azure,  cmd,  Information,  linux,  Networking and Security

System Administrator

Develop fast. Stay secure

Snyk | Developer security | Develop fast. Stay secure.

Open Web Application Security Project

OWASP Top Ten Web Application Security Risks | OWASP

SETSPN -a host/alias_name targetserver
SETSPN -a host/alias_name.contoso.com targetserver

Can’t access SMB file server – Windows Server | Microsoft Docs

Tcp viewer or

netstat -ano | find “1234” | find “LISTEN”

How can I check if an application is listening on a port and the application’s name (ibm.com)

Computer Networking A TOP-DOWN APPROACH 5ed (James F.Kurose, Keith W.Ross)

WIRESHARK LABS

“Tell me and I forget. Show me and I remember. Involve me and I understand.”
Chinese proverb

Jim Kurose Homepage (umass.edu)

Labs:

HTTP, DNS, TCP, UDP, IP, NAT, DHCP, ICMP, Ethernet and ARP, 802.11 WiFi, SSL (currently being updated to TLS), Trace files(new trace files for 8.1; same trace files for 7, 8.0)

RFC Sourebook

Well known ports

Well known ports, 3000 to 3999 (networksorcery.com)

3020 = CIFS (FS)

Words and concepts

OSI ModelThe OSI Model (Open Systems Interconnection Model) is a conceptual framework used to describe the functions of a networking system. The OSI model characterizes computing functions into a universal set of rules and requirements in order to support interoperability between different products and software. In the OSI reference model, the communications between a computing system are split into seven different abstraction layers: Physical, Data Link, Network, Transport, Session, Presentation, and Application.
1.Physical LayerTransmits raw bit stream over ther physical medium.
Electrically or optically transmitting raw unstructured data bits across the network from the physical layer of the sending device to the physical layer of the receiving device
2.Data Link Defines the format of data
Directly connected nodes are used to perform node-to-node data transfer where data is packaged into frames. The data link layer also corrects errors that may have occurred at the physical layer.
The data link layer encompasses two sub-layers of its own. The first, media access control (MAC), provides flow control and multiplexing for device transmissions over a network. The second, the logical link control (LLC), provides flow and error control over the physical medium as well as identifies line protocols.
3.NetworkDecides which physical path the data will take.
The network layer is responsible for receiving frames from the data link layer, and delivering them to their intended destinations among based on the addresses contained inside the frame. The network layer finds the destination by using logical addresses, such as IP (internet protocol). At this layer, routers are a crucial component used to quite literally route information where it needs to go between networks.
4.TransportTransmits data using transmission protocols including TCP and UDP.
The transport layer manages the delivery and error checking of data packets. It regulates the size, sequencing, and ultimately the transfer of data between systems and hosts. One of the most common examples of the transport layer is TCP or the Transmission Control Protocol.
5.Session Maintains connections and responsible for controlling ports and sessions.
The session layer controls the conversations between different computers. A session or connection between machines is set up, managed, and termined at layer 5. Session layer services also include authentication and reconnections.
6.Presentation Ensurs that data is in a usable format and is where data encryption occurs.
The presentation layer formats or translates data for the application layer based on the syntax or semantics that the application accepts. Because of this, it at times also called the syntax layer. This layer can also handle the encryption and decryption required by the application layer.
7.Application Human-computer intreaction layer, where applications can access the network service.
At this layer, both the end user and the application layer interact directly with the software application. This layer sees network services provided to end-user applications such as a web browser. The application layer identifies communication partners, resource availability, and synchronizes communication.

ref
What is the OSI Model? The 7 Layers Explained | Forcepoint
HubPhysical Layer device (Layer 1), a hub links lengths of network cable, the hub is a box with an array of network cable sockets on it.
Any signal passing down one of those cables enters the hub. The hub then copies that signal onto all of the other cables plugged into it.
Hubs don’t offer any processing power. They just copy any incoming data onto all the other connected cables.
Hubs cut costs because they don’t need any complicated on-board computing power or operating system. However, they also create a lot of traffic.
The main problem with a hub is that it can slow down traffic if it has a lot of cables connected to it. This is because it can only process one incoming data stream at a time and copying that incoming data is inevitably going to take a little time. The more endpoints that are connected to the hub, the more likely it is that several of them will want to send data at the same time. To head off this performance limit, manufacturers usually produce hubs with only four or five ports.

