IT CH 3: IPv4 Addressing

IPv4 Address classes:

A1.126./8
B128.191./16
C192.223./24
D224.239n/a
E240255.n/a

Private

  • 10.0.0.0 to 10.255.255.255
  • 172.16.0.0 to 172.31.255.255
  • 192.168.0.0 to 192.168.255.255

Routers typically filter out the above addresses and prevent them from being set out into the internet.

Public

IP addresses assigned to hosts must be unique, the use of IP addresses on the internet are controlled by entities that ensure fair use.

An IANA

  • Manages the assignment of IP addresses on the internet
  • Is operated by ICANN
  • Allocates blocks of IP addresses for Regional Internet Registries (RIRs)

Subnetting Math

Basically take the subnet, subtract it from 32, square the answer and subtract 2.

// example ip address: 10.1.2.50/27
x = 27;
a = 32 - x;
answer = a**2 - 2;

Ch 2: Security Basics

As you study this section, answer the following questions:

How do persistent and non-persistent threats differ?

Persistent threats seek to gain access to a network and sit there undetected. This type of attacker will try very hard to cover her tracks.

Non-persistent threats are on concerned with getting in, grabbing the goods and getting out.

What protections can you implement against organized crime threat actors?

An organized crime threat actor is a group of cyber criminals whose main goal is to get rich or die trying.

Ways you can protect yourself include:

  • Proper user security training
  • Implementing email filtering systems
  • Proper securing and storing of data backups

Which method is used to access an application or operating system for troubleshooting?

Creating a Backdor– by doing this, you prevent going through all the trouble of getting into the system in the first place.

Which five methodologies can be used to defend your network?

  • Layering – Implementing multiple security strategies to protect the same asset.
  • Principle of least privilege – States that users or groups are only given access to what they need to do their job.
  • Variety – Defenses should have variety and be diverse
  • Randomness – Integrating constant change and limiting habits helps prevent anticipated events and exploitation
  • Simplicity – Defenses should provide protection but not be so complex that you cant use them

2.2 Defense Planning

As you study this section, answer the following questions:

What is layered security?

A security approach that combines multiple security controls and defenses to create a cumulative effect

What are the seven layers in layered security?

  1. Policies – User education, manageable network plans, and employee procedures.
  2. Physical – Fences, door locks, man traps, server cages, camera, motion detectors
  3. Perimeter – Firewalls
  4. Network – The installation and configuration of switches, routers, and implementation of VLAN’s (IT stuff)
  5. Host – Includes individual workstations, laptops and mobile devices
  6. Application – Authentications and authorization, user management, group policies and web application security.
  7. Data – Storing, destroying, classifying and transmitting data

What is a countermeasure?

A way to mitigate a potential risk, they reduce the risk of a threat agent from being able to exploit a vulnerability.

An appropriate countermeasure:

  • Provides a security solution to a problem
  • Is not dependent on secrecy
  • Is testable and verifiable
  • Provides uniform and consistent protection
  • Is independent of other safe guards
  • Requires minimal human intervention
  • Tamper-proof
  • Has overrides

2.3 Access Control

As you study this section, answer the following questions:

How do separation of duties and job rotation differ?

Separation of duties is the concept of requiring more than one person to complete a task. This is designed to reduce conflicts of interest and prevent insider attacks because no one has end-to-end control.

Job rotation is the technique of cross training users in multiple positions and regularly rotating responsibilities. This cross trains staff, and creates a fluid system of oversight

Why is defense-in-depth important?

It is the system of implementing multiple access control methods. Simply put: multiple defenses make it harder to bypass security.

Which authentication type requires you to prove your identity?

Authentication

What allows authenticated users access to resources in different domains?

Authorization

What is AAA?

  • Authentication – Verifies a user’s identity
  • Authorization – The process of determining whether a user is authorized to access a data.
  • Accounting – Tracks the actions of the user

2.4 Cryptography Basics

As you study this section, answer the following questions:

What is a legitimate use for cryptanalysis?

Cryptanalysis is the method of recovering original data that has been encrypted without having access to the used during the encryption process.

A legitimate use for this would be measure or validating the strength of encryption.

