Internet Technology (AS21)
Internet technology module at FHNW 2021, major in BIT by Devid Montecciari
Internet technology module at FHNW 2021, major in BIT by Devid Montecciari
Kartei Details
Karten | 130 |
---|---|
Sprache | English |
Kategorie | Informatik |
Stufe | Universität |
Erstellt / Aktualisiert | 20.09.2021 / 11.01.2024 |
Weblink |
https://card2brain.ch/box/20210920_internet_technology_as21
|
Einbinden |
<iframe src="https://card2brain.ch/box/20210920_internet_technology_as21/embed" width="780" height="150" scrolling="no" frameborder="0"></iframe>
|
Lernkarteien erstellen oder kopieren
Mit einem Upgrade kannst du unlimitiert Lernkarteien erstellen oder kopieren und viele Zusatzfunktionen mehr nutzen.
Melde dich an, um alle Karten zu sehen.
What is the pom.xml file?
it is the core configuration of the apache maven project
it is a single XML-based configuration file that contains the majority of information required to build a project
it contains
- project identification
- project version
- project description
- build settings
- dependencies
what is a @postConstruct?
What are @Configuration and @Bean?
- @Configuration indicates that a class is a configuration class that may contain @Bean definitions.
- The @Bean can then be injected resp. @Autowired somewhere.
- @Bean annotation tells that a method produces a bean to be managed by the Spring container.
- @Bean is a method-level annotation and has an implicit @Scope("singleton") default value.
What is a @SpringBootApplication?
A @SpringBootApplication annotation can be used to enable those three features, that is:
- @EnableAutoConfiguration: enable Spring Boot’s autoconfiguration mechanism.
- @ComponentScan: enable @Component scan on the package where the application is located.
- @Configuration: allow to register extra beans in the context or import additional configuration classes.
What is injection
- injection means tricking an application into including unintended commands in the data set to an interpreter
- interpreters take strings and interpret them as commands (SQL, os shell, ldap...etc)
- SQL injection is still quite common. many applications still susceptible even though it is usually very simple to avoid
- typical impac is usually severe. entire db can be read or modified.
- How it works
- application presents a form to the attacker
- attacker sends an attack in the form data
- application forwards attack to the database in a SQL query
- database runs query containing attack and sends encrypted results back to application
- application decrypts data as normal and sends results to the user
Describe why it is possbile to do an SQL injection and how to prevent it
an application is vulnerable to attack when user-supplied data is not validated, filtered, or sanitized by the application and dynamic queries or non-parameterized calls without context-aware escaping are used directly in the interpreter
how to prevent that is to require keeping data separate from commands and queries. the preferred option is to use a safe API /object-relational mapping tool such as jPA. and for any dynamic queries, escape special characters.
What is Broken Authentication?
- Http is a "stateless" protocol means credentials have to go with every request and you should use SSL for everything requiring authentication
- session management flaws are SESSION ID used to track state since hTTP doesn't and it is just as good as credentials to attackers. it is typically exposed on the network , browser, logs.
how do you avaoid broken authentication?
verify your architecture:
- authentication should be simple, centralized, and standarized
- use the standard session id provided by your container
- be sure SSL protects both credentials and session id at all times
verify the implementation
- forget automated analysis approaches
- check your SSL certificate
- examine all the authentication-related functions
- verify that logoff actually destroys the session
What is Cross-Site Scripting?
XSS occurs any time raw data from attackers is sent to an innocent user's browser.
Raw data stored in database, reflected from web input, sent directly into rich js client
how do you store secrets securely?
- Sensitive information such as passwords, access tokens, database credentials etc., should be handled with care.
- A good practice is to store secrets in a vault such as Vault by HashiCorp (vaultproject.io).
- Another (may not be an optimal) possibility would be to keep secrets out of your source code and version control (.gitignore !!).
- An application-local.yml containing a plaintext secret must be ignored by git.
- A secret can also be provided by an environment variable (e.g. in Heroku)
- A secret can then be injected into a variable.
What is the difference between a framework and a library?
- Framework is a formatted structure, which may have both your code and library file. this describes a given structure of "how" you should present your code
- Library is simply a collection of functions wrapped up tino a package that can be imported into a code project and re-used.
The key difference between a library and a framework is inversion of control. when you call a method from a library, you are in control but with a framework the control is inverted: the framework calls you
What is templating?
Templating is a way to compse out of components (partial-views) a main template and a way to interpolate (bind) data withing a template (or partial-viel/component)..and getting a resulting view.
What is MVC?
Model view controller. is one of the most widespread and influential patterns. it is an architectural pattern and not a design matter.
What is a network? and what types of networks are there
A network is defined as a group of two or more computer systems linked together. There are many types of computer systems linked together. there are many types of computer networks including
- Local-Area Network (LANs): The computers are geographically close together ( that is, in the same building).
- Wide-Area Networks (WANs): the computers are father apart and are connected by telephone lines or radio waves
- Campus-Area Network (CANs): the computers are withing a limited geographic area, such as a campus or military base
Metropolitan-Area Networks (MANs): A data network designed for a town or city.
