Tag Archives: tutorial

An Icon of a keyboard

How to use an Android device as a keyboard and trackpad for a Raspberry Pi

Anyone who has set up a Raspberry Pi Zero W will know it is a bit limited by IO, such is the trade off for such a small form factor. I recently went through a set up that was especially awkward as there was no WiFi available. I tried to use an Android hotspot but unfortunately the Pi could not see the Android device at all. The only option I had was to tether the Pi to the Android via USB. This worked. The Pi had access to the mobile data of the Android device however it seems that the power draw from the Android device meant there was not enough power left to power the wireless USB receiver for the keyboard and mouse combo. So I was left with mutually exclusive options of either access to the internet or the ability to use a keyboard and mouse. Luckily there is always a plan C.

Prerequisites:

You will need a mouse that can connect to the Pi either by USB or Bluetooth. The OS used was Raspbian but this solution should work with other Distros.

Solution:

The Raspberry Pi Zero W also comes with Bluetooth built in so there was the option to make the Pi discoverable and connect a Bluetooth keyboard and mouse. I do not have a physical Bluetooth keyboard or mouse but thankfully there is an App for that, multiple ones actually.

The App I used was the “Serverless Bluetooth Keyboard & Mouse for PC/Phone” from Google Play, available here.

It is free (with ads) and very easy to set up. In terms of performance it provided me with a usable keyboard (like Gboard) with half of the device screen acting as a very responsive track pad. I certainly would not want to compose a thesis with this setup but for typing a few words and clicking a few links it is perfectly serviceable.

I experienced what maybe a slight bug during set up however but I resolved the problem in a minute or two.

Problem and Fix:

Firstly you will need to make the Pi discoverable via Bluetooth. This is the only time I needed to make use of a physical mouse. The option to turn on Bluetooth and make the device discoverable is to the top right of the Raspbian Home screen.

When I tried to connect the Android and Pi together through the App it would not work. The Pi was not discoverable by the App despite the functionality to discover devices being built in to the App.

To connect the devices I first had to connect the Android device and Pi together via their respective operating systems. This threw an error on the Pi but the Android device was visible to it. I then removed the Android Bluetooth connection from the Pi and again tried connecting the Pi via the App. This worked.

If you found this post helpful please like/share/subscribe.

Icon of computer with tick on screen

How to verifying your WordPress.com site with Google via HTML tag

Before starting: Note that according to WordPress.com “. . . verifying your site with these services (search engines) is not necessary in order for your site to be indexed by search engines.

Prerequisites:

This guide assumes you already have your WordPress.com site set up and you already have an account with Google Analytics / Google Search Console.

Steps:

Log into your WordPress.com site.

Go to Marketing and change the displayed options to “Traffic”.

Under “Marketing and Integrations” scroll down to “Site verification services”.

There you will see an option to provide a HTML google-site-verification code.

To retrieve this code you need to login to the sites associated Google Search Console account.

Login to Google Search Console and under the heading “Google Search Console” you will either see a drop down option to “Add Property” i.e. as in a site you own or the name of your site, or sites, that you previously registered.

If you have not registered your domain before then submit the site address now under the domains option. If you have submitted your site before click on your site name.

On the “Ownership verification” page you will see “Additional verification methods” at the bottom of the page.

Expand the HTML Tag option to reveal the HTML google-site-verification code.

Copy this code and return to the WordPress.com “Marketing and Integrations” page.

Paste the code into the HTML google-site-verification code section.

Save the settings in WordPress.com.

Return to the Google Search Console “Ownership verification” page and verify.

Your WordPress.com site has now been verified with Google.

An Icon of map

How to add your WordPress.com sitemap to Google Search Console

Prerequisites:

This guide assumes you already have your WordPress.com site set up and your site is verified with Google Analytics / Google Search Console.

Steps:

By default WordPress.com prepares a sitemap for you.

To see it simply copy and paste the mock url below (Option 1) into your browser search bar and edit it to reference your site. If you own a custom domain omit the reference to WordPress as demonstrated in (Option 2).

(Option 1)

yoursite.wordpress.com/sitemap.xml

(Option 2)

yoursite.com/sitemap.xml

Once you have verified the sitemap url is correct add this sitemap to Google Search Console.

Do this by logging into Google Search Console and clicking on Sitemaps on the left hand side of the main window.

In the sitemaps window there will be the option to paste the copied url under “Add a new sitemap” and Submit it.

Once the url is submitted your sitemap will be saved under “Submitted sitemaps”.

An icon of a jetpack

How to fix Jetpack for WordPress.com not pushing posts to Facebook or Twitter

If you have set up the connections for Facebook, Twitter, etc. through Jetpack but your posts are not being pushed to those platforms try the following.

Make sure you have given permission to editors and authors of your site to use the established Jetpack connections. To do that go back to the Jetpack connection settings.

In the “Publicize posts” section click the drop down arrow to the far right.

Click the check box allowing the social media platform to be used by more than just the administrators. (Obviously this will allow your authors to publish to the specified social media platform so only do this if you trust your authors having this access.)

Once this is done your next published post should also be pushed across your connected social media platforms.

NOTE:

If the post was already published “Updating” the post will not share the post across the social media platforms. You will need to save the post as a “Draft” and “Publish” it again. This should then push the post to the social media platforms.

How to fix “your model is not manifold” error in Cura

You just pulled a file from Thingiverse and now when you try to slice it in Cura it says “your model is not manifold”.  If you just want to make the error go away you can skip to the paragraph “The Fix”  if you don’t want to be “filled in” on why it’s happening in the first place. Little bit of 3D printing humour there for ya.

So what does the error mean?

For a model to be manifold you can think of it as having logically enclosed space in a manner that can exist in real life with an outer geometry that can actually be 3D printed.

So what does non-manifold mean?

There’s a couple of reasons why a model is not manifold and here they are:

  • Self-intersecting
  • Separate Object
  • Hole
  • Inner Faces
  • Overlapping Geometry

Self-intersecting: This is a bit of a weird analogy but imagine punching through yourself. You can’t do that in real life without making a big hole but in a virtual model of yourself you can have the objects of your fist and forearm pass through another body part of your choosing and that’s perfectly fine but in real life you can’t have two objects with mass occupy the same space at the same time so this cannot be printed.

Separate Object: Imagine a model of a figurine wearing sun glasses. If the sun glasses and the figurine were two separate objects and you shrank the figurine by rescaling it to 90% its original size the sun glasses might be left floating in midair. That’s fine for a virtual 3D model but in real life gravity might have something to say about that.

Hole: Pretty self explanatory, there’s a hole in the model and not like a window just a void that makes the model impossible to print successfully.

Inner Faces: Imagine trying to print a model within a model. The slicer reads the code and gets confused because there should only be one outer surface area not two.

Overlapping Geometry: Imagine you have created a 3D model of a house and you’ve accidentally copied the roof and then pasted it back on top of the model over the original roof. The model now has two roofs occupying the same space which cannot be printed.

The Fix:

Ideally you should open the file with some 3D modelling software and fix it manually but if you’re just pulling files from Thingiverse that’s a bit unrealistic. Luckily the following site allows you to upload files and it will try to fix them automatically.

https://3d-print.jomatik.de/en/index.php

If the process successfully fixes the file it will give you the option to download the file with a brief summary of what changes it made highlighting big changes in red.

Its a great solution especially for low risk models but the onus will always be on you to manually inspect the model to see if the problems have in fact been resolved. Also if you’re working on a super secret product design for a company probably best not to upload the model to be fixed online, but for files you’ve pulled from Thingiverse sure why not they’re already publicly available anyway.

