Friday, November 30, 2018

IP Spoofing (O- Level Exam)

What is IP Spoofing (IP address forgery or a host file hijack) ?


IP spoofing is the creation of IP packets with a false source IP address, for the purpose of hiding the identity of the sender or impersonating another computing system. One technique which a sender may use to maintain anonymity is to use a proxy server. IP Spoofing is analogous to an attacker sending a package to someone with the wrong return address listed. If the person receiving the package wants to stop the sender from sending packages, blocking all packages from the bogus address will do little good, as the return address is easily changed. Relatedly, if the receiver wants to respond to the return address, their response package will go somewhere other than to the real sender. The ability to spoof the addresses of packets is a core vulnerability exploited by many DDoS attacks.

----------------------------
Area of Application-:
----------------------------

IP address spoofing involving the use of a trusted IP address can be used by network intruders to overcome network security measures, such as authentication based on IP addresses. This type of attack is most effective where trust relationships exist between machines. For example, it is common on some corporate networks to have internal systems trust each other, so that users can log in without a username or password provided they are connecting from another machine on the internal network (and so must already be logged in). By spoofing a connection from a trusted machine, an attacker on the same network may be able to access the target machine without authentication.


IP address spoofing is most frequently used in denial-of-service attacks, where the objective is to flood the target with an overwhelming volume of traffic, and the attacker does not care about receiving responses to the attack packets. Packets with spoofed IP addresses are more difficult to filter since each spoofed packet appears to come from a different address, and they hide the true source of the attack. Denial of service attacks that use spoofing typically randomly choose addresses from the entire IP address space, though more sophisticated spoofing mechanisms might avoid unroutable addresses or unused portions of the IP address space. The proliferation of large botnets makes spoofing less important in denial of service attacks, but attackers typically have spoofing available as a tool, if they want to use it, so defenses against denial-of-service attacks that rely on the validity of the source IP address in attack packets might have trouble with spoofed packets. Backscatter, a technique used to observe denial-of-service attack activity in the Internet, relies on attackers' use of IP spoofing for its effectiveness.

-----------------------------------------------------

Protection from spoofing attacks-:

-----------------------------------------------------
Packet filtering is one defense against IP spoofing attacks. The gateway to a network usually performs ingress filtering, which is blocking of packets from outside the network with a source address inside the network. This prevents an outside attacker spoofing the address of an internal machine. Ideally the gateway would also perform egress filtering on outgoing packets, which is blocking of packets from inside the network with a source address that is not inside. This prevents an attacker within the network performing filtering from launching IP spoofing attacks against external machines.

It is also recommended to design network protocols and services so that they do not rely on the source IP address for authentication.

Monday, November 19, 2018

Python Introduction

Python

Python is a high level, powerful, and object-oriented programming language.
It is an interpreted scripting language. Guido Van Rossum the founder of python programming.

Learning Python Programming requires to study about installation, control statements, Strings, Lists, Tuples, Dictionary, Modules, Exceptions, Date and Time, File I/O, Programs, etc.

Python is simple and easy to learn and provides lots of high-level data structures. It is a powerful and versatile scripting language which makes it attractive for Application Development.

Python is multipurpose because it can be used with web, enterprise, 3D CAD etc.
There is no  need to use data types to declare variable because it is dynamically typed so we can write y=50 to assign an integer value in an integer variable.

Python Example

Write following code in a file and save with .py extension like hello.py.

print("hello python world!"
 
After executing.
Output:
 
hello python world!


I am presenting another very simple python program. This program takes a number as input and reverse it.

n=int(input("Enter any number: "))
rev=0
while(n>0):
    r=n%10
    rev=rev*10+r
    n=n//10
print("Reverse of the number=",rev)
 

Python Version

Python is updated regularly with new features and supports
A list of python versions with its released date is given below from 1994.
 
