-
Mutual TLS (mTLS) and RFC 6125
What is mTLS? | Mutual TLS | Cloudflare TLS works using a technique called public key cryptography, which relies on a pair of keys — a public key and a private key. Anything encrypted with the public key can be decrypted only with the private key. Therefore, a server that decrypts a message that was encrypted with the public key proves that it possesses the private key. Anyone can view the public key by looking at the domain’s or server’s TLS certificate. In mTLS, however, both the client and server have a certificate, and both sides authenticate using their public/private key pair. Client connects to server Server presents its TLS…
-
401 access denied win server (iis), Local Security Policy
Do you have issues with security on a fresh windows server when trying to access http(s)://serverroot = IIS Admin access with admin accounts works, since they will default be in group: Check Local Security policy->User Rights Assignment->Allow log on locally Check Local Security policy->User Rights Assignment->Deny log on locally Domain account no admin access does not default work if GPO has been set high: Check Local Security policy->User Rights Assignment->Access this computer from network Check Local Security policy->User Rights Assignment->Deny access this computer from network
-
Packet Sniffers
Packet Sniffers: What Are They? Alongside Some Great Packet Sniffing Tools 10 Best Packet Sniffers – Comparison and Tips – DNSstuff Home | TCPDUMP & LIBPCAP WireShark Packet Sniffer SmartSniff Microsoft Message AnalyzerVery effective in troubleshooting network issues and verifying protocol implementation.The Microsoft Message Analyzer tool has been retired Network MinerIt is used by many organizations around the world for years and is a trustworthy option amongst many. https://www.netresec.com/?page=NetworkMiner NetworkMinerNetworkMiner is an open source Network Forensic Analysis Tool (NFAT) for Windows (but also works in Linux / Mac OS X / FreeBSD). NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions,…
-
MSA Account
Account types supported for the PI AF service (osisoft.com) Domain user accountIf the service interacts with network services or accesses domain resources like file shares on other computers, consider using a minimally-privileged domain account. A domain administrator must create the account before the AFService can be configured to use the account. Local user accountIf the computer is not part of a domain, a local user account can be used. We recommend that the account not have administrator permissions. Local Service accountThe Local Service account is a built-in low-privilege account. Its limited access helps safeguard the system if individual services or processes are compromised. Services that run as the Local Service…
-
RFC-6125 TLS, MTLS
Representation and Verification of Domain-Based Application ServiceIdentity within Internet Public Key Infrastructure Using X.509 (PKIX)Certificates in the Context of Transport Layer Security (TLS) Likewise, during TLSnegotiation, the server presents its notion of the service’s identityin the form of a public-key certificate that was issued by acertification authority (CA) in the context of the Internet PublicKey Infrastructure using X.509 [PKIX]. Informally, we can think ofthese identities as the client’s “reference identity” and theserver’s “presented identity” RFC 6125 – Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS) (ietf.org) Use Cases and Requirements for DNS-Based Authentication…
-
System Administrator
Develop fast. Stay secure Snyk | Developer security | Develop fast. Stay secure. Open Web Application Security Project OWASP Top Ten Web Application Security Risks | OWASP SETSPN -a host/alias_name targetserverSETSPN -a host/alias_name.contoso.com targetserver Can’t access SMB file server – Windows Server | Microsoft Docs Tcp viewer or netstat -ano | find “1234” | find “LISTEN” How can I check if an application is listening on a port and the application’s name (ibm.com) Computer Networking A TOP-DOWN APPROACH 5ed (James F.Kurose, Keith W.Ross) WIRESHARK LABS “Tell me and I forget. Show me and I remember. Involve me and I understand.”Chinese proverb Jim Kurose Homepage (umass.edu) Labs: HTTP, DNS, TCP, UDP,…
-
5 min Azure Active Directory and IAM
Active Directory Add a user: Azure Active Directory->Users->New User: Create user in organization (youmail.onmicrosoft.com) or invite user We will create a user jimmy with no permission yet. Assign roles to jimmy by built in groups and access. Directory roles, it is a long list Or make a group and add jimmy to the group IAM (Access control to that particular resource) Here we have a vnet Let’s check IAM and assign jimmy to it. We add reader We add jimmy to the role And we review + assign
-
Capture traffic wireshark
Stuck on robocopy with errors like System error 64 has occurred or 53? What protocol is your system really running robocopy in? Smb, smb1, smb2/3 https://docs.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3 Even if Test-NetConnection (pshell) returns true does not mean that everything is ok, especially if you specified paloalto application like xxx-smbv3 when it is actually something else… smb1 or 2….. Download https://www.wireshark.org/ Do the following to capture the traffic: Step1 with pshell (on the vm that runs the robocopy script): Step2 (on the vm that runs the robocopy script):run robocopy file or cmd or what ever Step3 with pshell (on the vm that runs the robocopy script): Step4:View the logs file for information about…
-
Python multicasting UDP wireshark
https://www.wireshark.org/ A multicast address is a logical identifier for a group of hosts in a computer network that are available to process datagrams or frames intended to be multicast for a designated network service. Multicast addressing can be used in the link layer (layer 2 in the OSI model), such as Ethernet multicast, and at the internet layer (layer 3 for OSI) for Internet Protocol Version 4 (IPv4) or Version 6 (IPv6) multicast. Point-to-point connections handle a lot of communication needs, but passing the same information between many peers becomes challenging as the number of direct connections grows. Sending messages separately to each recipient consumes additional processing time and…
-
Python network client and server using socket
So today I bought the course from udemy: Mastering Python – Networking and Security. The first lessons is about Python 2 vs 3, standard Python, console, running scripts, variables, loops, scoping, subroutines, system calls etc, a new refresh with code and videos. Moving on….. Networking section 3: 22: Network byte order: Endian describes how the order order in a multi-byte digital integer is arranged, more specifically whether they are read from right to left or left to right. The term is usually used in the two variants Big Endian and Little Endian. The term originated originally from Jonathan Swift’s novel Gullivers travels from 1726. The novel described the tension in…