Internet on the Internet ... a small update ...

One of the challenges in the creation of an ad-hoc client for a simulated internet on the internet is ensuring that the participant does not need to know what your addressing scheme is. Apart from confusing the poor soul with the addressing scheme, we need to hide their system from others.

With all this in mind, I am going down the route of having two clients.
  • An advanced client, one where the user has full knowledge of our addressing scheme and can be trusted to create a system that will cause no chaos (we hope). In most cases this will be an experienced and trusted member of the Cisco teaching community.
  • The adaptive client, using NAT, the user will 'eventually' have a locked down router capable of connecting to a fixed domain on the simulated internet. There will be an outer router with a 'suggested configuration' providing enough clues and addresses for the keen user to explore.
The reality for the adaptive clients is that we will share the configuration of the router facing the core system, but prevent any reconfiguration.

Follows is our first stab at the configuration ...

This is the router that will connect to the core and will eventually be locked down.
hostname NAT_to_Core_Client
!
interface FastEthernet0/0
 no shut
 ip address dhcp
 ip nat outside
 duplex auto
 speed auto
!
interface FastEthernet0/1
no shut
interface FastEthernet0/1.10
encap dot1q 10
no shut
ip add 10.0.0.1 255.0.0.0
ip nat inside
!
interface FastEthernet0/1.172
encap dot1q 172
no shut
ip add 172.16.0.1 255.255.0.0
ip nat inside
!
interface FastEthernet0/1.192
encap dot1q 192
no shut
ip add 192.168.0.1 255.255.255.0
ip nat inside
!
router eigrp 99
 network 99.0.2.0 0.0.0.255
 no auto-summary
 redistribute static metric 4294967295 0 255 255 150
!
!
ip nat inside source list RelayNAT interface fastEthernet 0/0 overload
!
ip access-list extended RelayNAT
 permit ip 192.168.0.0 0.0.255.255 any
 permit ip 10.0.0.0 0.255.255.255 any
 permit ip 172.16.0.0 0.31.255.255 any
!
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1.10 10
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1.172 10
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1.192 10
!
The following is the router that the user (aka student) will have access to), eventually it will have other interfaces and a suggested routing protocol redistributing the equal cost static router
hostname BehindNAT!interface FastEthernet0/1 no shut no ip address duplex auto speed auto!interface FastEthernet0/1.10 encapsulation dot1Q 10 ip address 10.0.0.2 255.0.0.0 no shut!interface FastEthernet0/1.172 encapsulation dot1Q 172 ip address 172.16.0.2 255.255.0.0 no shut!interface FastEthernet0/1.192 encapsulation dot1Q 192 ip address 192.168.0.2 255.255.255.0 no shut!ip route 0.0.0.0 0.0.0.0 10.0.0.1 10ip route 0.0.0.0 0.0.0.0 172.16.0.1 10ip route 0.0.0.0 0.0.0.0 192.168.0.1 10!
Whilst it is still a work in progress, I am sure you can begin to see how the idea is evolving.


Comments

Post a Comment

Popular posts from this blog

Wikipedia editors never walk alone: Hillsborough changes can be traced ... from @ConversationUK

Image
By Andrew Smith , The Open University According to the Liverpool Echo , UK government computers have been used to make offensive comments on the Wikipedia page detailing the 1989 Hillsbourgh Disaster over a number of years. The newspaper reports that revisions to the page have been made from computers using the government’s secure intranet since 2009. They include insults to Liverpool fans and a comment suggesting that fans were responsible for the football ground disaster, in which 96 people died. This case highlights the continual issue of trolling and cybervandalism on Wikipedia. It also shows how journalism is using good, technical forensic tools at the disposal of every cybercitizen. Cybercitizens can be good or bad So many of us use Wikipedia on a daily basis that it is one of the most visited websites in the world. Yet not that many of us really understand how it works. Wikipedia is based on the principle that the community can create, edit and refine pages covering
Read more

If airlines offer in-flight Wi-Fi, they should invest in an extra black box for security ...

Image
Yijun Yu , The Open University and Andrew Smith , The Open University In-flight Wi-Fi is one of the most sought-after facilities for air travellers these days, now that laptops and smartphones are so common and so much of our working and personal life revolves around online services. But a US Government Accountability Office report has suggested that many in-flight wireless networks could expose the plane to being hacked or remotely controlled . In fact it’s of such a concern to US authorities that when a well-known computer security expert made an admittedly ill-thought-out joke about doing so on Twitter, he was promptly arrested, his computers confiscated, and subsequently banned from the airline . And all he was suggesting was to make the oxygen masks drop down. So it would appear that the stuff of Hollywood may jump from fiction to fact: Liam Neeson and Julianne Moore starred in the 2014 film Non-Stop , where a passenger hacking the aircraft’s internal wirel
Read more

Highlights and lowlights of 2014, a golden year for cybercrime from @ConversationUK

Image
Looking back, 2014 was not a good year for keeping things safe under digital lock and key. If a score was being kept, it might seem that the cybercriminals are in the lead, despite the valiant efforts – and own goals – from the cybersecurity profession worldwide. Cast your mind back to March , everyone was panicking about the HeartBleed bug. Based on an error in code upon which the majority of the world’s secure servers relied, experts had plenty of time to fix the issue. Sadly there was an array of conflicting information about changing passwords, leading to widespread confusion. While most IT administrators made sure this was managed in a professional manner, it created a stir that seemed to set the tone for the year. In May , online auction giant Ebay admitted to having been compromised. The site said its systems, with personal details of tens of millions of users, may have had been vulnerable for months. Everyone was advised, indeed forced, to change their password. In the
Read more