Monday, 20 October 2014

Private Key Cryptography:Introduction

Encryption can be viewed as a process of locking the confidential message inside a box.
Decryption can be viewed just inverse of encryption, process of unlocking the message for reading by one who is authorized.

Encryption and decryption done using the same key is Private Key Cryptography aka Symmetric Key Cryptography. The ciphers developed by such encryption are called as symmetric or secret ciphers. Here the secret key is shared among sender and receiver. 
Consider Alice and Bob as sender and receiver respectively and plain-text is the original message to be sent to Bob. This plaintext is first converted into ciphertext by applying encryption algorithm and is then transmitted towards Bob. Alice, while encryption uses a secret key which is also shared with Bob who uses it for decrypting the message received from Alice. This means that both Alice and Bob need a secure channel for exchanging the key. Traditional ciphers were generated by using this technique of Private Key Cryptography. 

Thursday, 2 October 2014

Internet Control Message Protocol

The internet is managed and monitored by routers. Any unexpected is reported by a protocol called Internet Control Message Protocol (ICMP). As it goes with its name, this protocol is used as a control and to test the internet.
It must be noted that there are a number of messages associated with this protocol, but only important ones are discussed here in brief.

DESTINATION UNREACHABLE
Used when a packet fails to reach the destination or when the router/subnet can not locate the destination.

TIME EXCEEDED
Used when the packet is dropped as its counter reaches zero. This may signify heavy traffic and/or congestion.

PARAMETER PROBLEM
Used when an illegal/incorrect parameter is inserted header field. 

SOURCE QUENCH
Used for flow control and congestion control. When a packet is discarded, this message is sent to the source informing about the congestion is the path. 

REDIRECT
Used when the router judges that the packet is wrongly routed. 

ECHO and ECHO REPLY
These messages are used to confirm the availability of the destination. ECHO message is transmitted towards destination and ECHO REPLY message from destination to source confirms presence of destination. 

Other messages along with their formats are available here.

Sunday, 21 September 2014

Firewall Configuration

This is my second post on firewall, I'll be using the abbreviations that I described in the first post. This post is aimed at the firewall configurations in brief. 
The following three firewall configurations are the most used.

Screened Host Firewall Single Homed Bastion














Whatever is coming from the internet is checked by packet filter. Packet filter checks the header of packets and then it proceeds to AGW where word-by-word checking is performed. However, in this configuration, incentive given to regular packets is that they are identified differently and are not checked thoroughly every time they visit. Such frequently visiting packets are by-passed directly to the LAN without being checked by AGW. This is where the configuration lacks and is prone to spoofing attacks. Hence, though it is faster, cannot be used practically. 

Screened Host Firewall Dual Homed Bastion 













This configuration was introduced to overcome the flaw in single homed bastion. Here, in order to enter LAN, every packet must undergo packet filter and AGW checking. Packets are allowed to enter the LAN only after these checks. So, there is no compromise in security but this makes the configuration slow, which becomes the major drawback for the system operations.

Screened Subnet Firewall

This configuration is like a hybrid of above two configurations. Here, two packets filters and one AGW is present which makes up the design of firewall. The packet coming from the internet towards the LAN is checked by the outside filter and AGW while the packet going out from the LAN is checked by the inside filter and AGW. This configuration combines the advantages of both of the above configurations and also overcomes their drawbacks. This is why, it is the best suited for practical use.

Saturday, 20 September 2014

Peeping Into The "Firewall"

This post is aimed at the basic understanding of the Firewall and its types.

What is the purpose of using firewall?
Firewall is just another security guard for the system which prevents the in and out of "bad" elements from our system. A company can have many LANs connected in arbitrary ways, but all the traffic to or from the company must be forced through an electronic drawbridge- firewall.

Types of firewall:

1. Circuit level gateway (CGW)-
This operates at the physical layer of the system.
Since physical layer deals with the bits, its main task is bit-level checking.

