Cisco Packet Tracer (Security)

Friday 13 September 2019

MySQL/Maria Database

%Change password of existing user
SET PASSWORD FOR 'bob'@'%.loc.gov' = PASSWORD('newpass');

%create user
CREATE USER foo2@test IDENTIFIED BY 'password';
CREATE OR REPLACE USER foo2@test IDENTIFIED BY 'password';
CREATE USER IF NOT EXISTS foo2@test IDENTIFIED BY 'password';

%remove user
DROP USER bob;

%create user and then grant prevalence
CREATE USER 'dba'@'%' IDENTIFIED BY 'strongpassword';
GRANT ALL PRIVILEGES ON *.* TO 'dba'@'%' ;

%show all the users and details
SELECT User FROM mysql.user;
SELECT host, user, password FROM mysql.user;
show grants for 'vivek'@'%';

%show all databases
show databases;

Monday 9 September 2019

Learn Programing

https://www.geeksforgeeks.org/

https://www.ntu.edu.sg/home/ehchua/programming/index.html

Friday 22 February 2019

Installation

1) ndnSIM -Importing new ndnSIM with visulizer in eclipse
----->mercurialeclipse / main / wiki / Installation and Configuration — Bitbucket
----->Install Oracle Java 8 In Ubuntu Or Linux Mint Via PPA Repository [JDK8] ~ Web Upd8: Ubuntu / Linux blog

2) Installing R

3) Openflow with ns-3

4) Installing tor browser in ubuntu 14.04

5) Ns-2 installation

Steps for installing ns-2.35 on Ubuntu 13.04 and before versions.

Open Terminal

[Step 1]
Install some Essential Libraries and Softwares:
sudo apt-get install tcl8.5-dev tk8.5-dev

sudo apt-get install gcc-4.4 g++-4.4

sudo apt-get install build-essential autoconf automake

sudo apt-get install perl xgraph libxt-dev libx11-dev libxmu-dev

[Step 2]
Download ns-2.35

Download ns-2.35 from
http://sourceforge.net/projects/nsnam/files/latest/download

Unpack ns2 to your Desktop directory
tar -zxvf ns-allinone-2.35.tar.gz -C /home/khawajaali/Desktop

(or simply unzip the package on your desktop)

[Step 3]
Modify the OTcl makefile

Open /home/khawajaali/Desktop/ns-allinone-2.35/otcl-1.14/Makefile.in

Change CC = @CC@ to CC=gcc-4.4

Save the file

[Step 3.1]
installation errors

If you get installation errors modify the specified files in ns-allinone-2.35 folder as specified below:
Go to ns-allinone-2.35/ns-2.35/linkstate/ 2. Edit ls.h In line number 137, in place of void eraseAll() { erase(baseMap::begin(), baseMap::end()); } make it void eraseAll() { this->erase(baseMap::begin(), baseMap::end()); }

[Step 4] Install ns2

cd /home/khawajaali/Desktop/ns-allinone-2.35

./install

(this will take a while)

[Step 5] Modify ~/.bashrc

Once the installation is successful (without any errors), we need to add the path information to the file ~/.bashrc

gedit ~/.bashrc

Now Add these lines in the end of the file

    #LD_LIBRARY_PATH
    OTCL_LIB=/home/khawajaali/Desktop/ns-allinone-2.35/otcl-1.14
    NS2_LIB=/home/khawajaali/Desktop/ns-allinone-2.35/lib
    X11_LIB=/usr/X11R6/lib
    USR_LOCAL_LIB=/usr/local/lib
    export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$OTCL_LIB:$NS2_LIB:$X11_LIB:$USR_LOCAL_LIB
    # TCL_LIBRARY
    TCL_LIB=/home/khawajaali/Desktop/ns-allinone-2.35/tcl8.5.10/library
    USR_LIB=/usr/lib
    export TCL_LIBRARY=$TCL_LIB:$USR_LIB
    # PATH
    XGRAPH=/home/khawajaali/Desktop/ns-allinone-2.35/bin:/home/khawajaali/Desktop/ns-allinone-2.35/tcl8.5.10/unix:/home/khawajaali/Desktop/ns-allinone-2.35/tk8.5.10/unix
    # Note: the above two lines starting from XGRAPH should come in the same line
    NS=/home/khawajaali/Desktop/ns-allinone-2.35/ns-2.35/
    NAM=/home/khawajaali/Desktop/ns-allinone-2.34/nam-1.15/
    PATH=$PATH:$XGRAPH:$NS:$NAM

Save the modification and close the file

source ~/.bashrc

end of installation

Install Behind Proxy

`Install Behind Proxy`

`PIP`

sudo pip install --proxy http://edcguest:edcguest@172.31.100.14:3128 pygraphviz

`Add Apt Repository`

export http_proxy=http://edcguest:edcguest@172.31.100.14:3128
export https_proxy=http://edcguest:edcguest@172.31.100.14:3128
sudo -E add-apt-repository name_of_ppa

sudo apt-get update

`Download whole site`

wget  -r --proxy-user=cs1123 --proxy-password=chinu http://upscguide.com
wget -A pdf -m -p -E -k -K -np http://www.xyz.com/

