A nice endeavour by Mozilla for teaching — actively making, building and sharing the web.
A nice endeavour by Mozilla for teaching — actively making, building and sharing the web.
Back here, writing after a long time!
Let me point down some of the major incidents during that time –
The workshop on High Performance Computing was really a nice arrangement by CDAC for the students to learn and be familiar with the parallel processing. They offered the supercomputer access to perform the OpenMP and MPI programs, along with nice practical teaching from the HPC experts.
The fever, which was caused because of some sort of food poisoning, made me suffer for a fortnight. I lost weight in notable proportions, but now I’m doing all good! Due to the fever I missed some of the lectures at college – but that’s no problem – as they were of my favourite subjects – Cloud Computing and Network Defense.
The trip to Mumbai was great! Travelling whole night in the train – tea at every station, a new experince with excitement in the land of dreams, an awesome event by Google, a trip in the Best bus, an empty local train, Mumbai vada-pav, key chains, halwa, all in a single day!!
Before the exams I was not expecting to score much in those exams, but that thing boosted me up and worked hard to get a nice rank in the exams – the first exams of my M.Tech. syllabus. I faced the online exams for the first time, totally practicals oriented subjects, and I am happy that I stood 3rd in the class.
Ah, how can I forget the haste I made on that day! I badly wanted to attend the Microsoft TechDay event – while the exams were going on. The next day exam was of Advanced Operating Systems, and yes, I wanted to attend the event which was about the operating systems. Still I managed to travel to Ahmedabad for the event and attend the Windows 8 and Server 2012 phases – though I missed the Visual Studio part.
The Cisco Learning Network is the best thing for a Networking guy! All the Cisco networking guys at one place – helping each other and boosting the spirits to perform better for the certifications and to solve the problems at their workplace. I like the friendly atmosphere the VIPs and Managers have created there, along with the pointing systems. Also, it gives a feel like a true Social Networking site – adding of the friends, updates, messages, discussions, games. I was a member of the community since long, but got to feel it when I became active during the last months.
That’s all! Adios..
Apart from the normal reasons for keeping our email accounts secure, there are many more which we try to ignore, or are not aware of the possibilities.
Take this scenario – why to keep the work-related and social email accounts seperate and confidential (if possible) :
If someone knows the basic information about you, your social networking account can be hacked. The main ingredient is – your email id. Its better to keep the id secure which you are using for networking. If the work and social email ids are the same, there are more chances of people guessing-knowing your basic informations, providing more chance for your account to get compromised.
I just wanted to let you know – that nobody is secure.
Some minutes back, I received a DM on my twitter by a friend. The DM contained –
Did you see this pic of you? lol bit.ly/YqGEju
And, it was from a girl who’s in the network security field since 12 years. Clearly, her account was hacked, and the victim account was used to send DMs to get some more accounts.
The result of clicking on that link will be? — Some metasploit exploit, abusing the vulnerabilities on your computer.
Point is, do not share email ids with anyone, do not click any link (even if its from a friend, verify the link by some online checker), change the password every 2 weeks, keep seperate email accounts, and patch your system regularly.
But still, you are insecure.
I think that I shall never see
A graph more lovely than a tree.
A tree whose crucial property
Is loop-free connectivity.
A tree which must be sure to span.
So packets can reach every LAN.
First the Root must be selected
By ID it is elected.
Least cost paths from Root are traced
In the tree these paths are placed.
A mesh is made by folks like me
Then bridges find a spanning tree.
The Spanning Tree Protocol was developed by Dr. Radia Perlman, who gave the idea in her poem “Algorhyme” which is based on “Trees” by Joyce Kilmer.
Here’s a simple explanation for the TCP 3 way handshake agreement for Connection Establishment and Connection Termination —
Connection establishment :
1. SYN packet sent to the next node
2. SYN packet sent by the next node, along with the ACK of our SYN packet
3. ACK for their SYN sent to the next node
1. FIN packet sent to the next node
2. FIN packet sent by the next node, along with ACK of our FIN packet
3. ACK of their FIN packet sent to the next node
What is penetration testing?
Penetration testing is the evaluation of any computer system, whether it be a single device or a group of interconnected nodes, against any potential attacks from inside or outside, breaking the security.
