Showing posts with label server. Show all posts
Showing posts with label server. Show all posts

Sunday, February 9, 2014

Fine Grained Password Policy


Hey friends, today we all will deal with the one of the new concepts called as Fine Grained Password Policy, abbreviated as “FGPP”.
 
This concept is mostly used in server 2k8. We cannot assign multiple password policies on different OU within a domain. The default password policy will always override any other password policy one may try to create in different GPO and different level of linking, no matter what one can do, force the policy, block inheritance, even remove the password configuration in the default domain policy or set it to not configured.

Function of Fine Grained Policy Feature:

You can use fine-grained password policies to specify multiple password policies in a single domain and apply different restrictions for password and account lockout policies to different sets of users in a domain.

Ways to configure Fine Grained policy:

For implementing fine-grained password policies we need to perform the following steps but first we need to define the following requirements.

Parameters
Designations
Enforce password history
number of passwords to remember
Maximum password age
number of days before a password expires
Minimum password age
minimum number of days a password should not be changeable
Minimum password length
length of password
Passwords must meet complexity requirements
Enable/Disable whether password should be complex or not
Account lockout duration
Amount of time in minutes
Account lockout threshold
Amount of time in minutes
Reset account lockout counter after
Amount of time in minutes

Follow the below mentioned steps for applying the fine grained policy

         Log on to domain controllers, open ADSI Edit snap-in
  • In Start -> select Run option -> type MMC.
  • Then in File menu, select Add/Remove Snap-in.
  • Select ADSI Edit, -> click on Add -> click OK.
Read more »
Posted by at No comments:
Labels: , , , , , , , , , , ,
Location: Nashik, Maharashtra, India

Wednesday, December 11, 2013

Wireshark: One Of The Best Open-Source Packet Analyzer

Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. It is the network analysis tool which is called as “Ethereal”. Wireshark captures packets in real time and displays them in human-readable format. Wireshark includes filters, color-coding and other features that let you dig deep into network traffic and inspect individual packets.


Fig1: Logo Of Wireshark

Read more »
Posted by at No comments:
Labels: , , , , , , , , , , , , , ,
Location: Nashik, Maharashtra, India

Thursday, June 27, 2013

DNS Cache Poisoning


DNS stands for “domain name system.” Domain names are the human-readable website addresses we use every day. For example, Google’s domain name is google.com. If you want to visit Google, you just need to enter google.com into your web browser’s address bar.


Fig1: Command Prompt


However, your computer doesn’t understand where “Google.com” is. Behind the scenes, the Internet and other networks use numerical IP addresses (“Internet protocol” addresses). Google.com is located at the IP address 173.194.39.78 on the Internet. If you typed this number into your web browser’s address bar, you’d also end up at Google’s website. We use Google.com instead of 173.194.39.78 because addresses like Google.com are more meaningful and easier for us to remember. DNS is often explained as being like a phone book – like a phone book, DNS matches human-readable names to numbers that machines can more easily understand.

 Fig 2 :Poison



DNS cache poisoning, also known as DNS spoofing, is a type of attack that exploits vulnerabilities in the domain name system (DNS) to divert Internet traffic away from legitimate servers and towards fake ones. One of the reasons DNS poisoning is so dangerous is because it can spread from DNS server to DNS server. In 2010, a DNS poisoning event resulted in the Great Firewall of China temporarily escaping China’s national borders, censoring the Internet in the USA until the problem was fixed.

How DNS Works:

Whenever your computer contacts a domain name like “google.com,” it must first contact its DNS server. The DNS server responds with one or more IP addresses where your computer can reach Google.com. Your computer then connects directly to that numerical IP address. DNS converts human-readable addresses like “Google.com” to computer-readable IP addresses like “173.194.67.102″.

 

Fig3: Working Of DNS

DNS Caching

The Internet doesn’t just have a single DNS server, as that would be extremely inefficient. Your Internet service provider runs its own DNS servers, which cache information from other DNS servers. Your home router functions as a DNS server, which caches information from your ISP’s DNS servers. Your computer has a local DNS cache, so it can quickly refer to DNS lookups it’s already performed rather than performing a DNS lookup over and over again.

Fig4: DNS Caching



DNS Cache Poisoning:

A DNS cache can become poisoned if it contains an incorrect entry. For example, if an attacker gets control of a DNS server and changes some of the information on it — for example, they could say that Google.com actually points to an IP address the attacker owns — that DNS server would tell its users to look for Google.com at the wrong address. The attacker’s address could contain some sort of malicious phishing website. DNS poisoning like this can also spread. For example, if various Internet service providers are getting their DNS information from the compromised server, the poisoned DNS entry will spread to the Internet service providers and be cached there. It will then spread to home routers and the DNS caches on computers as they look up the DNS entry, receive the incorrect response, and store it.


The Great Firewall of China Spreads to the US:

This isn’t just a theoretical problem — it has happened in the real world on a large scale. One of the ways China’s Great Firewall works is through blocking at the DNS level. For example, a website blocked in China, such as twitter.com, may have its DNS records pointed at an incorrect address on DNS servers in China. This would result in Twitter being inaccessible through normal means. Think of this as China intentionally poisoning its own DNS server caches.


Fig5: The Globe

In 2010, an Internet service provider outside of China mistakenly configured its DNS servers to fetch information from DNS servers in China. It fetched the incorrect DNS records from China and cached them on its own DNS servers. Other Internet service providers fetched DNS information from that Internet service provider and used it on their DNS servers. The poisoned DNS entries continued to spread until some people in the US were blocked from accessing Twitter, Facebook, and YouTube on their American Internet service providers. The Great Firewall of China had “leaked” outside of its national borders, preventing people from elsewhere in the world from accessing these websites. This essentially functioned as a large-scale DNS poisoning attack.

The Solution:

The real reason DNS cache poisoning is such a problem is because there’s no real way of determining whether DNS responses you receive are actually legitimate or whether they’ve been manipulated.
The long-term solution to DNS cache poisoning is DNSSEC. DNSSEC will allow organizations to sign their DNS records using public-key cryptography, ensuring that your computer will know whether a DNS record should be trusted or whether it’s been poisoned and redirects to an incorrect location.
Posted by at 13 comments:
Labels: , , , , , , , , ,
Location: Nashik, Maharashtra, India
Subscribe to: Posts (Atom)