Alternatives to hubs: switch
SwitchData Link Layer device (Layer 2), Switches are the most widely encountered devices on networks. This is because they were originally designed to connect together links on private networks while routers are meant to connect networks together.
A switch operates in the same way but with one important difference – it only copies incoming data onto one connected cable. This straightforward difference drastically cuts down on network traffic.
The switch associates an address with each of its ports. Switches manage data frames, which have headers that contain source and destination addresses. Those addresses relate to the network card on the other end of each cable that is plugged into the switch. Each network card is embedded into an endpoint, such as a PC or a printer. The addresses are called MAC addresses – MAC stands for “media access controller.”
Switches are efficient. They produce much less network traffic than hubs and they specialize in linking together devices rather than connecting whole networks, like routers.
RouterNetwork Layer device (Layer 3), are specialized at sending data between networks. That doesn’t necessarily mean that they only work with transmissions off-site because some office networks are made up of a series of interconnected LANs. Routers are needed to power the internet – there are no switches involved in getting data across the internet.
While hubs don’t really pay any attention to addresses and switches work with MAC addresses, routers operate with IP addresses.
Routers are particularly useful as gateways to networks, standing at the exchange point with the internet. The operating area of a router defines an address space, so concepts such as the Dynamic Host Configuration Protocol (DHCP), the Domain Name Service (DNS), and IP address management all pertain to one physical router on a network. A router is able to translate between address spaces. It enables a business to be represented by one public IP address while managing many addresses on the private LAN.
The router is able to track interactions between devices on the LAN and the outside world by managing a Network Address Translation (NAT) system.

