Orange County Computer Consultant

My photo
Orange County Computer Consultant helps small businesses with networking, installations and small business software.

Sunday, February 06, 2011

Refurbished Cisco ASA Call today for a quote.

[REFURBISHED] Cisco ASA 5505 10-User Bundle Firewall - 6 x 10/100Base-TX LAN, 2 x 10/100Base-TX PoE LAN - 1 x SSC
 

Cisco Aironet

Cisco Aironet 1130AG Series IEEE 802.11a/b/g access points provide high-capacity, high-security, enterprise-class features in an unobtrusive, office-class design, delivering WLAN access with the lowest total cost of ownership. With high-performing dual IEEE 802.11a and 802.11g radios, the Cisco Aironet 1130AG Series provides a combined capacity of up to 108 Mbps to meet the needs of growing WLANs. Hardware-assisted Advanced Encryption Standard (AES) or temporal key integrity protocol (TKIP) encryption provides uncompromised support for interoperable IEEE 802.11i, Wi-Fi Protected Access 2 (WPA2) or WPA security. Orderable supporting either Cisco IOS Software, or the Lightweight Access Point Protocol (LWAPP), the Cisco Aironet 1130AG Series uses radio and network management features for simplified deployment, along with built-in omnidirectional antennas that provide robust and predictable WLAN coverage for offices and similar RF environments. In addition, when running Cisco IOS Software the Cisco Aironet 1130AG Series supports both access point and workgroup bridge functionality. The competitively priced Cisco Aironet 1130AG Series is ready to install and easy to manage, reducing the cost of deployment and ongoing maintenance.

CCNA class notes.

Long before desktop computers with sophisticated graphical interfaces existed, people used text-based systems which were often just display terminals physically attached to a central computer. Once networks were available, people needed a way to remotely access the computer systems in the same manner that they did with the directly attached terminals.

Telnet was developed to meet that need. Telnet dates back to the early 1970s and is among the oldest of the Application layer protocols and services in the TCP/IP suite. Telnet provides a standard method of emulating text-based terminal devices over the data network. Both the protocol itself and the client software that implements the protocol are commonly referred to as Telnet.

Appropriately enough, a connection using Telnet is called a Virtual Terminal (VTY) session, or connection. Rather than using a physical device to connect to the server, Telnet uses software to create a virtual device that provides the same features of a terminal session with access to the server command line interface (CLI).

To support Telnet client connections, the server runs a service called the Telnet daemon. A virtual terminal connection is established from an end device using a Telnet client application. Most operating systems include an Application layer Telnet client. On a Microsoft Windows PC, Telnet can be run from the command prompt. Other common terminal applications that run as Telnet clients are HyperTerminal, Minicom, and TeraTerm.

Once a Telnet connection is established, users can perform any authorized function on the server, just as if they were using a command line session on the server itself. If authorized, they can start and stop processes, configure the device, and even shut down the system

Telnet is a client/server protocol and it specifies how a VTY session is established and terminated. It also provides the syntax and order of the commands used to initiate the Telnet session, as well as control commands that can be issued during a session. Each Telnet command consists of at least two bytes. The first byte is a special character called the Interpret as Command (IAC) character. As its name implies, the IAC defines the next byte as a command rather than text.

Some sample Telnet protocol commands include:

Are You There (AYT) - Lets the user request that something appear on the terminal screen to indicate that the VTY session is active.

Erase Line (EL) - Deletes all text from the current line.

Interrupt Process (IP) - Suspends, interrupts, aborts, or terminates the process to which the Virtual Terminal is connected. For example, if a user started a program on the Telnet server via the VTY, he or she could send an IP command to stop the program.

While the Telnet protocol supports user authentication, it does not support the transport of encrypted data. All data exchanged during a Telnet sessions is transported as plain text across the network. This means that the data can be intercepted and easily understood.

