bpmcdevitt/brendan.mcdevitt.tech
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added 100 days of code challenge intro post

Browse source
This commit is contained in:
Brendan McDevitt 2018-01-01 20:35:26 -05:00
parent e10592d133
commit c6a089c807
4 changed files with 12 additions and 478 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

149
_posts/2017-08-22-security+-notes-part1.markdown
View file

@ -1,149 +0,0 @@
# Security Threats and Controls
## CIA Triade
Data needs to be the following:
- Confidentiality
- Integrity
- Availability
## Security Policy Steps
- obtain support & committment for policy proposed throughout entire org
- analyze risks to security within the org that the policy proposes
- implement controls that detect and prevent losses & procedures that enable
the org to recover from losses
- review, test, and update procedures continually. continued compliance.
## Security Controls
- National Institute of Standards and Technolog (NIST)
- Federal Information Processing Standards [(FIPS)](http://csrc.nist.gov/publications/PubsFIPS.html)
## Control Types
- Fips 200 (Minimum Security Requirements)
- security control will belong to 1 of 18 families of classes.
- Access Control, Awareness and Training, Audit and Accountability, Security
Assessment and Authorization, Configuration Management, Contingency Planning,
Identification and Authentication, Incident Response, Maintenance, Media
Protection, Physical and Environmental Protection, Planning, Personnel
Security, Risk Assessment, Systems and Services Aquisition, System and
Communications Protection, System and Information Integrity, Program
Management
## Physical Security Control Types
- Administrative - controls that determine the way people act, including
policies, procedures, and guidance.
- Technical - controls implemented in operating systems, software, and hardware
devices.
- Preventative - the control physically or logically restricts unauthorized
access. A directive can be thought of as an administrative version of a
preventive control.
- Deterrent - the control may not physically or logically prevent access, but
psychologically discourages an attacker from attempting an intrusion.
- Detective - the control may not prevent or deter access, but it will identify
and record any attempted or successful intrusion.
- Corrective - the control responds to and fixes an incident and may also
prevent its reoccurrence.
- Compensating - the control does not prevent the attack but restores the
function of the system through some other means, such as using data backup or
an alternative site.
## Access Control and ACL
- Identification
- Authentication
- Authorization
- Accounting
## Formal Access Control Models
- DAC - Discretionary Access Control - The owner is granted full control over
the resource, meaning that s/he can modify its ACL to grant rights to others.
- RBAC - Rule Based Access Control - Under RBAC, a set of organizational roles
are defined and users allocated to those roles.
- MAC - Mandatory Access Control - based on the idea of security clearance
levels. Rather than defining access control lists on resources, each object
and each subject is granted a clearance level (referred to as a label).
# Crypto:
## Bit length of hashing algorithm
- sha-1, 160 bits
