Security class 2

satya - 7/15/2015, 9:15:22 AM

Continued from class 1

Continued from class 1

satya - 7/15/2015, 9:17:52 AM

What is RADIUS server?

What is RADIUS server?

Search for: What is RADIUS server?

satya - 7/15/2015, 9:18:25 AM

BIND is a unix domain name server

BIND is a unix domain name server

satya - 7/15/2015, 9:20:26 AM

what is xarp program

what is xarp program

Search for: what is xarp program

satya - 7/15/2015, 9:20:53 AM

Understand a bit about domain controllers

Understand a bit about domain controllers

Search for: Understand a bit about domain controllers

satya - 7/15/2015, 9:33:13 AM

How do you control devices and clients (Mac, Linux) from a centralized configuration

How do you control devices and clients (Mac, Linux) from a centralized configuration

Search for: How do you control devices and clients (Mac, Linux) from a centralized configuration

satya - 7/15/2015, 9:37:15 AM

Geo tagging

Geo tagging

Search for: Geo tagging

satya - 7/15/2015, 9:50:54 AM

UTM: Unified Threat Management

UTM: Unified Threat Management

Search for: UTM: Unified Threat Management

satya - 7/15/2015, 9:52:37 AM

IDS: Intrusion detection system

IDS: Intrusion detection system

Search for: IDS: Intrusion detection system

satya - 7/15/2015, 10:00:59 AM

IPS: Intrusion Protection System

IPS: Intrusion Protection System

Search for: IPS: Intrusion Protection System

satya - 7/15/2015, 10:02:43 AM

approaches to detecting intrusions


behavior
signatures
anomalies
heuristic - best practices or principles

satya - 7/15/2015, 10:05:53 AM

What is VPN tunneling?

What is VPN tunneling?

Search for: What is VPN tunneling?

satya - 7/15/2015, 10:06:32 AM

VPN tools technologies and practices

VPN tools technologies and practices

Search for: VPN tools technologies and practices

satya - 7/15/2015, 10:07:40 AM

Snort: Intrusion detection system

Snort: Intrusion detection system

Search for: Snort: Intrusion detection system

satya - 7/15/2015, 10:15:57 AM

ICMP

ICMP

Search for: ICMP

The Internet Control Message Protocol (ICMP) is one of the main protocols of the Internet Protocol Suite. It is used by network devices, like routers, to send error messages indicating, for example, that a requested service is not available or that a host or router could not be reached.

satya - 7/15/2015, 10:16:50 AM

NIDS

NIDS

Search for: NIDS

Network intrusion detection system.

satya - 7/15/2015, 10:18:50 AM

WinPcap

WinPcap

Search for: WinPcap

satya - 7/15/2015, 10:18:59 AM

WinPcap

In the field of computer network administration, pcap (packet capture) consists of an application programming interface (API) for capturing network traffic. Unix-like systems implement pcap in the libpcap library; Windows uses a port of libpcap known as WinPcap.

Monitoring software may use libpcap and/or WinPcap to capture packets travelling over a network and, in newer versions, to transmit packets on a network at the link layer, as well as to get a list of network interfaces for possible use with libpcap or WinPcap.

The pcap API is written in C, so other languages such as Java, .NET languages, and scripting languages generally use a wrapper; no such wrappers are provided by libpcap or WinPcap itself. C++ programs may link directly to the C API or use an object-oriented wrapper.

satya - 7/15/2015, 10:19:23 AM

Winpcap is required by most networking tools in windows

Winpcap is required by most networking tools in windows

satya - 7/15/2015, 10:43:18 AM

What is NAC?

What is NAC?

Search for: What is NAC?

satya - 7/15/2015, 10:46:19 AM

what are VLANs

what are VLANs

Search for: what are VLANs

satya - 7/15/2015, 10:49:04 AM

There goes subnets

There goes subnets

Search for: There goes subnets

satya - 7/15/2015, 10:49:43 AM

WildPackets subnet calculator

WildPackets subnet calculator

Search for: WildPackets subnet calculator

satya - 7/15/2015, 10:55:25 AM

NAT - Network Address Translation

NAT - Network Address Translation

Search for: NAT - Network Address Translation

satya - 7/15/2015, 11:01:49 AM

NAT

The original use of network address translation consisted of mapping every address of one address space to a corresponding address in another space, such as when an enterprise changed Internet service providers, without having a facility to announce a public route to the network. In face of the foreseeable global IP address space exhaustion, NAT was increasingly used since the late 1990s in conjunction with IP masquerading which is a technique that hides an entire IP address space, usually consisting of private network IP addresses (RFC 1918), behind a single IP address in another, usually public address space. This mechanism is implemented in a routing device that uses stateful translation tables to map the "hidden" addresses into a single IP address and readdresses the outgoing Internet Protocol packets on exit so they appear to originate from the routing device. In the reverse communications path, responses are mapped back to the originating IP addresses using the rules ("state") stored in the translation tables. The translation table rules established in this fashion are flushed after a short period unless new traffic refreshes their state, to prevent port exhaustion and free state table resources.