How to use a generic PC controller with GTA 5

So you plugged in the cheap PC controller you bought off eBay or Amazon (say one that is coincidentally shaped like an Xbox controller) and found it doesn’t work with GTA 5?

This is probably because the controller is using the DirectInput standard as opposed to the newer XInput standard. You can read more about these standards from Microsoft by clinking on this link.

GTA 5 (or GTA V if you’re feeling fancy) was not optimised to use the DirectInput standard unfortunately. However if you’re playing the game on PC you should be using a keyboard and mouse like a grown-up anyway, it’s way better for shooters. Ah but GTA isn’t all about the shooting I hear you say and you’re right. I’ll admit I switch to a controller for flying vehciles because they are horrible to pilot with direction keys. Analogue sticks are much better suited to aircraft.

So the workaround for being able to use the cheap generic controller is quite simple but requires using an “Xbox 360 Controller Emulator”.

Download the file x360ce_x64 from the following site by clicking on the “download for 64 bit games” button at the top of the screen.

https://www.x360ce.com/

(Be sure to test the downloaded file with whatever antivirus software you have installed)

Once you are satisfied the software is safe extract the file to the root directory of where you installed GTA 5.

(If you do not know where that folder is try searching GTAV in your Windows search bar. Note a folder called GTA V is often created in the Documents folder but this is not the correct directory.  The correct directory will have application files with the GTAV logo in it. The game maybe in a Rockstar folder or perhaps a Steam or Epic folder, it all depends on who you bought it from.)

Right click on x360ce_x64 and run the file as administrator and you should be given an option button to “Create”.

Click this button and a Xbox controller calibration window will open.

At this point if your controller has a large circular button at its center press it and make sure it lights up otherwise it may not send the right signals when the controller is being mapped.

Click “Auto” and then “Save”.

I found the A, B, X and Y face buttons were not mapped correctly and needed to be mapped manually.

To do this, beside each face button on the emulator interface there is a drop down menu. Click on it for each button and choose the option to record. The interface will highlight which button to press on your controller to map it correctly. Once the buttons are mapped correctly click “Save” again.

After following these steps you should now be able to play GTA V with the controller.

How to secure Creality Ender 3 Pro TL-Smoothers once installed

This post will outline how to secure TL-Smoothers within the Creality Ender Pro circuit housing without blocking vents.

Prerequisites:

You will need insulation tape and double-sided sellotape to following the instructions.

What are TL-Smoothers?

A TL-Smoother, as displayed below, is an add-on circuit module for 3D printer stepper motor drivers. They seek to lower vibration, lower noise and provide a smoother result by way of cleaning up electrical signals. Their use is intended to compensate for less than premium motor control circuits that are used in more budget 3D printers.

TL-Smoother

(Note: there is an ongoing debate as to whether TL-Smoothers have any benefit on print quality for the Ender 3 Pro. This post will not cover this topic or the installation process as a whole. This post simply puts forth advice regarding good placement and how to secure the circuits.)

Steps:

The four pin sockets of the TL-Smoothers protrude on the back side of the circuit.

Clip the ends off of these protrusion using the electrical wire cable cutters, provided with the printer, leaving the back of each circuit flat.

Cover the four pins on either end of each circuit with insulation tape, this will prevent shorts.

Cut a small square of double-sided tape and secure it to the back of each circuit as shown below.

DoubleSidedTapeSmall

Secure the circuits as demonstrated below using the double-sided tape. These locations will ensure everything will fit inside the housing while leaving enough space for the fan. The green square in the picture marks where the fan will be situated when the housing is closed back up.

Smoother Placement

Happy Printing. ☮

How to create a C# console application that will solve crosswords

This tutorial will cover the following tasks in C#:

  • How to count the characters in a string
  • How to assign a file’s directory location to a variable
  • How to create a list variable
  • How to pull/read a CSV file column into a list variable
  • How to clean strings using Regex to remove non alpha numeric characters as the strings are being read into a list
  • How to remove duplicate word entries from a list
  • How to order a list
  • How to write variables to the console, including a list’s elements

Assumptions:

You already know how to create projects in Visual Studio.

If you do not how to do this search online using the following term “how to create C# console applications in visual studio”.

Prerequisites:

First you will need to generate a CSV file with random words using this site:

https://onlinerandomtools.com/generate-random-csv

For the option “how many columns to generate” set the value to 1.

For testing purposes create 1000 rows.

Download the csv file generated and save it using the name “words”.

Summary of how the code works:

The code works by reducing the initial list (i.e. the supplied CSV file of random words) down to only words that match the number of characters of the user word, typically referred to as “string length”.

Once that subset of words has been created the code will then compare the user word’s letters against each letter, referencing the relative position, in each word in the subset.

Note: there is still significant room for optimization but the code is functional and works well as an accessible, human readable tutorial.

Use case example:

If the user enters the word “apple” the dictionary subset will be reduced down to 5 letter words only. These five letter words are then compared to the user word, each word and letter at a time. So if the first word in the list was “cabin” the comparison would jump to the next word in the list as the “a” in “apple” does not match the “c” in “cabin”. If the next word in the dictionary was “acorn” the first letters would match but the comparison would jump to the next word when the “c” and “p” did not match.

Instructions:

Create a C# console application called CrosswordSolver in Visual Studio.

Move the CSV file called “Words” into the bin directory of the project folder, i.e. CrosswordSolver\CrosswordSolver\bin

Open the project CrosswordSolver and paste the C# code below into the default window replacing the default cs page code.

The hardcoded example of a user word is:

string userWord = “a****”;

The user can use * to represent characters unknown, for example ap*le.

Note: The CSV file you randomly generated may have no examples of 5 letter words begining with the letter “a” so experiment with other characters.

You can test the letter comparison functionality by uncommenting the two sections of code immediately following the comments “Test letter comparison”.

To test your CSV file has been read into memory you can uncomment the section of code immediately following “Test that dictionary has been read into memory”.

The C# code:

using System;
using System.IO;
using System.Linq;
using System.Collections.Generic;
using System.Text.RegularExpressions;

namespace CrosswordSolver
{
    class Program
    {
        static void Main(string[] args)
        {
            int c = 0;
            //User input
            //NOTE: Use * to represent characters unknown 
            string userWord = "a****";
            int wordLength = userWord.Length;

            //Assign directory location of the csv file containing the collection of words to a variable
            string projectFolder = Directory.GetParent(Directory.GetCurrentDirectory()).Parent.FullName;
            string file = Path.Combine(projectFolder, "words.csv");

            //Display dictionary location in console
            Console.WriteLine("Dictionary location: " + file);

            var dictionary = new List<string>();
            using (var rd = new StreamReader(file))

            //Pull file column into dictionary list without cleaning
            //{
            //    while (!rd.EndOfStream)
            //    {
            //        var splits = rd.ReadLine().Split(',');
            //        dictionary.Add(splits[0]);
            //    }
            //}

            //Pull file column into dictionary list while cleaning
            {
                while (!rd.EndOfStream)
                {
                    var splits = rd.ReadLine().Split(',');
                    //string clean is done with Regex
                    dictionary.Add(Regex.Replace(splits[0], "[^A-Za-z0-9 ]", ""));
                }
            }

            //Test that dictionary has been read into memory
            //Console.WriteLine("The dictionary contains the following words:");
            //foreach (var element in dictionary)
            //Console.WriteLine(element);

