ connection Error

Here’s the ultimate guide to fix all internet connectivity issues in Windows 10. Say, you’re connected to WiFi but no internet. This fix is for all the major issues including “No Internet, Secured”. This error occurs due to different reasons. this is most probably because of your internet adapter. trying the network troubleshooter might help to find the random error & can be solved by using CMD commands.

Connected to WiFI but No Internet in Windows 10

If it is not working in windows 10 PC it mean misconfigured IP issue or adapter problem which could be fixed to try the following ways.

• Disconnect and reconnect WIFI or forget your connection & reconnect to enter again the password
• check the encryption type in window and Router configuration. Most of the Routers have configured TKIP instead of AES and window 10 are always working in AES encryption type.
• it could be the Wi-Fi driver problem, uninstall and install latest driver.

 

Network Troubleshooting Tools

Network troubleshooting problems  are  useful for every network administrator.it is important to know the basic tools that can be used to troubleshoot a variety of different network conditions. While it is true that the the use of specific tools can be subjective and at the discretion of the engineer. these tools will help Network Engineer to troubleshoot an issue as discussed below.

Ping

The most commonly used tool is the ping utility. This utility is used to provide a basic connectivity test between the requesting host. this is done by using the internet control message protocol (ICMP). ICMP is a protocol which is used to listen a response from the destination. it send an echo packet to destination host and get back acknowledgment from the destination. simple is that if the acknowledge is the destination shows destination IP address it mean it is going to reach to destination.

Example if you are using internet from home DSL using single SSID and there is a problem in the internet. you can find where exactly the problem either in internet broadband modem or from internet service provider (ISP). in the below snapshot it is reaching to the public DNS and mean internet is getting reply back. There could be the internet problem in the internet service provider to appear Message “destination host unreachable  with gateway IP address” like my internet gateway is 192.168.10.1 and message appear .. Destination host unreachable 192.168.10.1.

Tracert/traceroute

The traceroute utility can be used to determine more specific information about the path to the destination. including the route packet takes & response time of these hosts. the below snapshots shows an example of the traceroute utility being used to find the path from inside host to http://www.yahoo.com. it mean how traffic is going from inside host and reach to adopt the different routes to reach to Yahoo office.

Ipconfig/ifconfig

One of the most important things that must be completed when troubleshooting a networking issue is to find out the specific IP configuration of the variously affected hosts. Sometimes this information is already known when addressing is configured statically, but when a dynamic addressing method is used, the IP address of each host can potentially change often. The utilities that can be used to find out this IP configuration information include the ipconfig utility on Windows machines and the ifconfig utility on Linux/*nix based machines. Figure 3 below shows an example of the ifconfig utility showing the IP configuration information of a queries host.

Nslookup

some of the most common issues to revolve around issues with DNS. DNS using everybody who is using internet. the Nslookup utility can be used to lookup specific IP addresses associated with domain name. the DNS utility is query a specific DNS servers to determine an issue  with default DNS server configured. the below example shows how Nslookup could be used the associated IP information.

Netstat

It shows current state of the active current active connection on a host. this is very common information which is required to find for several reasons. it provides information associated with listening port and remote hosts are connected to a local host on a specific port. it is also possible to use to determine which services on a host that is associated with specific active ports. the below snapshot shows all active ports on the current host.

Speedtes.net

This tool is used  to determine the quality of an Internet connection. . The speedtest.net site provides the ability to determine the amount of bandwidth that is available & how long it is going to take to upload or download information from a local to remote host. Bear in mind that upload and download speed can’t be same at shared internet connection or home broadband internet line.