bogdi19

Una din componentele cele mai sensibile ale unei aplicatii web, este baza de date. Aceasta retine informatie obtinuta cumulativ, in timp, care valorifica (financiar, informational) aplicatia in sine. Exemple de astfel de informatii: utilizatori autentificati; post-uri (in cazul forum-urilor); produse si comentarii la produse; Pierderea acestor informatii produce, pe langa ne-functionare, de-valorizarea aplicatiei in sine. Spre exemplu, valoarea unei aplicatii de social-networking este data (pe langa functionalitati, implementare, design, etc), de numarul de persoane care o folosesc, mai general, de cantitatea de informatii pe care aplicatia o pune la dispozitie. Or, aceasta informatie este de valoare critica pentru o aplicatie, si ea trebuie protejata. Un prim pas este realizarea de back-up-uri regulate ale informatiilor. In continuare, vom examina alte situatii vulnerabile care conduc la compromiterea bazei de date, si solutii de evitare a acestora. Solutii de protejare: 1. limitarea accesului la anumite fisiere de pe server; in Apache, acest lucru se poate face editand httpd.conf, astfel: <Files ~ "\.inc$"> Order allow,deny Deny from all </Files> 2. folosirea unei extensii care forteaza evaluarea script-ului, spre deosebire de afisarea lui ca-atare Expunerea de informatii in fisiere Majoritatea aplicatiilor web care interactioneaza cu baze de date, retin informatiile de conectare in fisiere auxiliare. Exemplu: define ('ADDRESS', 'localhost'); define ('DATABASE', 'bazadate'); define ('USERNAME' , 'root'); define ('PASSWORD', ''); Sa presupunem ca fisierul care contine codul de mai sus se numeste constants.inc, si ca se afla in directorul root al aplicatiei. Cel mai probabil, acesta va fi inclus de un script php, astfel : require_once(‘constants.inc’);. Daca insa un utilizator intuieste (sau alege la intamplare), numele acestui fisier, il poate accesa, astfel: http://localhost/path/to/constants.inc Cum nici browserul nici serverul nu au informatii despre extensia *.inc, continutul acestui fisier este intors utilizatorului ca si text. Consecintele sunt intuitive. Username-ul si parola pentru conectarea la baza de date sunt compromise, si implicit continutul acesteia. SQL Injection SQL Injection se refera la injectarea de cod SQL malitios, la rularea unui query. Fie urmatorul script, care construieste un query, pe baza unui formular primit: $query = "INSERT INTO users (username, password, email) VALUES ('{$_POST['username']}', '$autoPassword', '{$_POST['email']}')"; Variabila $autoPassword reprezinta o parola generata automat, care poate fi trimisa utilizatorului via email, la crearea contului. Sa afisam acest query, pentru niste valori conventionale trimise prin formular: INSERT INTO users (username, password, email) VALUES ('user', '6d0f846348a856321729', 'email') Ce se intampla insa daca un utilizator, completeaza campul username cu urmatoarea valoare: bad_guy', 'mypass', ''), ('good_guy Daca afisam query-ul executat de script, obtinem: INSERT INTO users (username, password, email) VALUES ('bad_guy', 'mypass', ''), ('good_guy', '6d0f846348a856321729', 'email') Efectul este vizibil: un utilizator nou este adaugat, cu o parola deja setata. Aparent, rezultatul acestei vulnerabilitati nu este foarte grav, insa putem considera urmatorul context: in locul functiei