The method enables communication through the router only when the conversation originates in the masqueraded network since this establishes the translation tables. For example, a web browser in the masqueraded network can browse a website outside, but a web browser outside could not browse a website hosted within the masqueraded network. However, most NAT devices today allow the network administrator to configure translation table entries for permanent use. This feature is often referred to as "static NAT" or port forwarding and allows traffic originating in the "outside" network to reach designated hosts in the masqueraded network.

Because of the popularity of this technique to conserve IPv4 address space, the term NAT has become virtually synonymous with the method of IP masquerading.

As network address translation modifies the IP address information in packets, it has serious consequences on the quality of Internet connectivity and requires careful attention to the details of its implementation. NAT implementations vary widely in their specific behavior in various addressing cases and their effect on network traffic. The specifics of NAT behavior is not commonly documented by vendors of equipment containing implementations.[

satya - 7/15/2015, 11:07:19 AM

APIPA

APIPA

Search for: APIPA

satya - 7/15/2015, 1:04:10 PM

Understand SNMP and its security

Understand SNMP and its security

Search for: Understand SNMP and its security

satya - 7/15/2015, 1:05:28 PM

Poodle attack

Poodle attack

Search for: Poodle attack

satya - 7/15/2015, 1:06:19 PM

Smurf attack

Smurf attack

Search for: Smurf attack

satya - 7/15/2015, 1:07:52 PM

IPSec

IPSec

Search for: IPSec

satya - 7/15/2015, 1:08:41 PM

IPSec


transit security
authenticity and integrity
anti-replay
non-repudiation
eavesdropping
sniffing

satya - 7/15/2015, 1:09:19 PM

SSL TLS IPSec

SSL TLS IPSec

Search for: SSL TLS IPSec

satya - 7/15/2015, 1:13:48 PM

iSCSI FCoE Fibre Channel

iSCSI FCoE Fibre Channel

Search for: iSCSI FCoE Fibre Channel

satya - 7/15/2015, 1:14:19 PM

Telnet is cleartext protocol

Telnet is cleartext protocol

satya - 7/15/2015, 1:19:15 PM

ftp, sftp, tftp, ftp over ssh, scp, ftps

ftp, sftp, tftp, ftp over ssh, scp, ftps

Search for: ftp, sftp, tftp, ftp over ssh, scp, ftps

satya - 7/15/2015, 1:25:00 PM

TCP/IP Ports and port ranges

TCP/IP Ports and port ranges

Search for: TCP/IP Ports and port ranges

satya - 7/15/2015, 1:25:51 PM

Ports and port ranges

used by both tcp and udp

0 to 64k

0 to 1023 well known

satya - 7/15/2015, 1:26:14 PM

well known port numbers

well known port numbers

Search for: well known port numbers

satya - 7/15/2015, 1:27:17 PM

key ones


21 ftp
22 ssh
25 smtp
53 dns
80 443 http
110 pop3
139 netbios
143 imap
3389 rdp

satya - 7/15/2015, 1:33:45 PM

Teamviewer program

Teamviewer program

Search for: Teamviewer program

satya - 7/15/2015, 1:35:01 PM

Ammyy another one

Ammyy another one

Search for: Ammyy another one

satya - 7/15/2015, 1:50:24 PM

Network Administration Security Methods

Flood guards

Loop protection

Port security

Secure router configuration

MAC limiting

MAC filtering

Network separation

VLAN management

Implicit deny

Log analysis

satya - 7/15/2015, 2:03:39 PM

802.11 standards

802.11

802.11a: 54 Mbps, 5 GHz, short range

802.11b: 11 Mbps, 2.4 GHz, better range

802.11g: 54 Mbps, 2.4 GHz, better range

802.11n: 600 Mbps, 2.4 or 5 GHz MIMO technology

802.11ac: Wider channels than 802.11n in 5 GHz, 1300 Mbps

MIMO Technology

satya - 7/15/2015, 2:05:14 PM

Wireless Security Protocols

Wireless Security Protocols: WEP

Wireless Security Protocols: WTLS

Wireless Security Protocols: 802.1x

Wireless Security Protocols: WPA/WPA2

Wireless Security Protocols: EAP

satya - 7/15/2015, 2:13:01 PM

What is hardening wireless devices and routers?

