CertExams.com Updates CCNA NetSim for VPN and FHRP

CertExams.com released a thorough update to their flagship software, Network Simulator with Designer for CCNA® , to include functionality for the following:

  • Site to Site VPN configuration between routers
  • FHRP configuration

VPN (Virtual Private Network) is widely used these days for security and confidentiality of communication between hosts. The two main types of VPN are Site-to-site VPN and Remote-to-Site VPN. In Site-to-site VPN, a secure tunnel is formed between two peers within the communication channel. An example configuration scenario is shown in the figure below:

Photo Courtesy: Brocade.com, a leading networking equipment manufacturer.

As may seen in the exhibit, the VPN is configured between two routers. A site-to-site VPN is also called router-to-router VPN. The hosts on LAN are unaware of the VPN between routers V1 and V2. However, all the communication between routers V1 and V2 moves securely over OpenVPN tunnel. You typically need a NAT (Network Address Translation) to translate internal IP address 192.168.200.1 to external IP address 12.34.56.78 and vice versa (for incoming traffic). The same thing is done at router V2 also. The word “tunnel” may be a bit misleading some times. Note that there is no route and bandwidth allocated between the routers when a tunnel is formed. A VPN typically secures the communication channel but not the route or bandwidth. A VPN connections use 1) Encapsulation 2) Authentication, and 3) Data encryption.

In Encapsulation, user data (i.e. TCP/IP packets) is wrapped around by using encapsulation protocol such as GRE, IPsec, L2F, PPTP,  or L2TP. The encapsulated data packets are again wrapped inside carrier protocol packet, and then routed across the public network.

For site-to-site VPNs, the encapsulating protocol is usually IPsec or GRE (Generic Routing Encapsulation).  For remote-access VPNs, tunneling normally takes place using PPP (Point-to-Point Protocol). PPP tunneling will use one of PPTP, L2TP or L2F.

When using site-to-site VPN, any user can access remote site from any of the computers inside the firewall (local network). For this purpose, one needs to configure AAA (Authentication, Authorization, and Accounting), so that one needs to authenticate to access any resources at the other end of the VPN tunnel to restrict user access.

Remote access VPN is typically used with home and mobile users to connect to the corporate office. For example, a mobile traveler can connect to the Corporate head quarters using his laptop computer securely using a public Wi-Fi connection. Please see the figure below:

Photo courtesy: brocade.com, a leading networking equipment manufacturer.

As seen in the figure, a remote user communicates with the sever securely over VPN tunnel. All the user information, login credentials, etc. are encrypted when using VPN tunnel. In remote access VPN, usually, a client is installed on the remote user’s computer. Alternatively, the remote user uses SSL enabled browser session to communicate with the corporate network (shown as Private Network in the figure)

FHRP (First Hop Redundancy Protocol): Usually, when a subscriber connects to an ISP using Wi-Fi router, he will have single point of failure. i.e. if the router fails, the connection to the Internet fails. FHRP allows redundancy or a fail over mechanism, thus ensuring that there is no single point of failure for a subscriber to the Internet. There are several  protocol defined for FHRP, popular among these are: HSRP, VRRP, and GLBP.

HSRP, short for Hot Standby Router Protocol, is a Cisco proprietary protocol, and supported by most of the Cisco routers.

A simple HSRP configuration is shown in the figure. In HSRP, one router acts as an Active router and the other as Standby router. There can be more than two routers in HSRP configuration, however, only one router is put in Standby state using a selection criteria. HSRP routers may be assigned “Priority” so that a network admin can choose which router has be in HSRP Active state and which has to be in Standby state.

VRRP, short for Virtual Router Redundancy Protocol, is a standards based protocol. It is quite similar to HSRP in configuration and functionality.

GLBP, short for Gateway Load Balancing Protocol, is slightly advanced, in the sense, that it supports load balancing by default. Otherwise, it is similar to other two redundancy protocols.

CertExams.com CCNA Netsim, offers a virtual networking environment, where in, one can create a network with Cisco(R) routers, switches, and other networking elements and experiment. The software has a GUI based designer that allows drag-n-drop functionality for designing one’s own network. Several labs on HSRP, and site-to-site VPN have been added for hands-on practice. The software is intended for learning purpose with limited set of commands support.

List of available CCNA labs may be viewed by going to the product page. You may download the free demo version of the software by going to the product download page.

Disclaimer: CertExams.com is not associated nor affiliated with Cisco Systems, or Brocade. Cisco®, CCNA® are registered trademarks of Cisco Systems, and Brocade® is trademark of Brocade/Broadcom Limited and duly recognized.