- sha-2, up to 512 bits
- md5, 128 bits
- ripemd-160 - 160 bits
## Stream ciphers and block ciphers
- 3DES / Triple DES - block cipher - 56 bit key - 64 bit blocks
- AES / AES25 - block cipher - 128 bit block size, variable key length
- RC4 stream cipher - from 40 to 128 bits, variable length key - used in SSL / WEP
- Blowfish - 64 bits, variable length key
- Twofish - 128 bits, variable length key
- RSA - finds prime factors of large sets of number. variable key size. 2048
key size ( 2048 / 8 ) - 11
- DSA (Digital Signature Algorithm)
## Asymmetric vs Symmetric encryption
### Asymmetric
- uses pki. two keys, one key is needed to encrypt & decrypt the other
- public key, private key
### Symmetric
- uses the same key for encryption & decryption
## PKI (Public Key Infrastructure)
Three main elements to a PKI:
- Organization
- Servers
- Client
## Key Management
Stages of a key lifecycle. Key mgmt can either be centralized(admin controls
all of it) or decentralized(each user controls own keys).
- Key Generation
- Certificate Generation
- Distribution
- Storage
- Revocation
- Expiration
## Public Key Crypto Standards
- PKCS #1 - defines the properties of public/private key pairs and the
algorithms for RSA encryption.
- PKCS #3 - defines Diffie-Hellman key agreeement.
- PKCS #6 - the original (v1) standard for X.509 certificates. As noted above,
the latest X.509 v3 standard is published as RFC 5280 .
- PKCS #7 - provides the basis for S/MIME (Secure Multipart Internet Mail
Extensions), allowing users to sign and encrypt email messages using digital
certificates. S/MIME is published as the Cryptographic Message Standard (CMS)
in RFC 5652 .
- PKCS #10 - format for requests certificates from a CA
## RFCS
- [2104](https://tools.ietf.org/html/rfc2104) hashbased message authentication code (HMAC)
- [5280](https://tools.ietf.org/html/rfc5280) x.509 public key infrastructure
- [2527](https://tools.ietf.org/html/rfc2527) certificate policies
- [4880](https://tools.ietf.org/html/rfc4880) pretty good privacy (pgp)
- [5280](https://tools.ietf.org/html/rfc5280)
- [5652](https://tools.ietf.org/html/rfc5652)
- [4120](https://tools.ietf.org/html/rfc4120) kerberos
- [1334](https://tools.ietf.org/html/rfc1334) PAP - password authentication protocol
- [1994](https://tools.ietf.org/html/rfc1994) CHAP - challenge handshake authentication protocol
- [4226](https://tools.ietf.org/html/rfc4226) HOTP - HMAC based one-time password algorithm
- [6238](https://tools.ietf.org/html/rfc6238) TOTP - Timebased one-time password algorithm
- [3748](https://tools.ietf.org/html/rfc3748) EAP - Extensible Authentication Protocol
- [5216](https://tools.ietf.org/html/rfc5216) EAP-TLS
- [2865](https://tools.ietf.org/html/rfc2865) RADIUS - Remote Authentication Dial-in User Service
## FIPS - Federal Information Processing Standards
- FIPS 180
- FIPS 198
- FIPS 186
- FIPS 140
- FIPS 201
## Suite B
Suite B is a set of cryptographic algorithms mandated by the National Security
Agency (NSA) for use by US government agencies. Suite A is an unpublished list
of classified algorithms.
- Encryption AES-128 & AES-256
- Digital Signature - ECDSA with 256 and 384 bit keys
- Key Exchange - Diffie Hellman with 256 and 384 bit keys
- Cryptographic Hash - SHA-256 and SHA-384

