I was surprised to find that remote desktop was running very slowly to my directly connected server.
I came across the following link which discusses the issue. http://blog.tmcnet.com/blog/tom-keating/microsoft/remote-desktop-slow-problem-solved.asp
I entered the following command on my client computer and the problem was resolved.
netsh interface tcp set global autotuninglevel=highlyrestricted
Sunday, July 18, 2010
Server 2008 - Wireless Feature Disabled
I recently found myself trying to set up a server to act as a bridge to get wireless from the hotel into my room and to a switch. I already had Server 2008 installed on a box running HyperV and thought it should be no trouble to plug in my wireless card and bridge the network.
Long story short: Wireless LAN 'Feature' is disabled by default. To enable it, go to Server Manager > Features > Wireless Lan Service.
Here is the link that led me to this: http://vspug.com/yazan/2008/02/21/windows-server-2008-wirless-connection/
Note the consistent inconsistency by Microsoft as this is called a service in the list of features.
Long story short: Wireless LAN 'Feature' is disabled by default. To enable it, go to Server Manager > Features > Wireless Lan Service.
Here is the link that led me to this: http://vspug.com/yazan/2008/02/21/windows-server-2008-wirless-connection/
Note the consistent inconsistency by Microsoft as this is called a service in the list of features.
Thursday, July 15, 2010
CISSP - Access Control
Access Control
Role Based(Non-discretionary) vs Discretionary Access Control
Discretionary Access Control allows the owner to manage permissions of their resources. In theory this was a good idea but most owners aren't proficient enough to manage the security of their resources effectively. This also isn't usually a priority for them. A good example of this would be giving new users permission but never removing any of the old users.
Role Based Access Control is very similiar but permissions are based on a role. Now an administrator can manage the security by assigning users to their appropriate roles and giving that role the necessary permissions. The key distinction besides the obvious is that in the DAC, only the owner can make the changes.
Detective Access Control
CRC is a Detective Access Control because it detects that the integrity has been breached.
Preventive vs Deterrent: 4 foot fence is deterrent - and 8 foot fence is preventive. I would argue that deterrent is a subset of preventive.
Types of Authentication
Type 1 -> 3 - Something you know, have, are
Bio-Metrics
Accuracy of Bio-Metrics: Fingerprint > Palm Scan > Hand Geometry > Retina Scan > Iris Scan
Zephyr Chart is used to compare different bio metric systems (by factoring in acceptance, etc.) When comparing like systems - use the CER (Cross Over Erorr Rate - where FRR meets FAR) AKA EER (Equal Error Rate)
Lower CER the Better.
Type 1 = FRR = Annoying
Type 2 = FAR = Breach
Leap: Cisco Proprietary version of EAP
CVE: Common Vulnerabilities and Exposures
Policies are high level and do not say how.
MITM: Man in the Middle
ACLs are used in Discretionary Access Controls. On CISSP - think decentralized workgroup file ACLS (NOT AD centralized ACLS)
Enticement vs Entrapment: You entice someone that is committing a crime to do something that you can record to catch them. Entrapment is 'enticing' someone to commit the crime in the first place. The line can get gray quickly - entrapment is illegal/unethical and serves as a defense for the criminal.
Sesame is an Assymetric version of SSO (Kerberos)
Biba (Integrity - no write down)
Attacks
Rainbow Table: precomputed password hashes - big file instead of computing time
SATAN is the first vulnerability scanner - renamed SANTA
Superzapping - program that bypasses normal security
Smurf - ping users across a network with spoofed source so that the spoofed source (victim) gets overwhelmed
LAND - SYN packet with source and destination ip and port as the target (most NICs are no longer vulnerable to this)
TRINOO - sort of bot net that was part of the yahoo DDOS attack of 2000.
SYN attack - AKA half open attack - target runs out of memory while trying to keep track of an infinite number of TCP sessions.
Chargen - Character Generator - can be used to cause systems to go into an infinite loop talking to themselves.