            //Remove duplicate word entries
            //c = dictionary.Count;
            //Console.WriteLine("The dictionary contains " + c + " words");
            dictionary = dictionary.Distinct().ToList();
            //c = dictionary.Count;
            //Console.WriteLine("The dictionary contains " + c + " words");

            // Count the elements in the List and display test parameters
            c = dictionary.Count;
            Console.WriteLine("The dictionary contains " + c + " words");
            Console.WriteLine("User entered the string: " + userWord);
            Console.WriteLine(userWord + " has " + wordLength + " characters");
            userWord = userWord.ToLower();

            //Reduce the dataset size based on number of characters in string
            IEnumerable<string> query =
                dictionary.Where(word => word.Length == wordLength);

            var subSet = new List<string>();
            foreach (var word in query)
                subSet.Add(word);

            //Order List
            subSet = subSet.OrderBy(x => x).ToList();

            c = subSet.Count;
            if (c != 0)
            {
                Console.WriteLine("The dictionary contains " + c + " words that are " + wordLength + " characters in length");

                //Begin character and position match check
                var result = new List<string>();
                foreach (var word in subSet)

                {
                    for (int i = 0; i <= wordLength - 1; i++)
                    {

                        if ((word.ToLower()[i] == userWord[i]) | (userWord[i] == '*'))
                        {

                            //Test letter comparison (Letters match)
                            //Console.WriteLine(
                            //"Letter " + i + ", which is " + "\"" + word[i] + "\"" + ", of the word " + "\"" + word + "\"" +
                            //" matches letter " + i + ", which is " + "\"" + userWord[i] + "\"" + ", of the user input " + "\"" + userWord + "\""
                            //);

                            if (i == wordLength - 1)
                            { result.Add(word); }

                        }
                        else
                        {
                            //Test letter comparison (Letters do not match)
                            //Console.WriteLine(
                            //"Letter " + i + ", which is " + "\"" + word[i] + "\"" + ", of the word " + "\"" + word + "\"" +
                            //" does not match letter " + i + ", which is " + "\"" + userWord[i] + "\"" + ", of the user input " + "\"" + userWord + "\""
                            //);

                            break;
                        }
                    }
                }

                //Test words that do not match
                //foreach (var word in subSetToRemove)
                //Console.WriteLine(word);

                bool isEmpty = !result.Any();
                if (isEmpty)
                {
                    Console.WriteLine("No matches found");
                }
                else
                {
                    c = result.Count();
                    Console.WriteLine("Potential matches found: " + c);
                    foreach (var word in result)
                        Console.WriteLine(word);
                }
            }
            else
            {
                Console.WriteLine("No words of " + wordLength + " characters long found");
            }
            Console.ReadKey();
        }
    }
}

 

If you found this code useful be sure to like the post and comment. ☮

If you would like to know how to create a csv file with C# see this tutorial link.

If you would like to know how to create a console application in Visual Studio that won’t open a command window when it runs see this tutorial link.

 

How to fix the right analog stick of a generic PC controller for Fifa Online 3

Fifa Online 3 is a free version of Fifa that is popular in Asia as an esport title. The gameplay and visuals are a little dated but it’s still a solid experience at a great price. You won’t make it through the tutorials however if you are using a cheap generic PC controller (say one that is coincidentally shaped like an xbox controller) as you won’t be able to save penalties. This is because the right analog stick may not be recognised.

The fix is quite simple.

Download the file x360ce from the following site by clicking on the “download for 32 bit games” button at the top of the screen.

https://www.x360ce.com/

(Be sure to test the downloaded file with whatever antivirus software you have installed)

Once you are satisfied the software is safe extract the file to the root directory of where you installed the game. (Note: the game directory will probably not be called Fifa etc. it will likely be a series of numbers)

Open the file and you should be given an option button to “Create”.

Click this button and a Xbox controller calibration window will open.

Click “Auto” and then “Save”, and that should do it.

See the video below for a more visual guide, just don’t download the 64 bit file.

How I passed The CompTIA CySA+ exam

I did the exam back at the start of January 2020 and as someone who is not from a security or networking background I did find it difficult.

To put it bluntly there’s no point even attempting the exam without knowing ports, all the relevant security software (including the various common commands) and the IT security frameworks.

I found the Jason Dion Udemy course very helpful. (FYI not affiliated in anyway) The course however should only be considered supplementary. You should be doing your own research and researching the topics and terms within the course you think weren’t covered in as much detail as they could have been.

Most importantly of all do practice exams. There are several floating around on the internet and Jason Dion has an additional set of his own on Udemy.

As part of my research I prepared a list of definitions which are shared below. This is just a big dump of text but worth giving a few minutes of your time to freshen up on acronyms. (My apologies to whoever prepared the source material, I never took note where it came from for the sake of references.)

Internet Protocol (IP) is the principal set (or communications protocol) of digital message formats and rules for exchanging messages between computers across a single network or a series of interconnected networks, using the Internet Protocol Suite (often referred to as TCP/IP). Messages are exchanged as datagrams, also known as data packets or just packets.

IP is the primary protocol in the Internet Layer of the Internet Protocol Suite, which is a set of communications protocols consisting of four abstraction layers: link layer (lowest), Internet layer, transport layer and application layer (highest).

The main purpose and task of IP is the delivery of datagrams from the source host (source computer) to the destination host (receiving computer) based on their addresses. To achieve this, IP includes methods and structures for putting tags (address information, which is part of metadata) within datagrams.

Think of an anology with the postal system. IP is similar to the U.S. Postal System in that it allows a package (a datagram) to be addressed (encapsulation) and put into the system (the Internet) by the sender (source host). However, there is no direct link between sender and receiver.

The package (datagram) is almost always divided into pieces, but each piece contains the address of the receiver (destination host). Eventually, each piece arrives at the receiver, often by different routes and at different times. These routes and times are also determined by the Postal System, which is the IP.

However, the Postal System (in the transport and application layers) puts all the pieces back together before delivery to the receiver (destination host).

Note: IP is actually a connectionless protocol, meaning that the circuit to the receiver (destination host) does not need be set up before transmission (by the source host). Continuing the analogy, there does not need to be a direct connection between the physical return address on the letter/package and the recipient address before the letter/package is sent.

Originally, IP was a connectionless datagram service in a transmission control program created by Vint Cerf and Bob Kahn in 1974. When format and rules were applied to allow connections, the connection-oriented Transmission Control Protocol was created. The two together form the Internet Protocol Suite, often referred to as TCP/IP.

Internet Protocol version 4 (IPv4) was the first major version of IP. This is the dominant protocol of the Internet. However, iPv6 is active and in use, and its deployment is increasing all over the world.

Addressing and routing are the most complex aspects of IP. However, intelligence in the network is located at nodes (network interconnection points) in the form of routers which forward datagrams to the next known gateway on the route to the final destination. The routers use interior gateway protocols (IGPs) or external gateway protocols (EGPs) to help with making forwarding route decisions.

Routes are determined by the routing prefix within the datagrams. The routing process can therefore become complex. But at the speed of light (or nearly so) the routing intelligence determines the best route, and the datagram pieces and datagram all eventually arrive at their destination.

The process of putting these tags on datagrams is called encapsulation.

How TCP Works

Transmission Control Protocol (TCP) is the most commonly used protocol on the Internet.

When you request a web page in your browser, your computer sends TCP packets to the web server’s address, asking it to send the web page back to you. The web server responds by sending a stream of TCP packets, which your web browser stitches together to form the web page. When you click a link, sign in, post a comment, or do anything else, your web browser sends TCP packets to the server and the server sends TCP packets back.