Is this a Google Search Engine Vulnerability? It seems to be the answer!

Further to my previous blog posts on inappropriate results in Google search, some further studies have been made.It appears to be a robots.txt file exploitation! The contents of the robots.txt file on site www.sunnydaysandlovelyways.com has been analyzed, and found to contain the code as shown in the file below (as on 12/15/2017 11.00PM IST):


CCNA 200-125 Practice Exam-no-links


The hyperlinks in the file have been removed for obvious reasons. However, the robots.txt file contains all the links in the format as shown below:

h??p://www.sunnydaysandlovelyways.com/?htm=exam-details/ccna.htm

(replace h??p with http)

Whole of home page code has been copied to the robots.txt file followed by a couple of most visited pages.

The result: The result is there to see. For most keywords the website sunnydaysandlovelyways.com is showing up in the google results. Please see my previous posts referenced below:

Content is the King – But you need a Queen to protect & promote!

Irrelevant Results in Google Search – Contd..

Irrelevant Results in Google Search – A Case Study

 

It was also observed that the hacker cleverly disabled forwarding to topdump . com for known user agents. For example, we could only see the forwarding when using a VPN to hide the actual IP address and the geography. Otherwise, the site is not forwarding to topdump . com

It was probably achieved by using htaccess file or the config file of the web server hosting the domain sunnydaysandlovelyways.

If the argument is true, it appears to be a serious security flaw on part of search engine algo and needs to be fixed.

Disclaimer: This is only in the opinion of the author with the evidences as presented in respective blog articles. anandsoft.com is not responsible for the accuracy or correctness of the authors post.

Post Author: Vijay Anand may be reached on vyadla at anandsoft.com

First Hop Redundancy Protocols (FHRP) – A Primer

FHRP, short for First Hop Redundancy Protocol, is used at the customer premises for route redundancy.  Usually, you have a default gateway defined to your ISP (in case of connecting to the public Internet) or to your server (in the event you have an internal network). If the default gateway router fails, you will not be able to connect to the external resources unless a replacement is found and necessary configuration changes are made. First Hop Redundancy protocols will allow default gateway redundancy. With two or more default gateways defined using FHRP, in the event of a router failure there’s a backup router that will take place of the failed gateway, transparent to the user. The user’s host computer is configured with a virtual IP address and the switch between the redundant routers takes place without any user intervention. A typical configuration is shown in the figure below:

There are 3 types of FHRP protocols that are widely used:

  1. HSRP
  2. VRRP
  3. GLBP

Of the above three types of FHRPs, HSRP is Cisco proprietary protocol, where as VRRP is a standards based protocols. The two protocols HSRP (short for Hot Standby Router Protocol) is very similar to VRRP (Virtual Router Redundancy Protocol), except that VRRP is based on Open standards. When using HSRP, one router assumes the function of “Active” router and the other is known as “Standby” router. The routers communicate within themselves and when the active router fails, the standby router will kick-in. There can be more than two routers in a HSRP group.

GLBP, short for Gateway Load Balancing Protocol, is a bit different from HSRP and VRRP, in the sense, GLBP offers load balancing among the redundant gateways. However, note that HSRP and VRRP too offer load balancing using distinct “groups”, but load balancing is not native to HSRP and VRRP, where as GLBP, as the name implies, offers load balancing inherently.

FHRP is not to be confused with defining multiple gateway routers with a host’s network configuration file. A host computer may be defined with one or more default gateways, so that if one fails the other default gateway takes its position. In this case, the default gateways have different IP addresses, whereas in FHRP, the default gateway will have only one virtual IP address that is to be configured at the workstation.

Check out the router network simulator for practicing HSRP and VRRP labs.

References:

FHRP or “First Hop Redundancy Protocols”


Figure courtesy: https://www.engineerkhan.com/switch/hsrp-concept-notes/
HSRP – No longer for the weak of heart

Content is the King – But you need a Queen to protect & promote!

We often hear seo experts say that “content is the king”, meaning that you produce unique and valuable content, and every thing else is taken care of! Nothing could be more wrong than this! We discuss a few cases as to how it could be wrong here:

1. Assume that you had created a unique and worthy content for your thing of interest. It was well researched and produced after a thorough work and published on your web page. Now, two things could happen: One is that no search engine could find your content at all, remember that there are millions of websites and billions of web pages and your unique content might be some where deep inside the Internet. Second thing that could happen is that the search engines found your unique content, but tagged them as “duplicate” content and probably penalized the web page for publishing duplicate content, and the silver lining is that you would never knew that the content was penalized by major search engines such as Google, simply because no one is going to tell you about it!

