Security class 2
satya - 7/15/2015, 9:17:52 AM
What is RADIUS server?
What is RADIUS server?
satya - 7/15/2015, 9:18:25 AM
BIND is a unix domain name server
BIND is a unix domain name server
satya - 7/15/2015, 9:20:26 AM
what is xarp program
what is xarp program
satya - 7/15/2015, 9:20:53 AM
Understand a bit about domain controllers
Understand a bit about domain controllers
satya - 7/15/2015, 9:33:13 AM
How do you control devices and clients (Mac, Linux) from a centralized configuration
How do you control devices and clients (Mac, Linux) from a centralized configuration
Search for: How do you control devices and clients (Mac, Linux) from a centralized configuration
satya - 7/15/2015, 9:50:54 AM
UTM: Unified Threat Management
UTM: Unified Threat Management
satya - 7/15/2015, 9:52:37 AM
IDS: Intrusion detection system
IDS: Intrusion detection system
satya - 7/15/2015, 10:00:59 AM
IPS: Intrusion Protection System
IPS: Intrusion Protection System
satya - 7/15/2015, 10:02:43 AM
approaches to detecting intrusions
behavior
signatures
anomalies
heuristic - best practices or principles
satya - 7/15/2015, 10:05:53 AM
What is VPN tunneling?
What is VPN tunneling?
satya - 7/15/2015, 10:06:32 AM
VPN tools technologies and practices
VPN tools technologies and practices
satya - 7/15/2015, 10:07:40 AM
Snort: Intrusion detection system
Snort: Intrusion detection system
satya - 7/15/2015, 10:15:57 AM
ICMP
ICMP
The Internet Control Message Protocol (ICMP) is one of the main protocols of the Internet Protocol Suite. It is used by network devices, like routers, to send error messages indicating, for example, that a requested service is not available or that a host or router could not be reached.
satya - 7/15/2015, 10:18:59 AM
WinPcap
In the field of computer network administration, pcap (packet capture) consists of an application programming interface (API) for capturing network traffic. Unix-like systems implement pcap in the libpcap library; Windows uses a port of libpcap known as WinPcap.
Monitoring software may use libpcap and/or WinPcap to capture packets travelling over a network and, in newer versions, to transmit packets on a network at the link layer, as well as to get a list of network interfaces for possible use with libpcap or WinPcap.
The pcap API is written in C, so other languages such as Java, .NET languages, and scripting languages generally use a wrapper; no such wrappers are provided by libpcap or WinPcap itself. C++ programs may link directly to the C API or use an object-oriented wrapper.
satya - 7/15/2015, 10:19:23 AM
Winpcap is required by most networking tools in windows
Winpcap is required by most networking tools in windows
satya - 7/15/2015, 10:49:43 AM
WildPackets subnet calculator
WildPackets subnet calculator
satya - 7/15/2015, 10:55:25 AM
NAT - Network Address Translation
NAT - Network Address Translation
satya - 7/15/2015, 11:01:49 AM
NAT
The original use of network address translation consisted of mapping every address of one address space to a corresponding address in another space, such as when an enterprise changed Internet service providers, without having a facility to announce a public route to the network. In face of the foreseeable global IP address space exhaustion, NAT was increasingly used since the late 1990s in conjunction with IP masquerading which is a technique that hides an entire IP address space, usually consisting of private network IP addresses (RFC 1918), behind a single IP address in another, usually public address space. This mechanism is implemented in a routing device that uses stateful translation tables to map the "hidden" addresses into a single IP address and readdresses the outgoing Internet Protocol packets on exit so they appear to originate from the routing device. In the reverse communications path, responses are mapped back to the originating IP addresses using the rules ("state") stored in the translation tables. The translation table rules established in this fashion are flushed after a short period unless new traffic refreshes their state, to prevent port exhaustion and free state table resources.
The method enables communication through the router only when the conversation originates in the masqueraded network since this establishes the translation tables. For example, a web browser in the masqueraded network can browse a website outside, but a web browser outside could not browse a website hosted within the masqueraded network. However, most NAT devices today allow the network administrator to configure translation table entries for permanent use. This feature is often referred to as "static NAT" or port forwarding and allows traffic originating in the "outside" network to reach designated hosts in the masqueraded network.
Because of the popularity of this technique to conserve IPv4 address space, the term NAT has become virtually synonymous with the method of IP masquerading.
