As you can see, a pretty simple setup. Think of the two networks as two separate locations. The Serial WAN link would simulate going over an ISP connection. We have Network 1 (192.168.10.0) and Network 2 (192.168.20.0) routing data between each other using RIP (Routing Information Protocol).
Pictured below is the RIP table using the show ip rip database command:
(Originally posted on September 16th, 2015. Updated on December 29th, 2020)
I watched a video on Coursera through Stanford University titled Cryptography. Here are some things that I learned from the first week:
Cryptography = secure communication between two entities.
Cryptography consists of two parts:
Both entities need to have a shared key in order to communicate with each other. Cryptography provides confidentiality and integrity for the data being transmitted.
Cryptography also provides bi-directional anonymity though mix net (i.e. onion routing (Tor), anonymous re-mailers).
Mix net – Alice sends Bob messages through a series of proxies (i.e. different public IP’s 65.87.234.34, 123.3.234.12, 89.24.124.35, etc.) so Bob will not know where Alice is.
Anonymous digital cash – Can I spend a “digital coin” without anyone knowing who I am? How to prevent double spending?
Cryptography is a rigorous science.
The three steps of cryptography:
(Originally posted on March 8th, 2015. Updated on December 29th, 2020)
People have asked me what they can do to protect themselves from being hacked. First, let me clarify something very important: NO ONE WILL EVER BE 100% SAFE FROM A HACK. With the constant changes in technology, there will always be new vulnerabilities that hackers will try to exploit. This is unfortunately the world we live in. That being said, the inevitability of an attack shouldn’t deter you from adopting good security practices. Here are some basic steps in protecting yourself from hackers:
1.) There’s always antivirus
Years ago, I would’ve recommended antivirus on all devices. Unfortunately, background processes associated with antivirus applications consume an excessive amount of computing power. Personally, I don’t use antivirus. Being a Debian guy, I run ufw. If I notice anything suspicious, I’ll investigate network/socket traffic and system processes. If you want to use antivirus, there are several providers to choose from. Remember, smartphones are computers too. Smartphones are just as vulnerable as a computer when it comes to malware.
2.) Always use HTTPS when you can
HTTPS stands for “Hypertext Transport Protocol with Security” or “Secure Hypertext Transfer Protocol”. The HTTPS protocol uses an encryption framework known as SSL or “Secure Sockets Layer”. This provides a bidirectional encryption tunnel between the data you are sending and receiving. Using SSL makes it very difficult for a hacker to eavesdrop on a connection. Think of HTTPS as creating a “protection tunnel” between you and a website. Your data is being transmitted through this tunnel of encryption so that no third-parties can know what you’re doing.
You can check to see if a site has HTTPS by requesting it (i.e. https://www.bing.com or https://www.google.com). If you type your site in with HTTPS and a lock comes up, then you should be going over an encrypted connection. Now, a big misconception about HTTPS is that if a site has HTTPS, it’s legit. THE PRECEDING IS NOT TRUE! Just because a site provides HTTPS, doesn’t mean it’s legit. Always do a background check before submitting data to a site, no matter what type of encryption and protection it offers.
3.) Secure your wireless network
Securing your wireless network is another way of protecting yourself from hackers. Hackers can perform an action called “wardriving”. Wardriving is when a hacker scans around for insecure networks. If they find a network that is insecure, they will connect to it and sniff the traffic. Network traffic may contain sensitive information about yourself (e.g. credit card numbers). Always implement strong passphrases and use modern security frameworks (e.g. WPA2 or WPA2-EAP).
4.) Incorporating a network firewall
Adding a network firewall & web filter increases your security greatly. However, this requires more technical knowledge. Network firewalls can run on a dedicated computer and intercept all data that goes out to the Internet. This can provide the capability of scanning websites for malware and blocking users from getting to them. There are many different types of open source firewalls available (e.g. pfSense).