2. Packet filter-
It opeartes at the network layer.
The main job is to check the packet headers for errors.

3. Application layer gateway(AGW)-
As the name suggests, it functions at the application layer and performs the job of content based checking where the end user operates.

4.Bastion host-
This one can be said to be a hybrid of CGW and AGW.

The next post is all about the detailed configurations of firewall. Stay tuned, breaching to you soon!

Tuesday, 16 September 2014

TCP Joke?

"Hi, I'd like to hear a TCP joke"
"Hello, would you like to hear a TCP joke?"
"Yes, I'd like to hear a TCP joke"
"Okay, I'll tell you a TCP joke"
"Okay, I'm ready to hear a TCP joke"
"Okay, I'm about to send a TCP joke, that'll last for 10 seconds. It has two characters, it does not have a setting, it'll end with a punchline."
"Okay, I'll get your TCP joke, that'll last for 10 seconds. It has two characters, it does not have a setting, it'll end with a punchline."
"I'm sorry, your connection has timed out"

"Hello, I'd like to hear a TCP joke"

Friday, 5 September 2014

Domain Name Service:Everything To Know

Domain Name Service (DNS) is an application layer protocol used to keep track of computers, resources and services in network environment.
It uses four servers:
  • Local DNS Server: Local server present in the end user's network.  
  • Top Level Domain Server: Holds addresses for domains with extensions .com, .net, .org etc
  • Authoritative Server: System acting as an interface in the particular domain.  
  • Root Server: Holds the addresses of all TLDs.

    DNS uses TCP for replication and UDP for translation since it requires fastness.

  • How Does DNS Work?

    Whenever an end user requests for connecting to a domain on the internet, the request is first transferred to its local DNS server. If it has the information for which user is asking for, it replies immediately and connection is established. If local DNS has no information, the request goes to ISP router to check to see if it has the desired address. The request is then transferred to Root Server, which contains all addresses of Top Level Domains. If the address of domain is still not found, it finally goes to respective TLD server. TLD server will then search for the particular requested domain in its address tables and forward the request to thr Authoritative Server (AS). AS  may be any system in the network of that domain. The reverse connection process starts here. It'll respond back to the TLD server establishing connection in between TLD and AS servers. TLD server will send reply to root server giving it the information about the respective address. Root server in turn will pass on this information to ISP router which sends it to the local DNS server of end user. The end user can now get connected to desired domain. 
    While the address sent by AS to end user, the intermediate servers also add this address to their database and update it. In other words, it is said that this address is cached into these servers. Thus whenever next request is made to same domain, the local DNS server is capable of providing the reply to user avoiding the need to contact further servers.   

    Here's how I can summarize the working of DNS:


    Tuesday, 26 August 2014

    Configure A Telnet Server On Windows System For Remote Desktop

    Here's a Do-It-Yourself of implementing Telnet service on Windows environment.
    The following step-by-step procedure is a easy way to have Telnet connection without the use of any third-party application. 

    Telnet Server is a network service. When you install Windows 7, Windows Server 2008 R2, Windows Vista or Windows Server 2008, the files that make up the Telnet Server service are copied to your computer, but they are not yet operational. The Telnet service is disabled at first. You must enable the service by configuring the service to start when you need it. On a Telnet server that is regularly used, you might want to configure the service to start automatically every time Windows starts. You can also configure the Telnet Server service to start only when you start it manually.
    Membership in the local Administrators group, or the equivalent, is the minimum required to complete these procedures.


    To enable Telnet Server and start or stop it from the Windows interface

    1.       Open the Services MMC snap-in. Click Start, and then type services.msc in the Start Search box.
    2.       If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
    3.       Right-click Telnet, and then click Properties.
    4.       In the Startup type list, select one of the following:
      • Automatic (Delayed Start) to start Telnet Server after Windows starts and all boot processes have finished
      • Automatic to start Telnet Server when Windows starts
      • Manual to allow Telnet Server to be started and stopped when needed
      • Disabled to prevent Telnet Server from running
    5.       To start or stop the service, on the Telnet Properties dialog box, click Start or Stop. You can also start or stop the service on the main Services page by selecting Telnet in the list, and then using the start (triangle) and stop (square) icon buttons on the toolbar at the top of the page.