Python VersionReleased Date
Python 1.0January 1994
Python 1.5December 31, 1997
Python 1.6September 5, 2000
Python 2.0October 16, 2000
Python 2.1April 17, 2001
Python 2.2December 21, 2001
Python 2.3July 29, 2003
Python 2.4November 30, 2004
Python 2.5September 19, 2006
Python 2.6October 1, 2008
Python 2.7July 3, 2010
Python 3.0December 3, 2008
Python 3.1June 27, 2009
Python 3.2February 20, 2011
Python 3.3September 29, 2012
Python 3.4March 16, 2014
Python 3.5September 13, 2015
Python 3.6December 23, 2016
Python 3.6.4December 19, 2017

Friday, November 16, 2018

Various Problem solving Approach (Divide and Conquer, Trial and Error and Brain Storming)

Problem solving methods

1.Divide and Conquer
----------------------------

A typical Divide and Conquer algorithm solves a problem using following three steps.

1. Divide: Break the given problem into subproblems of same type.
2. Conquer: Recursively solve these subproblems
3. Combine: Appropriately combine the answers

Following are some standard algorithms that are Divide and Conquer algorithms.

1) Binary Search is a searching algorithm. In each step, the algorithm compares the input element x with the value of the middle element in array. If the values match, return the index of middle. Otherwise, if x is less than the middle element, then the algorithm recurs for left side of middle element, else recurs for right side of middle element.

2) Quicksort is a sorting algorithm. The algorithm picks a pivot element, rearranges the array elements in such a way that all elements smaller than the picked pivot element move to left side of pivot, and all greater elements move to right side. Finally, the algorithm recursively sorts the subarrays on left and right of pivot element.

3) Merge Sort is also a sorting algorithm. The algorithm divides the array in two halves, recursively sorts them and finally merges the two sorted halves.

2.Trial and Error
---------------------

Trial and error is a problem solving method in which multiple attempts are made to reach a solution. It is a basic method of learning that essentially all organisms use to learn new behaviors. Trial and error is trying a method, observing if it works, and if it doesn't trying a new method. This process is repeated until success or a solution is reached.

For example imagine moving a large object such as a couch into your house. You first try to move it in through the front door and it gets stuck. You then try it

through the back door and it doesn't fit. You then move it through the double patio doors and it fits! You just used trial and error to solve a problem. Edward
Trial and error is also a heuristic method of problem solving, repair, tuning, or obtaining knowledge. In the field of computer science, the method is called

generate and test. In elementary algebra, when solving equations, it is "guess and check".

This approach can be seen as one of the two basic approaches to problem solving, contrasted with an approach using insight and theory. However, there are intermediate methods which for example, use theory to guide the method, an approach known as guided empiricism.


3.Brain Storming
-----------------------

Brainstorming is a popular idea invention and problem solving technique. Brainstorming is a method that is used by leaders and managers when they need to deal with complex problems. Brainstorming helps when there is need to manifest the next steps in difficult situations.
Brainstorming is a group or individual creativity technique by which efforts are made to find a conclusion for a specific problem by gathering a list of ideas spontaneously contributed by its member(s).

Brainstorming can be very helpful in the decision making of our daily life. I Brainstorm when need to find a creative idea or solutions for a problem. There are many steps and definitions are available on the internet for Brainstorming.

Brainstorming helps:
When you stuck with a problem and you are not able to find any solutions.
When multiple ways lead to the same destination, Brainstorming help us find the best.
When priorities are not clear and you do not know which step is to take first.
When you need to discover the relationship between different activities of a problem.
When you need to find a creative approach or Idea.
When you want to manifest the conflicts between the thoughts/activities regarding some problem.
When you are not able to conclude a final decision.

