Internet Technology (AS21)

it is the core configuration of the apache maven project

it is a single XML-based configuration file that contains the majority of information required to build a project

it contains

1. project identification
2. project version
3. project description
4. build settings
5. dependencies

@Autowired marks field, a constructor or setter method to be @autowired by spring dependency injection

JSR 330 @Inject annotation is equivalent to spring @autowired

• there are frequent situations when the application requirest o run custom code while starting up
• since @component class is scanned during the application start, a method annotated by @postConstruct will execute after all services are initialized.
• there are several ways to do that in spring. 

@Repository indicates that an annotated class is a repository, which is an abstraction of data access and storage

DAO (Data Access Objects) or Repository classes usually represent the database access layer in an application

•  @Configuration indicates that a class is a configuration class that may contain @Bean definitions.
• The @Bean can then be injected resp. @Autowired somewhere.
• @Bean annotation tells that a method produces a bean to be managed by the Spring container.
• @Bean is a method-level annotation and has an implicit @Scope("singleton") default value.

A @SpringBootApplication annotation can be used to enable those three features, that is: 

• @EnableAutoConfiguration: enable Spring Boot’s autoconfiguration mechanism.
• @ComponentScan: enable @Component scan on the package where the application is located.
• @Configuration: allow to register extra beans in the context or import additional configuration classes.

• injection means tricking an application into including unintended commands in the data set to an interpreter
• interpreters take strings and interpret them as commands (SQL, os shell, ldap...etc)
• SQL injection is still quite common. many applications still susceptible even though it is usually very simple to avoid
• typical impac is usually severe. entire db can be read or modified. 
• How it works
  1. application presents a form to the attacker
  2. attacker sends an attack in the form data
  3. application forwards attack to the database in a SQL query
  4. database runs query containing attack and sends encrypted results back to application
  5. application decrypts data as normal and sends results to the user

an application is vulnerable to attack when user-supplied data is not validated, filtered, or sanitized by the application and dynamic queries or non-parameterized calls without context-aware escaping are used directly in the interpreter

how to prevent that is to require keeping data separate from commands and queries. the preferred option is to use a safe API /object-relational mapping tool such as jPA. and for any dynamic queries, escape special characters. 

• Http is a "stateless" protocol means credentials have to go with every request and you should use SSL for everything requiring authentication
• session management flaws are SESSION ID used to track state since hTTP doesn't and it is just as good as credentials to attackers. it is typically exposed on the network , browser, logs. 

verify your architecture: 

1. authentication should be simple, centralized, and standarized
2. use the standard session id provided by your container
3. be sure SSL protects both credentials and session id at all times

verify the implementation

1. forget automated analysis approaches
2. check your SSL certificate
3. examine all the authentication-related functions
4. verify that logoff actually destroys the session

XSS occurs any time raw data from attackers is sent to an innocent user's browser. 

Raw data stored in database, reflected from web input, sent directly into rich js client

• Sensitive information such as passwords, access tokens, database credentials etc., should be handled with care.
• A good practice is to store secrets in a vault such as Vault by HashiCorp (vaultproject.io).
• Another (may not be an optimal) possibility would be to keep secrets out of your source code and version control (.gitignore !!).
• An application-local.yml containing a plaintext secret must be ignored by git.
• A secret can also be provided by an environment variable (e.g. in Heroku)
• A secret can then be injected into a variable.

• Framework is a formatted structure, which may have both your code and library file. this describes a given structure of "how" you should present your code
• Library is simply a collection of functions wrapped up tino a package that can be imported into a code project and re-used. 

The key difference between a library and a framework is inversion of control. when you call a method from a library, you are in control but with a framework the control is inverted: the framework calls you

Templating is a way to compse out of components (partial-views) a main template and a way to interpolate (bind) data withing a template (or partial-viel/component)..and getting a resulting view. 

Model view controller. is one of the most widespread and influential patterns. it is an architectural pattern and not a design matter. 

• protocol: the protocol defines a common set of rules and signals that computers on the network use to communicate. E.g. Internet Protocol (IP)
• topology: The physical and logical arrangements on how different components of a network communicate with each other.
• architecture: Networks can be broadly classified as using either a peer-to-peer or client/server architecture.

Computers on a network are sometimes called nodes. Computers and devices that allocate resources for a network are called servers.

The protocol defines a common set of rules and signals that computers on the network use to communicate. E.g. Internet Protocol (IP)

In Computer Communications:

• Some kind of physical connection is required between communicating parties (e.g. nodes)
• Both parties need to know the shared protocol

These rules exists also in “Human Communication” and answer to three main questions:

•What/How/When is it communicated?

Links in the form of physical connections. The transmission media in networks. three main categories with examples. 

Wired

• Coaxial e.g. TV antennas
• Twisted Pair Cables
• Optical Fiber
• USB cables
• Power lines

Wireless

• Bluetooth
• Wi-Fi

Bus simple and cheap wiring bottleneck on cable

• Common transmission media
• all nodes broadcast signals to all
• Bidirectional. 

Ring network failure possible due to failure of one station

• common media, but in a closed loop
• passes a token
• unidirectional

Star  , a Switch as a single point of failure

• hub or switch in the central node
• pass to stwich
• centralized management. 

others: point-to-point, mesh, three and hybrid. 