TCP is all about reliability—packets sent with TCP are tracked so no data is lost or corrupted in transit. This is why file downloads don’t become corrupted even if there are network hiccups. Of course, if the recipient is completely offline, your computer will give up and you’ll see an error message saying it can’t communicate with the remote host.

TCP achieves this in two ways. First, it orders packets by numbering them. Second, it error-checks by having the recipient send a response back to the sender saying that it has received the message. If the sender doesn’t get a correct response, it can resend the packets to ensure the recipient receives them correctly.

User Datagram Protocol (UDP) is used by apps to deliver a faster stream of information by doing away with error-checking. When configuring some network hardware or software, you may need to know the difference.

How UDP Works

The UDP protocol works similarly to TCP, but it throws out all the error-checking stuff. All the back-and-forth communication introduces latency, slowing things down.

When an app uses UDP, packets are just sent to the recipient. The sender doesn’t wait to make sure the recipient received the packet—it just continues sending the next packets. If the recipient misses a few UDP packets here and there, they are just lost—the sender won’t resend them. Losing all this overhead means the devices can communicate more quickly.

UDP is used when speed is desirable and error correction isn’t necessary. For example, UDP is frequently used for live broadcasts and online games.

For example, let’s say you’re watching a live video stream, which are often broadcast using UDP instead of TCP. The server just sends a constant stream of UDP packets to computers watching. If you lose your connection for a few seconds, the video may freeze or get jumpy for a moment and then skip to the current bit of the broadcast. If you experience minor packet-loss, the video or audio may be distorted for a moment as the video continues to play without the missing data.

This works similarly in online games. If you miss some UDP packets, player characters may appear to teleport across the map as you receive the newer UDP packets. There’s no point in requesting the old packets if you missed them, as the game is continuing without you. All that matters is what’s happening right now on the game server—not what happened a few seconds ago. Ditching TCP’s error correction helps speed up the game connection and reduce latency.

Transport Layer Security (TLS) is a protocol that provides communication security between client/server applications that communicate with each other over the Internet. It enables privacy, integrity and protection for the data that’s transmitted between different nodes on the Internet. TLS is a successor to the secure socket layer (SSL) protocol.

TLS primarily enables secure Web browsing, applications access, data transfer and most Internet-based communication. It prevents the transmitted/transported data from being eavesdropped or tampered. TLS is used to secure Web browsers, Web servers, VPNs, database servers and more. TLS protocol consists of two different layers of sub-protocols:

TLS Handshake Protocol: Enables the client and server to authenticate each other and select a encryption algorithm prior to sending the data

TLS Record Protocol: It works on top of the standard TCP protocol to ensure that the created connection is secure and reliable. It also provides data encapsulation and data encryption services.

Port Descriptions:

File Transfer Protocol (FTP) is a standard network protocol used for the transfer of computer files between a client and server on a computer network.

FTP is built on a client-server model architecture using separate control and data connections between the client and the server.[1] FTP users may authenticate themselves with a clear-text sign-in protocol, normally in the form of a username and password, but can connect anonymously if the server is configured to allow it. For secure transmission that protects the username and password, and encrypts the content, FTP is often secured with SSL/TLS (FTPS) or replaced with SSH File Transfer Protocol (SFTP).

Ports:

  • Send File Data Port 20
  • Session Info 21

Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Typical applications include remote command-line, login, and remote command execution, but any network service can be secured with SSH.

SSH provides a secure channel over an unsecured network in a client–server architecture, connecting an SSH client application with an SSH server. The protocol specification distinguishes between two major versions, referred to as SSH-1 and SSH-2. The standard TCP port for SSH is 22. SSH is generally used to access Unix-like operating systems, but it can also be used on Microsoft Windows. Windows 10 uses OpenSSH as its default SSH client. Port 22.

SSH File Transfer Protocol (SFTP) is a secure file transfer protocol. It runs over the SSH protocol. It supports the full security and authentication functionality of SSH.

SFTP has pretty much replaced legacy FTP as a file transfer protocol, and is quickly replacing FTP/S. It provides all the functionality offered by these protocols, but more securely and more reliably, with easier configuration. There is basically no reason to use the legacy protocols any more.

SFTP also protects against password sniffing and man-in-the-middle attacks. It protects the integrity of the data using encryption and cryptographic hash functions, and autenticates both the server and the user.

SFTP port number is the SSH port 22 (follow the link to see how it got that number). It is basically just an SSH server. Port 22.

Telnet is a computer protocol that provides two-way interactive communication compatibility for computers on the internet and local area networks. User data is interspersed in-band with Telnet control information in an 8-bit byte oriented data connection over the Transmission Control Protocol (TCP). Telnet has a command-line interface and is famous for being the original protocol from when the internet first launched in 1969. Where a telnet application is listening it operates on port 23.

Vulnerability of Telnet

In time, Telnet’s use declined in favor of SSH (Secure Shell or Secure Socket Shell) due to serious security concerns when it was used over an open network. Telnet lacks authentication policies and data encryption.

Simple Mail Transfer Protocol (SMTP) is an internet standard for email supported by most email processing servers. Port 25. SMTPS (Simple Mail Transfer Protocol Secure) is a method for securing the SMTP using transport layer security. It is intended to provide authentication of the communication partners, as well as data integrity and confidentiality. Port 465.

SMTPS is not a proprietary protocol and not an extension of SMTP. It is a way to secure SMTP at the transport layer, by wrapping SMTP inside TLS. Conceptually, it is similar to how HTTPS wraps HTTP inside TLS.

WHOIS (pronounced as the phrase “who is”) is a query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block or an autonomous system, but is also used for a wider range of other information. The protocol stores and delivers database content in a human-readable format. Port 43.

Terminal Access Controller Access-Control System (TACACS) refers to a family of related protocols handling remote authentication and related services for networked access control through a centralized server. The original TACACS protocol, which dates back to 1984, was used for communicating with an authentication server, common in older UNIX networks; it spawned related protocols:

Extended TACACS (XTACACS) is a proprietary extension to TACACS introduced by Cisco Systems in 1990 without backwards compatibility to the original protocol. TACACS and XTACACS both allow a remote access server to communicate with an authentication server in order to determine if the user has access to the network.

Terminal Access Controller Access-Control System Plus (TACACS+) is a protocol developed by Cisco and released as an open standard beginning in 1993. Although derived from TACACS, TACACS+ is a separate protocol that handles authentication, authorization, and accounting (AAA) services. TACACS+ have largely replaced their predecessors. Port 49.

The Domain Name System (DNS) is the phonebook of the Internet. Humans access information online through domain names, like nytimes.com or espn.com. Web browsers interact through Internet Protocol (IP) addresses. DNS translates domain names to IP addresses so browsers can load Internet resources. Port 53.

Each device connected to the Internet has a unique IP address which other machines use to find the device. DNS servers eliminate the need for humans to memorize IP addresses such as 192.168.1.1 (in IPv4), or more complex newer alphanumeric IP addresses such as 2400:cb00:2048:1::c629:d7a2 (in IPv6).

Dynamic Host Configuration Protocol (DHCP) is a protocol that provides quick, automatic, and central management for the distribution of IP addresses within a network. DHCP is also used to configure the subnet mask, default gateway, and DNS server information on the device. Port 67.

Bootstrap Protocol (BOOTP) is a computer networking protocol used in Internet Protocol networks to automatically assign an IP address to network devices from a configuration server Port 67.