Types of Penetration testing –
(Post reference – The Open Web Application Security Project)
As we were promised by the authorities, for the HPC workshop we were to be given the supercomputer access, though we didn’t get the real access, but were given the CLI through the CDAC Gateway. The 16 core machine, was capable enough to handle several of the unbreakable loops created by students’ MPI and OpenMP programs. The past whole week was dedicated for the High Performance Computing topics, and we learnt mainly the Clusters, Process communications for large number of Processors and the libraries for their development.
The module started with the introduction to High Performance computing and Clusters, and went through covering topics like OpenMP, MPI, parallel and serial processing comparisons, various algorithms for optimizing performance in parallel systems and General Purpose Graphical Processing Unit. The tests and assessment went well with the OpenMP and MPI programming.
And by the way, I moved to Gandhinagar last week. Enjoying independent life. Need to handle everything on my own, but I have started to like it. Getting more free time to work and read.
Next module for Network Defense and Countermeasures is starting next Monday, and the pre-assignments are yet to be completed. The only thing left to do is perform some NMap packet captures, which I cannot perform with the wireless internet. Need to visit the college lab for the Ethernet captures. Getting back to work, clusters and networks, adios!
Imagine a scenario, where you are the System Admin of an organization, using Windows domain. There is a guy in the organization who has fought with his manager, and is now resigining from his post. This disgruntled employee, may have the idea of encrypting all the company’s data from his own user account before leaving. If he encrypts all the data, we do not have the key to decrypt, and that’s a big loss.
How to overcome this? Answer is data recovery agent.
The public and private keys come in picture – while creating a data recovery agent, you are providing the public key to employees, while the private key is available only to the admin. Hence whenever a guy encrypts any data on his machine on Windows domain, he’ll need the public key to encrypt, but he cant decrypt someone else’s data as the private key is not available with him. This provides Data Integrity and Confidentiality.
You’ll need a Windows server 2008 as a server machine, and a client such as XP or Windows 7.
On the server machine, start the command prompt.
First step is to create a set of public and private keys.
Create a directory named ‘certi’ for storing the keys and then go to that directory with the following commands
> mkdir certi
> cd certi
Now, to create a pair of keys, the command is as below:
> cipher /R:certi_file
This command will ask you to provide a password for the keys. Two files will be created. File with extension “.cer” is the public key (which we need to provide to the client) and “.pfx” is the private key (to be kept secret).
Now, in the same server machine, run the command ‘certmgr.msc’
This will open a windows where you can edit the available certificates. Import our private key by-
Right click ‘Trusted Root Certification Authorities’ > All Tasks > Import
You will get a prompt where you have to specify the path for your private key.
Provide the “.pfx” file path and then you’ll be asked for the password of your key pair.
The configuring of your server is complete.
Now enter the client machine with Administrator credentials.
Go to Control Panel > Administrative Tools > Local Security Policy > Public Key Policies
Right click Encrypting File System > Add Data Recovery Agent
In the Wizard, click Next and Browse Folders.
Locate the “.cer” file in the client machine and provide it for installing.
Now to verify the Data Recovery Agent, log-in to the client as testuser1.
Create a file named ‘impdata.rtf’ and provide some text input.
Now encrypt that file by
Right click file > Advanced > Check the Encrypt contents to secure data option
We have encrypted our file with the Admin’s public key.
Whenever someone else, other than the one with private key, will try to open our file, that user will not be able to see its contents.
Login with testuser2, and try to access the file. You’ll be denied.
But the Administrator has the private key, and he can view the contents of the file.
Login to the client as Administrator, and you’ll be able to read the file.
SSH between two machines without password. Easy?
Yes, I’ll show you how.
What do we use password-less SSH for? A secure encrypted channel between two machines. Now when we want to have a permanent secure channel between these two machines, without entering password everytime we need to access, best way is to make them password-less.
How does this work? The concept of Public-private keys. We generate the RSA key pair for our SSH, and provide our public key to the next machine. Its that easy. The next machine need to add our public keys to their file called authorized keys. Done.
Steps are here –
Generate the ssh keys first for starting the ssh service on both sides. And then start the ssh service.
# /etc/init.d/ssh start
You can check the ssh service running on port 22 by the netstat command.