2. There is what is known as black hat SEO, which uses dubious means of techniques to attain first place (or say, first page) in search engine rankings. If you just take care of your web resources with strong passwords and dedicated servers, it may not be sufficient. The irony is that a website could be hacked even without breaking into the website! Yes, it is called off-page SEO techniques. In other words, some one can break the seo ranking of your web page or even get it black listed by using off-page  black hat SEO, and even Google can’t find it! A couple of examples are given earlier in the blog and the links are provided below for the reference of the readers:

Irrelevant Results in Google Search – A Case Study

Irrelevant Results in Google Search – Contd..

If you had thought that Google is mightier and no one can possibly break it, you had mistaken just like me! After a long study, I painfully understood, black hat seo webmasters routinely game search engines, including Google! It is also quite possible, you wouldn’t be knowing it at all!

So, what is the fix now?

Simple: The King requires a Queen! As in famous Indian-origin game of chess, a queen with multitude of skills is required to protect and to promote the king. What are the skills required by the Queen? These skills are briefly listed below:

  • On-page SEO
    • Development of responsive web pages, so that the web pages render properly on various devices using different operating systems and screen sizes, and browsers using different versions.
    • Proper meta tags like title, description, canonical, etc
    • Incorporation of analytics such as Google analytics
    • Elimination or identification of duplicate content with proper care
    • Configuring htaccess, robots.txt, sitemap, etc. to ensure that the content is delivered properly to the users.
    • Hardening of the server and the website resources
  • Off-page SEO
    • According to Moz.com, “Off-site SEO” (also called “off-page SEO”) refers to actions taken outside of your own website to impact your rankings within search engine results pages (SERPs)”. Off page SEO has become quite important these days, just as the on-page seo. With the advent of social signals and black-hat SEO, off-page SEO could not be ignored. Important off-site SEO techniques are given below:
      • Backlink building to your web page from other related domain sites
      • Press releases and article submissions to PR and articles sites
      • Blogging on your blog site or on related blog sites
      • Social signals, like posting on your or friends facebook page, or G+ page or twitter, etc.
    • Now, it is also important that you monitor your backlinks! Many search engines like Google may penalize for unnatural back links to the extent, that your web page might become non-existant for all practical purposes! To attend to this, you may need to do the following:
      • Use Google Webmaster Tools (GMT) regularly to see who is linking to your site (or web page) and ensure that it’s a genuine link (contextual) and not spammy (through the eyes of search engines).
      • Get the backlinks removed by requesting the offending websites’ owners to remove your linkbacks, and if it fails, requesting a disavow via GWT (short for Google Webmaster Tools)
      • Regularly checking for duplicate content on the Internet and reporting the same to Google and/or other search engines as required
      • Ensuring that your website is indexed properly and monitoring the same for consistency from time to time

The above are to mention a few, and just Google for more comprehensive list of activities. Obviously, it’s not something that one individual could do while managing his/her primary activity (that of writing your own content).

The need for capable SEO specialists has become most demanding with recent advances in search results ranking, and marketing.

Irrelevant Results in Google Search – Contd..

This is in continuation of the previous blog article Most irrelevant Results in Google Search – A Case Study ,  I have done a more detailed research into what’s happening with the Google search results. The following aspects have been considered in this study:

  1. How exactly the third party site (say site B) has been linking to the hacked site (site A, we are using the term hacked site, though it has been off-site)
  2. What are the Title and Description of the attacker’s site(site b)  and the page that it is forwarding the visitor when he clicks on the search result
  3. Whether site B, which was considered to be the attacker’s site is itself a victim? It is very much possible that the hacker used site B to redirect traffic to site C (the ultimate beneficiary?)

Now, going to point #1, it was observed that the following code had been used to link to victim site (backlink URL):

http://www.sunnydaysandlovelyways.com/?htm=LabSim/network-lab-simulator.htm
In the above backlink, if we replace the domain name and the “?htm”, it exactly corresponds to the victim site URL, which is

http://www.site-A.com/LabSim/network-lab-simulator.htm

Note: Domain name has been changed to site-A.com.

It was observed by going through the set of backlinks, almost entire site had been reconstructed by the spammer with a different domain name, but with same link structure. Point #2. The meta tags like Title and Description appear to have been duplicated. For example, the search result for key word “ccna exam” is given below:

In the above search result, the title is “CCNA 200-125 Practice Exam” and the description is “200-125 ccna practice exam consists of 425+ questions with flashcard explanation”. The  site A webpage corresponding to this result has the same exact Title and Description. On clicking on this search result, you will find that the destination page has nothing to do with the search term.