query, folosim functia multi_query, care permite rularea de instructiuni multiple trimitem in locul unui nume de utilizator, sirul: some_guy', '', ''); DROP TABLE criticaltable; -- Query-ul produs, va fi urmatorul: INSERT INTO users (username, password, email) VALUES ('some_guy', '', ''); DROP TABLE criticaltable; --', 'ba2fd310dcaa8781a9a6', 'email') Observatii: Caracterele – reprezinta comentarii; comentariile anuleaza restul expresiei SQL In ipoteza existentei tabelului criticalTable, acesta va fi sters Mai grav, instructiunea SQL DROP TABLE … putea fi inlocuita cu DROP DATABASE …, avand un efect usor de imaginat. Chiar si in cazul in care folosim functia query, care executa un singur query, SQL Injection poate fi folosit in formule (de sintaxa) mai complicate, pentru a produce efecte grave asupra bazei de date (spre exemplu: extragerea de informatii) Modalitati de protejare: filtrarea oricarei informatii provenite din formulare, indiferent de metoda folosita (acceptarea valorilor care respecta un pattern pre-stabilit, si respingerea a orice nu respecta acest pattern) folosirea functiei membru real_escape_string din clasa mysqli; detalii: PHP: mysqli::real_escape_string - Manual Securitatea WEB – Session Hijacking Un astfel de atac este posibil, daca session id-ul unui utilizator este compromis. Acest lucru este foarte posibil, tinand cont de faptul ca session-id-ul este direct vizibil. Iata un exemplu de header HTTP, care expune session_id-ul. Header-ul provine de la un script care seteaza o sesiune: HTTP/1.1 200 OK Date: Wed, 17 Mar 2010 18:31:47 GMT Server: Apache/2.2.11 (Win32) PHP/5.2.8 X-Powered-By: PHP/5.2.8 Set-Cookie: PHPSESSID=ls2pd33foiidr5ld6gkpqo94d0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Content-Length: 0 Connection: close Content-Type: text/html Observati linia PHPSESSID=ls2pd33foiidr5ld6gkpqo94d0;, care expune session id-ul. Incluzand acest session id intr-o cerere HTTP, un atacator poate obtine credentialele utilizatorului, pe aplicatia web vulnerabila. In continuare prezentam un script PHP care afiseaza continutul header-ului primit dupa o cerere GET de la un server. <?php $url = parse_url('http://example.com/session.php'); $host = $url['host']; $path = $url['path']; $fp = fsockopen($host, 80); // send the request headers: fputs($fp, "GET $path HTTP/1.1\r\n"); fputs($fp, "Host: $host\r\n"); fputs($fp, "Connection: close\r\n\r\n"); $result = ''; while(!feof($fp)) { // receive the results of the request $result .= fgets($fp, 128); } // close the socket connection: fclose($fp); // split the result header from the content $result = explode("\r\n\r\n", $result, 2); $header = isset($result[0]) ? $result[0] : ''; $content = isset($result[1]) ? $result[1] : ''; echo $header; ?> Securitatea WEB – Session Fixation Ca si Session Hijacking, Session Fixation se bazeaza pe folosirea session id-ului unui utilizator, insa fara a-l fura, ci impunandu-l. Un utilizator poate accesa un link care ii fixeaza un anume session id, care apoi e folosit ca id de sesiune, la autentificarea pe o aplicatie. Folosind id-ul fixat, atacatorul poate beneficia pe aplicatia vulnerabila, de privilegiile utilizatorului. Detalii despre Session Fixation: Session fixation - Wikipedia, the free encyclopedia Sursa: Tutoriale Video pentru Windows si Linux | Programare C Java PHP Android

