Showing posts with label Routes. Show all posts
Showing posts with label Routes. Show all posts


Security in Network

What is IT-Security?
IT-Security is not a product, it's a process. Don't think to buy a firewall which solves all your security problems! You always have to ensure good configuration and updates - this should be an integrated process. But you never will reach 100% of security, it's like a bank safe: you can make it difficult to crack, but there will always be somebody, who is able to break it with a lot of resources! Here are the most important components of IT-Security:

Authenticity is about the identity of a subject/object. This can be a user, a process, a system or an information. This is needed for Non Repudiation and Accountability.

This means Data-Integrity, that data was not manipulated or destroyed in an unauthorized way and System-Integrity, that the system is available with the usual performance and was not manipulated with unauthorized access. Integrity is part of Authenticity.

Information should not been seen by unauthorized persons, instances or processes. This means protection of personnel or business-critical data, privacy and anonymity.

Refers to functionality of soft- and hardware ist not altered in any unauthorized way and about secured business continuity.

Non Repudiation/Accountability
Non Repudiation means, that actions of instances (users, processes, systems and information) can be associated with only that instance. Accountability refers to financial transactions and all communication issues.

The usual functionality and behavior of data and systems is secured. This is needed for Integrity and Non Repudiation.


Static Routes

Static routes are commonly used when you are routing from a network to a stub network. A stub network (sometimes called a leaf node) is a network accessed by a single route. Static routes can also be useful for specifying a “gateway of last resort” to which all packets with an unknown destination address are sent. Following is the syntax for configuring a static route:

RouterX(config)# ip route network [mask] {address | interface}[distance] [permanent]

Summary of Static Routing

Routing is the process by which items get from one location to another. In networking, a router is the device used to route traffic. Routers can forward packets over static routes or dynamic routes based on the router configuration.
■ Static routers use a route that a network administrator enters into the router manually. Dynamic routes use a router that a network routing protocol adjusts automatically for topology or traffic changes.
■ Unidirectional static routes must be configured to and from a stub network to allow communications to occur.
■ The ip route command can be used to configure default route forwarding.
■ The show ip route command verifies that static routing is properly configured. Static routes are signified in the command output by “S.”

Static and Dynamic Route Comparison

Routers can forward packets over static routes or dynamic routes based on the router configuration. The two ways to tell the router where to forward packets to destination networks that are not directly connected are as follows:

Static route: The router learns routes when an administrator manually configures the static route. The administrator must manually update this static route entry whenever an internetwork topology change requires an update. Static routes are user-defined routes that specify the path that packets take when moving between a source and a destination. These administrator-defined routes allow very precise control over the
routing behavior of the IP internetwork.

Dynamic route: The router dynamically learns routes after an administrator configures a routing protocol that helps determine routes. Unlike the situation with static routes, after the network administrator enables dynamic routing, the routing process automatically updates route knowledge whenever new topology information is received. The router learns and maintains routes to the remote destinations by exchanging routing updates with other routers in the internetwork.