The Lazy Networker

Tag: cybersecurity

  • What is DNS over HTTPS (DoH)

    DNS over HTTPS (DoH) is a protocol that encrypts Domain Name System (DNS) queries and responses between a client (e.g., a web browser or operating system) and a DNS resolver (e.g., Quad9). This encryption protects DNS data from being intercepted, modified, or logged by third-party entities, such as Internet Service Providers (ISPs) or network administrators.

    How does Quad9’s DoH service work?
    Quad9 offers a DoH service that uses the HTTPS protocol to encrypt DNS queries and responses. When you configure your device to use Quad9’s DoH service, your device will send DNS queries to Quad9’s servers over an encrypted HTTPS connection. Quad9’s servers will then respond with the resolved IP addresses, also encrypted.

    How to configure DNS over HTTPS (DoH) using Quad9:
    Android (Android 9 and later):
    Go to Settings > Network & Internet > Advanced > Private DNS.
    Select “Private DNS provider hostname” and enter dns.quad9.net.
    Save the changes.

    iOS (14 and later):
    Note that Apple’s Private Relay feature will override any custom DoH settings. If you want to use Quad9’s DoH, disable Private Relay.
    Configure your device’s DNS settings to use Quad9’s DoH by following these steps:
    Go to Settings > Wi-Fi > [your Wi-Fi network] > DNS.
    Tap “Manual” and enter dns.quad9.net as the DNS server.

    Windows 11:
    Go to Settings > Network & Internet > Ethernet or Wi-Fi > Change adapter options.
    Right-click your active network connection and select “Properties”.
    In the “Internet Protocol Version 4 (TCP/IPv4)” or “Internet Protocol Version 6 (TCP/IPv6)” properties, click “Advanced”.
    In the “DNS” tab, click “Add” and enter dns.quad9.net as the DNS server.

    Other devices and operating systems:
    Consult your device’s documentation or manufacturer’s website for specific instructions on configuring DoH with Quad9.

    Important notes:
    Quad9’s DoH service only blocks malicious domains, not ads or tracking. You may need additional tools to block these types of content.
    If you’re using a VPN, it’s recommended to use the VPN’s built-in DNS service instead of configuring DoH with Quad9.
    Quad9’s DoH service may not work on all networks or devices due to restrictions imposed by network administrators or firewalls.

    Photo by Field Engineer on Pexels.com
  • How to set up AnyConnect VPN in Cisco Firepower Threat Defense (FTD)

    How to set up AnyConnect VPN in Cisco Firepower Threat Defense (FTD)

    here’s a step-by-step guide on how to set up AnyConnect VPN in Cisco Firepower Threat Defense (FTD):

    Prerequisites

    1. Ensure you have a valid AnyConnect license for your FTD device.
    2. Familiarize yourself with the FTD device model and its maximum concurrent remote access VPN sessions (refer to the “Device Model” table in the search results).

    Step 1: Configure Remote Access VPN Policy

    1. Log in to the Firepower Management Center (FMC) web interface.
    2. Navigate to Objects > VPN > Remote Access VPN Policy.
    3. Create a new policy or edit an existing one.
    4. Configure the policy settings, such as:
      • VPN protocol (SSL or IPsec-IKEv2)
      • Authentication method (e.g., client certificate, username/password)
      • Authorization and accounting settings
      • URL Aliases (if required)

    Step 2: Configure Client Profiles

    1. Navigate to Objects > VPN > Client Profiles.
    2. Create a new profile or edit an existing one.
    3. Configure the profile settings, such as:
      • AnyConnect module (e.g., AMP Enabler, ISE Posture)
      • Profile type (e.g., XML, ASP)
      • File extension (refer to the “Table 8. Supported File Extensions of Profiles” in the search results)

    Step 3: Upload AnyConnect Images

    1. Navigate to Objects > VPN > AnyConnect Images.
    2. Upload the required AnyConnect images (based on the operating system requirements).
    3. Select the desired image for each operating system (e.g., Windows, macOS, iOS, Android).

    Step 4: Configure Remote Access VPN Connection

    1. Navigate to Devices > Remote Access.
    2. Select the FTD device and click Edit.
    3. Configure the remote access VPN connection settings, such as:
      • VPN protocol
      • Authentication method
      • Authorization and accounting settings
      • Split tunneling (if required)

    Step 5: Save and Deploy Policy

    1. Save the remote access VPN policy.
    2. Deploy the policy to the FTD device.

    Step 6: Verify AnyConnect Client Installation

    1. Ensure that the AnyConnect client is installed on the remote user’s device.
    2. Verify that the client is configured to connect to the FTD device using the correct VPN protocol and settings.

    Additional Considerations

    • Ensure that the FTD device is configured to allow remote access VPN connections.
    • Verify that the FTD device has sufficient resources (e.g., CPU, memory) to handle the maximum concurrent remote access VPN sessions.
    • Consider configuring NAT exemption and hairpinning (if required) to allow AnyConnect clients to access internal resources.

    By following these steps and considering the additional considerations, you should be able to successfully set up AnyConnect VPN in your Cisco FTD device.

  • SD-WAN vs VPN Comparison

    SD-WAN vs VPN Comparison

    SD-WAN:

    • A software-defined network that optimizes traffic routing over multiple connections (e.g., internet, MPLS, broadband)
    • Provides a centralized platform for managing and monitoring site-to-site connections
    • Offers advanced features like traffic shaping, quality of service (QoS), and security
    • Designed to improve network reliability, scalability, and agility
    • Can be used for site-to-cloud connections, as well as intra-site connectivity

    VPN:

    • A point-to-point encryption solution that creates a secure connection between two endpoints (device-to-network or network-to-network)
    • Provides confidentiality and integrity of data transmitted over the internet
    • Can be used for remote access, site-to-site connectivity, and internet-to-cloud connections
    • Typically uses protocols like IPsec, SSL/TLS, or OpenVPN

    Comparison Highlights:

    • Scalability: SD-WAN is designed to handle large-scale, distributed networks, while VPNs are better suited for smaller, more focused connections.
    • Routing: SD-WAN optimizes traffic routing across multiple connections, whereas VPNs rely on a single network link.
    • Management: SD-WAN provides a centralized management platform, whereas VPNs often require individual configuration and monitoring.
    • Security: Both SD-WAN and VPN offer encryption and security features, but SD-WAN’s advanced capabilities, such as traffic shaping and QoS, provide additional security benefits.
    • Use Cases: SD-WAN is ideal for large-scale, distributed networks, while VPNs are better suited for smaller, more focused connections, such as remote access or site-to-site connectivity.

    In Summary:

    SD-WAN and VPN are both essential technologies for securing and managing network connections. SD-WAN is designed for large-scale, distributed networks, offering advanced features like traffic optimization and centralized management. VPNs, on the other hand, provide point-to-point encryption and are well-suited for smaller, more focused connections. When choosing between SD-WAN and VPN, consider the size and complexity of your network, as well as your specific security and connectivity requirements.