226
_posts/2017-08-23-security+-notes-part2.markdown
View file

@ -1,226 +0,0 @@
## LDAP
- everything is done in plaintext
- there is a TLS version of it. LDAPS
- port 636
## Windows Active Directory
- tree and forest type of hierarchical design
- For example, the widget.com parent domain (the root of the tree) could
contain child domains (sales.widget.com, mis.widget.com, partners.widget.com,
and so on). These domains have twoway transitive trusts, meaning that (for
example) a user account in one domain in the tree could access resources (an
application or file server for instance) in another domain.
### Security Accounts Manager
- database on windows systems up to windows 7 that stored hashed version
usually ntlm hash of passwords. stored in the registry path:
%SystemRoot%/system32/config/SAM
### Naming Strategy
- how will AD namespace integrate with public dns entries?
- consider grouping OU by location & group info
### Group Management
AGDLP (Accounts go into Global groups, which go into Domain Local groups,
which get Permissions)
- domain local - privileges only assigned to members in same domain. Accounts
or universal and global groups from any trusted domain can be a member of a
domain local group.
- global - groups can contain only user and global or universal group accounts
from the same domain but can be used to assign rights to resources in any
trusted domain (essentially, the opposite of domain local scope).
- univesal - can contain accounts from any trusted domain and can also be used
to grant permissions on any object in any trusted domain.
- other groups: security, distribution, system
### Group Policy and Local Security Policy
- password policy: min age, complexity, min length, password history (y/n),
change pass option, pass expire (y/n)
- account restrictions: time, workstation, # consecutive logins, expiration
date, disable account, max # incorrect login attempt before lockout
## Secure Network Topologies
topology - a description of how a computer network is physically or logically
organized.
### Subnetting
- useful because traffic that passes through each subnet can be subject to
filtering and access control at the router.
- also can make it harder to sniff traffic on the network due to it being
divided.
### Zones
an area of the network where the security configuration is the same for all
hosts within it.
- Firewalls block traffic based on zones - example zones: intranet, exranet
(semi-trusted hosts, who must auth with extranet), internet
- Uses ACL
- DMZ - demilitarized zone. traffic cannot pass through.
### Tunneling
VPNs are biggest example. a tunnel is often used as example to describe a VPN's
functionality.
### Switches
- VLAN protocols: VTP (VLAN Trunking Protocol), GARP (Generic Attribute
Registration Protocol), GVRP (Generic VLAN Registration Protocol)
- Pruning - removing broadcasts related to particular VLANs from a trunk to
preserve bandwidth
- Vulnerabilities: MAC flooding, ARP poisoning, VLAN hopping: this exploits the
native VLAN feature of 802.1Q. Native VLANs are designed to provide
compatibility with non-VLAN capable switches. The attacker (using a device
placed in the native VLAN) crafts a frame with two VLAN tag headers. The
first trunk switch to inspect the frame strips the first header and the frame
gets forwarded to the target VLAN. VTP attacks (attacker masquerades as
another switch to try to have the configuration replicated to it), Spanning
Tree Attacks
### Routers
- fault tolerant
- dynamic router protocols: bgp (big isp), opsf - link state algorithm used,
rip - distance vector algorithm. less efficient than link state algorithm.
- attacks: fingerprinting, exploits in the OS running the router, spoofed
routing info, denial of service, arp poisoning, icmp redirect
### Network Address Translation
Types:
- Static 1:1 mapping made between inside / outside address ip space
- Dynamic - has pool of addresses. assigns and relases them as needed
- Overloaded
- Destinaton
- NAPT - assigning ports to internal ip
- DNAT - destination port forwarding to open up internal port to interwebs
### Firewalls
basic function of a firewall is traffic filtering
- types: packet filtering, stateful, stateful inspection, application aware
devices
- packet filtering: can inspect the headers of ip packets
- packet filtering: block traffic with ip filtering, protocol type, port
filtering
- stateful inspection: records up to layer 5 (session) layer. Stores state
information in a statet table
- application aware: records up to layer 7 (application) layer.
### Proxies and Gateways
- Proxy can be setup as man-in-the-middle to filter traffic or simply monitor
outbound traffic
- can work as a caching engine to store frequently requested web pages in an
effort to speed up load times
- Reverse Proxy - a way to take internal facing applications and make them face
the public internet
### Implementing a Firewall or Gateway
- Appliance Firewall - uses dedicated hardware
- Router Firewall - built into router
- Switch Firewall - some layer 3 switches can perform packet filtering
