- Pandas-Python library
- Beautiful Soup-Python Library
Ruby on Rails
Unreal Engine Blueprints
- Autodesk Maya
- in game payments, in game advertising
HTML tutorial HTML Reference
CSS Style Sheets
CSS Tutorial, CSS3
SQL database calls
Network security is a complex and constantly evolving field. Practitioners must stay on top of new threats and solutions and be proactive in assessing risk and protecting their networks. The first step to understanding network security is to become acquainted with the actual threats posed to a network. Without a realistic idea of what threats might affect your systems, you be unable to effectively protect them. It is also critical that you acquire basic understanding of the techniques used by both security professionals and those who would seek to compromise your network’s security.
The Security Architecture and Models domain of the Common Body of Knowledge embodies the study of formal models for design and evaluation of systems needed for the highest levels of information security, including those that protect national secrets and other government property. The trusted computing base, or TCB, is the portion of a computer system that contains all elements of the system responsible for supporting the security policy and supporting the isolation of objects on which the protection is based. Included are mechanisms, properties, and concepts that are required for a formal evaluation prior to being used to protect resources and information.
Several evolving models of evaluation and assurance cover various aspects of confidentiality, integrity, and availability. TCSEC, otherwise known as the Orange Book, is primarily concerned with confidentiality and is based on the Bell-LaPadula model. ITSEC adds concerns about integrity and availability. The Canadian Criteria (CTCPEC) advances the work of TCSEC and ITSEC.
Access controls differentiate between identifying users of a system and authenticating them. This is done using discretionary means where an information owner decides who obtains access rights, mandatory means where the system decides access rights based on classifications and clearance, and role-based means that group people with a similar need for access together and tie access rights to the role people are assigned. Problems with passwords have led to the development of alternatives, such as tokens using one-time passwords and smart cards that use cryptography to prove a person’s identity.
DoS attacks are among the most common attacks on the Internet. They are easy to perform, do not require a great deal of sophistication on the part of the perpetrator, and can have devastating effects on the target system. Only virus attacks are more common. (And, in some cases, the virus can be the source of the DoS attack.)
Clearly, there are a number of ways to attack a target system: by Denial of Service, virus/worm, Trojan horse, buffer overflow attacks, and spyware. Each type of attack comes in many distinct variations. It should be obvious by this point that securing your system is absolutely critical. In the upcoming exercises, you will try out the antivirus programs by Norton and McAffee. There are so many ways for a hacker to attack a system that securing your system can be a rather complex task. Chapter 6 will deal with specific methods whereby you can secure your system.
Both Trojan horses and spyware pose significant dangers to your network. Trojan horses and viruses frequently overlap (i.e., a virus may install a Trojan horse). Spyware can compromise security by revealing details of your system or confidential data on the system. Adware is mostly a nuisance rather than a direct security threat. However as your computer becomes infected with more adware, such programs can eventually drain your system’s resources until your system becomes completely unusable.
The MITM attack is more difficult to interdict, since the machine in use may be trusted or commonly known keys in operating system distributions are not changed. However, strong authentication methods can be successful defeating the MITM attack. Reverse DNS look-up is not totally foolproof in ensuring the validity of source IP addresses, and it may be time-consuming. Reverse path forwarding (“Source Address Validation” in the RFC 1812 terminology) is faster because it involves a check of the local forwarding and/or route tables. It is prone to errors, however, due to asymmetrical paths in internetworks, as well as the vast quantity of public IP addresses that will map to the default route of any route table.
Identification and authentication techniques sometimes use biometric information to add further confidence that users are legitimate when attempting physical or logical access to system resources. Single sign-on and associated technologies and protocols aim to reduce the proliferation of IDs and passwords to better control the security of access control mechanisms both within and outside the organization. Industry alliances, such as the Liberty Alliance, are moving toward federated identities that permit single sign-on or reduced sign-on for e-commerce users.
Cryptography relies on two basic methods: transposition and substitution. With transposition, ciphertext is created by scrambling a message based on a shared secret key. In substitution, letters are exchanged with other letters based on a substitution pattern known by both the sender and receiver. The strength of a cryptosystem rests in the size and means used to protect cryptographic keys; in general, the longer the key, the harder it is to break the encryption. The same key can be used to both encrypt and decrypt information and is called a symmetric key, or different keys can be used for encryption and decryption and are called asymmetric keys.
Digital signatures are used in asymmetric key cryptography to protect a message’s content from disclosure, prove the integrity of a message upon receipt, and verify that the sender of the message is indeed who he or she claims to be. Digital signature technology relies on a Public Key Infrastructure for implementation and is at the heart of many commercial products that are used in modern electronic commerce.
Virtual private networks (VPN) are secure connections over the Internet that enable remote users and sites to connect to a central network. You can use PPTP, L2TP, or IPSec to create a VPN. IPSec is considered the most secure of the three. Administrators creating a VPN protocol should consider how the packets are encrypted, what sort of authentication is used, and whether the current hardware and software supports that technology. The protocols used by many common attacks are ICMP, UDP, and TCP. IP address spoofing is a serious threat, and although there are various techniques for avoidance, including reverse path forwarding, route filtering, and reverse DNS look-up exist, none are foolproof by themselves. Used in combination with other firewall methods, such as ignoring ICMP echo requests sent to broadcast addresses, it may reduce the impact of DoS attacks in which IP address spoofing is prevalent.
Each category of firewall has its own unique set of features and functionality, and you must perform a careful analysis to determine which firewall is needed in your environment. Personal firewalls are needed even in an environment where an enterprise firewall is installed, since they protect a computer from internal attacks. One economical personal firewall is available on any Windows XP system. It provides incoming protection and should be used if no other firewall will be installed on the host computer. Other personal firewalls, such as Zone Alarm, provide enhanced functionality that goes beyond the capabilities of the Windows Firewall.