Differences between DHCP and BOOTP:

The major difference between BOOTP and DHCP is that BOOTP support static configuration of the IP addresses while DHCP supports dynamic configuration. It means that DHCP automatically assigns and obtain the IP addresses from the computer connected to the internet and also have some additional features.

https://techdifferences.com/difference-between-bootp-and-dhcp.html

Trivial File Transfer Protocol (TFTP) is a technology that transfers files between network devices and is a simplified version of the more robust File Transfer Protocol. TFTP was developed in the 1970s for computers lacking sufficient memory or disk space to provide full FTP support. Today, TFTP is found on consumer ​broadband routers and commercial network routers. Home network administrators use TFTP to upgrade the router firmware, while professional administrators use TFTP to distribute software across corporate networks. Port 69.

Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems.[1] HTTP is the foundation of data communication for the World Wide Web, where hypertext documents include hyperlinks to other resources that the user can easily access, for example by a mouse click or by tapping the screen in a web browser. Port 80.

Development of HTTP was initiated by Tim Berners-Lee at CERN in 1989. Development of early HTTP Requests for Comments (RFCs) was a coordinated effort by the Internet Engineering Task Force (IETF) and the World Wide Web Consortium (W3C), with work later moving to the IETF.

Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) or, formerly, its predecessor, Secure Sockets Layer (SSL). The protocol is therefore also often referred to as HTTP over TLS, or HTTP over SSL. Port 443.

Secure Socket Tunneling Protocol (SSTP) is a form of virtual private network (VPN) tunnel that provides a mechanism to transport PPP traffic through an SSL/TLS channel. SSL/TLS provides transport-level security with key negotiation, encryption and traffic integrity checking. The use of SSL/TLS over TCP port 443 allows SSTP to pass through virtually all firewalls and proxy servers except for authenticated web proxies. Port 443.

Kerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Port 88.

Post Office Protocol version 3 (POP3) is a standard mail protocol used to receive emails from a remote server to a local email client. POP3 allows you to download email messages on your local computer and read them even when you are offline. Note, that when you use POP3 to connect to your email account, messages are downloaded locally and removed from the email server. This means that if you access your account from multiple locations, that may not be the best option for you. On the other hand, if you use POP3, your messages are stored on your local computer, which reduces the space your email account uses on your web server.

By default, the POP3 protocol works on two ports:

Port 110 – this is the default POP3 non-encrypted port

Port 995 – this is the port you need to use if you want to connect using POP3 securely

Network News Transfer Protocol (NNTP) is the underlying protocol of UseNet, which is a worldwide discussion system which contains posts or articles which are known as news. Network News Transfer Protocol is used to transfer news from one network to another. It is designed specifically to transfer news/articles. A NNTP client is included in browsers like Netscape, Opera and Internet Explorer or a special application named newsreader can be used as a NNTP client. NNTP servers manages the global network of news groups. Port 119.

Network time protocol (NTP) is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. In operation since before 1985, NTP is one of the oldest Internet protocols in current use. it has become a key component in security as when you are tracing through logs to pull together events from different devices, accurate time throughout your network is incredibly important. Port 123.

NetBIOS over TCP/IP (NBT, or sometimes NetBT) is a networking protocol that allows legacy computer applications relying on the NetBIOS API to be used on modern TCP/IP networks. Ports 137, 138, 139.

Internet Message Access Protocol (IMAP) is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. IMAP is defined by RFC 3501.

IMAP was designed with the goal of permitting complete management of an email box by multiple email clients, therefore clients generally leave messages on the server until the user explicitly deletes them. An IMAP server typically listens on port 143. IMAP over SSL (IMAPS) is assigned the port 993.

Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. Devices that typically support SNMP include cable modems, routers, switches, servers, workstations, printers, and more.

SNMP is widely used in network management for network monitoring. SNMP exposes management data in the form of variables on the managed systems organized in a management information base (MIB) which describe the system status and configuration. These variables can then be remotely queried (and, in some circumstances, manipulated) by managing applications.

Ports:

  • 161 – SNMP (Agents receive requests)
  • 162 – SNMP (Controller receives data)

Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network. As examples, directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number. Port 389.

LDAPS is a distributed IP directory protocol similar to LDAP, but which incorporates SSL for greater security. Port 636.

Server Message Block (SMB), assoicated software referred to as SAMBA, is a protocol for sharing files, printers, serial ports, and communications abstractions such as named pipes and mail slots between computers. Port 445. Also,137,138,139

Internet Key Exchange (IKE) is a key management protocol standard used in conjunction with the Internet Protocol Security (IPSec) standard protocol. It provides security for virtual private networks’ (VPNs) negotiations and network access to random hosts. It can also be described as a method for exchanging keys for encryption and authentication over an unsecured medium, such as the Internet.

IKE enhances IPsec by providing additional features along with flexibility. IPsec, however, can be configured without IKE.

IKE has many benefits. It eliminates the need to manually specify all the IPSec security parameters at both peers. It allows the user to specify a particular lifetime for the IPsec security association. Furthermore, encryption can be changed during IPsec sessions. Moreover, it permits certification authority. Finally, it allows dynamic authentication of peers. Port 500.

Routing Information Protocol (RIP) is one of the oldest distance-vector routing protocols which employ the hop count as a routing metric. RIP prevents routing loops by implementing a limit on the number of hops allowed in a path from source to destination. The largest number of hops allowed for RIP is 15, which limits the size of networks that RIP can support. Port 520.

FTPS (also known as FTPES, FTP-SSL, and FTP Secure) is an extension to the commonly used File Transfer Protocol (FTP) that adds support for the Transport Layer Security (TLS) and, formerly, the Secure Sockets Layer (SSL, which is now prohibited by RFC7568) cryptographic protocols. Port 989/990.

FTPS should not be confused with the SSH File Transfer Protocol (SFTP), a secure file transfer subsystem for the Secure Shell (SSH) protocol with which it is not compatible. It is also different from FTP over SSH, which is the practice of tunneling FTP through an SSH connection.

SQL TCP port 1433 is the default port for SQL Server. This port is also the official Internet Assigned Number Authority (IANA) socket number for SQL Server. Client systems use TCP 1433 to connect to the database engine; SQL Server Management Studio (SSMS) uses the port to manage SQL Server instances across the network. You can reconfigure SQL Server to listen on a different port, but 1433 is by far the most common implementation. Port 1433.

Layer Two Forwarding (L2F) is a Cisco tunneling protocol that uses virtual dial-up networks for secure data packet transport. L2F functionality is similar to the Point-to-Point Tunneling Protocol (PPTP), which was developed by the Microsoft-led PPTP Forum. Port 1701.

Point-to-Point Tunneling Protocol (PPTP) Port 1723.

L2F creates point-to-point (PPP) network and user connections and allows high-level protocols to create tunnels via the link layer, including High-Level Data Link Control (HDLC) or SLIP frames. These tunnels separate server and termination points to facilitate network access.

In 1999, Microsoft and Cisco merged their respective L2F protocol versions and created L2TP, which is the Internet Engineering Task Force (IETF) tunneling standard.

H.323 is an ITU Telecommunication Standardization Sector (ITU-T) recommendation that describes protocols for the provision of audio-visual (A/V) communication sessions on all packet networks. H.323 provides standards for equipment, computers and services for multimedia communication across packet based networks and specifies transmission protocols for real-time video, audio and data details.

H.323 is widely used in IP based videoconferencing, Voice over Internet Protocol (VoIP) and Internet telephony. Users can communicate through the Internet and make use of a variety of products that are H.323 standard compatible. Port 1720.

