2013. június 28., péntek

Host firewalls: last line of defense

Here are just a few thoughts about a host firewall which was triggered after looking at CompTIA Security+ (2011 Objectives) video. The host firewalls are software firewalls on modern OS which must not be turned off. This is a general security best practice which is to be followed by every IT System Administrator in every IT environment. Unfortunately, this totally contradicts poor Matt Hollingdale, a network and system admin from Australia, who recommended the opposite in one of our conversations for Linux iptables: "do not use it, completely turn it off. we don't need it." What are you talking about, man?!??!? Have you completely lost your mind? Did you ever learn basic OS and host security aside from networking and switching? The obvious answer is to this last question is NO. The host firewalls should have a default deny policy with explicit exceptions. You cannot rely on the network firewalls or ISP protection always, as they can be accidentally exploited. You blatantly failed in basic IT security. Please go, get some basic knowledge reinforcements, you'll desperately need it!

2013. június 17., hétfő

Where does the internet start?

It is so enjoyable that under Linux command line, you can use simple tool to find out where does the internet start! I mean, where does the DNS - domain name resolution - start. Without DNS, the Internet would halt and nobody would be able to browse. The following command will result in a simple answer to a name lookup of a SOA record. 

[qmi@localhost: ~]$ dig +short . SOA
a.root-servers.net. nstld.verisign-grs.com. 2013061701 1800 900 604800 86400
[qmi@localhost: ~]$ host a.root-servers.net
a.root-servers.net has address 198.41.0.4
a.root-servers.net has IPv6 address 2001:503:ba3e::2:30
[qmi@localhost: ~]$

 
The answer to the above lookup means that the SOA a.k.a. "start of authority" record starts at the a.root-servers.net computer which provides the domain zone for the "." domain. The "." (dot) is called the "root domain", which in the DNS hierarchy means the most top-level domain. The other result simply just an IP address entry to that highly important server (in fact, most probably it is a shared unicast load-balancer front-end that serves several back-end servers). Let's look at the top-level name servers as well by asking the NS records. This will show us the name servers responsible for the "." domain.  

[qmi@localhost: ~]$ dig +short . NS | sort
a.root-servers.net.
b.root-servers.net.

c.root-servers.net.
d.root-servers.net.
e.root-servers.net.
f.root-servers.net.
g.root-servers.net.
h.root-servers.net.
i.root-servers.net.
j.root-servers.net.
k.root-servers.net.
l.root-servers.net.
m.root-servers.net.
[qmi@localhost: ~]$



That's where it all starts :)