http://www.youtube.com/watch?v=_enCAlzFCUo

http://www.youtube.com/watch?v=OMcIV_nAkX8&feature=relmfu

http://www.youtube.com/watch?v=bORZlmyDw0s

Pentru gevey poti instala furiousmod ca sa-ti mai usureze procesul de decodare.Stiu ca era un soft care iti facea automat setarile la gevey,ultransowcn parca se numeste.

Stiti unde pot gasi niste template-uri care sa contina un site in asp.net care sa aiba legatura la o baza de date in microsoft access? Multumesc anticipat!

Bitdefender anunta disponibilitatea solutiei gratuite DNS Changer Detector, care elimina efectele familiei de virusi DNS Changer, efecte ce ar putea lasa fara internet sute de mii de calculatoare din intreaga lume, pe 9 iulie. Troianul DNS Changer directioneaza calculatoarele infectate catre website-uri false, care au fost create special de infractori cibernetici, in scopul unor escrocherii, prin modificarea setarilor DNS ale calculatoarelor pe care se instaleaza. (DNS - Domain Name System – este un sistem de distribuire a numelor pentru calculatoarele conectate intr-o retea). Pentru a verifica daca un calculator a fost infectat cu acest virus si pentru a reface sistemul descarcati si rulati pe calculator DNS Changer Detector. Daca instrumentul raporteaza ca sistemul este curat, nu exista niciun motiv de ingrijorare. Daca, insa, arata semne de intruziune, urmati etapele urmatoare pentru a va repara sistemul: 1. Mai intai eliminati virusul de pe computer. Setarile DNS au fost cel mai probabil schimbate de o infectie activa pe calculator. Rulati QuickScan care va spune in 60 de secunde daca sistemul este sau nu infectat si stergeti manual virusul DNS Changer. Alternativ puteti opta pentru instalarea unei versiuni de 30 de zile a Bitdefender Internet Security 2012 care va curata automat sistemul. Este obligatoriu sa curatati calculatorul inainte de schimbarea setarilor DNS, altfel, riscati ca virusul din calculator sa va schimbe setarile la loc. 2. Rulati unealta DNS Changer Detector si lasati-o sa schimbe setarile DNS. In functie de tipul de conexiune, acest instrument va incerca sa repuna setarile DNS recomandate si va va informa daca problema a fost rezolvata sau nu. In noiembrie anul trecut, initiatorii atacului au fost arestati de FBI, iar controlul asupra serverelor a fost preluat de catre autoritati. In conditiile in care modificarile in sistemul DNS au un impact foarte mare asupra conectarii calculatoarelor la internet, FBI a substituit serverele periculoase cu unele valide pentru a nu intrerupe automat legaturile la internet a sute de mii de calculatoare infectate. Totul se va incheia insa pe 9 iulie cand autoritatile vor scoate din circuit serverele substitut, iar acest lucru va face aproape imposibil accesul la internet al utilizatorilor obistnuiti ale caror setari DNS au fost afectate de virus. http://www.hotforsecurity.com/download/dns-changer-detector Sursa: Bitdefender

http://www.youtube.com/watch?v=cysUlc_0SWU

Pentru cei cu modelul 8120 trebuie introduse doar primele 8 cifre din campul corespondent mep2. Codul corect va fi: 12060380 Incercati asa doar daca aveti modelul 8120,nu stiu daca pe celelalte modele merge cu primele 8 sau si cu restul cifrelor. Am incercat cu toate cifrele iar in urma unei sugesti de pe un alt forum am incercat doar cu primele 8 si a mers.

http://www.youtube.com/watch?v=E5kO-ruCgHI&feature=relmfu

Si Intel are aceleasi probleme cu driverele. Poti incerca sa faci un update driverelor sau sa dezactivezi aero.

COURSE DESCRIPTION The Certified Information Systems Security Professional credential is one of the most sought after security management certifications in the profession. The CISSP certification separates the novices from the seasoned security professionals. This VTC title will help prepare you for what may be the toughest six hours of your IT security career – The CISSP exam. VTC author Bobby Rogers will give you the key information you need to prepare for this challenging exam and increase your worth as a certified security professional. To begin learning simply click on the links. Introduction & Course Outline Introduction Course Outline Access Control Access Control Concepts Types of Access Control Access Control Models Authentication Methods Access Control Systems & Administration Access Control Attacks Telecommunications & Network Security Introduction Network Protocols The OSI Model Networking Topologies Network Transmission Media Network Security Devices Remote Access Protocols & Technologies Network Security Weaknesses & Countermeasures Wireless Security Security & Risk Management Security Goals & Tenets Security Management Roles & Responsibilities Security Policies & Procedures Security Classification Introduction to Risk Risk Assessment Risk Analysis Risk Management Applications Security Introduction to Application Security Systems Development Life Cycle Programming Languages & Techniques Database Security Application Threats Cryptography Basics of Cryptography Cryptography Definitions Encryption Algorithms Hashing Symmetric & Asymmetric Cryptography Public Key Infrastructure Cryptographic Key Management Cryptographic Threats Cryptographic Protocols & Applications Cryptography Demonstration Security Architecture & Design Security Models System Components Security Architecture Security Evaluation Criteria System Certification & Accreditation Operations Security Operational Security Controls Personnel Security Media Security Configuration Management Security Awareness & Training BCP & DRP Introduction to DRP & BCP Organization & Contingency Planning Disaster Recovery Planning Business Continuity Planning Contingency Operations Plan Testing & Implementation Law, Investigation & Ethics Introduction to Cyberlaw Privacy Laws Intellectual Property Criminal Law Administrative/Regulatory Laws Legal Liability & Ethical Practices Cyber Crime Investigations Physical Security Safety Fire Safety Facility Security Pt.1 Facility Security Pt.2 Environmental Security After the Exam The CISSP Exam Preparing your CISSP Resume After the CISSP Wrap Up About the Author LINK: CISSP Tutorials