Result: Effectively, another irrelevant website (site B) has taken the place of Site A without having to hack site A. It was also observed that the webpage that matches the Title and Description shown above, had been delisted and doesn’t show in indexed list of web pages.

As per point#3, it was observed that when clicked on the site B’s link, it had been redirected to another site (site C) intermittently, resulting in suspecting that site B is an intermediary to final beneficiary website.

The results, though for a sample site, have far reaching ramifications. Just assume that this hacking has been done on a broader scale (hopefully, it is not so as of now), the whole search results become more or less irrelevant for the user.

It is very surprising that the search algo could not detect this kind of site hacking which is external to the victim’s website. It also points out to the fact that the search engine “memory” is not deep enough to remember the history of the web page, as new pages (weeks or months old) which are duplicates of the original pages (several years old pages, in this case 10+ years for the URL and the core  content of the page has not changed) are showing up in the results.

Will it continue? It appears so. The only solution is to have deep memory combined with processing power for the search algo which may not be possible due to reasons like huge processing overhead, update schedules, and delivery of the search results. Even if the algo is modified to fix one hack, another form of hack may surface due to above limitations.

Though in this case, one particular search engine results were taken, it is possible that similar hacks might happen with other search engines like bing as the mechanisms of hacking are the same. It necessitates that webmasters assess the web metrics such as keywords, backlinks, ranking, etc. continually and do the maintenance on a continual basis!!

So, now what happens to what some major search engine FAQs that say: “Just concentrate on your web pages and create value to your website visitors.” It is partly true, as the webmasters now have to really work through web metrics like keywords, ranking, backlinks, analysis of backlinks, various types of possible off-site hacks, removal of backlinks, reporting of spam sites to respective search engines, etc. And this is a specialized work, and one needs a professional to do this work, and not many individuals, and small businesses could afford it. As a result, it is possible that most of these sites are going to vanish from major search engine results over a period of time, unless there is more heuristic approach to search mechanisms.

Disclaimer: This is in the opinion of the author and does not represent Anand Software and Training’s view.

Author: Vijay Anand

Irrelevant Results in Google Search – A Case Study

This is a case study, where in, the Google search results were analyzed for any inconstancy and possible susceptibility to hacking. The study is confined to a few search terms that we have been working with, and it is suggested to enlarge the scope of the study for wider ramifications.

The following search terms were considered for this purpose:

  1. simulation exams
  2. ccna exam
  3. ccna details

The results for all the three search terms were analyzed and discussed with relevant snap shots.

  1. simulation exams: The website at no.2 place is totally not related to the term as can be seen by going through the result.

simulation exams
The second result in the search results, with title CCNA 200-125 Practice Exam is totally irrelevant. Don’t get misled by the title (though Google did). The link sunnydaysandlovelyways is leading to a website that is totally in another category not nothing to do with exams or simulations. A screenshot of this site as you click on the link is given below:

sunnydays
It was also observed, at times (randomly) the click is getting forwarded to the website topdum  .  com, dump website as shown in the screenshot below:

topdump
It appears to be an illegal dump site. The redirect is not consistent, it forwards to topdump . com at times, but not always.

Now, lets move to another search term that shows up in Google search results.

2. CCNA exam:

This is a popular search term for CCNA exam, CCNA stands for Cisco Certified Network Associate, one of the most popular networking cert offered by Cisco.

ccna exam
Heree again, the website ranks third for this keyword. As may be seen, the website has nothing to do with exams, let alone CCNA exam. A pure misplacement by Google search.

3. CCNA detail:

Now, we move on to the third search term, ccna detail. A screenshot of the same is shown below:

ccna detail
As can be seen, the website sunnydaysandlovelyways has ranked 5th in the Google results. however, as mentioned before, it has nothing to do with CCNA or exam. The website some times (but not always) forwarding to topdump . com.

There are a few possibilities for the above results:

  1. The website sunnydaysandlovelyways has been changed. or
  2. The website sunnydaysandlovelyways has been hacked

The first possibility may be ruled out by looking at the history. The second possibility means that the site has been hacked and ranking high in the google (or black hat seo). However, it is surprising that google ranking some random site so high in search results. The hacker appears to have beaten google search algo at least for a few weeks 9particularly, the Christmas weeks). This is likely to break some businesses, because the slot actually belongs to a credible web site, but taken over by an irrelevant and probably spammy or hacked site.

This is really some thing that one can’t expect, as even bing and yahoo are not showing this particular site for the given search terms in the first 100 pages!