As network address translation modifies the IP address information in packets, it has serious consequences on the quality of Internet connectivity and requires careful attention to the details of its implementation. NAT implementations vary widely in their specific behavior in various addressing cases and their effect on network traffic. The specifics of NAT behavior is not commonly documented by vendors of equipment containing implementations.[
satya - 7/15/2015, 1:04:10 PM
Understand SNMP and its security
Understand SNMP and its security
satya - 7/15/2015, 1:08:41 PM
IPSec
transit security
authenticity and integrity
anti-replay
non-repudiation
eavesdropping
sniffing
satya - 7/15/2015, 1:13:48 PM
iSCSI FCoE Fibre Channel
iSCSI FCoE Fibre Channel
satya - 7/15/2015, 1:14:19 PM
Telnet is cleartext protocol
Telnet is cleartext protocol
satya - 7/15/2015, 1:19:15 PM
ftp, sftp, tftp, ftp over ssh, scp, ftps
ftp, sftp, tftp, ftp over ssh, scp, ftps
satya - 7/15/2015, 1:25:00 PM
TCP/IP Ports and port ranges
TCP/IP Ports and port ranges
satya - 7/15/2015, 1:25:51 PM
Ports and port ranges
used by both tcp and udp
0 to 64k
0 to 1023 well known
satya - 7/15/2015, 1:26:14 PM
well known port numbers
well known port numbers
satya - 7/15/2015, 1:27:17 PM
key ones
21 ftp
22 ssh
25 smtp
53 dns
80 443 http
110 pop3
139 netbios
143 imap
3389 rdp
satya - 7/15/2015, 1:50:24 PM
Network Administration Security Methods
satya - 7/15/2015, 2:03:39 PM
802.11 standards
satya - 7/15/2015, 2:05:14 PM
Wireless Security Protocols
satya - 7/15/2015, 2:13:01 PM
What is hardening wireless devices and routers?
What is hardening wireless devices and routers?
satya - 7/15/2015, 2:14:02 PM
routerpasswords.com has the default passwords
satya - 7/15/2015, 2:15:47 PM
wigle.net has the wireless access points
satya - 7/15/2015, 2:18:10 PM
Security topic: IDS
Security topic: IDS
satya - 7/15/2015, 2:28:20 PM
what is this: http://ui.linksys.com
you can use this configure i suppose at home wifi routers.
satya - 7/15/2015, 2:30:09 PM
IPSec
satya - 7/15/2015, 3:06:38 PM
Password Protocols
satya - 7/15/2015, 3:10:12 PM
Security Concepts
satya - 7/15/2015, 3:12:09 PM
RADIUS
Remote dial in blah blah
it is an old technology for modems
satya - 7/15/2015, 2:49:10 PM
Directory Services
satya - 7/15/2015, 2:50:13 PM
Understanding Directory services and LDAP
Understanding Directory services and LDAP
satya - 7/15/2015, 2:52:34 PM
Remote access Protocols
satya - 7/15/2015, 3:31:12 PM
Here is a discussion on MAC and HMAC
satya - 7/15/2015, 3:37:28 PM
Message Digest, MAC, HMAC
Message Digest, MAC, HMAC
satya - 7/15/2015, 3:48:56 PM
This is a good link to understand this
satya - 7/15/2015, 3:49:56 PM
Summary
A message digest algorithm takes a single input -- a message -- and produces a "message digest" (aka hash) which allows you to verify the integrity of the message: Any change to the message will (ideally) result in a different hash being generated. An attacker that can replace the message and digest is fully capable of replacing the message and digest with a new valid pair.
A MAC algorithm takes two inputs -- a message and a secret key -- and produces a MAC which allows you to verify the integrity and the authenticity of the message: Any change to the message or the secret key will (ideally) result in a different MAC being generated. Nobody without access to the secret should be able to generate a MAC calculation that verifies; in other words a MAC can be used to check that the MAC was generated by a party that has access to the secret key.
A HMAC algorithm is simply a specific type of MAC algorithm that uses a hash algorithm internally (rather than, for example, an encryption algorithm) to generate the MAC.
satya - 7/15/2015, 3:52:43 PM
What can you do with HMAC?
No one has tampered the data on the way
Only those with a shared symmetric key could have produced the message
satya - 7/15/2015, 3:54:17 PM
What can you not do with HMAC?
Although you can vouch the integrity, the receiver can fake the pair as she/he is in charge of the message and the key, much like the producer. This would not have been the case if this is a signature (uses a private key).
satya - 7/15/2015, 3:54:36 PM
A hash is a one way function, you cannot decrypt it.
A hash is a one way function, you cannot decrypt it.
satya - 7/15/2015, 3:55:45 PM
A key pair is fundamentally two way to encrypt and decrypt and holds the data
unlike the hash which is is just a short secret joojoo that gets emited.
satya - 7/15/2015, 3:59:36 PM
The hierarchy
digest or a hash - a one way generated number (no integrity, can repudiated)
MAC or HMAC - A digest that cannot be tampered (still can be repudiated)
Signature - A hash signed with a private key and not a symmetric key giving both integrity and non-repudiation
Certificate - Just a public key certified by an authority.