5.) VPNs
Just as incorporating a network firewall can be difficult, VPNs can be equally challenging. However, many home routers now provide a built-in VPN implementation (e.g. OpenVPN). When people are on the go and need to access resources from home securely, VPNs are a perfect solution. VPNs or Virtual Private Networks enable users to access data from a different network without physically being there. For example, someone can connect to a VPN provided by their employer and access work-related documents from home. You can also implement a VPN at home for Internet privacy. Let’s say you’re browsing the web at a local cafe. The cafe’s WiFi is public, so a malicious user could sniff around and intercept your traffic. However, if you connect to your home VPN and route your Internet traffic through the VPN, the only traffic that may be visible is an encrypted request to your VPN. Everything else will go out your home’s Internet connection.
(Originally posted on February 8th, 2015. Updated on December 29th, 2020)
Has your RAID array ever decided to fail on you? I experienced trouble with this not too long ago. The array was comprised of 4 1TB Western Digital Black HDDs (i.e. RAID 10), which were pretty solid. Unfortunately, the OS was not installed on a separate disk (it would have been nice if the OS partition was on a SSD). Instead, the OS was installed on the array volume itself. In the unfortunate turn of events, the RAID controller failed and you can only guess what happened next.
It’s not fun having to go through and search for your data. Attempting to rebuild NTFS partitions and boot sectors can get frustrating after awhile. Fortunately, after some time and patience, we were able to restore the data. The only thing we couldn’t restore was data on the OS partition. Just so no one ever goes through the pain and suffering that I did, here are some helpful tools to recover data lost in RAID 10 arrays (and other RAID arrays).
RAID stands for “Redundant Array of Inexpensive Disks”. RAID also has other names, but for the sake of this article, I’m referring to the technology as this. It is a storage technology that utilizes multiple storage devices in order to create one faster, more efficient storage volume. For instance, if you want to have a RAID 0 array, you would need two disks. After establishing a RAID 0 array, the two drives would function as a “striped volume”. Striping volumes or split data sets evenly distributes the data between the data drives without any redundancy or parity information. This means that if the array were to “fail”, your data is pretty much SOL. The benefit of having a RAID 0 array is more performance, but less redundancy. If you want to have data redundancy incorporated in your system, there are other RAID flavors that would suffice (RAID 1, RAID 10, RAID 5, etc.)
In the event your RAID controller bites the dust and messes your volume up, here are some helpful tools:
Check out these tools if you’re in a situation that desperately calls for them. I know there may be other alternatives, but these have helped me out when attempting to recover data. Good luck and always remember to relax in a stressful situation such as data recovery. The best thing you can do in any data loss situation is to keep a clear head and never throw in the towel too early (unless you tried everything you can do). Knowing that you at least tried is better than not trying at all.
(Originally posted on May 28th, 2014. Updated on September 13th, 2020)
People will come up to me and ask, “Is my Wi-Fi password strong enough?” or “Is my wireless network secured?”. This is often a difficult question to answer because no matter how secure a network is, there are always vulnerabilities. Wireless networks can be exploited several ways. Some common causes include: weak passwords, insufficient encryption, and believe it or not, huge data transfers. If a wireless network has a weak password, then access could be achieved within minutes. Passwords should never be predictable. Weak security mechanisms, such as using outdated encryption, can also leave your wireless network exposed. If you are going to secure your home wireless network, at least use WPA2 (Wi-Fi Protected Access v2). WPA2 uses AES encryption, and when compared to TKIP, can stand a chance against a more powerful attack (see this link to read a little more about AES vs. TKIP encryption). WEP is also highly susceptible to replay attacks and should be avoided at all costs.
Just the other day, I got familiar with aircrack-ng. aircrack-ng allows you to lock onto a specific BSSID and capture traffic that comes in contact with your network adapter. If your network adapter can support airodump-ng, then you can sniff packets from an AP and potentially crack a Wi-Fi password. In order to execute attacks like that, massive data transfers must be occurring when the hacker sniffs the wireless network. If there’s not a lot of data being transmitted, then the attack will take longer to execute. Packet injection via aireplay-ng can come in handy for generating noise. An attack that could take days to execute can happen within minutes if a hacker’s network card supports packet injection.
If you really want to be secure (to the point of inconvenient), here are some security mechanisms you can implement:
(Originally posted on April 27th, 2014. Updated on September 13th, 2020)
