Quiz #3 Topics - Network Security, Number Systems, Data Types and Representation, IT Professional & Security Standards
(12/8) Visualizing Network Traffic.
You can't fix it, or tell what needs fixing, if you can't _see_ it!
You don't want your _customers_ to be the ones informing you the network's down!
Without the right tools you'll just be guessing...
Demo tech to visualize traffic:
- iptraf is a lightweight, CUI tool to summarize ip traffic in and out of the network interfaces of a linux server.
It can get us thinking about 'what if this was 10,000X more active?', how would I manage it then...
- WireShark is a 'packet sniffer' that captures and shows the protocol for any
packets that come to the ethernet port. 'tshark' is the underlying, CUI, too.
It can record contents of internet and other packets to or from a targeted
MAC or iP address and 'replay' the stream later.
Or, its filters can be set to capture user ids and passwords
where they are xmitted in the clear...
- Droid's WiFi Analyzer and PC-based InSSIDer are 'wireless packet analyzers'.
They display SSIDs, RF & channels, and WAP
signal strengths. InSSIDer also captures packets and can be used to sniff passwords and
otherwise wreak havoc in a wifi, or defend it.
- Chanalyzer Lite is a 'wireless spectrum analyser' that uses a separate WiFi receiver,
WiSpy on a USB, and maps _all_ radio activity in the spectrum whether in packets or not.
A spectrum analyzer shows _interference_ as well as network activity, so it makes a valuable planning and troubleshooting tool.
Click metageek.com and take the link to
Tamograph to see an office survey to provide 'ubiquitous wifi'. With more BYOD policy operating
wifi securely is a high priority. Without the tools you're just guessing... (IMHO, wifi is nice, but wired is better-performing
and easier/cheaper to secure. If you're going to manage wifi networks you need something like WiSpy! )
- Visit a 'honeypot' server to see system Logs /var/log/messages, /var/log/secure/, /var/log/maillog;
a Firewall script using iptables; firewalling with xinetd hosts.allow and hosts.deny; Start and stop scripts; Found maillog entries for email to yoda from gmail when Yoda uses pop3,
also his userid and password!
(12/8 Quickly) Linux and Network Security
Discussed setting up a secure LAMP Stack at RackSpace.
Visited godaddy.com to see steps to purchase a domain name and SSL certificates. Visited
RackSpaceCloud.com to demo steps for setting up a virtual server.
Logged into this virtual machine and did demo of port scanning, packet sniffing userid/password,
Tailing /var/log/maillog & /var/log/messages to track down mail to Yoda.
Demo Linux firewalling with iptables and xinetd's hosts.allow & hosts.deny, used iptables to
turn ping response on/off. Demo'd
iptraf, tcpdump, netstat, vmstat, top, htop, and killing errant processes.
Investigated startup processes with chkconfig --list
and /etc/rc.d/rc.local. Looked at scheduling jobs with crontab -e. Demo'd administrative
scripting with php and bash to backup a server with tar -c, verify the backup with tar -w, then move
the backup set offsite securely with scp.
Some tools for security:
- Kali Linux is a Debian-based distro that includes
tools for all kinds of network analysis and penetration testing. Kali is an easy to install
and operate fork from BackTrack Linux, which was a difficult install but was the go-to
toolbox for security until about about 2013 when Kali was released.
is the Windows equivalent of Kali Linux. LanGuard's not free but would be a worthwhile investment for anybody
considering work in a Windoze environment.
- IPCop Firewall for firewalling SOHO/SMB;
- Tripwire and Snort for
- Nipper for system security auditing;
- chkrootkit Trojan detector, (also mounting read-only file systems for 'static' components);
- Sentry Tools PortSentry, Logcheck/LogSentry, and HostSentry protect against portscans, automate log file auditing, and detect suspicious login activity on a continuous basis;
- Spam Assassin uses several techniques plus collaborative
databases of spammers to help tag or eliminate spam,
- Milter-Greylist (Mail filter) uses 'greylisting' to reject most spam,
either adds a lot of overhead for a busy mail server.
Computers don't do anything without software. Some software is burned or
flashed into ROM or other chips to become 'firmware', but it all started life
Types of Software: Operating Systems; Utilities;
Malware: Virus, Worms, Spyware/Keystroke Loggers, Rootkits, Trojans, Bots;
Security: Anti-Virus, Firewall, IDS, Anti-Spam, Surveillance & Motion Detection; Programming Languages, IDE, Frameworks;
Version Control; DBMS; Artificial Intelligence;
Web Servers: HTTP, SMTP, POP, IMAP, SSL;
Application Software: Office/Productivity, Single vs. Multi-user vs. Enterprise!, ERP, 'Vertical Market' for practically every category of business;
Games; Graphics: CAD 2D & 3D, Drawing, Animation, Photo Editors, Video Capture, Editing & Compositing; SCADA & other Process Control; &c, &c...
