5026 Security class 2

Security class 2

Continued from class 1

What is RADIUS server?

Search for: What is RADIUS server?

BIND is a unix domain name server

what is xarp program

Search for: what is xarp program

Understand a bit about domain controllers

Search for: Understand a bit about domain controllers

How do you control devices and clients (Mac, Linux) from a centralized configuration

Search for: How do you control devices and clients (Mac, Linux) from a centralized configuration

Geo tagging

Search for: Geo tagging

UTM: Unified Threat Management

Search for: UTM: Unified Threat Management

IDS: Intrusion detection system

Search for: IDS: Intrusion detection system

IPS: Intrusion Protection System

Search for: IPS: Intrusion Protection System


behavior
signatures
anomalies
heuristic - best practices or principles

What is VPN tunneling?

Search for: What is VPN tunneling?

VPN tools technologies and practices

Search for: VPN tools technologies and practices

Snort: Intrusion detection system

Search for: Snort: Intrusion detection system

ICMP

Search for: ICMP

The Internet Control Message Protocol (ICMP) is one of the main protocols of the Internet Protocol Suite. It is used by network devices, like routers, to send error messages indicating, for example, that a requested service is not available or that a host or router could not be reached.

NIDS

Search for: NIDS

Network intrusion detection system.

WinPcap

Search for: WinPcap

In the field of computer network administration, pcap (packet capture) consists of an application programming interface (API) for capturing network traffic. Unix-like systems implement pcap in the libpcap library; Windows uses a port of libpcap known as WinPcap.

Monitoring software may use libpcap and/or WinPcap to capture packets travelling over a network and, in newer versions, to transmit packets on a network at the link layer, as well as to get a list of network interfaces for possible use with libpcap or WinPcap.

The pcap API is written in C, so other languages such as Java, .NET languages, and scripting languages generally use a wrapper; no such wrappers are provided by libpcap or WinPcap itself. C++ programs may link directly to the C API or use an object-oriented wrapper.

Winpcap is required by most networking tools in windows

What is NAC?

Search for: What is NAC?

what are VLANs

Search for: what are VLANs

There goes subnets

Search for: There goes subnets

WildPackets subnet calculator

Search for: WildPackets subnet calculator

NAT - Network Address Translation

Search for: NAT - Network Address Translation

The original use of network address translation consisted of mapping every address of one address space to a corresponding address in another space, such as when an enterprise changed Internet service providers, without having a facility to announce a public route to the network. In face of the foreseeable global IP address space exhaustion, NAT was increasingly used since the late 1990s in conjunction with IP masquerading which is a technique that hides an entire IP address space, usually consisting of private network IP addresses (RFC 1918), behind a single IP address in another, usually public address space. This mechanism is implemented in a routing device that uses stateful translation tables to map the "hidden" addresses into a single IP address and readdresses the outgoing Internet Protocol packets on exit so they appear to originate from the routing device. In the reverse communications path, responses are mapped back to the originating IP addresses using the rules ("state") stored in the translation tables. The translation table rules established in this fashion are flushed after a short period unless new traffic refreshes their state, to prevent port exhaustion and free state table resources.

The method enables communication through the router only when the conversation originates in the masqueraded network since this establishes the translation tables. For example, a web browser in the masqueraded network can browse a website outside, but a web browser outside could not browse a website hosted within the masqueraded network. However, most NAT devices today allow the network administrator to configure translation table entries for permanent use. This feature is often referred to as "static NAT" or port forwarding and allows traffic originating in the "outside" network to reach designated hosts in the masqueraded network.

Because of the popularity of this technique to conserve IPv4 address space, the term NAT has become virtually synonymous with the method of IP masquerading.

As network address translation modifies the IP address information in packets, it has serious consequences on the quality of Internet connectivity and requires careful attention to the details of its implementation. NAT implementations vary widely in their specific behavior in various addressing cases and their effect on network traffic. The specifics of NAT behavior is not commonly documented by vendors of equipment containing implementations.[

APIPA

Search for: APIPA

Understand SNMP and its security

Search for: Understand SNMP and its security

Poodle attack

Search for: Poodle attack

Smurf attack

Search for: Smurf attack

IPSec

Search for: IPSec


transit security
authenticity and integrity
anti-replay
non-repudiation
eavesdropping
sniffing