This week, Microsoft released the beta for Windows Server 8 along with its client partner, the Windows 8 Consumer Preview. A number of new features have been added since the technical preview in September. Remote Desktop support for DirectX 11. RemoteFX was introduced in Windows Server 2008 R2 SP1 as a way to get rich media, audio and video support hosted centrally on a server and pushed out to thin clients. It was, however, only really effective on a local, or at least a really fast, network. DirectX 11 support has been added to the virtual GPU that RemoteFX uses, so that even users connecting to a virtual desktop over the Internet (with high latency and some packet less) will be able to use graphics-intensive applications like Photoshop and video editing applications without a bunch of buffering, straining, or stuttering. In addition, media remoting has been improved so applications can stream video and audio in a much more bandwidth-efficient way, which will both lower your transmission costs and improve the end-user experience, too. SMB directory leasing. As part of Windows Server 8, you get the SMB (Server Message Block) 2.2 protocol—an incremental upgrade over the SMB 2.0 protocol that’s been in Windows Server for years, but with a couple of important distinctions. One is the new support for directory leasing, which is great for branch offices or other remote locations that depend on file-share based access to content on servers not on premises. By “leasing” directories from a true source, clients at branch office locations pull metadata in any given directory directly from the cache, rather than making a full round trip to and from the remote server. The server uses an SMB 2 protocol feature to notify clients when directory information changes, and then the cache can be updated. This is ideal for situations where you have a read-only directory that’s shared out, or a personal folder that is read/write (like a user’s home directory) but isn’t shared to other users. Shadow copies for SMB shares. This feature is new to the beta, too – now you can get ease of volume shadow copies (those instant data file copies that happen in the background) on file shares too, and not just on physical volumes not over a network. This is great for backup and restore of application-specific data that lives on a SAN or NAS system and expands the reach of the “Previous Versions” feature, too. The notion of “primary computers.” Roaming profiles have always been one of the banes of Windows administrators. It’s been an all-or-nothing affair: either you enable a user’s profile to roam with him or her to every computer on your network, or none of the computers were able to roam. Roaming was great when offices were in one location, but as soon as a user who was homed on a server in Seattle logged on to a machine in London, you started the see the problem—the entire profiles, sometimes hundreds of megabytes of information, had to be transmitted over the network before the user could log in. Enter “primary computers,” a new feature where you as the administrator can designate a few computers as machines that will always get a profile roamed, folders redirected, and so on. A user logging into any machine NOT designated as a primary computer would then create a standard local profile, which eliminates bogging down the network. This is very useful in managing network traffic among a swath of traveling users, especially in the mornings when everyone on your network typically logs on. Dynamic Access Control. DAC is a great addition to the product and should make both accessing and security data on your system a lot more straightforward than it has been in previous editions of Windows. With DAC, you can tag data with different classifications (“sensitive,” “for finance only,” “do not forward,” and so on) and then automatically classify all data like it on a Windows Server 8 machine. For example, you could tag documents in a set of Finance folders as sensitive and then all future documents would get that tag. You can then act on that tag to configure access for different users and also set up what amounts to claims-based access for that data independent of NTFS (or ReFS) permissions. You can also allow users to automatically request access to given data directly through the UI, and likewise, administrators can grant that access more easily. Effective access. This feature is akin to the resultant set of policy, or RSoP, features that were introduced in Group Policy in Windows Server 2003. Within the permissions and security dialog for any given file system object, you can model what permissions a certain user has for that object. What’s more, you can also model what permissions that user would have if certain information about the user were changed—for example, his group membership or her departmental access claims. It makes it very easy to see if permissions will work, and which specific ACL entries will do what you like, rather than the sometimes trial-and-error based process that ensues when ACLs need to be modified. Sursa: Windows Server information, news and tips - SearchWindowsServer.com