Was this a comprehensive list? What's left out? Sometimes 'free software' and 'proprietary software' are the answer for
'what kinds of software are there?' but that's not what the instructor's looking for on a quiz...
Software (Outlines software chapter in text). 'Structured' and 'Object Oriented' are the two most
Diagram on board how software can get to the OS Executive: 1GL, 2GL, 3GL to Executable,
4GL is DB-aware and 'writes' 3GL code as developer drags/drops, middleware like .NET Framework or JVM-Java Virtual Machine
runs Bytecode, which is a compilation from a 3GL like VB or C# or Java. Open Source scripts like PHP, Perl, Ruby, or Python are Interpreted
line at a time by their interpreter which produces binary for the Executive.
DMA and SMP are included in the discussion.
Version Control is Key
Professional software development, revisions, and upgrades are managed using 'version control' or 'revision control' systems so that programmers don't step on each others' efforts as they work, and managers can control and audit software as it is
installed and revised on the computers they manage. 'Configuration Managers' use
version control systems to tie the software they install all the way back to the requirements definitions and other contractual agreements with the developers to make sure the
software they install is what was ordered.
There are dozens of options for source code development and revision control.
Microsoft provides 'VSS-Visual Source Safe' for small projects,
and 'TFVC-Team Foundation Version Control' can scale to large projects. There are Open Source tools for revision control. 'CVS-Concurrent Versions System' has decades of use and is freely available. On-line resources like Git Hub are popular with open-source development teams, as are SourceForge, BitBucket, and several other websites that facilitate collaboration on software projects.
There is a very real risk that changes to a business system can 'take the system down'
or take the business down. Procedures are important to test, accept, install, roll back the
installation if necessary, and recover data lost in the process.
Generations of Programming Languages:
This is not to be confused with 'Generations of Computers', which is mostly about advances in miniaturization
of hardware components. The generations of programming languages do advance across the same decades as generations of computers,
but they're all in current use today, none of the generations is obsolete. It's important for IT pros to
understand how each generation of code is produced, all impact system security, recoverability, and portability among platforms.
1st is Binary Code or Machine Code for a particular CPU or 'family' of CPUs. Binary code is seldom written
directly, is usually the result of assembling assembly code, compiling or interpreting 3GL or 4GL code,
or a 'virtual machine' like JVM-Java, .NET Framework, or IBM's VM or SLIC that reads compiled 'byte code' and outputs binary code
to the system executive.
1G code consists of 'zeroes and ones' arranged in bytes and words.
In a Windows environment files with 1GL have a .exe as the file extension, called 'executables'.
- 2nd is Assembler code, has a one-to-one
correspondence with Binary Code, uses abbreviations for the binary codes, is run thru an 'assembler' that
produces binary machine code, or executables.
- 3rd generation languages are our more modern programming languages, from ancient ALGOL and FORTRAN,
and COBOL thru BASIC, C, C++, C#, VisualBasic.net, Java, and a host of other 3GLs.
When you compile a 3GL script, you get a binary, executable, file that can be put to the
executive of a CPU 'family' and run.
- 4th generation languages make many common programming tasks automatic,
especially for database and user interface,
lots of drag/drop for the 4GL to turn into 3GL. Today's 4GLs 'make the computer the programmer'
and write 3GL scripts as the programmer uses the GUI drag & drop components onto forms or web pages.
A powerful 4GL can do most of the routine coding for user interfaces, web-services, and database.
4GLs allow developers to focus on business rules and users' needs while the 4GL handles the complexities of the UI.
4GLs are usually associated with a family of programming languages. VisualStudio works with the .NET framework
and many other languages including its Visual Basic and C# and most databases including their own SQLServer.
Zend works with PHP and MySQL databases. Java NetBeans and Enterprise NetBeans run on any machine known to man.
IBM's i5 is a powerful, proprietary, 4GL machine that integrates with
practically any environment or database, most often IBM's proprietary DB2.
Sketch and discuss the several ways program code gets to
the OS Executive from the programmer and some of the tradeoffs
1GL: Is 'Binary Code' for a CPU It is rarely coded directly,
except for PAL and other 'microcoded' drivers and patches for our hardware.