Steps to Brainstorming:
------------------------------
Plan Brainstorming Session: Plan the activities you want to cover in the session. You can brainstorm individually or this can take place in-group. It is good to have 4 to 6 people at most. Make a Plan who is going to participate and let them know in advance. It will make sure that everyone has already done some research. Choose a peaceful place. Have a pen, paper and documents/tools having pitch of the problem. Set a fixed timeline such as half or one hour. Stay awayfrom mails and Silent your phone. Make sure no distraction is there during the session.
Prepare a Graph or Structure: Write down the problem and available options. This is the most important thing. Prepare an Activity chart or Affinity Diagrams. Affinity diagrams are my favourite way to organize information. They help sort out common ideas into one theme. It helps when multiple activities are messing with each other.
Discuss the problem, but Focus on the solution: Now discuss about the problem and available options. Focus on a single set of theme or ideas that is most important first. Consider everyone’s opinion. Let each of them brainstorms. Make a List of the pros and cons of each choice. It helps appropriate decision-making later.
Take a break and open up minds: A short break of 5 minutes refreshes mind and helps us to detach from the problem. It helps us to come up with an efficient solution. Cool down and Take a glass of water.
Focus on Priorities: Draw the relationship between various tasks. Classify the dependent and independent tasks. Keep independent task at different place and draw dependent tasks into an organized chart together as displayed in the Wiki. It assists us assigning priority to task on which other tasks are dependent.
Finalize the solution: You should be good to take a decision based on the priorities, pros and cons of various options available. I believe you will be able to find some new ideas in the brainstorming session as well. Choose the creative one. As Salvador Dali said, “Have no fear of perfection, you’ll never reach it”.
Action Steps: Write down the next action steps. Assigning some timeline ensures faster process in execution. If you are not able to conclude a decision, you have a clear and reasonable perspective now. Therefore, do some more research and plan another session to brainstorm. Yeah, it is worth it.


Tuesday, November 13, 2018

Internet Technologies and Web Design (Important Questions)

1. What is Internet? Write five features of Internet.

2. What is e-mail? Explain about following e-mail protocols-

i. SMTP (ii). POP3 (iii). IMAP4 and (iv). MIME.

3. Differentiate between LAN, MAN and WAN.

4. What is Cyber Crime (Internet Crime). Write about three cyber crimes.

5. Explain Internet, Intranet and Extranet.

6. What is ISDN, expalin its applications.

7. Explain Web Client, Web Server and Web Cookies and Session.

8. Explain Internet Protocols - (i).TCP   (ii). IP   (iii). UDP  (iv). ICMP  and (v) ARP

9. What is Network Topology? Explain (i). Bus  (ii). Star  (iii). Ring and (iv) Mesh.

10. What do you mean by communication media? Explain (i). Twisted pair cable (ii). Coaxial cable  (iii). Fiber Optic cable.

11. What is FDDI , SONET and ATM?

12. Explain Ethernet, CSMA/CD and token ring.

13. Write short notes on...
(i). IRC  (ii). TELNET  (iii). FTP  (iv). Usenet (v). Search engines.

14. What is network Security? Explain four security mechanisms.

15. What is firewall? Explain types of firewall.

16. Write short notes on following
(i). Java  (ii). ActiveX  (iii). javaScript  (iv). Internet Phone (v). Video Conferencing  (vi). SGML (vii). CGI (viii) . PKI.

17. Explain e-mail structure? Give Five advantages of e-mail.

19. Differentiate between synchronous and asynchronous transmission mode.

20. Explain client/server and peer to peer connectivity?

21. What is web publishing? Write components of web publishing.

22. What are major design issues and consideration while designing a website.

23. What is document management? Write functions of document management.

24. What is copy right? Explain.

25. What is directory and spider in search engine tools?

(continued...)(Follow bhi kariye)