Next is to generate our RSA keypair. The command is,
We have our public and private keys with us. Now let’s send the public key to the remote machine, using Secure Copy. The keys in our machine are stored at /root/.ssh/
# scp /root/.ssh/id_rsa.pub 192.168.111.143:/root/.ssh/authorized_keys
(Replace your next machine’s IP with my 192.168.111.143)
The authorized key set for the next machine is stored at /root/.ssh/authorized_keys
After the above command, you’ll be asked to enter the password. But that will be the last time someone asks for the ssh password. For secure shell from the next machine to yours, follow the same process from the next machine. That’s all folks!
Its a version of Denial of Service attack – floods the victim with spoofed broadcast pings. A large number of pings are sent to the IP broadcast address of the victim, it responds back with broadcast to all the hosts – and these hosts simultaneously reply – causing a major lock in the network.
A funny ping – ICMP packet is sent to the victim – which floods its buffer, causing the system to reboot or the network getting hanged.
The Denial of Service attack does exactly as the name suggests – prevents the users from the service. Can be generally implemented with ICMP spoofing.
The SYN packets are used for connection establishment – and these SYN packets are used here to take down a computer by sending a number of useless SYN packets, and the computer becomes too busy responding to the SYNs.
Tiny programs creating a variety of bad things to computers – and they can replicate itself!
File virus – contained in executables like .exe, .dll, and .com.
Macro virus – A script to automatically carrying out a task – without the user initiating it.
Boot sector virus – They damage the booting process of a computer by over-writing the boot sector, creating problems like hard disk error or missing OS.
They are a lot like virus, and also they can actively replicate – without the user opening or executing them. They can propagate and destroy themselves.
(If you are using BackTrack, Apache will be already installed and configured)
The path of Apache is /etc/apache/
(The Apache version shown here is apache2, it will differ if you have a different version)
Create a directory for keeping the SSL certificates and go to the directory
# mkdir ssl
# cd ssl
Create the server key, using the ‘des3’ algorithm with 1024 bits. You will be asked a passphrase which you need to remember
# openssl genrsa -des3 -out server.key 1024
Create the Certificate signing element by providing the passphrase for the server.key and the Certificate details
# openssl req -new -key server.key -out server.csr
Create the Certificate using the X509 authentication standard, for a validity of 365 days
# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
You can check the list of files created by the ‘ls’ command, and to watch the contents of these files by ‘cat’ command
Start the apache server by the following command
# /etc/init.d/apache2 start
Check your server by typing “http://localhost” in your browser.
Now you need to make changes for including the SSL connection. First go to the directory sites-available
# cd sites-available
Modify the file “default-ssl” by replacing the contents of SSLCertificateKey and SSLCertificateFile as shown below:
Modify the file “default” by copying the the Virtual host from above and making the changes as in it as shown:
In the folder /etc/apache2/ you need to make changes to the ‘httpd.conf’ file by adding these two lines to the blank file:
Now provide the command to start the ssl service
# a2enmod ssl
Restart the apache service and you will get the service started as shown below:
Congratulations! Your SSL Apache server has started.
Now try to browse your Apache from a remote machine, by typing “http://ip of your server” in its browser.
To check the SSL connection, try ‘https’ instead of ‘http’ before the ip address
At first time, you will get a message that it is an untrusted connection (because it is using a certificate which we have just created, and your will not be having that certificate) Add and exception for the certificate.
After you add an exception for the certificate, finally you will get the SSL connection to the Apache server. The SSL connection will work until you have the respective certificate added to your browser.
Yes, moved to Gandhinagar-Ahmedabad last week. Got admitted for the M.Tech. course at Gujarat Technological University, for specialization in IT Systems and Network Security. Instead of the conventional Computer Engineering Masters, I chose the special course for my passion, computer networks and security. Even the subjects are interesting, like Distributed and Cloud Computing, Grid Computing and Network Defense and Countermeasures. I am very excited to study these subjects.
Last week passed with basics of Operating Systems and Object Oriented Designing. The institute uses OpenSuse 12.0 as their primary OS for the Labs. Object Oriented lectures were a revision of the fundamental concepts, as I am familiar with them because of the subjects like Object Oriented Concepts and Advanced Java Technology during my Bachelors. All the faculties are from CDAC-ACTS centers, veteran and expert in their fields. I am liking the environment and work culture at this college which needs full dedication, though it is somewhat strict.
