LogoLogo
  • ISP Setup
  • Resources
  • Definitions
  • Network Plan
  • Network Configuration
    • Phase 1
    • Tools Setup
    • Phase 2
    • Security Tools
    • Suricata Setup
    • Phase 3
  • Testing Setup
    • Verify
Powered by GitBook
LogoLogo

ISPbills all right reserved.

On this page
  • The first phase will be to set up a network topography as in the following image.
  • The second phase will have some changes in the network topography with respect to the previous one as seen in the following image.
  • The third phase will mainly consist of setting up an IDS

Was this helpful?

ISP Setup

NextResources

Last updated 3 years ago

Was this helpful?

Setup will be done in different phases

The first phase will be to set up a network topography as in the following image.

In which the following aspects will be configured

  • DHCP both client and server

  • DNS

  • Give ip to the interfaces and name them to differentiate them.

  • Create internal networks.

  • Create a DMZ and use firewall rules.

  • Creations of vlan and bridges.

  • Creation of VPN between two routers of different networks with IPsec.

  • Create basic NAT rules in the firewall, such as masquerading.

The second phase will have some changes in the network topography with respect to the previous one as seen in the following image.

In this part we will implement some technologies so that our network has greater availability

  • A backup lines Failover will be implemented for both routers with the two ISPs, for when one of them fails, it will automatically pull the other.

  • A VRRP will be implemented between the two company routers for the static networks of the DMZ and the LAN2 with this we help that when a router is damaged we continue to have a connection thanks to the fact that it was pulled through the other router, it is a process very similar to failover.

  • A bandwidth will be implemented in the LAN 2 network since they have internet access, to see how it is configured and how it works.

  • A load balancing will be implemented for the DMZ.

The third phase will mainly consist of setting up an IDS

In this phase the following will be implemented

  • Port knocking is implemented in both routers, to provide a layer of security against those who want to connect remotely to the router, using a port code.

  • Both routers will be configured to send us mail when errors or any anomaly are detected that we want to be notified, the mail will also be configured so that at a certain time of each day it will send us a backup of the router configuration.

  • Mikrotik will be configured to send all the packets that cross the router to a computer with Suricata installed as IDS.

  • A Kali system is mounted, to simulate that someone has entered our router and performs a network scan with nmap, to check if Suricata detects it.

  • Layer 7 protocol is configured to filter several pages and not have access to them.

All this section will be in the document of .

Phase 1 configuration with GNS3: .

All this section will be in the document of .

Phase 2 configuration with GNS3: .

All this will be in the files and in the .

Phase 3 configuration with GNS3: .

configuration of a ISP network
link
Configuration of Tools that provide High Availability
link
Suricata-Mikrotik
Security Tools configuration
link
Network Phase 1
Network Phase 2
Network Phase 3