    To start or stop Telnet Server at a command prompt

    1.       Open an elevated command prompt. Right-click a Command Prompt shortcut, and then click Run as administrator.
    2.       If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
    3.       Type one of the following commands:
      • To start Telnet Server, type net start telnet.
      • To stop Telnet Server, type net stop telnet.


    To start Telnet service on Windows 7 or 8 or Windows Vista

    1. Click Start, and then click Control Panel.
    2. On the Control Panel Home page, click Programs.
    3. In the Programs and Features section, click Turn Windows features on or off.
    4. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
    5. In the Windows Features list, select Telnet Client, and then click OK.
    The command prompt will respond accordingly once Telnet services have been started. 
    Remote system can be connected by running command as:
    o <port or IP>
    For example, if the IP address of the system to be connected is 176.16.180.25 then the above command will look like this-
    o 176.16.180.25

    After successful execution of this command, the system will ask for username and password of the remote system. Make sure to provide login credentials with which the system is logged in. 
    On successful login, user can run any commands from his/her system which will execute on remote system. 

    Saturday, 23 August 2014

    A Glance At NIC (Network Interface Card)


    • NIC aka Network Interface Card or Network Interface Controller is a combination of hardware and software that connects a system to a network or Internet. 
    • It comprises of Physical and Data Link Layer considering OSI reference model stack. 
    • Physical address of the system is available in NIC.
    • We can have Copper or Fiber Optic or wireless NIC introduced in the system. Once NIC is available, the system can be connected to Internet, no matter whether the system is your air-conditioner, washing machine or refrigerator.  


    Quick Question:
    Where can I see all the layers in my system?
    Smart Answer:
    Physical and Data link layers are in NIC and the rest of them in operating system. If I remove my NIC, I can't get my system connected to Internet. 

    Tuesday, 19 August 2014

    Networking Devices


    Any network and ultimately internet is based on devices that connects the networks. Hence devices have major role to play in Networking and are called as backbone devices. There are several devices that are used for connections based on the situation and demand. However the main task of all these devices is to connect and allow the traffic to flow from one point to another despite there are differences in each of them. Several devices are often used as synonyms for each other but there exists some parameters based on which these devices differ. Here a glance at most frequently used Networking devices and differences between them.

    Hub-
    Used for connecting multiple workstations and/or servers.
    It is passive devices i.e. contains mostly electronic components and cannot make decisions.
    Mostly used for broadcasting.
    Since there is no decision making involved with Hub, there is no lookup or routing table associated

    Switch-
    Used to connect workstation and/or servers
    Active device i.e. has decision making properties.
    Switches are mostly used for unicasting.
    Classified in two ways.
    1.       Store and forward switches
    2.       Managed and unmanaged switches.
    Decision making requires some data structure to be maintained. Lookup tables are used to store information about physical addresses of the hosts/devices in the network

    Bridge-
    Bridge is somewhat similar to hubs but it is used to connect subnetworks (subnets) or LANs
    Similar to switch, it is also an active device
    Lookup table is maintained which contains physical addresses of the other hosts/devices

    Router-
    One of the mostly used networking devices. This is because of its multi-functionality features.
    Used to connect similar networks or network of networks.
    Router works at bottom three layers of OSI model-Physical, DLL and Network layer.
    The main task of router is to find the best/optimal path for the incoming packets to reach their destinations.  
    For this, it maintains a routing table containing information about packets, their source and destinations, logical and physical addresses etc.

    Gateway-
    Gateway is just another multi-protocol router
    Just as its name suggest it is a high-end form of router which can be used to connect dissimilar networks.
    Another major difference between a router and a gateway is that gateway works at Application, Transport along with the Network layers, considering OSI reference model.