If security is a concern, the Secure Shell (SSH) protocol offers an alternate and secure method for server access. SSH provides the structure for secure remote login and other secure network services. It also provides stronger authentication than Telnet and supports the transport of session data using encryption. As a best practice, network professionals should always use SSH in place of Telnet, whenever possible.

Later in this course, we will use Telnet and SSH to access and configure network devices over the lab network.

The Application layer is responsible for directly accessing the underlying processes that manage and deliver communication to the human network. This layer serves as the source and destination of communications across data networks.

The Application layer applications, protocols, and services enable users to interact with the data network in a way that is meaningful and effective.

Applications are computer programs with which the user interacts and which initiate the data transfer process at the user's request.

Services are background programs that provide the connection between the Application layer and the lower layers of the networking model.

Protocols provide a structure of agreed-upon rules and processes that ensure services running on one particular device can send and receive data from a range of different network devices.

Delivery of data over the network can be requested from a server by a client, or between devices that operate in a peer-to-peer arrangement, where the client/server relationship is established according to which device is the source and destination at that time. Messages are exchanged between the Application layer services at each end device in accordance with the protocol specifications to establish and use these relationships.

Protocols like HTTP, for example, support the delivery of web pages to end devices. SMTP/POP protocols support sending and receiving e-mail. SMB enables users to share files. DNS resolves the human legible names used to refer to network resources into numeric addresses usable by the network.

The Application layer is responsible for directly accessing the underlying processes that manage and deliver communication to the human network. This layer serves as the source and destination of communications across data networks.

The Application layer applications, protocols, and services enable users to interact with the data network in a way that is meaningful and effective.

Applications are computer programs with which the user interacts and which initiate the data transfer process at the user's request.

Services are background programs that provide the connection between the Application layer and the lower layers of the networking model.

Protocols provide a structure of agreed-upon rules and processes that ensure services running on one particular device can send and receive data from a range of different network devices.

Delivery of data over the network can be requested from a server by a client, or between devices that operate in a peer-to-peer arrangement, where the client/server relationship is established according to which device is the source and destination at that time. Messages are exchanged between the Application layer services at each end device in accordance with the protocol specifications to establish and use these relationships.

Protocols like HTTP, for example, support the delivery of web pages to end devices. SMTP/POP protocols support sending and receiving e-mail. SMB enables users to share files. DNS resolves the human legible names used to refer to network resources into numeric addresses usable by the network..

What is Nmap?

I use nmap for port scanning. I also use nmap to detect what services are running. Nmap is easy to use once you get the syntax down. Nmap was created by Fyodor. I plan to upload some videos to Youtube thus year to show how to use nmap. Here is a description from the nmap website.

Nmap ("Network Mapper") is a free and open source (license) utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are avalable for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), and a utility for comparing scan results (Ndiff).

Nmap was named “Security Product of the Year” by Linux Journal, Info World, LinuxQuestions.Org, and Codetalker Digest. It was even featured in eight movies, including The Matrix Reloaded, Die Hard 4, and The Bourne Ultimatum.

What is Tor?

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy.

Tor can also be used when penetration testing. Tor can use multiple proxies to hide your source address. there are plugins for Firefox. This tool is as easy to use as clicking a button.

Command Line Kung Fu

I came across a blog today that I thought was interesting. I'm always looking for ways to be more productive in a shell. I use Bash for most Linux commands.

Wireshark protocol analysis

I use Wireshark for packet analysis. I use this in my CCNA class and with clients. Wireshark can analyze hundreds of protocols. The Wireshark interface is simple to use. It can follow TCP streams. This is usefull for grabbing passwords that are not encrypted.

Backtrack

I use Backtrack for penetration testing. it has most of the tools I need. For anyone interested in security assesments feel free to email me.

Playing with Scappy.

Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can't handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, ...), etc. See interactive tutorial and the quick demo: an interactive session (some examples may be outdated).

The text above was copied from the Scappy website.

I like the fact that I can manipulate packets with this program.