RADIUS is a network protocol that is used to authenticate and authorize user access to a remote network. The term, RADIUS, is an acronym that stands for Remote Authentication Dial-In User Service. First introduced in 1991, RADIUS has remained a powerful tool for managing network user access. Port 1812,1813.

Media Gateway Control Protocol (MGCP) is a signaling and call control communications protocol used in voice over IP (VoIP) telecommunication systems. It implements the media gateway control protocol architecture for controlling media gateways connected to the public switched telephone network (PSTN). The media gateways provide conversion of traditional electronic media to the Internet Protocol (IP) network. The protocol is a successor to the Simple Gateway Control Protocol (SGCP), which was developed by Bellcore and Cisco, and the Internet Protocol Device Control (IPDC) Ports 2427, 2727.

Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft, which provides a user with a graphical interface to connect to another computer over a network connection. The user employs RDP client software for this purpose, while the other computer must run RDP server software.

Clients exist for most versions of Microsoft Windows (including Windows Mobile), Linux, Unix, macOS, iOS, Android, and other operating systems. RDP servers are built into Windows operating systems; an RDP server for Unix and OS X also exists. By default, the server listens on TCP port 3389 and UDP port 3389.

Real-time Transport Protocol (RTP) is a network protocol for delivering audio and video over IP networks. RTP is used in communication and entertainment systems that involve streaming media, such as telephony, video teleconference applications including WebRTC, television services and web-based push-to-talk features. Ports 5004, 5005.

The Session Initiation Protocol (SIP) is a signaling protocol used for initiating, maintaining, and terminating real-time sessions that include voice, video and messaging applications.[1] SIP is used for signaling and controlling multimedia communication sessions in applications of Internet telephony for voice and video calls, in private IP telephone systems, in instant messaging over Internet Protocol (IP) networks as well as mobile phone calling over LTE (VoLTE).

Ports:

  • 5060 – SIP (unencrypted)
  • 5061 – SIP (encrypted with TLS)

PuTTY is a free and open-source terminal emulator, serial console and network file transfer application. It supports several network protocols, including SCP, SSH, Telnet, rlogin, and raw socket connection. It can also connect to a serial port. The name “PuTTY” has no official meaning.

PuTTY was originally written for Microsoft Windows, but it has been ported to various other operating systems. Official ports are available for some Unix-like platforms, with work-in-progress ports to Classic Mac OS and macOS, and unofficial ports have been contributed to platforms such as Symbian,Windows Mobile and Windows Phone.

PuTTY was written and is maintained primarily by Simon Tatham, a British programmer.

Windows Server Update Services (WSUS) provides a cost-effective patch management solution to deploy updates to domain-joined Windows servers and workstation in a corporate network. WSUS is fully integrated in Windows Server 2012 and can be enabled on Windows clients by configuring settings in Group Policy Objects – GPO.

Secure Sockets Layer (SSL) is a standard protocol used for the secure transmission of documents over a network. Developed by Netscape, SSL technology creates a secure link between a Web server and browser to ensure private and integral data transmission. SSL uses Transport Control Protocol (TCP) for communication.

Internet Information Services (IIS) formerly known as Internet Information Server, is a web server producted by Microsoft. IIS is used with Microsoft Windows OSs and is the Microsoft-centric competition to Apache, the most popular webserver used with Unix/Linux-based systems.

Kiwi Syslog Server receives, logs, displays, alerts on, and forwards syslog, SNMP trap, and Windows event log messages from routers, switches, firewalls, Linux and UNIX hosts, and Windows machines.

Adaptive Security Device Manager (ASDM) is a Cisco technology that lets you manage Cisco Adaptive Security Appliance (ASA) firewalls and the Cisco AnyConnect Secure Mobility Client through a local, web-based interface.

AnyConnect is an Cisco Business App for Windows, iPhone and Android that facilitates user remote access to Cisco networks via VPN. (It is preferred method of remote access to Clientless SSL VPN)

Windows Remote Management (WinRM) is enabled in the firewall. WinRM is one component of the Windows Hardware Management features that manage server hardware locally and remotely.

AlienVault is a network monitoring system which uses OSSIM (Open Source Security Information Management) as a backbone of which it’s able to assist with intrusion detection and prevention operations.

Security Information and Event Management (SIEM) software products and services combine security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by applications and network hardware.

Internet Control Message Protocol (ICMP) is a network protocol for Internet Protocol (IP) networking. ICMP transfers control information for the status of the network itself rather than application data. An IP network requires ICMP in order to function properly.

ICMP messages are a specific kind of IP message distinct from TCP and UDP.

The best-known example of ICMP messaging in practice is the ping utility, which uses ICMP to probe remote hosts for responsiveness and measure overall round-trip time of the probe messages. ICMP also supports other utilities like traceroute that identify intermediate routing devices (“hops”) on the path between a given source and destination.

pcap is an application programming interface (API) for capturing network traffic. While the name is an abbreviation of the technical term of art (jargon) packet capture, that is not the API’s proper name. Unix-like systems implement pcap in the libpcap library; for Windows, there is a port of libpcap named WinPcap that is no longer supported or developed, and a port named Npcap for Windows 7 and later that is still supported.

Monitoring software may use libpcap, WinPcap, or Npcap to capture network packets travelling over a computer network and, in newer versions, to transmit packets on a network at the link layer, and to get a list of network interfaces for possible use with libpcap, WinPcap, or Npcap.

Intrusion Detection Systems (IDS) analyze network traffic for signatures that match known cyberattacks.

Intrusion Prevention Systems (IPS) also analyzes packets, but can also stop the packet from being delivered based on what kind of attacks it detects — helping stop the attack.

Promiscuous Mode is a mode for a wired network interface controller (NIC) or wireless network interface controller (WNIC) that causes the controller to pass all traffic it receives to the central processing unit (CPU) rather than passing only the frames that the controller is specifically programmed to receive. This mode is normally used for packet sniffing that takes place on a router or on a computer connected to a wired network or one being part of a wireless LAN. Interfaces are placed into promiscuous mode by software bridges often used with hardware virtualization.

Universally Unique Identifier (UUID) is a 128-bit number used to identify information in computer systems. The term globally unique identifier (GUID) is also used, typically in software created by Microsoft.

OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. The framework is part of Greenbone Networks’ commercial vulnerability management solution from which developments are contributed to the Open Source community since 2009.

The actual security scanner is accompanied with a regularly updated feed of Network Vulnerability Tests (NVTs), over 50,000 in total.

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.

XAMPP is a free and open-source cross-platform web server solution stack package developed by Apache Friends, consisting mainly of the Apache HTTP Server, MariaDB database, and interpreters for scripts written in the PHP and Perl programming languages.

IPv4 and IPv6 are the versions of internet protocol where IPv6 is the enhanced version of IPv4. There are various differences between IPv4 and IPv6 protocol including their features, but the crucial one is the number of addresses (Address space) it generates.

IP version 4 (IPv4) generates 4.29 x 109 unique network addresses which is insufficient in quantity and as a result Internet is running out of space. Whereas IP version 6 (IPv6) produces 3.4 x 1038 addresses and is a scalable and flexible solution to the current problem.

Generic Routing Encapsulation (GRE) is a tunneling protocol developed by Cisco Systems that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links or point-to-multipoint links over an Internet Protocol network. Both VPNs and GRE tunnels can be used to transfer data between remote locations. However, their similarities end there. If you are looking to provide a secure method of connecting remote users to resources stored within a central location, you should probably implement a VPN. However, if you need to pass traffic over an otherwise incompatible network, a GRE tunnel should be implemented. GRE tunnels don’t just have to run across the Internet; you can use them to join networks that couldn’t normally occur, perhaps enabling dynamic routing across a firewall for example. GRE tunnels can solve a few headaches in the real world so understanding them is very important.