Binary code is usually the result of assembling a 2GL script or compiling a 3GL script.
If the 3GL source code for an application's executables is available, it may be
re-compiled in a new environment where the 3GL will run. Otherwise,
having only the binary executables available locks the application into
the platform where the binaries were produced.
- 2GL: is human-readable 'Assembler Language' appropriate for a CPU like 'x86' or '64K'.
There is a nearly one-to-one correspondence between between Binary Code and the Assembly Code for a solution.
Applications that have components that are coded with 2GL are 'locked into' their platforms,
may be very expensive to convert so they assemble and run efficiently elsewhere.
3GL: is even more easily human-readable scripting languages like
BASIC, Visual Basic, COBOL, C#, PHP or many other modern programming languages.
Traditional source code is run thru a Compiler appropriate for the local CPU
which outputs Binary coded 'executable', '.exe' files
that can be presented to the OS Executive. Developers may distribute only the
binary executables to the keep their source code a secret. This effectively locks
the application to a platform. 'Reverse compilation' may work in some attempts
to reuse the binary code in another environment, but it produces 3GL code that
difficult to work with.
- 4GL is usually a powerful GUI that automates the programming of most elements of the
interfaces with user and database. For example, Microsoft's powerful Visual Studio 4GL
produces the 3GL C# or Visual Basic scripts that present the GUI to the application's users.
Most modern 4GLs produce 3GL scripts 'behind the scenes' as 'designer generated code' .
Every clicked or dragged object sets the result into 3GL code while the programmer
drags/drops, sets properties, and otherwise groks the IDE.
Some 4 GLs are Visual Studio.NET, Java Net Beans and Enterprise Net Beans, Oracle Developer, SB+, PowerBuilder, Eclipse,
Enterprise Architect, Zend Studio, and several other 4GL operating environments.
4GLs have all the objects pre-defined for interface with users, databases, transactions of all types,
web services, and many other tedious programming tasks so that developers can focus on business rules and
improving the user interface rather than inventing code for each element of the UI for each project. 4GLs
'make the computer the programmer', actually producing 3GL scripts as output from the GUI, which are then
compiled binary executable files in a traditional environment or to byte code for middleware like Java or .NET, or,
interpreted for 4GLs that code PHP, Python, or other interpreted language.
- Middleware like JVM/JRE, .NET, or IBM's SLIC runs the 'byte code' compiled for the
middleware and passes it to the executive. Byte code allows a developer to keep the
source code away from the customer by distributing only the byte code, sometimes
'obfuscated' to thwart customers' attempts at 'reverse compiling' the application's code.
- Uncompiled 'open source'
scripts are 'interpreted' by an 'interpreter' like PHP,
Perl, Ruby, or Python. There is no 'compiled code' or 'byte code' to obfuscate a customer's view of the source code
and the interpreter reads the source code and puts binary code to the OS Executive practically 'a line at a time'.
While noticeably slower than traditional compiled code in the old days, modern interpreters are very quick,
lightweight, scale well, and provide a high degree of 'platform independence' because the interpreters have
been adapted to RISC, CISC, Windoze, and *ix.
IT Security and Professional Standards
IT Pros are guided by lots of
and industry 'Best Practices'.
After all these decades in IT it still amazes the instructor that an organization or company will
hire an IT guy who isn't familiar with best practices for power and data backup or the body of
knowledge about IT security and operations. Hoping that VCU IS majors will
always be informed, this link is quick run through standards and
best practices in the new millennium...
SOX is a _law_ affecting businesses that trade stock.
Some are guidelines that put responsibility for IT Security at the Board level.
Others are recommendations about how to manage IT and IS. Knowing about HIPA, ITIL, EDI, COBIT, PCI, SOX and
other professional standards is important when seeking a position in IT management. A certificate in ITIL,
for example, can help lubricate entry into an IS or IT position in government or enterprise.
Security and Professional Standards
Machine Cycles - Little Man Computer
(On your own)
Little Man Computer
exercise: Machine cycles, instruction set and
otherwise expand on the text. First mention of Data Structures, static in RAM of the LMC.
Data Structures and Algorithms
An historical view of Data Structures & Algorithms for
processing them Sequentially and Directly. Underlying data structures,
mostly indexes, allow DBMS to fetch desired records from huge databases
Quiz #3 Study
Quiz #3 Study Questions for Spring 2017 updated May 8th...
Note: some of these questions come from the
Setup and Secure a Firewall/Server topic...