Skip to main content

Need help

More
17 years 9 months ago #19544 by anna
Need help was created by anna
Hi
I need info on the following topics.
What is SSH?
What is SSL? How do you create certificates?
What is DNS Hijacking?
What is a log host?
What is IDS or IDP, and can you give me an example of one?
Why are proxy servers useful?
What is web-caching?
What is a SYN Flood?
What do you do if you are a victim of a DoS?
What is GPG/PGP?

Regards,
Anna
More
17 years 9 months ago #19553 by Smurf
Replied by Smurf on topic Re: Need help

Hi


Hi and welcome, this is a big list so i will try and help out (not in too much detail, if anything needs expanding just say).

What is SSH?


SSH is similar to Telnet but more secure. SSH is a Secure Shell which setups up a connection between a local computer and a remote machine. Telnet sends stuff in clear text but SSH encrypts it using a Public Key Architecture to setup the secure channel. It relies on Public/Private keys. I only really use it myself for connecting to Cisco devices in order to run a remote Command Line Shell from another machine.

Click here for more info

What is SSL? How do you create certificates?


SSL is Secure Socket Layer which is used in HTTPS. It works by encrypting HTTP traffic over the internet between you Internet Explorer (or Firefox, etc...) and the Webserver. It uses a Public Key machanism (Public Key Infrastructure [PKI]) to acheive this encryption & authentication. PKI is used quite a lot in Security terms for things like SSH, SSL, Encrypting E-Mails, etc...

Click here for more info

It depends on what platform you are using on how you create Certificates. Also it depends on your client base, if its customers for a website then you are better off getting a Certificate from a proper external certificate authority such as Verisign or Thwate . If this is something for your internal network then you will need to create a full PKI architecture, if using AD internally a lot can be automated but bare in mind that Internet Explorer and the likes will not have trusts in place for your own certificate authorities so it will either need adding or you will get a prompt when you access the sites with certs that you have created.

What is DNS Hijacking?

DNS Hijacking is where a DNS query is sent out from a client and reply is sent with incorrect details. If for example you wanted to go to www.micorosft.com and you send out a query for that host. An attacker could send a reply to their own website pretending to be www.microsoft.com .

What is a log host?

The only thing i can think here is that its a machine that is hosting all the logging information. In the Cisco world this would probably be a SYSLOG server and all the Cisco devices are configured to send all SYSLOG messages to that server.

What is IDS or IDP, and can you give me an example of one?

I had never heard the term IDP before now, just looked it up and its also known as IPS. Click here for a comparision.

Basically, IDS typically monitors for Intrusion and typically will send alerts to a station and that can decide on actions (if required and configured). IPS sits more inline with the data stream. If an intrusion is detected, the IPS devices can just stop the traffic in its flow.

Why are proxy servers useful?

Here you have a few reasons. Firstly they can simplify your rules on firewalls since all clients need to access the Internet through the Proxy server. Therefore only the proxy server needs to go out to the internet leaving the clients more protected. Another is that the Proxy server usually imploys some sort of Caching of websites which can improve performance on the internet link since each and every request may not need to go over it, also it improves the users surfing experience as pages are retrieved at LAN/WAN speeds instead of Internet Speeds. This is a grey area due to all the dynamic content on the web these days, it still caches images from these websites so still worth while. Finally, some proxy servers can do some Layer 7 Application Filtering to ensure that the traffic is ok to try and filter out stuff such as Viruses, Malware, etc...

What is web-caching?

Oops, touched on this above.

What is a SYN Flood?

SYN Flood is trying to cause a DOS (Denial of Service) attack on a system. Long ago (well years maybe) computers didn't have the processing capabilities of today. It was generally easy to consume a machines resources due to these limitations in processing. If you send a SYN flood to a machine without completing the rest of the TCP 3 way hand shack then you can deplenish the resources of that host, causing a DOS attack. TCP will go through a TCP 3 way handshack in order to start communication (this is because its a Connection Orientated Protocol), Syn/SynAck/Ack. If you send a Syn the computer will send a SynAck and wait for the final Ack. If this never comes then the computer stays in that state for a predefined amount of time. (This is known as an embryonic connection since its not been finished). See the details here and go through the pages to understand the basics of TCP

What do you do if you are a victim of a DoS?

The only thing you can realistically do here is block the IP Addresses that are doing this. You need to be careful however that they are not being spoofed as you could then cause a DoS on legitimate traffic coming into your systems. You really need to try and get your ISP to assist in this as the blocking needs to be done as far away from your link as possible. If you have a 2Mb link and you start to block the DoS traffic, its not really going to do a great deail if you are getting 2Mb of DoS traffic because its still going to come over your Internet Pipe to your firewalls before its blocked, therefore the ISP needs to stop it before it saturates your own links. There are techniques to mitigate against this such as setting embryonic limits on the firewalls, agreeing a CIR (Commited Information Rate) on your link with your ISP to try and limit Ping traffic, etc... going down the link, its like a QoS on that link.

What is GPG/PGP?

This is basically involved in protecting data and files. PGP (pretty good privacy) is most comonly used in e-mail transmittion to encrypt the e-mail before its sent. Normal e-mail transmission is sent clear text. Take a look here for more info on PGP

Hope it answers most of your questions

Cheers

Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Time to create page: 0.135 seconds