Next Monday I am shifting to Sector 5A, Gandhinagar. The way to college needs a bus ride plus some walking. The walkway to my college is so lush green that it tempts you to take a walk even if you don’t like walking. And here’s a picture of it:
Also, started using Tata Photon 3G wireless to stay connected all the time. Will update more frequently now, about my college life, security projects, and our access to Param Yuva (yeah, surprise!) through ParamNet.
Adios, for now!
You are in a hurry, and want to refer the common port numbers — you can’t go through the whole list of port numbers to find the useful ports. Here I’ve given some frequently used port numbers for a quick reference:
|File Transfer – Data port|
|File Transfer – Command port|
|Simple Mail Transfer Protocol|
|WHOIS Domain Lookup|
|Domain Name System|
|POP version 3|
|Network Time Protocol|
|RPC – Microsoft Endpoint Mapper|
|NetBIOS Name Service|
|NetBIOS Datagram Service|
|NetBIOS Session Service|
|Internet Message Access Protocol|
|Simple Network Management Protocol|
|Border Gateway Protocol|
|Internet Relay Chat|
|AppleTalk Routing Maintenance|
|Lightweight Directory Access Protocol|
|Secure Socket Layer — HTTPS|
|Internet Security Association and Key Management Protocol|
|Routing Information Protocol|
|Internet Small Computer System Interface — iSCSI|
|FTP over TLS/SSL – data port|
|FTP over TLS/SSL – command port|
|Telnet over TLS/SSL|
|IMAP over TLS/SSL|
|POP3 over TLS/SSL|
|HTTP (Alternate Port)|
Last night I was attending a webinar on Windows Server 2012, conducted by the trainer Ed Liberman, and it happened to be very informative. The the presentation was mostly through screenshots and virtualized, the information gain was high.
The webinar started with the primary installation of the server OS on a virtual machine. This is just the normal installation, same as any other Windows OS (and if you’ve worked with Windows 8 client side, this installation is no big deal). And the main advantage starts from here – it was the case in older Server operating systems that either we can install the core server or the graphical interface, but it was not possible to change to the next interface by just removing on interface. But Microsoft has now made it possible to remove the GUI after you configure the server, and then you can work smoothly with the core installation. It is not easy to configure the core server with all those commands on the prompt, and hence this change by Microsoft is going to get some applause.
The UI is the Metro look by Microsoft, and there are some changes in the Server Manager Windows. The window shows any errors in any of the features of the server, and this becomes a problem while having a clean installation. When you perform a custom install of the operation system on a new machines, be ready to have some error messages from the server manager window. But that’s all good as now we can monitor and manage them from the same window.
The UI seems tricky to some people, and they are not happy with the Metro look, demanding Microsoft to give an option for changing back to normal look. But that option is not going to be available in the near future, as Microsoft has implemented the Metro look to all its new technologies, and it won’t be happy to have any modifications to them now. Yes, there will be unofficial tweaks for getting the normal look, but you’ll have to wait for it. While for me, I am good with the Metro look, as they’ve continued with the search-box and shortcuts. The interface is decent, its just that you need time to have some familiarity with it.
As the time was a constraint, the webinar was not able to cover the advanced features, but I am learning them from my course at the Microsoft Virtual Academy. At the MVA, I am able to discover more deeply through their official videos and white papers, and the self assessments are fun. Hope to get among the top ten students by completing some more tracks in my free time.Keep checking for more updates on Windows Server 2012 as I’m soon going to implement it on my machine and have some hands-on with the system.
Adios, for now.
SMDS, or Switched Multimegabit Data Service, has not yet gained significant market penetration, although it has begun to experience some growth. SMDS was viewed as a stepping stone to ATM, since some of the communications equipment and media are common to the two technologies. As SMDS is not available everywhere, and there is more interest in ATM, SMDS has had a hard time getting into the mainstream.
SMDS does, however, have some penetration; if your long-distance carrier is MCI, you may have cause to use this technology. The attraction of SMDS is that it has the potential to provide highspeed, link-level connections (initially in the 1 to 34 Mbps range) with the economy of a shared public network, and exhibits many of the qualities of a LAN.