ref
Hub Vs Switch Vs Router: Choosing the right device for the task! (comparitech.com)
Inbound Inbound firewall rules define the traffic allowed to the server on which ports and from which sources. If no inbound rules are configured, no incoming traffic is permitted.
Inbound rules: These are to do with other things accessing your computer. If you are running a Web Server on your computer then you will have to tell the Firewall that outsiders are allowed to connect to it.
Inbound means someone else from outside of your computer initiate the connection to your computer, so the traffic starts flowing inward to your machine
Inbound rules filter traffic passing from the network to the local computer based on the filtering conditions specified in the rule.
Outbound Outbound firewall rules define the traffic allowed to leave the server on which ports and to which destinations. If no outbound rules are configured, no outbound traffic is permitted.
Outbound rules: These are so that you can let some programs use the Internet, and Block others.
Outbound means you initiate the connection and the traffic starts flowing outward of your computer to the destination you intended. Example you connect to a server.
Conversely, outbound rules filter traffic passing from the local computer to the network based on the filtering conditions specified in the rule.
Computer NetworksComputer Networking A TOP-DOWN APPROACH 5ed (James F.Kurose, Keith W.Ross)
ref
Computer Networks | University of Bergen (uib.no)
DNSDomain Name System (DNS) translates
hostnames to IP addresses
, fulfilling a critical role in the Internet infrastructure.
nslookup (query any specified DNS server for a DNS record), ipconfig (for Windows) and ifconfig (for Linux/Unix) are among the most useful little
utilities in your host, especially for debugging network issues.
ipconfig /all
ipconfig /displaydns (to see cached host (a host can cache DNS records it recently obtained))
ipconfig /flushdns (flushing the DNS cache clears all entries and reloads the entries from the hosts file)
NATNetwork Address Translation (NAT) is the process where a network device, usually a firewall, assigns a public address to a computer (or group of computers) inside a private network. The main use of NAT is to limit the number of public IP addresses an organization or company must use, for both economy and security purposes.
DHCPDynamic Host Configuration Protocol (DHCP) is a client/server protocol that automatically provides an Internet Protocol (IP) host with its IP address and other related configuration information such as the subnet mask and default gateway.
Every device on a TCP/IP-based network must have a unique unicast IP address to access the network and its resources. Without DHCP, IP addresses for new computers or computers that are moved from one subnet to another must be configured manually; IP addresses for computers that are removed from the network must be manually reclaimed.
With DHCP, this entire process is automated and managed centrally. The DHCP server maintains a pool of IP addresses and leases an address to any DHCP-enabled client when it starts up on the network. Because the IP addresses are dynamic (leased) rather than static (permanently assigned), addresses no longer in use are automatically returned to the pool for reallocation.
ICMP (ping)The Internet Control Message Protocol (ICMP) is a network layer protocol used by network devices to diagnose network communication issues. ICMP is mainly used to determine whether or not data is reaching its intended destination in a timely manner. Commonly, the ICMP protocol is used on network devices, such as routers. ICMP is crucial for error reporting and testing, but it can also be used in distributed denial-of-service (DDoS) attacks.
The primary purpose of ICMP is for error reporting. When two devices connect over the Internet, the ICMP generates errors to share with the sending device in the event that any of the data did not get to its intended destination. For example, if a packet of data is too large for a router, the router will drop the packet and send an ICMP message back to the original source for the data.
DCA domain controller is a server that responds to authentication requests and verifies users on computer networks. Domains are a hierarchical way of organizing users and computers that work together on the same network. The domain controller keeps all of that data organized and secured.
The domain controller (DC) is the box that holds the keys to the kingdom- Active Directory (AD).
A RECORD
CNAME
The A record points a name to a specific IP.
If you want blog.dnsimple.com to point to the server XXX.XX.1XX.133 you’ll configure:

blog.dnsimple.com. A XXX.XX.XX.133

The CNAME record points a name to another name instead of to an IP.
The CNAME source represents an alias for the target name and inherits its entire resolution chain.

blog.dnsimple.com. CNAME aetrion.github.io.
aetrion.github.io. CNAME github.map.fastly.net.
github.map.fastly.net. A XXX.XX.XX.133

An A record points a name to an IP.
A CNAME record can point a name to another CNAME or to an A record.

Ubuntu system administrator

20 Things to Know for Becoming a Successful Linux System Administrator (ubuntupit.com)

  • Setting Up The Environment
  • Managing Users and Groups
  • Installing and Configuring Packages
  • You should have a well understanding of Linux Cron jobs alongside standard package managers like apt, dpkg, yum, and packman
  • https://www.ubuntupit.com/how-to-install-software-in-ubuntu-linux-a-complete-guide-for-newbie/
  • Linux Shells (Bash)
  • Linux Filesystem
  • https://www.ubuntupit.com/everything-you-need-to-know-about-the-linux-file-system/
  • Configuring and Managing Networks (ifconfig, ip, netstat etc)
  • https://www.ubuntupit.com/useful-linux-network-commands-for-modern-sysadmins/
  • Managing Data Storage (RAID, NAS, SAN)
  • Virtualization Technologies
  • Managing Backups (Bacula, Amanda, Rsync…)
  • https://www.ubuntupit.com/best-backup-software-for-linux/
  • Disaster Recovery
  • Security Management
  • Hardware Management
  • Memory Management
  • Automation
  • Troubleshooting
  • This is why we suggest beginners complete
  • https://www.ubuntupit.com/best-linux-certifications-and-courses/
  • Monitoring (top/htop resource monitor, df for file system etc)
  • Documentation
  • Communication
  • Education
  • Certifications

Comments Off on System Administrator