The Open System interconnection model is a conceptual model for defining and standardizing network communication mechanisms. there are 7 abstract layers. each layer has its distinct functionality. provides an interface for its predecessor and successor. 

Functional details are hidden within the current layer so that the next layer is not required to have knowledge about its predecessor and successor ( other than the standardized interfaces)

Every layer can add its own header to a data package to transfer management information. these headers are only used by the corresponding layer on the other machine

The TCP/IP Model simplified the classical OSI Model and effectively replaced it. but 

Keep in mind:

•These are not an architecture

•They do not establish which services or protocols to use.

•It suggests what each level should do.

1. Application
   1. Applications, protocols and services that interface with the end user
   2. data is formatted, converted, encrypted decrypted compressed and decompressed and sent or presented to the user
   3. open, close and manage a session between end user application processes
2. Transport
   1. Facilitates end-to-end communications between multiple applications simultaneously (ports)
   2. reliable and unreliable end-to-end data transport and data stream services (TCP, UDP, SCTP)
   3. Connection-oriented, connectionless communications, and data stream services (session establishment and termination)
3. Internet
   1. provide host addressing (IP)
   2. choose the best path to the destination network (Routing)
   3. Switch packets out of the correct interface (Forwarding)
   4. Maintain quality of service (QoS)
   5. Connectionless end-to-end networking
4. Network (Access)
   1. In L2 there are 2 sublayers: logical link control (LLC,802.2) provides services to the upper layers and physical addressing (media access control addresses) 
   2. error checking (CRC)
   3. L1: frames get encoded in sequences of bits, depending on the Links (physical connections) e.g. light pulses, electricity, radio waves..

In layered systems, PDU represents a unit of data specified in the protocol of a given layer, which consists of protocol control information and user data. 

1. Data is just data
2. Segments contain Transport header + Data
3. Packets contain Network Header + transport header + data
4. Frames contain Frame Header+Network Header+Transport Header+ Data+ Frame Tail
5. and bits are bits

 A firewall is a security equipment that uses security rules to control incoming and outgoing network traffic. It can physical or virtual. depending on its layer, it may filter:

• packets and connections (L4)
• Application and protocols (L7)

Routers

• Logic to forward data based on addresses between multiple networks
• router maintain a routing table (contains directions)
• A router often knows different paths to a destination and has to choose the best way from a to b
• are required for wide area networks (WAN) like the internet

Switch

• Logic to forward data based on addresses in one network or segment of a single network
• star physical typology

Repeater and Hub

• No logic, can be seen as a plain extension of the physical wiring
• A Hub has a Star physical topology BUT BUS logical topology

Circuit Switching Network: A (physical) connection is  made for a call or similar.

•Line is typically completely occupied by this one  call.

•Benefit: Simple and guaranteed bandwidth for the active call.

•Downsides: Bad network utilization and limited flexibility.

•E.g. Plain old telephone service (POTS)

Packet Switching: A call / or internet traffic is  transferred in small chunks (packages) which are  handled independently from each other.

•Line can easily be shared between multiple  logical connections and service types.

•Benefits: Better overall network utilization with more flexibility.

•Downside: Additional functionalities are needed to guarantee a decent service quality.

Internet Protocol (IP): IP is designed explicitly as addressing protocol. It is mostly used with TCP. The IP addresses in packets help in routing them through different nodes in a network until it reaches the destination system. TCP/IP is the most popular protocol connecting the networks.

• Current version: IPv4
  • 32 Bit Addresses
  • Standardized since 1981
• Upcoming version: Ipv6
  • 128 Bit Addresses
  • Initially standardized in 1998
• Standardized protocol that forms together with TCP and UDP the core functionality of the internet.

IPv4
 

4 times 1 Byte separated by a dot, e.g.: 193.135.244.87

•each block can have a value between 0 and 255

•allows for 2³² = 4294967296 combinations/addresses

Some of the combinations are not valid addresses

 

• Reserved for internal networks (Private Address Spaces):
  • from 10.0.0.0 to 10.255.255.255
  • from 172.16.0.0 to 172.31.255.255
  • from 192.168.0.0 to 192.168.255.255
• Reserved for the local host / local pc:
  • from 127.0.0.0 to 127.255.255.255
• Broadcast IP 255.255.255.255
• Loopback 127.0.0.0 – 127.255.255.255
• Etc…

IPv6 
 

8 blocks separated by a colons, e.g.: 2001:0db8:0000:0000:0000:8a2e:0370:7334

•each block have 4 digits.

•each digit can have a value on Base16, between 0 and F. E.g. 0,1,2,3,4,5,6,7,8,9, a,b,c,d,e,f

•allows for 2128 combinations/addresses

0 at the beginning of a block may be skipped. E.g. 2001:0db8:0000:0000:0000:8a2e:0370:7334 becomes 2001:db8:0:8d3:0:8a2e:70:7344

Consecutive blocks of zeros may be skipped and replaced by two colons. E.g. 2001:db8:0:0:0:0:1428:57ab becomes 2001:db8::1428:57ab