    Another device-Brouter is used which is a combination of Bridge and Router which can perform tasks of both of these devices. 

    Tuesday, 12 August 2014

    Flashback : Internet

    How was the Internet in its early days?
    Of course, it wasn't the same as looks today.
    How did it evolve?
    Who made it look like this?

    The revolution started as a research project to connect computer via packet switched network. It was developed under the leadership of Advanced Research Projects Agency (ARPA).
    In just few years, it wasn't just a project, it was a grand surprise to the world!

    Here's a sneak peak into the history of the Internet.

    Early Stages

    1958: Russia launches "Sputnik"- world's first artificial satellite
    1962: Leonard Kleinrock, MIT student publishes a paper on packet switching. 
    1966: Lawrence Roberts, another MIT student publishes a plan for ARPAnet based on packet switching. 
    1968: BBN receives the contract for developing Interface Message Processors (IMP) switches.
    April 07,1969: "Host Software"- first RFC published by Steve Crocker.
    September 02,1969: Leonard Kleinrock's computer becomes the first node at UCLA in ARPANET. 
    October 29,1969: Charlie Klaine attempts remote login from UCLA to SRI.

    "We set up a telephone connection between us and the guys at SRI.." 
    Kleinrock said in an interview: 
    "We typed the L and we asked on the phone,
    "Do you see the L?"
    "Yes, we see the L," came the response.
    "We typed the O, and we asked, "Do you see the O."
    "Yes, we see the O."
    "Then we typed the G, and the system crashed.."

    1970s: Getting Ready for Something Big!

    1970: AT & T installs first ever link between UCLA and BBN at 56kbps
    1972: Ray Tomlinson writes email program for ARPANET, TELNET protocol RFC published
    1973: Bob Metacalfe gives birth to Ethernet at Xerox, Palo Alto Research Center, FTP protocol RFC published
    1974: First full draft of TCP produced.
    1978: TCP splits into TCP and IP

    1980s: Time of Tremendous Growth

    1981: The term "Internet" is born.
    1982: ISO releases famous 7-layer OSI model
    January 01, 1983: Original ARPANET NCP banned, TCP takes its place.
    1984: Cisco comes alive, Domain Name System (DNS) introduced.
    November 1988: Internet worm affecting 10% of 60000 computers on the Internet.
    December 1988: Internet Assigned Numbers Authority (IANA) established.
    End of 1980s: About 100,000 hosts! 

    1990s: Commercialization

    1990-1993: WorldWideWeb, Mosaic, a GUI based browser introduced.
    Internet Overflow!
    1992: Internet Society founded.
    1995: Sun launches JAVA, registrations of domain names is no more free of cost!






    File Transfer Protocol

    File Transfer Protocol aka FTP is a very popularly used protocol for transfer of files from one system to another in TCP/IP environment.
    FTP uses client-server architecture and two connections for the successful transfer, which makes it different from other client-server services.

    1. Control Connection: It is established on port 21 of server and used for command and control purposes.
    2. Data Connection: Once control connection has been made, actual data transfer is carried out by establishing data connection.  

    How Does FTP Work?



    The block representation above visualizes the working in brief.
    One side we have client and server on other. Client has UI, control process where control connection is established and data process where data connection is established. Server has control and data process. 

    Control Connection:
    The server issues a passive open connection on port 21 for client.
    The client uses an ephemeral port (port used for short-duration connections) to accept the request and connects with the server. Such a connection is called as control connection.
    Control connection is necessary as long as FTP connection is to be used, also it is like a prerequisite for making data connection.

    Data Connection:
    Client issues a passive open on an ephemeral port. (Why can't server issue? Because it is client who is going to issue command for data transfer) Client sends this port number to server.
    Server on receiving port number accepts the request on port 20 and data connection is established successfully. 