What is hardening wireless devices and routers?

Search for: What is hardening wireless devices and routers?

satya - 7/15/2015, 2:14:02 PM

routerpasswords.com has the default passwords

routerpasswords.com has the default passwords

satya - 7/15/2015, 2:15:47 PM

wigle.net has the wireless access points

wigle.net has the wireless access points

satya - 7/15/2015, 2:18:10 PM

Security topic: IDS

Security topic: IDS

Search for: Security topic: IDS

satya - 7/15/2015, 2:28:20 PM

what is this: http://ui.linksys.com

you can use this configure i suppose at home wifi routers.

satya - 7/15/2015, 2:30:09 PM

IPSec

IPSec: transit security

IPSec: authenticity and integrity

IPSec: anti-replay

IPSec: non-repudiation

IPSec: eavesdropping

IPSec: sniffing

satya - 7/15/2015, 3:06:38 PM

Password Protocols

Password Protocols: HMAC

Password Protocols: HOTP

Password Protocols: TOTP

Password Protocols: PAP

Password Protocols: CHAP

satya - 7/15/2015, 3:10:12 PM

Security Concepts

Security Concepts: RADIUS

Security Concepts: Kerberos

Security Concepts: SAML

Security Concepts: TACACS

Security Concepts: XTACACS

satya - 7/15/2015, 3:12:09 PM

RADIUS

Remote dial in blah blah

it is an old technology for modems

satya - 7/15/2015, 2:49:10 PM

Directory Services

Directory Services: Microsoft Active Directory

Directory Services: Sun Java System Directory Server

Directory Services: OpenDS

Directory Services: OpenLDAP

Directory Services: Open Directory

satya - 7/15/2015, 2:50:13 PM

Understanding Directory services and LDAP

Understanding Directory services and LDAP

Search for: Understanding Directory services and LDAP

satya - 7/15/2015, 2:52:34 PM

Remote access Protocols

Remote access Protocols: PPP

Remote access Protocols: PPPoE

Remote access Protocols: PPTP

Remote access Protocols: L2TP

Remote access Protocols: SSTP

satya - 7/15/2015, 2:53:48 PM

What is HMAC?

What is HMAC?

Search for: What is HMAC?

satya - 7/15/2015, 2:56:23 PM

Here is some information on MAC

Here is some information on MAC

satya - 7/15/2015, 3:31:12 PM

Here is a discussion on MAC and HMAC

Here is a discussion on MAC and HMAC

satya - 7/15/2015, 3:37:28 PM

Message Digest, MAC, HMAC

Message Digest, MAC, HMAC

Search for: Message Digest, MAC, HMAC

satya - 7/15/2015, 3:48:56 PM

This is a good link to understand this

This is a good link to understand this

satya - 7/15/2015, 3:49:56 PM

Summary

A message digest algorithm takes a single input -- a message -- and produces a "message digest" (aka hash) which allows you to verify the integrity of the message: Any change to the message will (ideally) result in a different hash being generated. An attacker that can replace the message and digest is fully capable of replacing the message and digest with a new valid pair.

A MAC algorithm takes two inputs -- a message and a secret key -- and produces a MAC which allows you to verify the integrity and the authenticity of the message: Any change to the message or the secret key will (ideally) result in a different MAC being generated. Nobody without access to the secret should be able to generate a MAC calculation that verifies; in other words a MAC can be used to check that the MAC was generated by a party that has access to the secret key.

A HMAC algorithm is simply a specific type of MAC algorithm that uses a hash algorithm internally (rather than, for example, an encryption algorithm) to generate the MAC.

satya - 7/15/2015, 3:52:43 PM

What can you do with HMAC?

No one has tampered the data on the way

Only those with a shared symmetric key could have produced the message

satya - 7/15/2015, 3:54:17 PM

What can you not do with HMAC?

Although you can vouch the integrity, the receiver can fake the pair as she/he is in charge of the message and the key, much like the producer. This would not have been the case if this is a signature (uses a private key).

satya - 7/15/2015, 3:54:36 PM

A hash is a one way function, you cannot decrypt it.

A hash is a one way function, you cannot decrypt it.

satya - 7/15/2015, 3:55:45 PM

A key pair is fundamentally two way to encrypt and decrypt and holds the data

unlike the hash which is is just a short secret joojoo that gets emited.

satya - 7/15/2015, 3:59:36 PM

The hierarchy

digest or a hash - a one way generated number (no integrity, can repudiated)

MAC or HMAC - A digest that cannot be tampered (still can be repudiated)

Signature - A hash signed with a private key and not a symmetric key giving both integrity and non-repudiation

Certificate - Just a public key certified by an authority.