How is the strength of a cryptosystem related to the length of the key?

The longer the key, the stronger the cryptosystem.

Which of the following is typically kept secret, the encryption algorithm or the key (or both)?

A algorithm is open source, the key is private.

What is the difference between a transposition cipher and a substitution cipher?

A transposition cipher (anagram) changes the position of characters in the plain text (Caesar cipher).

A substitution cipher replaces one set of characters with symbols or another character set.

What is a legitimate use for steganography?

Stenography literally translates to “concealed writing”. The message is cleartext but hidden within another file like an image or video.

2.5 Network Monitoring

As you study this section, answer the following questions:

What does a protocol analyzer do?

A protocol analyzer is a special type of packet sniffer that captures transmitted frames. This device will copy frames for you to analyze, but not allow for capture, modification or re transmission.

Use a protocol analyzer to:

  • Check for specific protocols on the network, such as SMTP, DNS, POP3, ICMP.
  • Identify frames
  • Examine the data contained within a packet
  • Troubleshoot communication problems or investigate the source of heavy network traffic

Why is network monitoring important?

It is important to know which computers are the big receivers and senders of information because it is a good way to tell if something is wrong on your network.

What type of information can be gained from network monitoring?

How does a throughput tester differ from a load tester?

A throughput tester measures the amount of data that can be transferred through a network or processed by a device. Use this kind of tester to validate the bandwidth on your network and identify when the bandwidth is significantly below what it should be.

A load tester simulates a load on a server or service. Use a load tester to make sure that a system has sufficient capacity for expected loads.

2.6 Incident Response

As you study this section, answer the following questions:

What actions should take place when an incident occurs?

  • Recognize and declare the event
  • Preserve any evidence that may be used in an investigation
  • Contact the first responder

What types of things would a computer forensic investigator want to analyze if he selected a live analysis over a dead analysis?

Live analysis

  • network connections
  • memory contents
  • running programs

Dead analysis

  • Hard drive contents

What methods can be used to save the contents of memory as part of a forensic investigation?

  • Save and extract the page file
  • Do a complete memory dump to save the contents of physical RAM.

How should you ensure the integrity of collected digital evidence?

When mirroring hard drives, create a checksum using a bit-level hashing algorithm.

Why is chain of custody so important with forensic investigations?

It is ensures evidence remain admissible in court. If your evidence is tainted, you lose.

You must follow the chain of custody:

  • Document everything
  • Should be started immediately
  • Should be maintained throughout the investigation

Ch 2: Networking Concepts

2.1 Introduction

As you study this section, answer the following questions:

What are the two classifications of twisted pair cable?

  • Unshielded (UTP)
  • Shielded (STP)

What are the characteristics of the Cat 5 unshielded twisted pair (UTP) cable type?

  • Four pairs of cables
  • Orange, Blue, Green & Brown
  • Each with it’s own stripped variant
  • Max of 100M without repeater

How do the Cat 5 and Cat 5e types differ?

  • Cat 5 – supports up to 100 Mbps Ethernet
  • Cat 5e – provides better EMI, and gigabit Ethernet.

What is the general rule for substituting UTP cable types?

Each type of UTP can be substituted for any category below it, but not above.

For example, in a task requiring Cat 5e, Cat 6 can be used, but in a situation where Cat 6 is needed, Cat 5e is not suitable.

What is the purpose of cladding in fiber optic cabling?

Maintains the signal as the cable bends

What are the advantages of fiber optic cabling?

  • Completely immune to EMI
  • Highly resistant to eavesdropping
  • Supports super quick data transmission rates
  • Allows for great cable distances without repeater

How do single-mode fiber cables differ from multi-mode?

  • Single-mode
    • Transfers data through the core using a single light ray (mode)
    • Supports large amount of data
    • Core is about 10 microns
    • Cable lengths are vast
  • Multi-mode
    • Transfers data using multiple light rays
    • Core diameter anywhere from 50 – 100 microns
    • Cable lengths are limited in distance

What connector types are used with fiber optic cable?

  • ST – Bayonet-type connector
  • SC – Uses a separate push-on / pull-off connector w/ locking tab for each wire
  • LC – half the size of the other fiber optic connectors
  • MT-RJ – Uses metal guide pins to ensure proper alignment.