http://cdn.ttgtmedia.com/searchNetworking/downloads/Greg_sec_lab1_c09.pdf

Traditional security measures, such as VPNs, intrusion prevention and anti-virus software, can no longer suffice when it comes to handling network access for employee-owned mobile devices. To handle new kinds of access, a certain level of network access security intelligence must be added to components throughout the network. Major network equipment vendors have all recognized the pressing need to meet new security challenges. This is in light of the fact that employees are starting to work outside the physical office more frequently, and thus requiring access to applications regardless of their location. Recent security offerings combine local and remote security to offer unified access and a reduction in administrative work. Access to applications and data is now based on the identity and role of the individual, as well as their location and other factors. In addition, network administrators define access policies that apply across the entire network, including internal wired and wireless networks, remote Wi-Fi hotspots, and cellular data networks. Vendors offer a variety of authentication methods such as IEEE 802.1X or authentication techniques based on device MAC address or WebAuth, a web based technique, which are all are commonly used with RADIUS. Once authenticated, a user is granted access based on a policy established by network administrators. These policies can be stored in LDAP or in other types of directory. Network access security and wireless devices In some cases, a policy may include limitations based on user location. Enterprise security software can utilize the GPS facility on mobile devices or the identity of the connected 802.11 access point (AP), to detect location and block access when necessary. Another issue that vendors have addressed is that a mobile device which is infected with a key logger can capture a username and password. This means that unauthorized users can then gain the same level of network access as the owner of the infected device. Vendors now offer software packages for each mobile device operating system and device type. These packages are downloaded onto the device and include anti-virus software that is updated automatically to address the latest threat types. They also verify that mobile applications are at the appropriate revision and patch level. Included VPN software encrypts transmissions to the enterprise network. Mobile devices located inside a facility and utilizing the 802.11 network offer the same dangers encountered with remote network access. Downloaded security software provides the same protection inside a building as well as outside. Internal 802.11 networks are also vulnerable to attacks. The weaknesses of WEP and WPA are well known and because of this, most networks have been moved to WPA2. This move greatly reduces the probability of a hacker gaining access by cracking encryption. APs detect and report other APs or devices introduced by an employee to create a private network. Vendors have also enhanced APs with radio frequency management to lessen the danger that signals will extend beyond the walls of a facility. Switches get intelligent to handle network access security Switches have been enhanced to protect against unauthorized intruders who gain access to the internal network. For instance, a rogue device can attempt to flood switches with MAC addresses causing MAC tables to overflow. Switches then flood traffic to all ports and the resulting traffic increase disrupts the network. To address this vulnerability, switches can discard MAC addresses before an overflow occurs. Switch vendors have also added the ability to detect an unauthorized DHCP server attack, caused either by an intruder or inadvertently due to a software configuration error. An unauthorized DHCP server attack could supply a DNS server address to legitimate devices. The DNS server would then direct web traffic to a site that captures user names and passwords. Switches can also monitor ARP requests and detect devices that respond to requests aimed at another device. Layer 2 encryption using IEEE 802.1AE (MACsec) can be configured to protect highly sensitive data as it moves between switches. By encrypting at Layer 2 rather than using IPsec, intermediate devices such as firewalls and IPS devices can decrypt packets and inspect its contents before re-encrypting them so that they can continue their path through the network. Vendors have proactively attempted to reduce security vulnerabilities by building extensive facilities into network components. Yet 100% protection is not a guarantee. As hacker techniques continue to evolve, device and network access security must be continually enhanced to protect network security against risks from multiple fronts. Sursa: TechTarget, Where Serious Technology Buyers Decide

Presenter: Rob Pike Go is a new experimental systems programming language intended to make software development fast. Our goal is that a major Google binary should be buildable in a few seconds on a single machine. The language is concurrent, garbage-collected, and requires explicit declaration of dependencies. Simple syntax and a clean type system support a number of programming styles.

Contents Preface ............................................. 2 Organization of This Book............................ 3 Intended Reader ..................................... 3 What is Revised in the 5th Edition................... 3 Fixing Vulnerabilities .............................. 4 ?Fundamental Solution and Mitigation Measure?......... 4 1. Web Application Security Implementation........... 5 1.1 SQL Injection.................................... 6 1.2 OS Command Injection..............................10 1.3 Unchecked Path Parameter / Directory Traversal....13 1.4 Improper Session Management.......................16 1.5 Cross-Site Scripting .............................22 1.6 CSRF (Cross-Site Request Forgery).................29 1.7 HTTP Header Injection............................ 33 1.8 Mail Header Injection ........................... 37 1.9 Lack of Authentication and Authorization ........ 40 2. Approaches to Improve Website Security ........... 42 2.1 Secure Web Server................................ 42 2.2 Configure DNS Security .......................... 43 2.3 Protect against Network Sniffing................. 44 2.4 Secure Password.................................. 45 2.5 Mitigate Phishing Attacks ....................... 47 2.6 Protect Web Applications with WAF................ 50 2.7 Secure Mobile Websites .......................... 56 3. Case Studies...................................... 63 3.1 SQL Injection.................................... 63 3.2 OS Command Injection............................. 69 3.3 Unchecked Path Parameters........................ 72 3.4 Improper Session Management...................... 74 3.5 Cross-Site Scripting ............................ 77 3.6 CSRF (Cross-Site Request Forgery)................ 88 3.7 HTTP Header Injection............................ 93 3.8 Mail Header Injection ........................... 94 Postface............................................. 97 References........................................... 98 Terminology.......................................... 100 Checklist............................................ 101 CWE Mapping Table.................................... 105 http://www.ipa.go.jp/security/vuln/documents/website_security_en.pdf

