TCP/IP Part 5

This is the final installment in my series of blog posts on TCP/IP which are based on what I learn doing an Infinite Skills training video. In this blog post I am mostly looking at wireless networking with a little on IPV4 & IPV6. There is a program called H Ping that is a good packet creator software. There is a type of network attack called a Fraggle attack and is similar to a smurf attack except the former uses UDP where as the latter uses TCP. Both types try to flood the server on a large network with loads of data from every client computer. Both types of attack are very rare nowadays because network hardware has advanced to a point where they are well prepared for it. 802.11 is the protocol for wireless networking which comes in versions, a, b, g, n & ad. Funnily enough b is the slowest and if you broadcast on 5 GHz and not 2.4 GHz you are less likely to find a signal clash with other devices. inSSiDer 2 is a windows program that lets you set up a wireless connection easily. Generally any wireless device will scan for available networks when you set it up and let you choose one. WPA is better than WEP for encrypting documents to send by wireless and there is a WPA 2 which is better still. If you send unencrypted messages anyone with a wireless receiver can read them. WPA & WPA 2 use a shared key for the messages to be read going both ways. A network should always be password and the users having their own passwords. IPV6 uses 8 groups of hexadecimal numbers and is far superior to it’s parent IPV4. IPV4 is in danger of not supporting enough computers as each has to be individually numbered and it only reaches around 4 billion. IPV6 is highly unlikely to ever reach its limits which is a huge number. IPV4 uses multi-casting to send the same message to several recipients. IPV6 does it with in the program. It also lets you send much bigger amounts of data although this is limited by your broadband connection.

TCP/IP Part 4

This the latest installment in my series of blog posts on TCP/IP and based on what I learnt from a video course by Infinite Skills. SMTP which stands for simple mail transfer protocol & POP 3 which stands for post office protocol are the 2 main protocols used with e-mail. If you do a capture in wireshark you will often see SMB or sender message block. These transfer text and convey file information and are very common on most computers. Website addresses are normally conveyed in HTTP or DNS, both of which convert the URL into something the computer can understand. There is also something called TLS which the part of the website address that is something like .com or .net. Most countries have there own add on bits to the website address similar to .com. TCP/IP is a very old protocol developed for use on the Arpanet etc and probably because the military developed it, it’s very resilient and still in use despite many changes. TCP/IP is very much the most used protocol on networks and individual computers. I remember if you had to install a modem on a NT4 operating system you had to install TCP/IP on the system before.

 

TCP/IP Part 3

This is another installment in my series of blog posts on TCP/IP based on the Infinite Skills course I have been studying. Last time I did look at ICMP and there is something called ICMP attacks. One method is to flood a server with large files coming from lots of remote hosts and of course you put some kind of virus on these hosts and hijack their connection. Another kind of attack called smurfing is to send a message to every host on a large network and getting them to flood the server with data. Most networks nowadays have hardware that can deal with these kinds of attacks so they are very rare but at one time they were quite common. In sending a message over a network there is something called a 3 way handshake. With this the sending host sends a synchronize request then the receiving host sends an acknowledge request then the sending host sends a get request followed by the data. There is an option particularly on wireless networks as to whether you want the file fragmented and you should select yes unless there is a very good reason not to because more often than not if the file exceeds a certain size it won’t get sent and will be returned to the sender. There are thousands of ports on a computer and these are channels not actual ports and it is often a good idea to at least close certain ones of these and monitor which ones your computer is using as viruses can gain access to your computer or network via these. There is a UDP or user datagram protocol which is relatively high speed and is useful if the sequence something is sent in is unimportant. DNS is domain name server and refers to the internet address of a server on a network. HTTP or hypertext transfer protocol is also very similar. The session layer in the OSI model as well as other things replaces lost data if it’s retrievable if it’s lost in transit on a network. Encryption is also on this layer. Checksum checks a file for its size both before and after it’s sent on a network and gives an error message if both aren’t the same size. The RTS protocol is used to stream video and audio. If something is encrypted and sent on a network the sending host will normally send an SSL or secure socket layer and the receiving host will reply with a TLS or transport layer security signal.

 

TCP/IP Part 2

This is the next blog post in my series on TCP/IP based on the Infinite Skills course. First of all I’m looking at IP addresses. These are numbered in 4 groups from 0 to 255 and can be made up in 7 digits. Computers count in binary where 1 indicates a circuit in on and 0 off. Networks are numbered according to these numbers and the series

255.255.255.0 indicates a subnet which is where a network is subdivided. There is also regions of these numbers for things like broadcasts and multicasts and the further to the left the number is divided generally the bigger the network. There are also various protocols some of which I’m going to look at. ICMP is information control management protocol. It gives generally diagnostic information about a host. DHCP is dynamic host control protocol and is a non-static numbering system for hosts on a network as opposed to the static numbering of boot protocol. ARP is address resolution protocol and is when a sending host tries to find a recieving host and out several digits which are answering similarly. You do see ARP spoofing because there is no authenticode as such any host can send any ARP signal with the right software like Kane And Able which is a software program that will do the job. OSPF is open shortest path first and is a protocol that sends information about where a receiving host is and the shortest route that can be used with the least number of hops between routers. BGP is border gateway protocol and is the location of the receiving host sent to the sending host and also there are keep alive to show both hosts are still active during message transmission. I’ll be doing another installment tomorrow.

