Security Notes

Sat
27
Jul
Sarath Pillai's picture

What is IPSEC and how IPSEC does the job of securing data communication

IPSEC - a method to secure internet communications

From the past couple of days i was getting my hands dirty with a technology called as IPSEC, which is not at all a new technology, but yeah it was new for me to configure it in the correct manner. I have seen people in the field of System Administration doing blind troubleshooting by simply changing some configuration, to get the problem fixed somehow.

Although such a kind of approach does work most of the times, but is not at all a good way to go forward. Because you are surely going to stuck again with some issue down the line, which requires proper understanding of the technology to resolve it. I can’t even blame system administrator’s for taking  such an approach, because most of the times, the configuration tasks are assigned with a deadline attached to it, which makes the duration worked on it more important, rather than the configuration you did.

Mon
20
May
Sarath Pillai's picture

website vulnerability scanner

Website vulnerability Scanning

One of the inevitable resource that has become part of our day to day life is the world wide web. Networks and inter networking originated from a series of research conducted at ARPA(Advanced Research Projects Agency). ARPANET(Advanced Research Projects Agency Network) is the worlds first working TCP/IP network. 

Tue
14
May
Sarath Pillai's picture

Secure Shell: How Does SSH Work

SSH Working Explained

Taking remote shell, for carrying out different tasks is a norm, if you have multiple server machine's in your infrastructure. Different protocols and tools were made to accomplish this task of taking a remote shell. Although the tools made during the initial days were capable enough to carry out necessary shell related tasks, there were different design concerns, that resulted in advancements and new tools to accomplish this task.

In this tutorial guide, we will be discussing one such tool, that was designed to eliminate the flaws in previous remote shell programs. Our topic of interest for this tutorial is none other than the Secure Sell, better known as SSH.

The key characteristics that makes a remote login program an efficient one is pointed out in the below list.

Wed
24
Apr
Sarath Pillai's picture

How are passwords stored in Linux (Understanding hashing with shadow utils)

Passwords in Linux

A user account with a corresponding password for that account, is the primary mechanism that can be used for getting access to a Linux machine. Its very much logical to think that the passwords of all the user's in a system must first be saved in some kind of a file or a database, so that it can be verified during a user login attempt.

And you do not require the skill set and expertise of a computer security scientist to think rationally that if you get hold of that database or file, which stores all the passwords, you can easily get access to the machine.

Mon
22
Apr
Sarath Pillai's picture

GPG-GNU Privacy Guard Tutorial (Commandline Encryption and Decryption)

GPG Privacy Guard

Communication through internet is always exposed to security risks of some or the other kind. Any message transmission done through TCP or UDP can always be intercepted with simple packet capturing tools to read the content inside.

Many people are of the opinion that messages between two parties cannot be be intercepted without getting into the middle of their communication path. Although that is true till a certain extent, there are other things to consider where security is the main concern. Let's consider some cases where a possible security breach can happen.

Fri
19
Apr
Satish Tiwary's picture

Linux ZIP command Examples for Compressing and Decompressing Files Securely

Compression and Decompression security

Zip utility is used to combine as well as compress files in Linux.In this article i have included the uses of zip command and how to secure zip files.As i am going to discuss zip related security topics here so i have included security related loopholes too and also the trick or idea to remove such loopholes  in detail with examples. We can see how zip utility is used and how it's beneficial to use as well as how to secure your zip files and what precautions you should take while zipping or while providing security to your zip files.To enhance security of zip files i have also included encryption and decryption concept a bit.

Zip utility is to compress or you can say zip a file or files or a directory but what matters is it's compression ratio. It can be used by different compression level and each level has it's own benefit and requirement which depends up on clients requirement.

Fri
19
Apr
Sarath Pillai's picture

Linux NAT(Network Address Translation) Router Explained

Network Address Translation in Linux

For computer's to communicate with each other, each and every computer must have a unique address to send and receive data. If you do not have a unique address other's will not be able to send data to you. In IPv4 there are around 2^32 addresses, out of which 588514304 are for special purpose, which means we only have 2^32 - 588514304 unique public ip addresses.

Imagine an office in which you have 1000 computer's for the employees to work. If each of them needs to communicate with hosts in the internet, assigning a unique public ip address to each of them will be idiotic and will also be a waste of internet resource.

Also sometimes you want to hide your internal network address details from the publicly available internet, for security reasons. NAT is a solution that was made to solve these problems.

Wed
27
Mar
Sarath Pillai's picture

What is kerberos and how does kerberos work

Kerberos Authentication

In this post we will try to understand some basic concepts of Kerberos. Before biginning with this post it will be an added advantage, to go through needham-schroeder-protocol.

Kerberos is an authentication system developed as part of athena project in MIT. Kerberos uses a trusted third party or call a middle man server, for authentication. And kerberos is based upon needham-schroeder-protocol.

Mon
25
Mar
Sarath Pillai's picture

What is ping sweep and how to do a ping sweep

Ping Sweep

I must begin this by saying that the most widely used command by either a network administrator or a Linux system administrator is the PING command.

Ping stands for Packet Internet Groper.It is commonly used to find whether a machine is alive on the network. I will be doing a dedicated post on the working of PING. A normal PING request sends out an ICMP echo request to the target host, which intern replies with an ICMP echo reply.

An important fact to note here is that, a machine can also be configured to not to respond to a ping request for security reasons, in such cases you need to apply some different techniques to find out whether a target host is alive or not.

In this post we will be discussing ping sweep.

Fri
08
Mar
Sarath Pillai's picture

Linux access control using TCP WRAPPERS

tcp wrapper in linux

Maintaining a good access control list is a nice practice, that must be adopted by any Linux system administrator. This can be achieved with the help of multiple tools. An additional layer of security after your firewall and before your service daemon is a good approach, because even if your firewall is breached, the attacker still has to overcome the extra wrapper you have applied to protect your service.

Pages

Subscribe to RSS - Security Notes