Vezi pe la tutoriale video.

Vezi aici ce si cum http://www.consultanta-fonduri-europene.ro/consultanta-fonduri-europene-operatiunea-311.html

Nu poti sa-ti deschiz firma daca nu esti major.Ai putea sa faci firma pe numele cuiva de incredere.

Pentru inceput da o fuga la registrul comertului si dechide un S.R.L.Dupa care,pentru mai multe informatii poti intra pe www.apdrp.ro

Lesson 01 - Introduction to Cisco Certified Network Associate (CCNA) Certification Lesson 02 - Different Types of Router Memory Lesson 03 - How to communicate with a Router using Console, Auxiliary, Telnet, SSH, HTTP and HTTPS connections Lesson 04 - How to connect and access a router or switch using console connection Lesson 05 - How to connect to router or switch console if serial port is not available in computer Lesson 06 - How to use HyperTerminal Terminal Emulator to configure or monitor a Cisco Router or Switch Lesson 07 - How to use PuTTY Terminal Emulator to configure or monitor a Cisco Router or Switch Lesson 08 - Cisco's Three-tier Hierarchical Network Model Lesson 09 - Benefits of Segmenting a network using a Router Lesson 10 - What are Collision Domain and Broadcast Domain Lesson 11 - Cisco Router Boot Sequence Lesson 12 - What is Trivial File Transfer Protocol (TFTP) Lesson 13 - How to install Solarwinds Trivial File Transfer Protocol (TFTP) Server Lesson 14 - How to configure Solarwinds Trivial File Transfer Protocol (TFTP) Server to backup IOS and configuration files Lesson 15 - Cisco Router Configuration Files Lesson 16 - Naming Convention of Cisco IOS Image Files Lesson 17 - How to backup IOS and configuration files to Trivial File Transfer Protocol (TFTP) Server Lesson 18 - How to Upgrade or Install IOS from Trivial File Transfer Protocol (TFTP) Server Lesson 19 - Cisco IOS Command Line modes Lesson 20 - How to configure passwords to secure Cisco Router Lesson 21 - Basic Cisco Router Configuration Commands Lesson 22 - Cisco Router Show Commands Lesson 23 - Important Key Combinations of Cisco IOS Command Line Interface (CLI) Lesson 24 - Router interface naming convention Lesson 25 - Cisco Router interface configuration commands Lesson 26 - How to configure Router Serial Interfaces Lesson 27 - What is Cisco Discovery Protocol (CDP) Lesson 28 - Important Cisco Discovery Protocol (CDP) IOS commands Lesson 29 - Types of Routes - Static Routes and Dynamic Routes Lesson 30 - What is the difference between Routing Protocols and Routed Protocols Lesson 31 - What is Autonomous System and Autonomous System Number Lesson 32 - What is Administrative Distance Lesson 33 - Introduction to Static Routes and Default Routes Lesson 34 - How to configure Static Routes and Default Routes Lesson 35 - What is Dynamic Routing and different types of Dynamic Routing Lesson 36 - What is Routing Metric Value Lesson 37 - What is Convergence of Routing Tables Lesson 38 - Introduction to Distance Vector Routing Protocols Lesson 39 - Introduction to Routing Information Protocol (RIP) Lesson 40 - How to configure Routing Information Protocol (RIP) Lesson 41 - Introduction to Interior Gateway Routing Protocol (IGRP) Lesson 42 - How to configure Interior Gateway Routing Protocol (IGRP) Lesson 43 - What is Routing Loop and how to avoid Routing Loop Lesson 44 - Introduction to Link State Routing Protocols Lesson 45 - Introduction to Open Shortest Path First (OSPF) Protocol Lesson 46 - How to configure Open Shortest Path First (OSPF) Lesson 47 - Introduction to Hybrid Routing Protocols Lesson 48 - Introduction to Enhanced Interior Gateway Routing Protocol (EIGRP) Lesson 49 - How to configure Enhanced Interior Gateway Routing Protocol (EIGRP) Lesson 50 - Introduction to Access Control Lists (ACL) Lesson 51 - Standard Access Control Lists (ACLs) Lesson 52 - Where should a Standard Access Control List (ACL) be placed Lesson 53 - Access Control List (ACL) - Wildcard Masks Lesson 54 - How to create and configure Standard Access Control Lists (ACLs) Lesson 55 - Extended Access Control Lists (ACLs) Lesson 56 - Where should an Extended Access Control List (ACL) be placed Lesson 57 - Extended Access Control List (ACL) - Operators Lesson 58 - Extended Access Control List (ACL) - TCP and UDP port numbers and names Lesson 59 - Extended Access Control List (ACL)- established Keyword Lesson 60 - How to create and configure Extended Access Control Lists (ACLs) Lesson 61 - How to create and configure Access Control Lists (ACLs) for vty lines (telnet and ssh) Lesson 62 - Named Access Control Lists (ACLs) Lesson 63 - How to create and configure Standard Named Access Control Lists (ACLs) Lesson 64 - How to create and configure Extended Named Access Control List (ACL) Lesson 65 - How to edit a Named Access Control List (ACL) on router Lesson 66 - Introduction to Network Switches Lesson 67 - Difference between Network Switches and Bridges Lesson 68 - Methods of Switching Lesson 69 - Difference between Half-duplex and Full-duplex Switching Lesson 70 - Functions of a Network Switch Lesson 71 - What is switch management VLAN and how to configure Management VLAN Lesson 72 - Basic Cisco Switch Configuration Commands Lesson 73 - What is Broadcast Storm Lesson 74 - What is Layer 2 Switching loop Lesson 75 - What is Spanning Tree Protocol (STP) Lesson 76 - What is Bridge Protocol Data Unit (BPDU) frame Lesson 77 - Bridge Protocol Data Unit (BPDU) Frame Format Lesson 78 - What is a Root Bridge (Switch) Lesson 79 - What is a Root Port Lesson 80 - What are Port Cost, Port Priority and Path Cost Values Lesson 81 - How Spanning Tree Protocol (STP) select Root Port Lesson 82 - What is a Designated Port Lesson 83 - How Spanning Tree Protocol (STP) select Designated Port Lesson 84 - Difference between Root Port and Designated Port Lesson 85 - Spanning Tree Port States Lesson 86 - Topology Changes in Spanning Tree Protocol (STP) Lesson 87 - Spanning Tree Protocol (STP) Convergence Lesson 88 - What is Spanning Tree Protocol (STP) PortFast Lesson 89 - How to configure and verify Spanning Tree Protocol (STP) PortFast Lesson 90 - How to enable or disable Spanning Tree Protocol (STP) Lesson 91 - What is Rapid Spanning Tree Protocol (RSTP) Lesson 92 - Difference between Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol (RSTP) Lesson 93 - Per-VLAN Spanning Tree (PVST) and Per-VLAN Spanning Tree Plus (PVST+) Lesson 94 - What is Virtual Local Area Network (VLAN) Lesson 95 - Advantages of VLAN Lesson 96 - VLAN Membership Types Lesson 97 - How to create and name static VLAN Lesson 98 - How to view VLAN information Lesson 99 - Types of VLAN connection links - Trunk Links and Access Links Lesson 100 - VLAN Frame Tagging Lesson 102 - Inter-Switch Link (ISL) VLAN Tagging Lesson 102 - IEEE 802.1Q VLAN Tagging Lesson 103 - How to configure VLAN trunk link and native VLAN Lesson 104 - How to configure and assign a switch access port to a VLAN Lesson 105 - What is VLAN Trunking Protocol (VTP) Lesson 106 - What is VLAN Trunking Protocol (VTP) Domain Lesson 107 - VLAN Trunking Protocol (VTP) Modes Lesson 108 - VLAN Trunking Protocol (VTP) Advertisement Messages Lesson 109 - How to configure VLAN Trunking Protocol (VTP) Lesson 110- How to view VLAN Trunking Protocol (VTP) information Lesson 111- What is VLAN Trunking Protocol (VTP) Pruning Free Cisco Certified Network Associate (CCNA) Online Tutorials and Study Guides

