Security Notes

Taking remote shell, for carrying out different tasks is a norm, if you have multiple server machine's in your infrastructure. Different protocols and tools were made to accomplish this task of taking a remote shell. Although the tools made during the initial days were capable enough to carry out necessary shell related tasks, there were different design concerns, that resulted in advancements and new tools to accomplish this task.

In this tutorial guide, we will be discussing one such tool, that was designed to eliminate the flaws in previous remote shell programs. Our topic of interest for this tutorial is none other than the Secure Sell, better known as SSH.

The key characteristics that makes a remote login program an efficient one is pointed out in the below list.

A user account with a corresponding password for that account, is the primary mechanism that can be used for getting access to a Linux machine. Its very much logical to think that the passwords of all the user's in a system must first be saved in some kind of a file or a database, so that it can be verified during a user login attempt.

And you do not require the skill set and expertise of a computer security scientist to think rationally that if you get hold of that database or file, which stores all the passwords, you can easily get access to the machine.

Communication through internet is always exposed to security risks of some or the other kind. Any message transmission done through TCP or UDP can always be intercepted with simple packet capturing tools to read the content inside.

Many people are of the opinion that messages between two parties cannot be be intercepted without getting into the middle of their communication path. Although that is true till a certain extent, there are other things to consider where security is the main concern. Let's consider some cases where a possible security breach can happen.

Zip utility is used to combine as well as compress files in Linux.In this article i have included the uses of zip command and how to secure zip files.As i am going to discuss zip related security topics here so i have included security related loopholes too and also the trick or idea to remove such loopholes  in detail with examples. We can see how zip utility is used and how it's beneficial to use as well as how to secure your zip files and what precautions you should take while zipping or while providing security to your zip files.To enhance security of zip files i have also included encryption and decryption concept a bit.

Zip utility is to compress or you can say zip a file or files or a directory but what matters is it's compression ratio. It can be used by different compression level and each level has it's own benefit and requirement which depends up on clients requirement.

For computer's to communicate with each other, each and every computer must have a unique address to send and receive data. If you do not have a unique address other's will not be able to send data to you. In IPv4 there are around 2^32 addresses, out of which 588514304 are for special purpose, which means we only have 2^32 - 588514304 unique public ip addresses.

Imagine an office in which you have 1000 computer's for the employees to work. If each of them needs to communicate with hosts in the internet, assigning a unique public ip address to each of them will be idiotic and will also be a waste of internet resource.

Also sometimes you want to hide your internal network address details from the publicly available internet, for security reasons. NAT is a solution that was made to solve these problems.

In todays world we transffer a lot of files from one place to another in internet. Whenever you upload a file to a server or download a file from the server, There are several things that needs to be checked. Some of them are mentioned below:

1.Data integrety due to network link problem.

2.Data integrity due to threats from hackers(really there are some bad people out ther spying network activity all the time)

In this post we will try to understand some basic concepts of Kerberos. Before biginning with this post it will be an added advantage, to go through needham-schroeder-protocol.

Kerberos is an authentication system developed as part of athena project in MIT. Kerberos uses a trusted third party or call a middle man server, for authentication. And kerberos is based upon needham-schroeder-protocol.

Maintaining a good access control list is a nice practice, that must be adopted by any Linux system administrator. This can be achieved with the help of multiple tools. An additional layer of security after your firewall and before your service daemon is a good approach, because even if your firewall is breached, the attacker still has to overcome the extra wrapper you have applied to protect your service.

The main functionality of a router is to route packets from one place to another. Linux machine can be used as router on your network that will route substantial amount of traffic without any issues, if configured correctly.

Due to the increasing amount of malicious and attack traffic on the internet, it has become very much necessary to take some extra care while configuring routes on a Linux machine or physical router's.

One of the major problem that internet security people are dealing with today, is spoofing. 

What is IP address spoofing?

IP spoofing is a method adopted by attacker's to send forged source address in their attack traffic.Which means they can send an IP packet with an IP address of their wish.