2.2 Network Devices

As you study this section, answer the following questions:

What is the function of a switch?

A switch is a multiport bridge. Switches offer the same functionality as a bridge but with greater port density. Switches have essentially replaced all bridges & hubs.

How does a unicast transmission differ from a broadcast transmission?

  • Unicast transmissions are sent to a specific address, for a single receiver
  • Broadcast transmissions are sent to all devices connected to a switch
  • Multicast transmissions target groups of devices, specialized multi-recipient transmissions

How do routers handle broadcast transmissions?

Routers block broadcast transmissions. This is critical because otherwise the transmission would be sent throughout the entire network.

What is convergence?

A term used to describe the condition when all routers have the same (or incorrect) routing information.

Why would you use a router instead of a switch?

Routers offers greater functionality than either switches or bridges such as:

  • Greater flexibility
  • Flow control and error detection
  • Supports load balancing
  • Connects together different network architectures.

How do different network appliances affect network communications?

This section covers the following Cisco 200-125 (CCNA) Exam objectives:

1.3 Describe the impact of infrastructure components in an enterprise network

  • 1.3.a Firewalls
    • A firewall is a software or hardware based security system that can admit or deny traffic to the network.
    • Network-based
      • Installed on the edge of a network
      • Considered hardware firewalls
      • More robust and expensive
    • Host-based
      • Installed on a single computer
      • less robust and customizable
      • Cheaper
  • 1.3.b Access points
    • Provides access to the network via a wireless connection.
    • Is a layer 2 device
    • An access point (AP) is often configured as a bridge.
  • 1.3.c Wireless controllers
    • Connects multiple AP’s together
    • Configuration changes are made on the controller and then pushed out to the AP’s
    • Usually uses DHCP
    • Routes wireless traffic to internal wired network

2.3 TCP/IP Networking Model

What is the purpose of a network model?

Standardize processes.

It allows everyone to be on the same page when working together. It ensures the end user that because everyone is doing things the same way, two systems might still be compatible with each other.

How does the TCP protocol differ from the UDP protocol?

  • TCP is transactional, it is more reliable and requires a consistent connection
  • UDP is known as a connection-less protocol (or best effort), meaning it doesn’t require a consistent signal, it just keeps sending.

What functions are performed by Application layer protocols?

The application layer contains high level protocols used by processes (applications) running on the host. The application layer is not the applications you (the user) are interacting with, but the code those applications rely on.

Also integrates functionality into host OS and enables network services.

How does TCP negotiate a connection with a remote host?

TCP ensures the receiver is ready for the data before it transmits. This is done using 3-way handshake:

  • Source sends destination a TCP SYN message
  • Destination responds with TCP SYN/ACK message
  • Source responds with TCP ACK message

This 3-way hand shake is basically, “Hey are you there, I’ve got this much; can you handle it?” The destination says yes or no, and the source responds accordingly.

What role do port assignments play in application-to-application communications?

Port assignments allow a network host with a single IP address to provide multiple services, each sending and receiving data on its own port.

What functions are provided by the Internet layer?

The internet layer is responsible for forwarding packets through networks. This layer uses IP addresses to identify networks and hosts.

Key functions include:

  • Maintaining addresses of neighboring routers
  • Maintaining a list of known networks
  • Determining the next network to point the data to

What are MAC addresses? How are they used by the Link layer?

The MAC address only identifies the host, this layer does not concern itself with the network. The link layer assigns includes both the source and destination ip’s addresses onto the data.

2.4 Data encapsulation

As you study this section, answer the following questions:

How does data encapsulation facilitate data transmission?

Data encapsulation allows a piece of data to be sent from an applications down the OSI model and back up again.

This process is breaking a message into packets, adding control and then transmitting the message through the transmission medium.

What are the TCP/IP encapsulation process steps on a sending host?

  1. Application layer prepares the data
  2. Transport layer breaks data into segments, adds sequencing and control information
  3. Internet layer converts segments into packets, adding logical network and device addresses.
  4. Link layer converts packets into frames, adding physical device information and checking for errors. This layer than transmits the frame into bits (1’s & 0’s) for transmission across the medium.