- NOS Firewall - designed to run under a network server
- Application Firewall - software based firewall running on a host
- Personal Firewall - software based firewall only running on a single host
### Web Application Firewall (WAF)
Designed to specifically block threats over https and https
### Web and Security Gateways
- Designed for corporate control over websites employees visit on a network.
- Is usually implemented via a stand-alone appliance or proxy server software.
- Can also be used to filter email attachments
### Intrusion Detection System (IDS) / Network Intrusion Detection Systems
(NIDS)
- will detect an attack and log, usually creating and alerting the
administrator
- uses an analysis engine: usually with console access.
- passive in nature: there to be able to alert and notify the administrator of
the event triggered
- some have active detection: will end the TCP session
### Intrusion Prevention System (IPS)
Designed to detect an attack, log it, and put a stop to it! Usually by
completely ending the TCP connection and/or session.
### Unified Threat Management (UTM)
All-in-one merger of roles of NIDS / IDS / IPS / NIPS
usually will be very high end machines capable or accepting lots of traffic and
analyzing it along with signature checking against a database.
### Host Based IDS (HIDS)
captures information from a single host on a network
### IDS Analysis Engines
- signature based detection or pattern matching. engine is loaded with a DB of
attack patterns or malware signatures and checks incoming traffic against
this DB.
- behavior based detection: engine is trained to first recognize a baseline
'normal' behavior, and then acts on incoming traffic that deviates from the
baseline or 'normal' behavior
- anomaly based detection: acts if the engine detects things that are anomolous
in nature or irregularities occurring in protocols.
### Wifi Security
- Wardriving - driving around looking for insecure wireless access points
- Warchalking - marking locations with something so you can come back later to
pwn the wifi network.
- WEP cracking - aircrack-ng suite of tools can be used to listen to ARP IV's
since the encryption key is transfered via plaintext. encryption is an rc4
cipher.
- WPA2 - AES put in place to encrypt instead of RC4.
- WPA2 - attacker can get pre-shared encryption key by associating with access
point. then the attacker will brute force the passphrase using the pre-shared
encryption key.
### Open Authentication and Captive Portals
open wifi basically an unecrypted open network.
- captive portal: on an open network, making a secondary login usually with
https via a web browser so clients have to login.
- mac address filtering could work to better secure an open wifi network
- another method to secure: disable dhcp and enforce users connceting to use a static ip
- signal strength: increase / decrease power of wifi antenna based on site-survey for the
physical space
### IPSEC
- layer 3
- two core protocols: AH (authentication header), ESP(encapsulation security
payload).
- AH will encrypt the IP header in the packet
- ESP will encrypt the entire payload.
- HMAC-MD5, HMAC-SHA-1, or HMAC-SHA-2 and 3DES or AES (symmetric encryption
ciphers) are the algorithms typically used by ESP.
#### Internet Key Exchange / ISAKMP
- AH and ESP both depend on a shared secret key that is only known to the two
hosts
- phase 1: establishes identity of two hosts & key agreement with diffie hellmen key exchange.
- phase 2: diffie-hellmen key agreement establishes shared key used to sign
packets for msg integrity. diffie-hellmen however does not authenticate the
endpoints.
- phase 3: authenticatin endpoint kicks in. endpoints are: pki, pre-shared
key, kerberos
#### Transport and Tunnel Modes
- Transport mode - ip header is not encrypted, only the payload is
- Tunnel mode - entire ip packet. header + payload all encrypted
### Remote Access Hardening
things to look for on servers in regards to hardening:
- malware protection - is antivirus installed?
- security information - is authentication info stored on the server?
- data transfer - files copied to remote hosts can no longer be secured
- local privileges - sudo users and what not that can escalate privileges
- weak authentication - users that use weak passwds get pwned
## RFC
- [1123](https://tools.ietf.org/html/rfc1123)
- [3022](https://tools.ietf.org/html/rfc3022) NAT
- [1918](https://tools.ietf.org/html/rfc1918) Private IP address classes
- [2637](https://tools.ietf.org/html/rfc2637) PPTP
- [2661](https://tools.ietf.org/html/rfc2661) L2TP
- [3193](https://tools.ietf.org/html/rfc3193) IPSec in conjuction with L2TP as
a vpn solution
- [4301](https://tools.ietf.org/html/rfc4301) IPSec
- [4385](https://tools.ietf.org/html/rfc4385) Algorithms that an implementation
must adhere to be standards-compliant.
- [1001](https://tools.ietf.org/html/rfc1001) NETBios
- [1002](https://tools.ietf.org/html/rfc1002) NetBios
- [4942](https://tools.ietf.org/html/rfc4942) IPv6 Vulnerabilities