One important point to note about GRE tunnels is that they do not inherently encrypt data. Everything that is sent across the tunnel is simply wrapped in GRE packets if you like. You will solve this issue in the next exercise by encrypting the data that is passed over the tunnel. This is especially important when creating a GRE tunnel over insecure networks such as the Internet.

Differences between VPN and GRE:

http://blog.boson.com/bid/92815/What-are-the-differences-between-an-IPSec-VPN-and-a-GRE-Tunnel

Multicast is group communication where data transmission is addressed to a group of destination computers simultaneously. Multicast can be one-to-many or many-to-many distribution. Multicast should not be confused with physical layer point-to-multipoint communication.

Group communication may either be application layer multicast[1] or network assisted multicast, where the latter makes it possible for the source to efficiently send to the group in a single transmission. Copies are automatically created in other network elements, such as routers, switches and cellular network base stations, but only to network segments that currently contain members of the group. Network assisted multicast may be implemented at the data link layer using one-to-many addressing and switching such as Ethernet multicast addressing, Asynchronous Transfer Mode (ATM), point-to-multipoint virtual circuits (P2MP)or Infiniband multicast. Network assisted multicast may also be implemented at the Internet layer using IP multicast. In IP multicast the implementation of the multicast concept occurs at the IP routing level, where routers create optimal distribution paths for datagrams sent to a multicast destination address.

Enhanced Interior Gateway Routing Protocol (EIGRP) is an advanced distance-vector routing protocol that is used on a computer network for automating routing decisions and configuration. The protocol was designed by Cisco Systems as a proprietary protocol, available only on Cisco routers. Functionality of EIGRP was converted to an open standard in 2013[1] and was published with informational status as RFC 7868 in 2016.

EIGRP is used on a router to share routes with other routers within the same autonomous system. Unlike other well known routing protocols, such as RIP, EIGRP only sends incremental updates, reducing the workload on the router and the amount of data that needs to be transmitted.

EIGRP replaced the Interior Gateway Routing Protocol (IGRP) in 1993. One of the major reasons for this was the change to classless IPv4 addresses in the Internet Protocol, which IGRP could not support.

Different types of NAT – Static NAT, Dynamic NAT and PAT

Static NAT (Network Address Translation) – Static NAT (Network Address Translation) is one-to-one mapping of a private IP address to a public IP address. Static NAT (Network Address Translation) is useful when a network device inside a private network needs to be accessible from internet.

Dynamic NAT (Network Address Translation) – Dynamic NAT can be defined as mapping of a private IP address to a public IP address from a group of public IP addresses called as NAT pool. Dynamic NAT establishes a one-to-one mapping between a private IP address to a public IP address. Here the public IP address is taken from the pool of IP addresses configured on the end NAT router. The public to private mapping may vary based on the available public IP address in NAT pool.

PAT (Port Address Translation) – Port Address Translation (PAT) is another type of dynamic NAT which can map multiple private IP addresses to a single public IP address by using a technology known as Port Address Translation.

Here when a client from inside network communicate to a host in the internet, the router changes the source port (TCP or UDP) number with another port number. These port mappings are kept in a table. When the router receive from internet, it will refer the table which keep the port mappings and forward the data packet to the original sender.

Errdisable (or Errdisable)is a feature that automatically disables a port on a Cisco Catalyst switch. When a port is error disabled, it is effectively shut down and no traffic is sent or received on that port.

The Errdisable error disable feature was designed to inform the administrator when there is a port problem or error.  The reasons a catalyst switch can go into Errdisable mode and shutdown a port are many and include:

  • Duplex Mismatch
  • Loopback Error
  • Link Flapping (up/down)
  • Port Security Violation (psecure-violation)
  • Unicast Flodding
  • UDLD Failure
  • Broadcast Storms
  • BPDU Guard

Command Line Interface (CLI) Cheat Sheet: Networking

https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-cli-quick-start/cli-cheat-sheets/cli-cheat-sheet-networking

VACLs (VLAN Access Control Lists) are another technology that you can use to help protect your network.

VACLs are particularly useful when you want to restrict access to certain hosts that may even be on the same VLAN. For example, you may have a scenario where you want to block communication between two servers on the same VLAN.

Denial-of-Service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.

Distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic. Exploited machines can include computers and other networked resources such as IoT devices. From a high level, a DDoS attack is like a traffic jam clogging up with highway, preventing regular traffic from arriving at its desired destination.

Personally identifiable information (PII) is information that, when used alone or with other relevant data, can identify an individual.

Cisco Internetwork Operating System (IOS) is a family of network operating systems used on many Cisco Systems routers and current Cisco network switches. Earlier, Cisco switches ran CatOS. IOS is a package of routing, switching, internetworking and telecommunications functions integrated into a multitasking operating system. Although the IOS code base includes a cooperative multitasking kernel, most IOS features have been ported to other kernels such as QNX and Linux for use in Cisco products.

RSA (Rivest–Shamir–Adleman), typically referred to as RSA key, is an algorithm used by modern computers to encrypt and decrypt messages. It is an asymmetric cryptographic algorithm. Asymmetric means that there are two different keys. This is also called public key cryptography, because one of the keys can be given to anyone. The other key must be kept private. The algorithm is based on the fact that finding the factors of a large composite number is difficult: when the factors are prime numbers, the problem is called prime factorization. It is also a key pair (public and private key) generator.

Out-of-band management is a device and system management technique primarily used in computer networking, but is also applied to other fields of IT where similar methods are used. This management method involves an alternate and dedicated connection to the system separate from the actual network that the system runs on. This allows an administrator to ensure the establishment of trust boundaries since there would only be a single entry point for the management interface.

Device management through out-of-band management is still done via a network connection, but this is entirely separate physically from the “in-band” network connection that the system is serving. Think of this as the door marked as “employees only” found in restaurants and shopping centers. No unauthorized user would be able to access the out-of-band network channel because there is simply no connection to it from the regular network channel that everyone uses, making this a very secure channel.

The out-of-band channel management interface is usually available even though the network may be down or even if the device is turned off, in sleep mode, hibernating or otherwise simply inaccessible through the operating system, making this a very powerful management control tool. This can be used to remotely manage powered-down devices outside working hours or during holidays, or it can be used to reboot devices whose operating system has hung or crashed. This is usually done through special operating system extensions and dedicated hardware specifically designed for out-of-band management.

An example configuration for out-of-band management is the use of Microsoft’s System Center together with Intel’s Active Management Technology and using Microsoft public key infrastructure.

Address Resolution Protocol (ARP) is used to determine the MAC Address of a node if you only know its IP address. When a host on a LAN wants to learn a MAC address, it sends out a broadcast ARP request: “Hey, anybody out there using 10.1.1.1?”

If there is, then the host will reply: “Yup, I’m 10.1.1.1 and I’m at 11:33:44:66:55:77!”

There is no relation between ARP and TCP. There is a direct correlation between ARP and IP, at the interface between layer 2 and layer 3.

The IP layer tells the ethernet layer that it needs a packet delivered to IP address 192.168.1.1. The ethernet layer checks its ARP table to see if the MAC address for that IP is known. If not, it broadcasts an ARP packet asking IP 192.168.1.1 to respond with its MAC address. The designated computer responds to the ARP request with its IP and MAC address. This info goes into the ARP table. At that point the IP packet is sent to the proper MAC address, and the receiving ethernet passes the packet up to the IP layer there. The packet may be TCP or UDP or any other protocol supported by IP.