What are the TCP/IP de-encapsulation process steps?

Basically the same process as described above, but in reverse back up past the application layer into our web browser (or application we use).

What information does the Transport layer add to data being transmitted?

The transport layer adds the source and destination ports, sequencing and control information to the data being transmitted.

What is a PDU? How do PDUs relate to TCP/IP layers?

A Protocall Data Unit (PDU) is called a segment and relates to the transport layer.

2.5 OSI Networking Model

TDLR;

ApplicationIntegrates network functionality into host OS and enables network services.
PresentationFormats or “presents” the data into a compatible form for receipt.
SessionManages the sessions in which data is transferred.
TransportProvides the transition between the upper and lower layers; making them transparent to eachother.
NetworkDescribes how data is routed across networks and to a destination
Data LinkDefines specifications for controlling access to the media. Provides an interface between the MAC layer and the upper-layer protocols.
PhysicalSends and recieves electrical signals between devices. Converts bits to wire.

As you study this section, answer the following questions:

How does the OSI model differ from the TCP/IP model? How are they similar?

The TCP/IP model is designed to standardize processes, its sole purpose is to keep everyone on the same page.

While the OSI model is the most widely used method for understanding and talking about networks… it is only theoretical and not an accurate representation of actual physical layers.

What is the function of the Physical layer of the OSI model? What is the corresponding layer in the TCP/IP model?

  • Sets standards for sending and receiving electrical signals between devices
  • Describes how digital data (bits) are converted to electric pulses, radio waves r light
  • Deals with the sending and receiving of bits

How does the Presentation layer ensure that data presented to the Application layer is in a compatible form?

  • Formats and translates data between systems
  • Negotiates in the transfer of data syntax between systems by converting character sets
  • Offers stable compatibility with the host
  • Encapsulates data into messages through encryption and compression
  • Also restores data by those same two methods

Which protocols are used by the Data Link layer?

  • LAN protocals: 802.2 (LLC), 802.3 (Ethernet), 802.11 (Wireless)
  • WAN protocols: PPP, MLPPP, ISDN

How are host-to-host connections managed?

The datalink layer implements host-to-hot flow control.

Which protocols are used to determine the IP address of a known MAC address?

Address Resolution Protocol (ARP) is used ot get the MAC address of a host form a known IP address.

BOOTP and RARP do it too.

2.6 Data Communications

As you study this section, answer the following questions:

Which destination address and source address are identified in a frame header?

MAC Addresses

The link layer converts packets into frames by adding a header which specifices the source and destination MAC addresses.

When are ARP requests used?

Determine the MAC address of the destination system. When a router is deciding where to send something it uses ARP to check if the destination is on the same subnet

What information is contained in the unicast response to an ARP broadcast?

Its own MAC address is sent back to the sender, all other hosts on the network ignore this broadcast.

What action does a router perform when it receives frames?

It removes the frame headers, examines the packets and acts accordingly.

What happens if there are missing or damaged packets?

The transport layer receives packets and uses sequencing and error control to request re-transmission of missing or damaged packets.

2.7 Ethernet Networking

As you study this section, answer the following questions:

What functions do network access technologies provide?

  • Build frames
  • Sending bits
  • Addresses data

What are the three most common topology types used by Ethernet?

Star

  • Uses a hub or switch to connect everything to a single location
  • Most popular
  • Nodes can be added or removed with ease
  • Cabling is indepentant

Mesh

  • Multiple paths between any two nodes
  • Made with point-to-point connections
  • Increases network fault tolerance
  • Usually impractical
  • Scales poorly

Hybrid

  • Exists when two or more types of typologies are connected with each other

What are the components of a chassis-based switch? What function does each component perform?

Fault tolerant, expandable and offer higher performance.

What is switch layering? How does it work?

How does the CSMA/CD network access method help to ensure data delivery?

What are the components of an Ethernet frame?

