Skip to main content

Posts

Basic Networking #1

A network is simply a way for machines/computers to communicate. At the physical level, it consists of all the machines you want to connect and the devices you use to connect them. Individual machines are connected either with a physical connection (a category 5 cable going into a network interface card, or NIC) or wirelessly. To connect multiple machines, each machine must connect to a hub or switch, and then those hubs/switches must connect. In larger networks, each subnetwork is connected to the others by a router. 1.1.1 Basic Network Structure Some connection point(s) must exist between your network and the outside world. A barrier is set up between that network and the Internet, usually in the form of a firewall. The real essence of networks is communication allowing one machine to communicate with another. However, every path of communication is also a possibility of an attack. The first step in understanding how to defend a network is having a detailed understanding of how comp
Recent posts

Configuring ModSecurity Web Application Firewall

ModSec is an open-source web application firewall which was designed for the apache server initially but now can be used for other different servers as well.ModSecurity is also known as ModSec and can filter HTTP requests and responses based on defined filtering rules. We will use the OWASP ModSecurity CORE RULE SET (CRS) here. We can also define our custom rules but that is a different topic.  Here is an illustration of how to configure a ModSec firewall using apache2. I have just created a simple PHP page that will be used to verify credentials. Put this page in /var/www/html/login.php Here is the page login.php: <html> <body> <?php if(isset($_POST[‘login’])) { $username = $_POST[‘username’]; $password = $_POST[‘password’]; $connection = mysqli_connect(‘localhost’,’root’,’test’,’testdb’); $result = mysqli_query($connection, “SELECT * FROM `users` WHERE username=’$username’ AND password=’$password’”); if(mysqli_num_rows($result) == 0) echo ‘Wrong Credentia

How Internet Works ?

what is a protocol? A protocol is a set of rules specifying how computers should communicate with each other over a network. For example, the Transport Control Protocol has a rule that if one computer sends data to another computer, the destination computer should let the source computer know if any data was missing so the source computer can re-send it. Or the Internet Protocol which specifies how computers should route information to other computers by attaching addresses onto the data it sends.   What’s a packet? Data sent across the Internet is called a message. Before a message is sent, it is first split in many fragments called packets. These packets are sent independently of each other. The typical maximum packet size is between 1000 and 3000 characters. The Internet Protocol specifies how messages should be packetized.   What’s a packet routing network? It is a network that routes packets from a source computer to a destination computer. The Internet is made up of a massive ne

What Is Cryptography ?

  Cryptography is a method of protecting information and communications through the use of codes, so that only those for whom the information is intended can read and process it. The prefix "crypt-" means "hidden" or "vault" -- and the suffix "-graphy" stands for "writing."   Cryptography is associated with the process of converting ordinary plain text into unintelligible text and vice-versa. It is a method of storing and transmitting data in a particular form so that only those for whom it is intended can read and process it. Cryptography not only protects data from theft or alteration, but can also be used for user authentication. Modern cryptography concerns itself with the following four objectives:   •  Confidentiality : the information cannot be understood by anyone for whom it was unintended •  Integrity : the information cannot be altered in storage or transit between sender and intended receiver without the alterati