Ping of Death - icmp packets that are larger than allowed
Fraggle - wrote by the same author as Smurf - this attack is similiar to smurf only it uses echo instead of ping
Teardrop - crashes a victim by sending malformed IP fragments that are over sized and/or overlapping
MEME - hoax - usually a chain letter looking for victims to forward it throughout the internet
EICAR - is used to verify the functionaly of antivirus software. Simply an innocent signature that all vendors flag for test purposes
Tuesday, July 6, 2010
CISSP Prep
In preparation for my CISSP I will collect sources and notes here.
I am reading CISSP for Dummies. I originally bought a much denser book but after learning that the CISSP certification is 50 miles wide and 10 inches deep, I figured a less dense book would suffice, and more importantly save me some time.
I went into CISSP for Dummies knowing that it would probably only go about 5 inches deep and that I would need to identify my areas of weakness and do more research to complement what I am reading. What follows is the other 5 inches addressing the areas I needed more work in.
Rainbow Books
Kerberos: http://www.youtube.com/watch?v=7-LjpO2nTJo&feature=related. I found this video to be very helpful. It is easy to get lost in all the keys and exchanges, especially when trying to read it in text format. In summary and from a higher more memorable level:
A secure connection between the client and authentication server is established by encrypting the traffic with the client's secret key. This secret key is based on the password that is stored in the authentication server. The user on the client computer enters a password and it is used to decrypt the messages from the authentication server. If it is not the right password then the messages will not be decipherable and the process halts. Over this secure connection, the Authentication Server sends the client it's Ticket Generating Service Session Key. It also sends it an encrypted message that only the Ticket Generating Service can decrypt. The client simply forwards this message along to the Ticket Generating Service.
When the Ticket Generating Service receives the message from the Authentication Server via the client it decrypts it using a secret key that only the Authentication Server and the Ticket Generating Service know. This reveals the Ticket Generating Service Session key and client associated with the key.
Next the Client establishes a secure connection with the Ticket Generating Service by using the Ticket Generating Service Session key that only Ticket Generating Service and the Client know. This is a dynamic key that was generated by the Authentication Server and not only establishes a secure connection between the Ticket Generating Service and the Client but also limits the time the connection can last.
Over this secure connection, the Ticket Generating Service sends the client a Client/Server Session key. It also sends an encrypted message to be sent to the Server that includes the Client/Server Session key and Client ID and time limit associated with the key.
Now the Server and Client can establish mutual trust.
In layman's terms:
You go to the security gate of a building and ask to go to the accounting department. The security guard verifies your identity and gives you a document that he signs stating that you are who you say you are and that you are allowed to go to the receptionist.
You arrive at the receptionist and she takes the document, verifies the signature, verifies that you are the person identified in the document and gives you a new signed document stating that you can go to the accounting department.
Upon arriving at the accounting department, they take the document, verify the signature, verify that you are the person identified in the document, and then asks, "so what can we do for you?"
And after all that, now imagine that this makes Single Sign On possible - in other words this is supposed to reduce complexity by reducing the number of logons needed to enter various systems.
I am reading CISSP for Dummies. I originally bought a much denser book but after learning that the CISSP certification is 50 miles wide and 10 inches deep, I figured a less dense book would suffice, and more importantly save me some time.
I went into CISSP for Dummies knowing that it would probably only go about 5 inches deep and that I would need to identify my areas of weakness and do more research to complement what I am reading. What follows is the other 5 inches addressing the areas I needed more work in.
Rainbow Books
Kerberos: http://www.youtube.com/watch?v=7-LjpO2nTJo&feature=related. I found this video to be very helpful. It is easy to get lost in all the keys and exchanges, especially when trying to read it in text format. In summary and from a higher more memorable level:
A secure connection between the client and authentication server is established by encrypting the traffic with the client's secret key. This secret key is based on the password that is stored in the authentication server. The user on the client computer enters a password and it is used to decrypt the messages from the authentication server. If it is not the right password then the messages will not be decipherable and the process halts. Over this secure connection, the Authentication Server sends the client it's Ticket Generating Service Session Key. It also sends it an encrypted message that only the Ticket Generating Service can decrypt. The client simply forwards this message along to the Ticket Generating Service.
