A type of network that uses encryption to allow IP traffic to travel securely over the TCP/IP network. A VPN is used primarily to support secure communications over an untrusted network.
-VPNs work by using a tunneling protocol that encrypts packet contents and wraps them in an unencrypted packet.
-Tunnel endpoints are devices that can encrypt and decrypt packets. When you create a VPN, you establish a security association between the
two tunnel endpoints. The endpoints create a secure, virtual communication channel. Only the destination tunnel endpoint can unwrap packets and decrypt the packet contents.
-Routers use the unencrypted packet headers to deliver the packet to the destination device. Intermediate routers along the path cannot read the encrypted packet contents.
-A VPN can be used over a local area network, across a WAN connection, over the Internet, and even over a dial-up connection.
VPNs can be
implemented in the following ways:
With a host-to-host VPN, two hosts establish a secure channel and communicate directly. With this configuration, both devices must be capable of creating the VPN connection.
With a site-to-site VPN, routers on the edge of each site establish a VPN with the router at the other location. Data from hosts within the site are encrypted before being sent to the other site. With this configuration, individual hosts are unaware of the
VPN.
With a remote access VPN, a server on the edge of a network (called a VPN concentrator) is configured to accept VPN connections from individual hosts in a client-to-site configuration. Hosts that are allowed to connect using the VPN connection are granted access to resources on the VPN server or the private network.
IPsec provides authentication and encryption, and it can be used in conjunction with L2TP or by itself as a VPN solution. IPsec includes the following three protocols for authentication, data encryption, and connection negotiation:
-Authentication Header (AH) enables authentication with IPsec.
-Encapsulating Security Payload (ESP) provides data encryption.
-Internet Key Exchange (IKE) negotiates the connection.
IPsec can be used to secure the following types of communications:
-Host-to-host communications within a LAN
-VPN communications through the Internet, either by itself or in
conjunction with the L2TP VPN protocol
-Any traffic supported by the IP protocol, including web, email, Telnet, file transfer, SNMP traffic, as well as countless others
-IPsec uses either digital certificates or pre-shared keys
An internet content filter is software used to monitor and restrict content delivered across the web to an end user. Companies, schools, libraries, and families commonly use content filters to restrict internet access, block specific websites, or block specific content.
Two types of configurations are commonly used, which are: Allow all content except for the content you have identified as restricted. Block all content except for the content
you have identified as permitted.
Allowed or blocked content is identified by the following: Whitelists identify allowed sites or content. Blacklists identify disallowed or blocked content. Category levels use classification to block content based on content type. Common methods for restricting content include: Categorization of the content (such as sport sites, gambling sites, etc.) URLs DNS Parental controls is content filtering software used by parents at home to monitor and restrict
child web access. Content filtering software can be expanded to include email, instant messaging, and other applications in addition to web content. Most internet content filters can also block pop-ups and filter spam. Keyword filtering can be configured to block the results of searches on specific words.
You work as the IT security administrator for a small corporate network. After monitoring your network, you have discovered that several employees are wasting time visiting non-productive and potentially malicious websites. As such, you have added pfBlockerNG to your pfSense device. You now need to configure this feature and add the required firewall rules that allow/block specific URLs and prevent all DNS traffic from leaving you LAN network.
In this lab, your task is
to:
> Sign in to pfSense using:
Username: admin
Password: P@ssw0rd (zero)
> Create a firewall rule that allows all DNS traffic going to the LAN network.
> Create a firewall rule that blocks all DNS traffic coming from the LAN.
> Use the following table for the two rules:
Protocol - UDP (53)
Descriptions - For the allow rule: Allow all DNS to LAN
For the block rule: Blcol DNS from LAN
> Arrange the firewall rules in the order that allows them to
function properly.
> Enable and configure pfBlockerNG using the information in the following table:
DNSBL Virtual IP - 192.168.0.0
Top-Level Domain (TDL) Blacklist - financereports.co
totalpad.com
salesscript.info
Top-Level Domain (TDL) Whitelist - .www.google.com
.play.google.com
.drive.google.com
Complete this lab as follows:
1. Sign in to the pfSense management console.
a. In the Username field, enter admin.
b. In the Password field, enter
P@ssw0rd (zero).
c. Select SIGN IN or press Enter.
2. Create a firewall rule that blocks all DNS traffic coming from the LAN.
a. From the pfSense menu bar, select Firewall > Rules.
b. Under the Firewall breadcrumb, select LAN.
c. Select Add (either one).
d. Under Edit Firewall Rule, set Protocol to UDP.
e. Under Source, use the drop-down menu to select LAN net.
f. Under Destination, configure the Destination Port Range to use DNS (53) (for From and To).
g. Under
Extra Options, in the Description field, enter Block DNS from LAN.
h. Select Save.
i. Select Apply Changes.
3. Create a firewall rule that allows all DNS traffic going to the LAN network.
a. Select Add (either one).
b. Under Edit Firewall Rule, set Protocol to UDP.
c. Under Destination, use the drop-down menu to select LAN net.
d. Configure the Destination Port Range to use DNS (53) (for From and To).
e. Under Extra Options, in the Description field, enter Allow all
DNS to LAN.
f. Select Save.
g. Select Apply Changes.
4. Arrange the firewall rules in the order that allows them to function properly.
a. Using drag-and-drop, move the rules to the following order (top to bottom):
- Anti-Lockout Rule
- Allow all DNS to LAN
- Block DNS from LAN
*In the simulated version of pfSense, you can only drag and drop the rules you created. You cannot drag and drop the default rule.
b. Select Save.
c. Select Apply Changes.
5.
Enable pfBlockerNG.
a. From the pfSense menu bar, select Firewall > pfBlockerNG.
b. Under General Settings, select Enable pfBlockerNG.
c. Scroll to the bottom and select Save.
6. Enable and configure DNS block lists.
a. Under the Firewall breadcrumb, select DNSBL.
b. Select Enable DNSBL.
c. For DNSBL Virtual IP, enter 192.168.0.0.
d. Scroll to the bottom and expand TLD Blacklist.
e. Enter the following URLs in the TLD Blacklist
box:
financereports.co
totalpad.com
salesscript.info
f. Expand TLD Whitelist and then enter the following URLs:
.www.google.com
.play.google.com
.drive.google.com
g. Select Save.