SSL TLS IPSec

Search for: SSL TLS IPSec

iSCSI FCoE Fibre Channel

Search for: iSCSI FCoE Fibre Channel

Telnet is cleartext protocol

ftp, sftp, tftp, ftp over ssh, scp, ftps

Search for: ftp, sftp, tftp, ftp over ssh, scp, ftps

TCP/IP Ports and port ranges

Search for: TCP/IP Ports and port ranges

used by both tcp and udp

0 to 64k

0 to 1023 well known

well known port numbers

Search for: well known port numbers


21 ftp
22 ssh
25 smtp
53 dns
80 443 http
110 pop3
139 netbios
143 imap
3389 rdp

Teamviewer program

Search for: Teamviewer program

Ammyy another one

Search for: Ammyy another one

Flood guards

Loop protection

Port security

Secure router configuration

MAC limiting

MAC filtering

Network separation

VLAN management

Implicit deny

Log analysis

802.11

802.11a: 54 Mbps, 5 GHz, short range

802.11b: 11 Mbps, 2.4 GHz, better range

802.11g: 54 Mbps, 2.4 GHz, better range

802.11n: 600 Mbps, 2.4 or 5 GHz MIMO technology

802.11ac: Wider channels than 802.11n in 5 GHz, 1300 Mbps

MIMO Technology

Wireless Security Protocols: WEP

Wireless Security Protocols: WTLS

Wireless Security Protocols: 802.1x

Wireless Security Protocols: WPA/WPA2

Wireless Security Protocols: EAP

What is hardening wireless devices and routers?

Search for: What is hardening wireless devices and routers?

routerpasswords.com has the default passwords

wigle.net has the wireless access points

Security topic: IDS

Search for: Security topic: IDS

you can use this configure i suppose at home wifi routers.

IPSec: transit security

IPSec: authenticity and integrity

IPSec: anti-replay

IPSec: non-repudiation

IPSec: eavesdropping

IPSec: sniffing

Password Protocols: HMAC

Password Protocols: HOTP

Password Protocols: TOTP

Password Protocols: PAP

Password Protocols: CHAP

Security Concepts: RADIUS

Security Concepts: Kerberos

Security Concepts: SAML

Security Concepts: TACACS

Security Concepts: XTACACS

Remote dial in blah blah

it is an old technology for modems

Directory Services: Microsoft Active Directory

Directory Services: Sun Java System Directory Server

Directory Services: OpenDS

Directory Services: OpenLDAP

Directory Services: Open Directory

Understanding Directory services and LDAP

Search for: Understanding Directory services and LDAP

Remote access Protocols: PPP

Remote access Protocols: PPPoE

Remote access Protocols: PPTP

Remote access Protocols: L2TP

Remote access Protocols: SSTP

What is HMAC?

Search for: What is HMAC?

Here is some information on MAC

Here is a discussion on MAC and HMAC

Message Digest, MAC, HMAC

Search for: Message Digest, MAC, HMAC

This is a good link to understand this

A message digest algorithm takes a single input -- a message -- and produces a "message digest" (aka hash) which allows you to verify the integrity of the message: Any change to the message will (ideally) result in a different hash being generated. An attacker that can replace the message and digest is fully capable of replacing the message and digest with a new valid pair.

A MAC algorithm takes two inputs -- a message and a secret key -- and produces a MAC which allows you to verify the integrity and the authenticity of the message: Any change to the message or the secret key will (ideally) result in a different MAC being generated. Nobody without access to the secret should be able to generate a MAC calculation that verifies; in other words a MAC can be used to check that the MAC was generated by a party that has access to the secret key.

A HMAC algorithm is simply a specific type of MAC algorithm that uses a hash algorithm internally (rather than, for example, an encryption algorithm) to generate the MAC.

No one has tampered the data on the way

Only those with a shared symmetric key could have produced the message

Although you can vouch the integrity, the receiver can fake the pair as she/he is in charge of the message and the key, much like the producer. This would not have been the case if this is a signature (uses a private key).

A hash is a one way function, you cannot decrypt it.

unlike the hash which is is just a short secret joojoo that gets emited.

digest or a hash - a one way generated number (no integrity, can repudiated)

MAC or HMAC - A digest that cannot be tampered (still can be repudiated)

Signature - A hash signed with a private key and not a symmetric key giving both integrity and non-repudiation

Certificate - Just a public key certified by an authority.