When the Ticket Generating Service receives the message from the Authentication Server via the client it decrypts it using a secret key that only the Authentication Server and the Ticket Generating Service know. This reveals the Ticket Generating Service Session key and client associated with the key.
Next the Client establishes a secure connection with the Ticket Generating Service by using the Ticket Generating Service Session key that only Ticket Generating Service and the Client know. This is a dynamic key that was generated by the Authentication Server and not only establishes a secure connection between the Ticket Generating Service and the Client but also limits the time the connection can last.
Over this secure connection, the Ticket Generating Service sends the client a Client/Server Session key. It also sends an encrypted message to be sent to the Server that includes the Client/Server Session key and Client ID and time limit associated with the key.
Now the Server and Client can establish mutual trust.
In layman's terms:
You go to the security gate of a building and ask to go to the accounting department. The security guard verifies your identity and gives you a document that he signs stating that you are who you say you are and that you are allowed to go to the receptionist.
You arrive at the receptionist and she takes the document, verifies the signature, verifies that you are the person identified in the document and gives you a new signed document stating that you can go to the accounting department.
Upon arriving at the accounting department, they take the document, verify the signature, verify that you are the person identified in the document, and then asks, "so what can we do for you?"
And after all that, now imagine that this makes Single Sign On possible - in other words this is supposed to reduce complexity by reducing the number of logons needed to enter various systems.
Tuesday, June 22, 2010
Passed CCNA Security 640-553
I just passed the CCNA Security 640-553.
Obviously I can't go into the specifics - but its worth mentioning some highlights.
Lots on Zone Based Firewalls (being able to interpret zone-pairs -> policies -> class maps)
Layer 2 port security
Intimate understanding of how Phase 1 / 2 works in IPSEC. You should be able to teach this to a layman.
I had a couple questions on SSL VPNs (not sure if they were 'future' questions).
I used the Sybex study guide along with Jemery's CBT videos.
Good Luck
Obviously I can't go into the specifics - but its worth mentioning some highlights.
Lots on Zone Based Firewalls (being able to interpret zone-pairs -> policies -> class maps)
Layer 2 port security
Intimate understanding of how Phase 1 / 2 works in IPSEC. You should be able to teach this to a layman.
I had a couple questions on SSL VPNs (not sure if they were 'future' questions).
I used the Sybex study guide along with Jemery's CBT videos.
Good Luck
Sunday, June 13, 2010
Subnetting - Memory Dump Cheat Sheet
There are times when a subnet calculator may not be available - Apocalypse and for your CCNA.
So during an Apocalypse - if you decide that you need to be able to subnet you only need to remember how to create this cheat sheet. Using this table - you can ultimately solve all subnetting problems.
Then you must fill in the Bits column, starting from 1 to 8 bits (per octet).
Then you can fill in the Bits Borrowed, 2n (hosts/networks) column by simply doing the math. What is 2 to the power specified by the Bits (borrowed) row.
The next part is a little tricky. You must simply rewrite the 2n (hosts/networks) column into the Interval column in reverse order but skip 256 as this interval really means the interval is the whole octet. Think about what your doing, is 256 valid? so skip it.
Lastly, for the mask column - sum the intervals up as you go.
Now why do all this?
If you know what the mask is you can determine what the interval is. For example: 10.11.12.13 255.255.248.0
We can match 248 to the interval 8 in the third octet. Using this interval we can find the IP range. The nearest lower multiple of 8 in the third octet from 12 is 8. So the network address is 10.11.8.0. The next network address is an interval of 8 in the 3rd octet, so the next network address is 10.11.16.0. The broadcast address is then 1 less, 10.11.15.255. Knowing both the network and broadcast address we can determine the IP range as 10.11.8.1 - 10.11.15.254.