Saturday, May 26, 2018

Firewall and its type


What is a Firewall? Explain Hardware and Software Firewall
Firewall
Firewall is a software or hardware or combination of both hardware and software. A private network (LAN) connected to the internet is in high risk to intrusion by unauthorized users on the internet. To protect the information from being leaked, all the messages or communication entering or leaving the private network must pass through a firewall which authenticates the traffic based on set policies or security criteria. Firewall is system that protects a private network from internet by filtering the incoming and outgoing messages based on security mechanism as set by administrator. The firewall can be a software application or it can be in the form of a hardware device.
Hardware Firewall
It is a hardware device that is placed between internet and intranet (LAN). It is a standalone device that is configured to protect multiple systems in an organization. An example of a simple hardware firewall is a broadband router and there are professional high-cost hardware firewalls also called UTM (unified threat management) that provides a single management console to monitor various security related applications. UTM firewall provides intrusion protection, anti-virus, anti-malware, spam, VPN and content filtering in a single console. Only IT professionals can configure and manage these UTM firewalls


Software Firewall
For a home or small networks, you can use software firewalls which can be installed on individual systems or a server. Software firewalls are easy to install and update as compared to their hardware counterparts. Even if there is a hardware firewall installed in your office, you must install a software firewall since a hardware firewall works only in your office (LAN) and if you are traveling or working outside your office, it is the software firewall that will provide protection to your system from external threats.
A basic software firewall is available free with windows operating system but you can also buy advanced software firewalls like McAfee, Norton Internet security, Bitdefender internet security or Kaspersky internet security.
Types of Firewall

Packet filtering firewalls 

This firewall doesn't route packets, but instead compares each packet received to a set of established criteria -- such as the allowed IP addresses, packet type, port number, etc. Packets that are flagged as troublesome are, generally speaking, unceremoniously dropped -- that is, they are not forwarded and, thus, cease to exist. This, the original type of firewall, operates inline at junction points where devices such as routers and switches do their work.

 Circuit-level gateways 

Using another relatively quick way to identify malicious content, these devices monitor the TCP handshakes across the network as they are established between the local and remote hosts to determine whether the session being initiated is legitimate -- whether the remote system is considered trusted. They don't inspect the packets themselves, however.

Stateful inspection firewalls

State-aware devices, on the other hand, not only examine each packet, but also keep track of whether or not that packet is part of an established TCP session. This offers more security than either packet filtering or circuit monitoring alone, but exacts a greater toll on network performance.
A further variant of stateful inspection is the multilayer inspection firewall, which considers the flow of transactions in process across multiple layers of the ISO Open Systems Interconnection seven-layer model.

Application-level gateways 

This kind of device, technically a proxy, and sometimes referred to as a proxy firewall, combines some of the attributes of packet filtering firewalls with those of circuit-level gateways. They filter packets not only according to the service for which they are intended -- as specified by the destination port -- but also by certain other characteristics, such as the HTTP request string.
While gateways that filter at the application layer provide considerable data security, they can dramatically affect network performance.

Friday, May 4, 2018

OBJECT ORIENTED PROGRAMMING

First thing, which I will say about any computer program is that, any program consists of data and the functions operated over data.
Object oriented programming is programming approach where both data and functions (operations) of program  is considered into a single and combine unit.
--------------------------------------------------------- 
Why we combine both Data and Functions
--------------------------------------------------------
The first thing behind this is to provide security to data i.e. data must be accessed by functions of program only and nowhere else.
To achieve this we declare data as private(This is termed as data hiding). 
The second thing is abstraction. Abstraction is the process of hiding how functions are implemented and providing a medium/way to access these functions.

The above two is possible only, if we think a program as bundle of data and operations over data. This program bundle is called an object.

To achieve power of object oriented technique, we should better understand classes and objects. Classes and objects are very basic to understand as beginner in oops.

Concept Class and its Objects-
---------------------------------------

To understand what a class is, lets take an example, suppose a company want to manufacture mobile and also suppose there is no mobile present right now. Company conducts a meeting with their staff members and discuss about Mobile. While discussion the features of  mobiles are told to every one. The properties and behaviors of mobile is  told.