Friday, February 4, 2011

Know these Cyber security TERMS

  • Spam – Unsolicited e-mails, sent in batches of 10,000s or 100,000s, using spamming tools available on the web. 
  • Phishing – Criminally fraudulent process of attempting to obtain sensitive information such as user names, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.
  • Malware – Malicious computer program or code written to steal user information and passwords.
  • Trojan – Malware that automatically download themselves (when launching infected web pages or opening spam e-mails) allowing hackers to take control of victim computers to launch attacks on other computers or networks.
  • “Smishing” or “vishing” – Fraudulent SMS message sent to your cellphone or automated voice response call to your cellphone/landline phone saying there’s a problem with your bank account. You’re given a phone number to call or a website to log into and asked to provide personal identifiable information—like a bank account number, PIN, or credit card number—to fix the problem.

Saturday, January 8, 2011

What a big Deal ! NAT (Network Address Translation ) / PAT (Port Address Translation )


What is NAT :  (Network address translation )/PAT (port address Translation )

NAT ! what it does is , translate inside ip address to outside ip address or vise versa , ok by now you are thinking what is inside and what is outside ? let me give you an  example , let say you have a router it has two interface , one connected to your pc or switch the other one connected to your service provider .  the one connected to your pc or switch will be an inside interface and the other one connected to service provider will be outside interface .

Router does NAT !

what happens is , router gets an ip address from service provider , that will be a   public ip address , now behind the router inside interface there might be 10 or 100 computers connected to router  through switch  and every computer wanted to use internet ,these computers gets an ip address via DHCP or static assignment , most of the time these are private ip address , defend on your design and money that your spending , public ip address are expensive to get and  even they are running out of stock soon , that’s why IPV6 in place .

What router does is , translate all private address to one public address via different port number , that is  PAT (port address translation ) . 

Why use NAT !

The shortage of public IP addresses is only one reason to use NAT. Two other good reasons are:  Security  and  Administration.

Example : NAT is like the receptionist in a large office. Let's say you have left instructions with the receptionist not to forward any calls to you unless you request it. Later on, you call a potential client and leave a message for them to call you back. You tell the receptionist that you are expecting a call from this client and to put them through.
The client calls the main number to your office, which is the only number the client knows. When the client tells the receptionist who they are looking for, the receptionist checks a lookup table that matches up the person's name and extension. The receptionist knows that you requested this call, therefore the receptionist forwards the caller to your extension.

Various NAT Type :
  
Static NAT – Mapping an unregistered IP address to a registered IP address on a one-to-one basis. Particularly useful when a device needs to be accessible from outside the network.

Dynamic NAT – Maps an unregistered IP address to a registered IP address from a group of registered IP addresses. Dynamic NAT also establishes a one-to-one mapping between unregistered and registered IP address, but the mapping could vary depending on the registered address available in the pool, at the time of communication.

 (Most popular ) Overloading – A form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports.
Known also as PAT (Port Address Translation), 

Overlapping – When the IP addresses that you are using  in your internal network  and the company that you are going to connect to are using same ip addresses range  in  their network, the router must maintain a lookup table of these addresses so that it can intercept them and replace them with registered unique IP addresses. It is important to note that the NAT router must translate the "internal" addresses to registered unique addresses and also it must translate the "external" registered addresses to addresses that are unique to the private network. This can be done either through static NAT or you can use DNS and implement dynamic NAT.

.

Wednesday, January 5, 2011

Break DOWN your DNS knowledge into pieces

The Domain Name System (DNS) provides visitors access to websites using domain names rather than IP addresses.

 

How does DNS work?

DNS translates human-speak (domain names) into computer-speak (IP addresses). Domain names are text-based names used to identify a website or Internet location. IP addresses are strings of numbers used by every computer connected to the Internet to identify a website's location and communicate with other computers and Web servers.
DNS translates the text-based website or location identifier a visitor enters to the number-based IP address of the associated website or Internet location. For example, myweb.com is a domain name. 208.109.80.200  is an IP address associated with myweb.com. DNS translates the domain name myweb.com to the IP address 208.109.80.200
Using DNS, we can enter easily-remembered text-based domain names and reach machine-readable Internet addresses.

How does DNS know which IP address to use?


Each domain name stores its DNS information in a zone file. Large collections of zone files for different domain names are stored on nameservers. Domain names point to nameservers to locate their zone files — to do this, a domain name must point to the nameserver holding its specific zone file.

How do I know which name server to use?


When you register a domain name, the provider will automatically park the domain name and set its name server to  parking servers. If you activate the domain name or make changes to your website's hosting, your hosting company provides the name server names or IP addresses where your domain name's zone file is located. Use this information to update your domain name settings at your registrar. Once you've updated your name servers or IP address, allow 24 to 48 hours for the new information to propagate through the Internet, and then visitors can reach your website using your domain name.
Zone files organize the zone records for domain names and sub domains in a DNS server. Every domain name and sub domain has a zone file, and each zone file contains zone records. These files, editable in any plain text editor, hold the DNS information linking domain names and sub domains to IP addresses. Zone files usually contain several different zone records.

NOTE: Although domain names might have sub domains, the zone files for sub domains are not considered sub-zone. All zone files are separate entities and do not have a hierarchal structure.
The most common records contained in a zone file are start of authority (SOA), name server, mail exchanger, host, and CNAME. These are described below.

  • Start of Authority (SOA) — Required for every zone file, the SOA record contains caching information, the zone administrator’s email address, and the master name server for the zone. The SOA also contains a number incremented with each update. As this number updates, it triggers the DNS to reload the zone data.
  • Name Server (NS) — The NS record contains the name server information for the zone.
  • Mail Exchanger (MX) — The MX record provides the mail server information for that zone to deliver email to the correct location.
  • Host (A) — Uses the A record to map an IP address to a host name. This is the most common type of record on the Internet.
  • Canonical Name (CNAME) — A CNAME is an alias for a host. Using CNAMEs, you can have more than one DNS name for a host. CNAME records point back to the A record. When you change the IP address in your A record, all CNAME records for that domain name automatically follow the new IP address.
  • Text (TXT) — This is an informational record. Use it for additional information about a host or for technical information to servers.
  • Service Records (SRV) — SRV records are resource records used to identify computers hosting specific services.
  • AAAA — AAAA records store a 128-bit Internet Protocol version 6 (IPv6) address that does not fit the standard A record format. For example, 2007:0db6:85a3:0000:0000:6a2e:0371:7234 is a valid 128-bit/IPv6 address.