Microsoft Baseline Security Analyzer (MBSA) The Microsoft Baseline Security Analyzer provides a streamlined method to identify missing security updates and common security misconfigurations.

Network Address Translation (NAT) is the process where a network device, usually a firewall, assigns a public address to a computer (or group of computers) inside a private network. The main use of NAT is to limit the number of public IP addresses an organization or company must use, for both economy and security purposes.

Access-Control List (ACL) with respect to a computer file system, is a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects.[1] Each entry in a typical ACL specifies a subject and an operation. For instance, if a file object has an ACL that contains (Alice: read,write; Bob: read), this would give Alice permission to read and write the file and Bob to only read it.

Open Web Application Security Project (OWASP) is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security.

OWASP ZAP (short for Zed Attack Proxy) is an open-source web application security scanner. It is intended to be used by both those new to application security as well as professional penetration testers. It is one of the most active Open Web Application Security Project (OWASP) projects and has been given Flagship status. When used as a proxy server it allows the user to manipulate all of the traffic that passes through it, including traffic using https.

National Institute of Standards and Technology (NIST) The NIST Cybersecurity Framework provides a policy framework of computer security guidance for how private sector organizations in the United States can assess and improve their ability to prevent, detect, and respond to cyber attacks.

Protected health information (PHI)

Whitelisting is the practice of explicitly allowing some identified entities access to a particular privilege, service, mobility, access or recognition. It is the reverse of blacklisting.

Federal Information Processing Standard Publication (FIPS)

Statement of Work (SOW)

Session hijacking, sometimes also known as cookie hijacking is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies[1] used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim’s computer (see HTTP cookie theft). After successfully stealing appropriate session cookies an adversary might use the Pass the Cookie technique to perform session hijacking.

Zero-day (also known as 0-day) vulnerability is a computer-software vulnerability that is unknown to, or unaddressed by, those who should be interested in mitigating the vulnerability (including the vendor of the target software). Until the vulnerability is mitigated, hackers can exploit it to adversely affect computer programs, data, additional computers or a network.[1] An exploit directed at a zero-day is called a zero-day exploit, or zero-day attack.

SYN Short for synchronize, SYN is a TCP packet sent to another computer requesting that a connection be established between them. If the SYN is received by the second machine, an SYN/ACK is sent back to the address requested by the SYN. Lastly, if the original computer receives the SYN/ACK, a final ACK is sent.

SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target’s system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.

A port scanner is an application designed to probe a server or host for open ports. Such an application may be used by administrators to verify security policies of their networks and by attackers to identify network services running on a host and exploit vulnerabilities.

A port scan or portscan is a process that sends client requests to a range of server port addresses on a host, with the goal of finding an active port; this is not a nefarious process in and of itself. The majority of uses of a port scan are not attacks, but rather simple probes to determine services available on a remote machine.

To portsweep is to scan multiple hosts for a specific listening port. The latter is typically used to search for a specific service, for example, an SQL-based computer worm may portsweep looking for hosts listening on TCP port 1433.

In cryptography, X.509 is a standard defining the format of public key certificates.[1] X.509 certificates are used in many Internet protocols, including TLS/SSL, which is the basis for HTTPS

In cryptography, Triple DES (3DES or TDES), officially the Triple Data Encryption Algorithm (TDEA or Triple DEA), is a symmetric-key block cipher, which applies the DES cipher algorithm three times to each data block. The Data Encryption Standard’s (DES) 56-bit key is no longer considered adequate in the face of modern cryptanalytic techniques and supercomputing power. However, an adapted version of DES, Triple DES (3DES), uses the same algorithm to produce a more secure encryption.

Public key cryptography standards (PKCS) are a group of specifications developed with the aim of accelerating the deployment of algorithms featuring two separate keys – one private and one public.

PKCS were first developed by RSA Laboratories with the cooperation of security developers from around the world.

The first published release of PKCS was in 1991 as a result of the cooperation of early adaptors. The standards promote the use of cryptography techniques such as the RSA algorithm and the Schnorr signature.

The Advanced Encryption Standard (AES), also known by its original name Rijndael (Dutch pronunciation: [ˈrɛindaːl]),[3] is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.[4]

AES is a subset of the Rijndael block cipher[3] developed by two Belgian cryptographers, Vincent Rijmen and Joan Daemen, who submitted a proposal[5] to NIST during the AES selection process.[6] Rijndael is a family of ciphers with different key and block sizes.

For AES, NIST selected three members of the Rijndael family, each with a block size of 128 bits, but three different key lengths: 128, 192 and 256 bits.

AES has been adopted by the U.S. government and is now used worldwide. It supersedes the Data Encryption Standard (DES),[7] which was published in 1977. The algorithm described by AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data.

In the United States, AES was announced by the NIST as U.S. FIPS PUB 197 (FIPS 197) on November 26, 2001.[4] This announcement followed a five-year standardization process in which fifteen competing designs were presented and evaluated, before the Rijndael cipher was selected as the most suitable (see Advanced Encryption Standard process for more details).

AES became effective as a federal government standard on May 26, 2002, after approval by the Secretary of Commerce. AES is included in the ISO/IEC 18033-3 standard. AES is available in many different encryption packages, and is the first (and only) publicly accessible cipher approved by the National Security Agency (NSA) for top secret information when used in an NSA approved cryptographic module (see Security of AES, below).

A botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform distributed denial-of-service attack (DDoS attack), steal data,[1] send spam, and allows the attacker to access the device and its connection. The owner can control the botnet using command and control (C&C) software.[2] The word “botnet” is a combination of the words “robot” and “network”. The term is usually used with a negative or malicious connotation.

A command-and-control [C&C] server is a computer controlled by an attacker or cybercriminal which is used to send commands to systems compromised by malware and receive stolen data from a target network.

Industrial control systems (ICS)

Supervisory control and data acquisition (SCADA) is a control system architecture comprising computers, networked data communications and graphical user interfaces(GUI) for high-level process supervisory management, while also comprising other peripheral devices like programmable logic controllers (PLC) and discrete proportional-integral-derivative (PID) controllers to interface with process plant or machinery. The use of SCADA has been considered also for management and operations of project-driven-process in construction.

A domain controller (DC) is a server that responds to security authentication requests within a Windows Server domain. It is a server on a Microsoft Windows or Windows NT network that is responsible for allowing host access to Windows domain resources.

A domain controller is the centerpiece of the Windows Active Directory service. It authenticates users, stores user account information and enforces security policy for a Windows domain.

Advanced persistent threat (APT) is a stealthy computer network threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period.[1][2] In recent times, the term may also refer to non-state sponsored groups conducting large-scale targeted intrusions for specific goals

Common Vulnerabilities and Exposures (CVE®) is a list of entries — each containing an identification number, a description, and at least one public reference — for publicly known cybersecurity vulnerabilities.

Microsoft System Center Configuration Manager (SCCM), formerly Systems Management Server is a systems management software product developed by Microsoft for managing large groups of computers running Windows NT, Windows Embedded, macOS, Linux or UNIX, as well as Windows Phone, Symbian, iOS and Android mobile operating systems.

Security Assertion Markup Language (SAML) is an XML-based framework for authentication and authorization between two entities: a Service Provider and an Identity Provider. The Service Provider agrees to trust the Identity Provider to authenticate users. In return, the Identity provider generates an authentication assertion, which indicates that a user has been authenticated.