  • Preamble – The preamble is a set of alternating ones and zeros terminated by two ones (11), which mark it as a frame.
  • Destination Address – The destination address identifies the receiving host’s MAC address.
  • Source Address – The source address identifies the sending host’s MAC address.
  • Type – The type field is 2 bytes and specifies the network/Internet layer protocol being used.
  • Packet (Data) – The packet or data contains the information that needs to be transmitted from one host to the other.
    • Pad – Ethernet frames are sized between 64 and 1518 bytes. If the frame is smaller than 64 bytes, the sending NIC places “junk” data in the pad to make it the required 64 bytes.
  • Frame Check Sequence (FCS) – The FCS helps verify that the frame contents have arrived uncorrupted. It uses a CRC (cyclic redundancy check), which is a mathematical calculation performed on the frame.

What hardware is required to use full-duplex mode?

Ch 1: Security Introduction

The follow are questions from TestOut Security Pro. This page is merely for personal educational purposes.

1.1 Security Overview

What challenges does a security professional face?

A never ending arms race. Every day cyber criminals are finding new ways to exploit systems and use security professionals can barely keep up. You must EXPECT a breach, and know what do to when one occurs and how to minimize damage before hand.

What is the difference between integrity and non-repudiation?

Integrity is protection against alteration. Non-repudiation is proof a sender sent a message.

What are the three main goals of the CIA of Security?

  • Confidentiality – Ensure access to data is authorized.
  • Integrity – Ensures data is not modified.
  • Availability – Ensures 99.9% up time.

What are the key components of risk management?

The main goal of risk management is to reduce risk to an acceptable level. Components of risk management include:

  • Asset – Something of value to an entity
  • Threat – Potential for the loss of asset
  • Threat Agent – An attacker
  • Vulnerability – A weakness that allows a threat to be carried out
  • Exploit – A way of taking advantage of a vulnerability

What are three types of threat agents?

  • Employee
  • Spy
  • Hacker

Lab 1.2.2 & 1.2.3 Screenshots

What I learned…

Learned alot about information security. One, it is a constant game of cat & mouse similar to the relationship of a detective and serial criminal. I didn’t realize that if you connect to the internet, you can NEVER be completely safe against threats. The job of a security professional is to minimize vulnerabilities and potential for damage by breach.

How to get all Top-level Woocommerce Product Categories

All I needed was a simple snippet of code to grab all the top-level woocommerce product categories and display them within a Owl Carousel.

When you search “woocommerce get all top level categories” you find alot of scenarios where you can access to get_queried_object to get the current product category. But what if you are trying to get categories from another page?

How to get ALL top-level categories

We use get_categories to query categories. We must specify we want product categories 'taxonomy' => 'product_cat' with no parent category 'parent' => 0.

function gerrg_get_all_top_level_product_categories(){
    // get all categories
    return get_categories( array( 'taxonomy' => 'product_cat',
                                         'orderby' => 'name',
                                         'parent' => 0 ) );
}

Now, how do we get that into a slider?

How to display a list of categories within a carousel

The follow code assumes you’ve gone through the process of integrating owl carousel into your wordpress website. You can either do it the ol’ fashion way using wp_enqueue_script or use a plugin.

Basically, use the function from above to get all your categories and pass it into the function below.

function gerrg_get_category_slider( $categories, $header = ''){

    if( ! empty( $header ) ) : ?>
        <h2 class="pb-2"><?php echo $header; ?></h3>
    <?php endif; ?>

    <div class="owl-carousel dept category-slider border-bottom">
        <?php foreach( $categories as $term ) :
            $image_src = wp_get_attachment_image_src( get_term_meta( $term->term_id, 'thumbnail_id', true ), 'medium' );
            if( ! empty( $image_src ) ): ?>
                <a href="<?php echo get_term_link( $term->term_id ) ?>" class="text-center">
                    <img src="<?php echo $image_src[0] ?>" class="img-fluid mx-auto" style="height: 100px; width: auto;" />
                    <p class="text-center"><?php echo $term->name ?></p>
                </a>
            <?php endif;
        endforeach; ?>
    </div>
    <?php
}

First, we check to see if we are provided if a header. Next, we create the opening <div class="owl-carousel> for the carousel. we grab each $term‘s image id, get its src and pass into a <img src="" />

Ruby on Rails Model Associations – belongs_to, has_one & has_many

Source: https://guides.rubyonrails.org/association_basics.html

Setup

Hello, lets learn about how to link Model’s together in Ruby on Rails 5. First lets create our application and create a few models. This assumes you are properly setup to run rails new.