If we were to use CIDR notation, 10.11.12.13/21. We can determine how many bits we have borrowed. 8 (first octet) + 8 (second octet) + 5 (third octet). Using the table we can match 5 bits borrowed to the interval 8 and continue as we did before.
Lastly, we can solve problems like how many hosts do we have or many many networks do we have. 150.160.170.180/20 is a class B address. From the 16 bits associated with class B we have borrowed an additional 4 bits. The formula for networks is 2 n. So we find 4 and go to the 2 n column to find that we can have 16 subnets. We have 12 out of 32 bits left for hosts. To determine our hosts we use the formula 2 n - 2. But our table is not big enough. We simply extend it out by multiplying by 2 until it is big enough.
And now we know that we can support 4094 hosts in each subnet.
This is a tool that you can easily use during the CCNA as you can write it down on the provided paper as soon as you start your test.
Hopefully you find this helpful - let me know if you have any questions.
So during an Apocalypse - if you decide that you need to be able to subnet you only need to remember how to create this cheat sheet. Using this table - you can ultimately solve all subnetting problems.
| Bits (borrowed) | 2n(host/networks) | Interval | Mask |
|---|---|---|---|
| 1 | 2 | 128 | 128 |
| 2 | 4 | 64 | 192 |
| 3 | 8 | 32 | 224 |
| 4 | 16 | 16 | 240 |
| 5 | 32 | 8 | 248 |
| 6 | 64 | 4 | 252 |
| 7 | 128 | 2 | 254 |
| 8 | 256 | 1 | 255 |
Remembering how to create this table is not as hard as it looks. First you must remember the columns. Bits Borrowed, 2n (hosts/networks), Interval, and Mask.
Then you must fill in the Bits column, starting from 1 to 8 bits (per octet).
Then you can fill in the Bits Borrowed, 2n (hosts/networks) column by simply doing the math. What is 2 to the power specified by the Bits (borrowed) row.
The next part is a little tricky. You must simply rewrite the 2n (hosts/networks) column into the Interval column in reverse order but skip 256 as this interval really means the interval is the whole octet. Think about what your doing, is 256 valid? so skip it.
Lastly, for the mask column - sum the intervals up as you go.
Now why do all this?
If you know what the mask is you can determine what the interval is. For example: 10.11.12.13 255.255.248.0
We can match 248 to the interval 8 in the third octet. Using this interval we can find the IP range. The nearest lower multiple of 8 in the third octet from 12 is 8. So the network address is 10.11.8.0. The next network address is an interval of 8 in the 3rd octet, so the next network address is 10.11.16.0. The broadcast address is then 1 less, 10.11.15.255. Knowing both the network and broadcast address we can determine the IP range as 10.11.8.1 - 10.11.15.254.
If we were to use CIDR notation, 10.11.12.13/21. We can determine how many bits we have borrowed. 8 (first octet) + 8 (second octet) + 5 (third octet). Using the table we can match 5 bits borrowed to the interval 8 and continue as we did before.
Lastly, we can solve problems like how many hosts do we have or many many networks do we have. 150.160.170.180/20 is a class B address. From the 16 bits associated with class B we have borrowed an additional 4 bits. The formula for networks is 2 n. So we find 4 and go to the 2 n column to find that we can have 16 subnets. We have 12 out of 32 bits left for hosts. To determine our hosts we use the formula 2 n - 2. But our table is not big enough. We simply extend it out by multiplying by 2 until it is big enough.
| Bits (borrowed) | 2n(host/networks) | Interval | Mask |
|---|---|---|---|
| 1 | 2 | 128 | 128 |
| 2 | 4 | 64 | 192 |
| 3 | 8 | 32 | 224 |
| 4 | 16 | 16 | 240 |
| 5 | 32 | 8 | 248 |
| 6 | 64 | 4 | 252 |
| 7 | 128 | 2 | 254 |
| 8 | 256 | 1 | 255 |
| 9 | 512 | ||
| 10 | 1024 | ||
| 11 | 2048 | ||
| 12 | 4096 |
And now we know that we can support 4094 hosts in each subnet.