103
_posts/2017-08-24-securty+-notes-part3.markdown
View file

@ -1,103 +0,0 @@
## Host Security
- Common Criteria (CC)
- Security Target (ST)
- baseline: snapshot of the typical activity on your network on any given host.
### OS Hardening
- Windows: Group Policy, Local Security Policy
- Unix: SystemV (AT&T), BSD (All the BSDS YES!)
- Linux: Many distributions.
- Patch Management - make sure you patch your shit yo
- Windows: Windows update to update the OS
- Linux/Unix: System package manager or recompile packages based on needs
- Hotfixes: specific customer request for a piece of software to be fixed.
Usuaully hurried in nature.
- Windows: Service packs
- Windows Update Services: basically an update server that works like a proxy
server. you can centralize and speed up windows updates times in your organization
- Firmware Updates: you have seen examples via IPMI updates on servers. Routers
/ Switches very important to have latest firmware updates applied.
- Driver updates: Make sure all the crapp windows software has been updated to
latest drivers. linux will take care via the pkg manager.
- Endpoint Security: If they can't get to your individual hardended server
because you have something like a firewall setup at your network endpoint,
then you are doing it right!
- Physical Security: Access to USB port / network ports on servers, switches, routers
- Mac Filtering: Specifying which MAC addresses are allowed to connect to a
specific network port.
- PNAC (Port Based Network Access Control) - performs some sort of
authentication of the attached device before activating the port.
- EAPoL (Extensible Authentication Protocol over LAN) - authenticating devices
using EAP or with PKI to pass authentication portion over to a RADIUS server.
RADIUS server will check creds and give access denied or allow access. If
access granted, switch will enable the VLAN tag that the port is setup with
to enable network access.
### Data Security
- data policy: describes the security controls that will be applied to protect
data at each stage of its lifecycle.
- information classification and access control: unclassified (public) data,
classified (private/restricted) data, confidential aka highly sensitive data,
secret data, top-secret.
- classified, confidential, secret, and top-secret should be encrypted
- publication and distribution: storage and retrieval, distribution - what
restrictions are there on making copies of the data, security - what is the
security process if the document is compromised
- data states: data at rest, data in-transit, data in-use
- retention, storage, and destruction: retention aka archiving the data,
destruction aka destroying the data
### Personally Identifiable Information (PII)
Protect yourself from identity theft yo, limit the use of PII!
- PII - data that can be used to identify, contact, or locate an individual (or
in the case of identity theft, to impersonate them).
- Examples: tattoos, social security number, usernames, passwords, email
addresses, dobs, cc #
### Data Encryption
Encrypt all the things
- file / folder encryption - many different filesystems that support
encryption, efs and luks are some examples
- disk encryption: BitLocker, TrueCrypt(discontinued), Symantec Drive
Encryption
- Hardware based encryption: TPM (Trusted Platform Module) - a little piece of
hardware that stores the encryption key on it. starting to also be hardware
based solutions that are meant to be installed as add-ons to bring load away
from CPU.
- Removable media encryption: usb devices, yubikeys, many different kinds.
- Database encryption: most of the time it is better to encrypt files on the
disk. encryption usually done at the column level so this is very CPU
intensive.
### Data Loss Prevention
Dont lose that data!
- a database that identifies confidential data that should not be lost.
- requires the following components: policy server - to configure
confidentiality ruleset, endpoint agents - to enforce policy on client
computers, network
agents - scan communications at network borders and interface with web and
messaging servers to enforce policy.
- rights management services: assigns file permissions based on different
document roles(such as author, editor, or reviewer). Restrict printing and
forwarding of documents, event when sent as file attachments, Restrict
printing and forwarding of email documents.
### Big Data
The new buzzword to throw around in todays IT world
- big data: an unstructured database set, usually setup into some sort of
database management system.
### Backup Plans and Policies
Do you have backups of your backups?
- backup types: full, incremental, differential
- keep your stuff backed up versionally - use version control, stupid.
- snapshots - meant to keep copies of open files, zfs, btrfs filesystems have
this feature built-in to the filesystem.
- tapes: tapes are mainly used for archiving purposes. they use an autoloader
to preload tapes. tapes are rotated. a good rotation policy - monthly,
weekly, daily.
- is there an offsite backup solution in place?
- make you sure that you are testing backups to make sure you can restore
everything from them

12
_posts/2018-01-01-100-days-of-code-challenge.markdown Normal file
View file

@ -0,0 +1,12 @@
---
layout: post
title: "100-days-of-code-challenge"
date: 2018-01-01
categories: programming
---
With a brand new year, comes a fresh start, a clean slate. I am going to begin
my new year with something I have just come across: [100daysofcode](http://100daysofcode.com/) challenge.
I have forked the 100 days of code repo from github and am using the log to
track my daily progress. It will be fun, and it will be a great way to keep me
accountable for building my python knowledge.