 

TCP/IP Part 1

This is a new series of blog posts on TCP/IP which is transmission control protocol internet protocol and is based on the Learning TCP/IP course by Infinite Skills which I am doing. I will be doing a post on a daily basis. TCP/IP is a suite of internet protocols which are basically rules for how computers and their networks communicate over the internet. There are other protocols as well as TCP/IP such as IPX & Appletalk but TCP/IP is the most widely used. The origins of the internet started with the ARPANET the basic backbone of which was constructed in 1967 and was a network for the Department Of Defense in America and was built in a decentralized way to survive a nuclear attack. There were other networks built soon after and around that time in particular networks for universities and scientists to communicate with one another. Initially there was TCP which was a protocol for networks and the IP part came later. This course looks quite a bit at wireshark which is a wireless packet capture and analysis program. It’s free to download and contains a filter to look at certain packets of a particular type. The filter box goes red to show it’s incomplete and turns green when you enter a complete search. You can right click on a packet and choose an option to search for packets of the same type. In the filter box you enter the equals sign twice to specify a search criteria because there is always the chance the equals sign might be part of the search criteria. You can search for a type of transmission like tcp or ip and ip would cover just about every transmission type so would be useless. There is something called the OSI model which consists of 7 modules which are Physical, Data Link, Network, Transport, Session, Presentation & Application. These modules are called layers and the lowest layer is Physical and the one data from the internet initially comes through & the highest layer is Application which works directly at a software level including your web browser. Data goes from one layer to the next all the way up and down this model. Different types of protocol work with different layers ie HTTP works with Application & TCP works with Transport. There are discrepancies about which protocols work with Session which isn’t an exact layer. There is also a TCP model which works similar to the OSI model although the top and bottom module incorporate several layers from the TCP model.

 

 

Computer Forensics A

I have started a video training tutorial in Computer Forensics by Infinite Skills and will be writing some of what I learn in a series of daily blog posts. Computer forensics conjures ideas of some one analyzing what is on a computer and then giving a testimony in a court but these skills are also useful to other professionals like a malware analyst working for an anti virus software developer or a security or network administrator. To become a computer forensic expert who need to understand a lot of different disciplines like the various operating systems and how to use the specialist software and file types to name a few. You particularly need to understand the Unix & Windows operating systems. You will copy what is on a computer and normally work on the copy and will use write blocking hardware or software to copy the hard drive. You can’t change anything on the suspect computer otherwise the evidence becomes inadmissable. You also must be ethical and many certifications like CISSP & Ethical Hacker have detailed codes of ethics for their members. You must never take a case which involves a subject you aren’t knowledgeable about as the case is likely to be thrown out and also you must never swap sides or be paid according to the outcome whether guilty or not guilty. One job you must do is check the properties of programs and files on a suspect computer and to do this you right click and choose properties. In particular you are looking for any changes or modifications to the program and when it was installed. File types and saved work are also important. If you are working in Windows there is a program called Compare It which compares 2 files and tells you in the form of a hash tag if they are identical or not. On Linux there is MD5Sum which does a similar job. I will be continuing this tomorrow.

Enterprise Server Infrastructure

The book I read to research this post was Designing And Implementing An Enterprise Infrastructure by Steve Suehring which is a very good book which I bought from kindle. This book which is aimed at administrators of large computer networks is an exam guide to the exam of the same which is part of the Microsoft series of certifications. A lot of this book is about installing Windows Server 2012 on your network and the steps you need to take like planning involved in doing this. There are quite a lot of new features in Server 2012. There are several options connected to automating the installation process on several connected servers. Of course you must make sure you have the right licensing for the number of servers and clients on your network. A lot of networks have a remediation server where maybe customers can access part of your network. It’s important to prevent these people having direct access to your main network as some may have security issues like not enough updates or even viruses on their computers. This book is quite interesting as has self test quizzes at the end of each chapter. It may be a little complex for inexperienced computer users. If you are upgrading your operating system on your network Server 2012 will upgrade from Server 2003 or later.

 

Junos OS

The book I read to research this post was Junos OS For Dummies by Michael Bushong et al which is an excellent book which I bought from kindle. This book tells you all about Junos OS and even has a part dealing with 2 contrasting devices. It’s mainly used on big computer networks and is an operating system which is specifically used to run a network. Some of these items like switches can be rack based and weigh 350 pounds so you need to know what you are doing. It has a smaller attack surface than the Windows operating system & the vast majority of viruses can’t attack it. There are other networking operating systems like Cisco IOS but Junos OS is gaining in popularity. This operating system is more text based than Windows you use a lot of textual shortcuts to set things up. To go to the next page you fill the text box with asterisks. It’s compatible with protocols like TCP/IP & IPV4. A device will normally have an RJ-45 connector on a cable labelled console that connects to a computer to set it up. There is a free download called Junos OS Pulse which is a version you can use on a workstation. Administrators are called Super Users when you are stting a device up. This is something I’d like to learn more about and I have quite a few books on Junos OS so I’ll probably review more books on this subject.