This is a tool that you can easily use during the CCNA as you can write it down on the provided paper as soon as you start your test.
Hopefully you find this helpful - let me know if you have any questions.
Saturday, May 1, 2010
Webpage Mirage
Imagine that you have a domain (some_domain.com) and want another domain (some_other_domain.com) to point to the same files. While there are a number of ways to do this if you are running your own servers, but if you are using a hosting provider, most options are not available to you - or only at an extra cost.
A few months back I came across a rather unusual solution. I asked my hosting provider to implement this for me, and what they did is the following.
The result of this is when you go to some_other_domain.com, you will get the above html file, which contains a full screen frame that is actually some_domain.com. In most cases, the important thing here is the address bar. The address bar will reflect some_other_domain.com.
Essentially there is a mirage that you are on one domain, when the content is really coming from another domain.
I recently came across another use for this workaround. I have several files and links that are helpful in pursuing a CCNA. Directory Browsing works great for the files. If I delete a file or add a new file, the change will be reflected to the user when they next browse the directory. The problem is then links. A windows shortcut will not work directly from directory browsing, the user would have to download it to their computer and then open it as a windows shortcut - which is also limiting it to the windows platform. So I came up with what I thought was a clever little solution.
I created a very simple html file that simply redirected you to the desired destination - the user would never even realize it happened.
This worked great until one of my peers told me that the back button didn't work. Moments later it clicked - of course back doesn't work, back brings you back to this page - which then redirects you to the originally-desired page. Ever had to fight with the back button! This is usually why!
While I know I could write some javascript that would solve this problem. I decided to use the mirage approach. So the above is now:
There is a drawback here though - now it appears that my domain is hosting the above page when it really isn't (by just looking at the address bar). But given that I am just looking for a simple solution for a link; this does it as well as solves the back button problem and even has fewer lines of html.
A few months back I came across a rather unusual solution. I asked my hosting provider to implement this for me, and what they did is the following.
<html>
<frameset border="'0'">
<frame src="'http://some_domain.com'">
</frameset>
</html>
The result of this is when you go to some_other_domain.com, you will get the above html file, which contains a full screen frame that is actually some_domain.com. In most cases, the important thing here is the address bar. The address bar will reflect some_other_domain.com.
Essentially there is a mirage that you are on one domain, when the content is really coming from another domain.
I recently came across another use for this workaround. I have several files and links that are helpful in pursuing a CCNA. Directory Browsing works great for the files. If I delete a file or add a new file, the change will be reflected to the user when they next browse the directory. The problem is then links. A windows shortcut will not work directly from directory browsing, the user would have to download it to their computer and then open it as a windows shortcut - which is also limiting it to the windows platform. So I came up with what I thought was a clever little solution.
I created a very simple html file that simply redirected you to the desired destination - the user would never even realize it happened.
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title></title>
</head>
<body>
Redirecting to <a href="http://www.securecottage.com/demo/rsa2.html">http://www.securecottage.com/demo/rsa2.html</a>
</body>
<script type="text/javascript">
window.location = 'http://www.securecottage.com/demo/rsa2.html';
</script>
</html>
This worked great until one of my peers told me that the back button didn't work. Moments later it clicked - of course back doesn't work, back brings you back to this page - which then redirects you to the originally-desired page. Ever had to fight with the back button! This is usually why!
While I know I could write some javascript that would solve this problem. I decided to use the mirage approach. So the above is now:
<html>
<FRAMESET border='0'>
<FRAME SRC='http://www.securecottage.com/demo/rsa2.html'>
</FRAMESET>
</html>
There is a drawback here though - now it appears that my domain is hosting the above page when it really isn't (by just looking at the address bar). But given that I am just looking for a simple solution for a link; this does it as well as solves the back button problem and even has fewer lines of html.
Subscribe to:
Posts (Atom)