Lesson 01 - Introduction to Infrastructure Security Lesson 02 - Firewalls Lesson 03 - Routers Lesson 04 - Hubs Lesson 05 - Bridges and Switches Lesson 06 - Modems Lesson 07 - Remote Access Services (RAS) Lesson 08 - Virtual Private Networks (VPN) Lesson 09 - Intrusion Detection Systems (IDS) Lesson 10 - Difference between Firewall and Intrusion Detection System Lesson 11 - Types of Intrusion Detection Systems Lesson 12 - Leading Intrusion Detection Systems (IDS) Products Lesson 13 - Honeypots Lesson 14 - Types of Honeypots - Low Interaction Honeypots and High Interaction Honeypots Lesson 15 - Leading Honeypot Products Lesson 16 - Honeypot Clients (HoneyClients) Lesson 17 - Introduction to Network Protocol Analyzers (Sniffers) Lesson 18 - How Network Protocol Analyzers (Sniffers) work? Lesson 19 - Leading Network Protocol Analyzer (Sniffer) products Lesson 20 - How to detect Network Protocol Analyzer (Sniffers) in your network Lesson 21 - Network Access Control Lesson 22 - DMZ (Demilitarized Zone) Lesson 23 - How to secure Workstations and Servers Lesson 24 - Wireless Networks Lesson 25 - Institute of Electrical and Electronics Engineers (IEEE) 802.11 Wireless Standards Lesson 26 - Wireless Application Protocol (WAP) Lesson 27 - Wired Equivalent Privacy (WEP) Lesson 28 - Wi-Fi Protected Access (WPA) Lesson 29 - Common Wireless Attacks Lesson 30 - E-mail Security Introduction to Infrastructure Security

You will learn how to assign the IPSec policy you have created last lesson to the domain controller. Remember, you can assign only one IPSec policy at a time. To assign an IPSec policy, right click the policy and select "Assign" from the context menu. This action will assign "Secure Telnet" IPSec policy you have created and make it active. Once the policy is assigned, you can see a green dot at the policy icon and "Policy Assigned" status will be "Yes". Remember to assign the Client (Respond Only) IPSec policy on SERV04.omnisecu.com, to allow it to communicate using IPSec. Once the policy is active, Telnet traffic from all other servers will be blocked and secure communication using IPSec only will be allowed between Serv03.omnisecu.com and SERV04.omnisecu.com. Remember to update group policy using gpupdate command. In this lesson you have learned how to assign an Internet Protocol Security (IPSec) policy This lesson explains how to configure Internet Protocol Security (IPSec) Integrity and Encryption algorithms in Windows 2003. If you select "Negotiate Security", you can specify you require Authetication Header (AH), Encapsulating Security Payload (ESP) or both. You can also specify the encryption algorithm (DES or 3DES) and the integrity algorithm (MD5 or SHA1). Click "Add" in the "Edit Rule Properties" dialog box. Selct "Negotiate Security" in the "New Filter Action" dialog box and Click "Add". You can select either Authetication Header (AH), Encapsulating Security Payload (ESP) or both here. "Integrity and encryption" will enable ESP with data integrity and confidentiality. "Integrity only" will enable ESP with only data integrity. You can select "Custom" to customize your IPSec protocols and algorithms. Select "Custom" radio button and click "Settings". You can select IPSec protocols Authentication Header (AH), Encapsulating Security Payload (ESP) or both in this dialog box. If you select Authentication header, you need to select an Integrity Algorithm also (MD5 or SHA1). If you select Encapsulating Security Payload, you need to select both Integrty Algorithm(MD5 or SHA1) and encryption algorithm (DES or 3DES). In the "Session key settings", you can specify an intervel to generate a new session key. Reducing this value will increase your security, but decrease the performance. The interval can be specified in data size (Kilobytes) or seconds. Session key generation process will be started whichever come first. In this lesson, you have learned how to configure Internet Protocol Security (IPSec) Integrity and Encryption algorithms in Windows 2003.