ITEC FPX 5030 Assessment 5 Securing the Network and Creating an IPsec Tunnel
Executive Summary
This lab utilizes Cisco Packet Tracer to investigate the security of local area networks (LANs) against various attacks through the implementation of IPsec (Internet Protocol Security). The lab focuses on configuring Secure Shell (SSH) and examines the creation of an access control list (ACL) for remote access. Additionally, it provides insights into configuring port security measures.
Introduction: The Security Threat with IoT Devices
The Internet of Things (IoT) connects billions of devices, with projections estimating around 41.6 billion connected devices by 2025 (Ranger, 2020). While this interconnectedness presents substantial growth opportunities, it simultaneously introduces numerous security vulnerabilities, as hackers exploit weaknesses to steal or manipulate data. These risks not only impact individual users but also pose significant threats to industrial and municipal infrastructures, potentially causing widespread disruption to businesses and governments. As cyberattacks become increasingly sophisticated, the need for enhanced security measures is crucial to safeguard valuable data during transmission across networks. Previous studies highlighted the advantages of IPv6 in enhancing data transmission security and flexibility. In this lab, we will evaluate IPsec and its benefits for IoT network security.
IPsec is often regarded as a more effective solution than SSL (Secure Sockets Layer) for IoT environments, particularly because IoT devices typically only support encryption at the first hop router. IPsec ensures robust encryption for both remote and site-to-site connections. Given that network segmentation is vital for IoT, IPsec can be decrypted at specified points within the data plane to connect particular VPN segments. Furthermore, employing software-defined networking (SDN) techniques allows IPsec to extend the separation of data control planes by utilizing Internet Key Exchange (IKE) as the management channel and IPsec as the data channel. Unlike SSL, which is a transport layer protocol requiring termination on the same device, IPsec offers greater flexibility and scalability. This enables efficient traffic inspection and service provisioning, such as Intrusion Prevention Systems (IPS) and Intrusion Detection Systems (IDS) as part of a service chain. Consequently, IPsec’s dynamic decryption capabilities provide enhanced adaptability and resilience against potential disruptions in network traffic, further establishing it as a superior choice over SSL for IoT applications (Raza, 2017).
Scope
The current lab employs Cisco Packet Tracer to examine the configurations of IPsec. Specifically, it outlines the setup process for Secure Shell (SSH) and guides the creation of an access control list (ACL) for remote SSH access. Additionally, the lab discusses how to configure port security measures effectively.
Objective
The primary objective of this lab is to understand how IPsec can secure a local network against hacking threats.
Resources
The Cisco Packet Tracer program will be utilized for the exercises in this lab.
Procedure
Step | Instructions |
---|---|
How to Configure SSH | To enable SSH for remote access, first assign IP addresses and a hostname to the switch. Verify connectivity through pinging. Establish a domain with an enable secret password, and configure remote access lines using line vty 0 4 followed by transport input SSH . Generate a crypto key using crypto key generate rsa to enhance security. Set parameters for authentication retries (ip ssh authentication-retries 2 ) and time-out (ip ssh time-out 10 ). Confirm that remote access functions correctly. |
Creating an Access Control List | Select your switch and type access-list 1 , specifying access permissions (permit or deny). Apply these rules using line vty 0 4 and access-class 1 in . Check the ACL with do show access-list . |
Configuring Port Security | Designate access ports, enable port security with sw mode access , and specify sticky MAC addresses using sw port-security mac-address sticky . Set a maximum of MAC addresses per port (sw port-security max 1 ) and choose a violation mode (sw-security violation ). Options include shutdown, restrict, or protect modes. Repeat these configurations for all ports in the network. |
Conclusions
Through this lab, a local area network was secured using IPsec. Compared to SSL, IPsec provides superior secur