Cyber security and ethical hacking is now a day's becoming very popular and so the SCAMS are taking place to be updated in this World 🌍🌍 of Technology you should also be aware and for this we will help you
Here is an example script that demonstrates how to use the fortigate-api package to create a DHCP server and a policy in the Fortigate from fortigate_api import FortigateAPI # Create a FortigateAPI object fgt = FortigateAPI(host="host", username="username", password="password") # Create a DHCP server data = { "default-gateway": "192.168.255.1", "netmask": "255.255.255.0", "interface": "vlan.123", "ip-range": [ {"start-ip": "192.168.255.2", "end-ip": "192.168.255.254",} ], } fgt.dhcp_server.create(data) # Create a policy in the Fortigate data = dict( name="POLICY", status="enable", action="accept", srcintf=[{"name": "any"}], dstintf=[{"name": "any"}], srcaddr=[{"name": "all"}], dstaddr=[{"name&quo
So, let us start with the question of why security? to answer this we have to go into the history when people used to send their letters by Post, we were having something called a post-box and the post office was the entity involved in sending and receiving messages so how we used to send our letters by making it up into the envelope making is secure so that no one else can able to read the information when it is passing by if anyone tries to do so it can easily be identified because the envelope needs to be open for doing it.
So from this whole story, I want to make you understand how this network security works the same as sending an envelope from Source-to-Destination which contains your secret message that we don't want to share with anyone. These are the process involved in the Network Security for sending any message to someone are as follows:
Firstly, data is taken in a plain text format and converted into an encrypted secure message with the help of a key.
Secondly, it is that sent to the destination through a public network i.e.; the Internet.
Thirdly, when the data reaches its destination it needs to be opened back into the Plain text format by decrypting it.
Now let us discuss the need for network security so that you need to question yourself whenever you are having any personal conversation inside your home do you allow others to listen to it 'Yes' or 'No' absolutely no because it's personal in the same way when you are sending any data over the internet you ensure that it may not go to the wrong hand or it should not be hijacked in between. This is the reason why we require network security so that our data which is personal and confidential as well should not get hacked or sniffed in a channel of transmission from Source-to-Destination we always try to maintain a secure connection between the sender and the receiver of the message.
Comparison between Secure and Unsecure Network
The following component involved in network security first and foremost is Encryption i.e.; the message should not be in clear text or anyone can able to read the information easily by that sniffing in between second is Gatekeeper at the entry point i.e.; Firewall will check each and every traffic passes through. The third oneis the internal network vulnerability where someone within the network has access to unauthorized systems.
Four major Steps need to be taken for making an effective Network Security Model:
Designing an effective security Algorithm
Generation of secret information is the secure encryption key
Development of methods for distribution & sharing of the information (Say, Encryption keys)
How to Configure VXLAN in FortiGate Firewall A brief explanation of the given topology: - Ø On top of all, there are two FortiGate Firewalls with L3 connectivity in between. Ø Under Each Firewall we have one Cisco Switch with two VLAN configured i.e.;3500 & 3600 Ø Uplink for switches has been configured with 802.1Q trunk which is connected to FortiGate Firewall. Ø Each switch has two PCs connected one in VLAN 3500 & other one in 3600 VLAN. Ø We have configured VLAN and VXLAN on both the FortiGate Firewall. Ø In this topology PCs in the same VLAN will be able to communicate with each other through a L3 link using VXLAN technology and they will be encapsulated such that both the PCs will think that they are within the L2 domain. FortiGate Firewall Configuration VXLAN Configuration: - FGT-1: config system vxlan edit "vxlan3500" set interface "port
Higher Availability in FortiGate and VRRP in Cisco A brief explanation of the given topology: - Ø On top of all, there are two FortiGate Firewalls one Active other one as Standby. Ø With the Higher Availability (HA) configured for handling the Failover of active Firewall. Ø There are two CORE switches with VRRP Configuration: CORE-1 as Master and CORE-2 as Slave. Ø Between two CORE-1 and CORE-2, two links in the Port Channel have been configured. Ø SVIs and static default route toward the Firewall has been configured for LAN users. Ø Also, the DHCP server has been configured for DATA and VOICE VLANs. Ø Two Layer 2 switches with uplinks as trunk and VLANs. FortiGate Firewall Configuration HA Configuration in FortiGate Firewall: - Here I have kept by default priority i.e.; 128 for “ ACTIVE-FIREWALL ” whose role is primary and I have set 100 for the “ STANDBY-FIREWALL ” whose role is secondary. By default, the selection process of HA in FortiGat
Comments
Post a Comment