In an SMDS network, each node has a unique 10-digit address. Each digit is in binary-coded decimal, with 4 bits used to represent values 0 through 9. Bellcore, the “keeper” of the SMDS standard, assigns a 64-bit address for SMDS, which has the following allocation:
• The most significant 4 bits are either 1100 to indicate an individual address, or 1110 to indicate a group address.
• The next 4 most significant bits are used for the country code, which is 0001 for the United States.
• The next 40 bits are the binary-coded decimal bits representing the 10-decimal digit station address.
• The final 16 bits are currently padded with ones. To address a node on the SMDS network, all you need do is put the node’s SMDS address in the destination field of the SMDS frame. In this way, SMDS behaves in a fashion similar to Ethernet or
Token-Ring, which delivers frames according to MAC addresses. A key difference between SMDS and these LAN technologies, however, is the maximum frame size allowed. Ethernet allows justover 1500 bytes, and Token-Ring just over 4000 bytes, but SMDS allows up to 9188 bytes. These SMDS frames are segmented into ATM-sized 53-byte cells for transfer across the network. A large frame size gives SMDS the ability to encapsulate complete LAN frames, such as Ethernet, Token-
Ring, and FDDI, for transportation over the SMDS network.
Hello you! Since 3 months I was preparing for the Network+ and CCNA certifications. I had planned to appear for the N+ after my final exams and CCNA after gaining some industrial experience with computer networks.
Then I had a thought of appearing for the N+ during my reading vacations before the final exams – so as I can give my full time for job hunting after the university exams. And on 27th I went to the Pearson VUE Exam Centre, Baroda for my first networking certification exams. I was fully prepared for the exams – intense work for 1 week – from CBT Nuggets, Network+ Study Guide by Todd Lammle and my practical experience in the industry during my college projects. And my hard work showed the results – passed the exams with 790 marks! I am very glad to have such a glorious result in my first ever networking certification. Now eagerly waiting for the certification kit with hard copy of the certificate having my name printed on it!
As part of my college project work, I am developing a secure network at a medium sized office. Last week I completed the configuring of the wi-fi router with the normal protocols as well as some security features. Prior to developing the physical network, I tested the network with all its preferences in two different network simulators for its successful working (mainly for the IP address assigning). Let me describe you the techniques which I used in the router configuration –
This is what I configured in the router during this time. The access points that are used for the wireless networks are Cisco WRT54GL APs. The whole network for the authorities is working efficiently, and the next steps are to configure the catalyst switch and install the routers.
Along with the project work, I am preparing for networking certifications – CompTIA Network+ and CCNA. Planning to appear for Network+ during May, after completing my Engineering exams.
After the wi-fi development, I was busy with the crimping and cabling at the project site. Along with the cabling, the installation and configuration of client machines was going on. Then I developed the servers for the desired functions. And at last I connected the different VLANs with each other through manageable switches.
I configured this local network with the following features–
Testing is planned to be completed within three days, of the whole network (including wi-fi, VLAN and Windows Server-clients). The compiling of project report will be the task to be completed before March ending. The project submission is in the first week of April, followed by the final university exams.
Hello all. I have started working on my second phase of the college project – to develop a secure network at a medium business office. As part of the project, I was asked to solve the network problems, plus develop a solution network in the industry. So I will be working part-time for developing the network with advanced features.
The network which I have to develop has large number of computers, connected as clients to the server, security mechanisms consisting of Firewall, Access Control Lists, IP Sec and site blocking. A VLAN will be configured between three divisions of the company. The authorities need the wi-fi networking in their area, while the staff will be provided the ethernet local area network. The server will be a Windows machine, configured with DHCP, Active Directory, IIS, FTP Server and Group Policy Management. I will keep you updated regarding my progress in developing the network. Adios, for now.
HDLC stands for High-Level Data Link Control protocol. Like the two other WAN protocols mentioned in this article, HDLC is a Layer 2 protocol. HDLC is a simple protocol used to connect point to point serial devices. For example, you have point to point leased line connecting two locations, in two different cities. HDLC would be the protocol with the least amount of configuration required to connect these two locations. HDLC would be running over the WAN, between the two locations. Each router would be de-encapsulating HDLC and turning dropping it off on the LAN.