Open your terminal CTRL+ALT+T. Create or move to your projects folder, create the project and creates models.

~$ mkdir projects
~$ cd projects
~/projects$ rails new associations
~/projects$ cd associations
~/projects/associations$ rails g model author name website email
~/projects/associations$ rails g model post author:references
~/projects/associations$ rails db:migrate

After running rails db:migrate your schema should look like this:

db/schema.rb

ActiveRecord::Schema.define(version: 2019_08_23_165356) do

  create_table "authors", force: :cascade do |t|
    t.datetime "created_at", null: false
    t.datetime "updated_at", null: false
  end

  create_table "posts", force: :cascade do |t|
    t.integer "author_id"
    t.datetime "created_at", null: false
    t.datetime "updated_at", null: false
    t.index ["author_id"], name: "index_posts_on_author_id"
  end

end

belongs_to

By declaring that one model belongs_to another, you are telling Rails to maintain Primary Key – Foreign Key information between those two models. This sets up a one-to-one relationship, requiring that every Post can only have 1 author.

class Post < ApplicationRecord
  belongs_to :author
end

This code gives us gives our model a number of useful methods like getting the author of the post.

$ Post.first.author.name
=> "greg"

belongs_to associations must use the singular term. This is because Rails automatically infers the class name from the association name. If the association name is wrongly pluralized, then the inferred class will be wrongly pluralized too.

has_one

A has_one association is similar to belongs_to, but with one particular consequence. has_one assumes there is something on the other end of the association and will raise an error if nil.

has_one Association Diagram

Has_many

Indicates a one-to-many connection with another model. Has many is often found on the “opposite end” of a belongs_to connection. has_many means this model can have zero, one or more instances of another model.

class Author < ApplicationRecord
  has_many :books
end
has_many Association Diagram

has_many :through

Used to setup a many-to-many relationship with another model. This association declares there can be zero, 1 or more instanaces of another model through a third model.

class Physician < ApplicationRecord
  has_many :appointments
  has_many :patients, through: :appointments
end
 
class Appointment < ApplicationRecord
  belongs_to :physician
  belongs_to :patient
end
 
class Patient < ApplicationRecord
  has_many :appointments
  has_many :physicians, through: :appointments
end
has_many :through Association Diagram

Planning the Adinabook Rails 5 Application

This is a toy application project from The Odin Project. My goal with this project is to really focus on replicating Facebook functionality. This goal will hopefully result in me learning more about Rails than I know about my backside.

Users

  • Name
  • Email
  • Encrypted_password
  • Birthday – Date
  • Avatar
class User < ApplicationRecord
  has_many :friendships
  has_many :friends, :through => :friendships,
                       :source => :friend

  has_many :posts
end

Friendship

  • user_id – Integer
  • friend_id – Integer
class Friendship < ApplicationRecord
  belongs_to :user
  belongs_to :friend, class_name: 'User'
end

Post

  • content
  • image
class Post < ApplicationRecord
  belongs_to :user
end

How to Setup PostgreSQL (PG) for Deploying Rails Applications to Heroku

First, install PostgreSQL.

sudo apt-get install postgresql libpq-dev

Create a user with the same name as your computer. Mine is greg.

sudo -u postgres createuser greg

After you create your user, log into the PostgreSQL console under the ‘postgres’ account. This account was created be default when you installed the software.

Name your user whatever is before the “@”.
sudo -u postgres psql

Now we simply make our user a SUPERUSER.

postgres=# ALTER USER greg WITH SUPERUSER;
postgres=# \du
postgres=# ^Z

Now you have a SUPERUSER setup in PostgreSQL that matches the default username Rails will look for when doing anything with a PostgreSQL databases.

For each rails application…

You will need to create both a development and testing database. Be sure that you are creating these databases from under the SUPERUSER you just created.

Simply plug in your own user and application name where I user ‘greg’ & ‘local-flickr’.

sudo -u greg createdb local-flickr_development
sudo -u greg createdb local-flickr_test