As you can see, a pretty simple setup. Think of the two networks as two separate locations. The Serial WAN link would simulate going over an ISP connection. We have Network 1 (192.168.10.0) and Network 2 (192.168.20.0) routing data between each other using RIP (Routing Information Protocol).
Pictured below is the RIP table using the show ip rip database command:
(Originally posted on September 16th, 2015. Updated on December 29th, 2020)
I watched a video on Coursera through Stanford University titled Cryptography. Here are some things that I learned from the first week:
Cryptography = secure communication between two entities.
Cryptography consists of two parts:
Both entities need to have a shared key in order to communicate with each other. Cryptography provides confidentiality and integrity for the data being transmitted.
Cryptography also provides bi-directional anonymity though mix net (i.e. onion routing (Tor), anonymous re-mailers).
Mix net – Alice sends Bob messages through a series of proxies (i.e. different public IP’s 65.87.234.34, 123.3.234.12, 89.24.124.35, etc.) so Bob will not know where Alice is.
Anonymous digital cash – Can I spend a “digital coin” without anyone knowing who I am? How to prevent double spending?
Cryptography is a rigorous science.
The three steps of cryptography:
(Originally posted on March 8th, 2015. Updated on December 29th, 2020)
People have asked me what they can do to protect themselves from being hacked. First, let me clarify something very important: NO ONE WILL EVER BE 100% SAFE FROM A HACK. With the constant changes in technology, there will always be new vulnerabilities that hackers will try to exploit. This is unfortunately the world we live in. That being said, the inevitability of an attack shouldn’t deter you from adopting good security practices. Here are some basic steps in protecting yourself from hackers:
1.) There’s always antivirus
Years ago, I would’ve recommended antivirus on all devices. Unfortunately, background processes associated with antivirus applications consume an excessive amount of computing power. Personally, I don’t use antivirus. Being a Debian guy, I run ufw. If I notice anything suspicious, I’ll investigate network/socket traffic and system processes. If you want to use antivirus, there are several providers to choose from. Remember, smartphones are computers too. Smartphones are just as vulnerable as a computer when it comes to malware.
2.) Always use HTTPS when you can
HTTPS stands for “Hypertext Transport Protocol with Security” or “Secure Hypertext Transfer Protocol”. The HTTPS protocol uses an encryption framework known as SSL or “Secure Sockets Layer”. This provides a bidirectional encryption tunnel between the data you are sending and receiving. Using SSL makes it very difficult for a hacker to eavesdrop on a connection. Think of HTTPS as creating a “protection tunnel” between you and a website. Your data is being transmitted through this tunnel of encryption so that no third-parties can know what you’re doing.
You can check to see if a site has HTTPS by requesting it (i.e. https://www.bing.com or https://www.google.com). If you type your site in with HTTPS and a lock comes up, then you should be going over an encrypted connection. Now, a big misconception about HTTPS is that if a site has HTTPS, it’s legit. THE PRECEDING IS NOT TRUE! Just because a site provides HTTPS, doesn’t mean it’s legit. Always do a background check before submitting data to a site, no matter what type of encryption and protection it offers.
3.) Secure your wireless network
Securing your wireless network is another way of protecting yourself from hackers. Hackers can perform an action called “wardriving”. Wardriving is when a hacker scans around for insecure networks. If they find a network that is insecure, they will connect to it and sniff the traffic. Network traffic may contain sensitive information about yourself (e.g. credit card numbers). Always implement strong passphrases and use modern security frameworks (e.g. WPA2 or WPA2-EAP).
4.) Incorporating a network firewall
Adding a network firewall & web filter increases your security greatly. However, this requires more technical knowledge. Network firewalls can run on a dedicated computer and intercept all data that goes out to the Internet. This can provide the capability of scanning websites for malware and blocking users from getting to them. There are many different types of open source firewalls available (e.g. pfSense).
5.) VPNs
Just as incorporating a network firewall can be difficult, VPNs can be equally challenging. However, many home routers now provide a built-in VPN implementation (e.g. OpenVPN). When people are on the go and need to access resources from home securely, VPNs are a perfect solution. VPNs or Virtual Private Networks enable users to access data from a different network without physically being there. For example, someone can connect to a VPN provided by their employer and access work-related documents from home. You can also implement a VPN at home for Internet privacy. Let’s say you’re browsing the web at a local cafe. The cafe’s WiFi is public, so a malicious user could sniff around and intercept your traffic. However, if you connect to your home VPN and route your Internet traffic through the VPN, the only traffic that may be visible is an encrypted request to your VPN. Everything else will go out your home’s Internet connection.
(Originally posted on February 8th, 2015. Updated on December 29th, 2020)