    Once the data connection is established, data transfer may begin. Client and server may be using any operating system, architecture may be same of different, file structures and file formats may be different, FTP can be used for communication. 

    DIY Tip: FTP connection can be easily implemented using your Windows machine or even with the help of third-party software like FileZilla. How? Hold on!


    Monday, 11 August 2014

    Layers in TCP/IP Protocol Suite

    The purpose of each layer in TCP/IP protocol suite is briefly discussed here.

    Physical Layer:
    There is  no specific or dedicated protocol for physical layer in TCP/IP model.
    This layer is responsible for actual transmission of data for one device to another. The unit of transmission is bits.
    In addition to this, responsibility of physical layer is similar to that in OSI model but mostly depends on the underlying technologies.

    Data Link Layer:
    The packet received from network layer, is framed which becomes the unit of communication at DLL.
    Framing involves encapsulation of data by adding header and trailer to it.
    Header include the information about source and destination addresses, which play important role in identification and authentication of correct packet.

    Network Layer:
    At Network layer, TCP/IP supports Internet Protocol (IP) as a transmission mechanism.
    Datagram is the unit of transmission used at network layer. 
    The major difference between network layer and physical and DLL is that communication in network layer is end-to-end whereas it is node-to-node in physical and DLL.  

    Transport Layer:
    Network layer is responsible for sending datagrams to destination and transport layer is responsible for sending entire message (aka segment) to destination. 
    A segment may contain one/more datagrams.
    Transport layer in TCP/IP is represented by two protocols- 
    1. UDP aka User Datagram Protocol which provides connection-less service
    2. TCP aka Transmission Control Protocol which provides reliable connection-oriented service.
    Since Internet may assign different routes to datagrams, the packets received at the destination may arrive out-of-order or may get lost. 

    Application Layer:
    This layer is equivalent to Session, Presentation and Application layers in OSI reference model. 
    This is the layer where user actually interacts with the system and perform desired tasks. 
    Various protocols including e-mail services, file transfer, accessing World Wide Web etc. are defined at this layer and the number is increasing with the growing need.  
    Like transport and network layers, this layer is also an end-to-end layer. 

    What Does IPv4 Properties Signify?

    While configuring a system (PC, laptop or handheld devices) to any network, mostly Internet, we come across few fields to be filled up for establishing a connection. These fields are labelled under "IPv4 Properties". 
    These properties can be modified in two possible ways-
    1. DHCP aka Dynamic Host Configuration Protocol
    2. Manually entering IP settings

    If the network supports DHCP, then there is no need of configuring the system to connect to a network. However, if the system is to be connected in a particular subnetwork (a smaller division in a network) then usually user need to enter IP addresses manually. In such cases, we come across following window asking for the fields to be filled up.


    We need to consider four fields here.
    1. IP address-It is the IP address (logical address) of the device to be connected. 
    2. Subnet mask-It is basically used to identify the subnetwork. Subnet mask is a unique combination of Subnet id and host (system) id.
    3. Default gateway-All subnets are connected to parent network via a high-end device called Router. Default gateway is the IP address of router in the network. 
    4. DNS (Domain Name System)-It is a naming mechanism to provide names to systems in the Internet. In our discussion, DNS refers to the IP address of the router at ISP (Internet Service Provider). ISP is the "big brother" from whom the user has subscribed for the Internet.

    The correct combination of all these fields will make a successful connection to the desired network. 

    Comparison of OSI and TCP/IP Models

     
    The basic difference that can easily be observed in above two reference models is that that OSI modeled at 
    7 layers whereas, TCP/IP has 5 layers. The major reason for this is believed to be because- 
    1.TCP/IP has more than 1 transport layer protocols. (Example-UDP, TCP, SCTP)
    2. Unlike in OSI model, application layer in TCP/IP is not just one piece of software, rather several applications can be developed at this layer. 

    Layers in OSI model specify functionalities belonging to that layer. TCP/IP model contain relatively independent protocols that can be mixed if the system demands.   

    Search This Blog