`Git`

export http_proxy=http://edcguest:edcguest@172.31.100.14:3128
export https_proxy=http://edcguest:edcguest@172.31.100.14:3128

git clone url folderName

https://github.com/qinshulei/ubuntu-install

Security Material

HMAC
What and were use
How generated
Ideal Block Cipher

Discrete Logarithm Problem

Tuesday 12 February 2019

Enable AAA Security on Router

Open console of router by default you are in user mode

Router>

Write command enable to enter privilege mode
Router>enable
Router#

Write command configure terminal to enter global config mode
Router#configure terminal
Router(config)#

All the configuration are done in global config mode

Introduction

AAA security can be enabled in two ways--
1) Using local data base of the router
2) Using a third party server (Server-based Authentication)

Using TACACS+ server
Using RADIUS server

AAA Using local data base of the router

The rest of the discussion is done through the example scenario given below--

1) Initial Setting

    Change the hostnames of routers to R1, R2, and R3 as shown in the figure above.
    Router1(config)#hostname R1
    Router2(config)#hostname R2
    Router3(config)#hostname R3

    Assign all the IP addresses.
    Configure all the routers using RIP.
    Set enable password for each router R1, R2, and R3 to cisco.
    R1(config)#enable password cisco
    R2(config)#enable password cisco
    R3(config)#enable password cisco

    Create new usernames and passwords for R1, R2, and R3 using the following commands--
    R1(config)#username Admin1 secret admin1
    R2(config)#username Admin2 secret admin2
    R3(config)#username Admin3 secret admin3

AAA Authentication using the local database

2) Configure the line console to use AAA authentication.

    Create new usernames and passwords for R1
    R1(config)#username Admin1 secret admin1

    Enable AAA on R1 and configure AAA authentication for the console login to use default method list
    R1(config)#aaa new-model
    R1(config)#aaa authentication login default local
    R1(config)#line console 0
    R1(config-line)#login authentication default

    Verify the setting by exiting from router's console and re-login using R1's console

3) Configure the line vty to use AAA authentication.

     Configure the domain name and generate RSA key to use with SSH
     R1(config)#ip domain-name ccnasecurity.com
   R1(config)#crypto key generate rsa
     Enter 1024 on prompt

    Create a name-list AAA authentication method for the vty line
    R1(config)#aaa authentication login SSH-LOGIN local

    Configure the vty line to use the defined AAA authentication method named SSH-LOGIN
    R1(config)#line vty 0 4
    R1(config-line)#transport input ssh
    R1(config-line)#login authentication SSH-LOGIN

    Verify the setting form PC-A by doing ssh from the command prompt
    PC-A>ssh -l Admin1 192.168.1.1

Server-based Authentication using TACACS+ Server

    For backup purposes, configure a local username of Admin2 having
password admin2 on R2.
    R2(config)#username Admin2 secret admin2

    TACACS+ Server configuration
   Click the TACACS+ Server. On the Services tab, click AAA.

   Add network configuration entry.
   Client Name: R2
   Client IP: 192.168.2.1
   Secret: tacacspass
   Choose Server type as TACACS
   Click Add button

Add username and password corresponding to R2.
Username: Admin2
Password: admin2
Click Add button

  On the service by clicking ON radio button near Service label
   Configure the AAA TACACS server IP address and secret key on R2
   R2(config)#tacacs-server host 192.168.2.2
   R2(config)#tacacs-server key tacacspass

   Configure AAA login authentication for console access on R2.
   R2(config)#aaa new-model
   R2(config)#aaa authentication login default group tacacs+ local
   R2(config)#line console 0
   R2(config-line)#login authentication default

Monday 4 February 2019

Access Control List

Access Control List (ACL)

Open console of router by default you are in user mode

Introduction

ACL is used for denying traffic for an IP or a group of IPs.

TODO

Types of Traffic

Inbound Traffic - Traffic or packets going into the router

Outbound Traffic - Traffic or packets coming out of the router

Types of ACL

There are two types of ACL

1. Standard ACL (1-99)

applied closest to the destination
denies or permits source IP address

2. Extended ACL (100-199)

applied closest to the source
denies or permits source IP address
denies or permits destination IP address
denies or permits port (service)

Standard ACL

Consider two networks having subnets Source Network ID (SNID) and Destination Network ID (DNID) attached to the routers RSource and RDestination respectively.

Suppose you want to deny a host from the SNID network having IP IPsource to access the DNID network. This can be done through Standard ACL by creating an ACL which denies the host having IP IPsource.

1. Creating an ACL

Open console of router RDestination

Go to global config mode
Router(config)#

Enter command ->access-list ACLNumber deny IPsource WildCardBits

Router(config)#access-list 1 deny 10.0.2.3 0.0.0.0
% 1 for standard ACL. Deny only one IP address

Enter command ->access-list ACLNumber permit any

Router(config)#access-list 1 permit any
% Permit all other traffic

2. Applying the ACL to the interface

Go to global config mode
Router(config)#

Enter command ->interface interfaceName
Router(config)#interface fa0/0
% fa0/0 is the interface on which the ACL will be applied

Enter command ->ip access-group ACLName InBoundOrOutBound
Router(config)#ip access-group 1 out
% Here out is for outbound traffic

Extended ACL

TODO

Source:- Cisco CCNA Security