HDLC performs error correction, just like Ethernet. Cisco’s version of HDLC is actually proprietary because they added a protocol type field. Thus, Cisco HDLC can only work with other Cisco devices.
HDLC is actually the default protocol on all Cisco serial interfaces. If you do a show running-config on a Cisco router, your serial interfaces (by default) won’t have any encapsulation. This is because they are configured to the default of HDLC.
You may have heard of the Point to Point Protocol (PPP) because it is used for most every dial up connection to the Internet. PPP is based on HDLC and is very similar. Both work well to connect point to point leased lines.
The differences between PPP and HDLC are:
Because PPP has so many dial-up networking features, it has become the most popular dial up networking protocol in use today. Here are some of the dial-up networking features it offers:
Frame Relay is a Layer 2 protocol and commonly known as a service from carriers. For example, people will say “I ordered a frame-relay circuit”. Frame relay creates a private network through a carrier’s network. This is done with permanent virtual circuits (PVC). A PVC is a connection from one site, to another site, through the carrier’s network. This is really just a configuration entry that a carrier makes on their frame relay switches.
Obtaining a frame-relay circuit is done by ordering a T1 or fractional T1 from the carrier. On top of that, you order a frame-relay port, matching the size of the circuit you ordered. Finally, you order a PVC that connects your frame relay port to another of your ports inside the network.
The benefits to frame-relay are:
Do you know about the Android App Inventor service by Google? (Yes, it was developed by Google, but they took back the support last month, and is now in the hands of Massachusetts Institute of Technology.) It allows anyone, including people unfamiliar with computer programming, to create software applications for the Android operating system (OS). It uses a graphical interface, very similar to Scratch and the StarLogo TNG user interface, that allows users to drag-and-drop visual objects to create an application that can run on the Android system, which runs on many mobile devices.
When Google terminated their support to the service, MIT offered their services to support the application development. MIT had asked individuals to host the service on their machines by providing scripts for the compiling of the apps. I was among the volunteers to host the service and provide my space for the compiling, developing and storing their apps.
I developed a Linux RHEL 5 server, configured the services for application development – File Transfer Protocol, Domain Name System, HTTP Transfer and Port Mapping; and also connected the machine with Google AppEngine to run the scripts on my machine while developing the apps and testing through the emulator. Last week I hosted the service for a selected group on trail basis, and the service is working fine. So now I am announcing it open for you all to test my service – develop Android apps the easiest way – store/download your apps – build the apk for your app – or just play with your apps on the emulator. Feel free to develop-test the apps your way – and to report problems, if any, through email.
You can find my App Inventor Server at : http://androinventor.appspot.com
Whoa! It was fun to be working the whole week with cables and servers and switches.. Completed the developing of network at the school and this ends my phase I of the college project.
As I had mentioned in the previous post, I was working at a school to develop a full fledged network with all advanced features. Let me describe the details of the network –
It was overall a nice experience to work at the school and develop their network, having great cooperation from the friendly staff and my senior guides.
Last week I was working on my college project – allotted by the Technological University. The project is to identify the frequent computer hardware and networking problems occurring in the industry and to solve them in the next phase of the project.
In the current part of my project, I worked at a computer maintenance centre (HSPL) to identify and discuss the problems which were happening with the computers at their service centre. I also accompanied the technicians to different sites where they had to solve the networking problems – some schools, inventories and small-medium business offices. I was successful in identifying and solving the problems, which completes the initial part of my project’s phase I. This was my first step in the computer networking industry, and it was fun to learn the industry practices and the maintenance of large computer networks. I hope to learn more and more with this project work, while enhancing my knowledge and skills.
Next week I am assigned the task to develop a medium sized network at St. Xaiver’s School, where I have to configure the clients along with 3 different Windows servers to provide the services of Active Directory, Domain Controller, Print Server and DNS server into the Server machines. The crimping and cabling needs to be done through the Cat 5e cables, joining the RJ45 ports. Yes, crimping and cabling is tough, and so is the perfect client configuration; but I love networking, and I will complete all the configurations within 1 week. This will be my first networking experience in the industry, wishing all the best to me!
First Blogpost. Finally, to the world of blogging.
Will post about my journey in computer networks — my advancements and achievements in the field, some tutorials, and interesting networking updates.
Adios, for now.