Home-Area Networks (HANs): A network contained within a user's home that connects a person's digital devices.
Global Area Network (GAN): a network composed of different interconnected networks that cover an unlimited geographical area.
What characteristics are used to categorize different types of networks?
- protocol: the protocol defines a common set of rules and signals that computers on the network use to communicate. E.g. Internet Protocol (IP)
- topology: The physical and logical arrangements on how different components of a network communicate with each other.
- architecture: Networks can be broadly classified as using either a peer-to-peer or client/server architecture.
What are the alternative names of
- computers on a network
- computers and devices that allocate resources for a network
Computers on a network are sometimes called nodes. Computers and devices that allocate resources for a network are called servers.
What are Protocols
The protocol defines a common set of rules and signals that computers on the network use to communicate. E.g. Internet Protocol (IP)
In Computer Communications:
- Some kind of physical connection is required between communicating parties (e.g. nodes)
- Both parties need to know the shared protocol
These rules exists also in “Human Communication” and answer to three main questions:
•What/How/When is it communicated?
What type of Links are there?
Links in the form of physical connections. The transmission media in networks. three main categories with examples.
Wired
- Coaxial e.g. TV antennas
- Twisted Pair Cables
- Optical Fiber
- USB cables
- Power lines
Wireless
- Bluetooth
- Wi-Fi
Name the three network topologies, describe them
Bus simple and cheap wiring bottleneck on cable
- Common transmission media
- all nodes broadcast signals to all
- Bidirectional.
Ring network failure possible due to failure of one station
- common media, but in a closed loop
- passes a token
- unidirectional
Star , a Switch as a single point of failure
- hub or switch in the central node
- pass to stwich
- centralized management.
others: point-to-point, mesh, three and hybrid.
Describe the OSI model
The Open System interconnection model is a conceptual model for defining and standardizing network communication mechanisms. there are 7 abstract layers. each layer has its distinct functionality. provides an interface for its predecessor and successor.
Functional details are hidden within the current layer so that the next layer is not required to have knowledge about its predecessor and successor ( other than the standardized interfaces)
Every layer can add its own header to a data package to transfer management information. these headers are only used by the corresponding layer on the other machine
What is the TCP/IP model
The TCP/IP Model simplified the classical OSI Model and effectively replaced it. but
Keep in mind:
•These are not an architecture
•They do not establish which services or protocols to use.
•It suggests what each level should do.
- Application
- Applications, protocols and services that interface with the end user
- data is formatted, converted, encrypted decrypted compressed and decompressed and sent or presented to the user
- open, close and manage a session between end user application processes
- Transport
- Facilitates end-to-end communications between multiple applications simultaneously (ports)
- reliable and unreliable end-to-end data transport and data stream services (TCP, UDP, SCTP)
- Connection-oriented, connectionless communications, and data stream services (session establishment and termination)
- Internet
- provide host addressing (IP)
- choose the best path to the destination network (Routing)
- Switch packets out of the correct interface (Forwarding)
- Maintain quality of service (QoS)
- Connectionless end-to-end networking
- Network (Access)
- In L2 there are 2 sublayers: logical link control (LLC,802.2) provides services to the upper layers and physical addressing (media access control addresses)
- error checking (CRC)
- L1: frames get encoded in sequences of bits, depending on the Links (physical connections) e.g. light pulses, electricity, radio waves..
What parts of the protocol data unit are covered with what part the OSI & TCP/IP models
In layered systems, PDU represents a unit of data specified in the protocol of a given layer, which consists of protocol control information and user data.
- Data is just data
- Segments contain Transport header + Data
- Packets contain Network Header + transport header + data
- Frames contain Frame Header+Network Header+Transport Header+ Data+ Frame Tail
- and bits are bits
What are the devices connected to the OSI & TCP/IP model?
A firewall is a security equipment that uses security rules to control incoming and outgoing network traffic. It can physical or virtual. depending on its layer, it may filter:
- packets and connections (L4)
- Application and protocols (L7)
Routers
- Logic to forward data based on addresses between multiple networks
- router maintain a routing table (contains directions)
- A router often knows different paths to a destination and has to choose the best way from a to b
- are required for wide area networks (WAN) like the internet
Switch
- Logic to forward data based on addresses in one network or segment of a single network
- star physical typology
Repeater and Hub
- No logic, can be seen as a plain extension of the physical wiring
- A Hub has a Star physical topology BUT BUS logical topology
What is a circuit switching network?
Circuit Switching Network: A (physical) connection is made for a call or similar.
•Line is typically completely occupied by this one call.
•Benefit: Simple and guaranteed bandwidth for the active call.
•Downsides: Bad network utilization and limited flexibility.
•E.g. Plain old telephone service (POTS)
What is a packet switching network
Packet Switching: A call / or internet traffic is transferred in small chunks (packages) which are handled independently from each other.
•Line can easily be shared between multiple logical connections and service types.
•Benefits: Better overall network utilization with more flexibility.
•Downside: Additional functionalities are needed to guarantee a decent service quality.
What is the Internet Protocol?
Internet Protocol (IP): IP is designed explicitly as addressing protocol. It is mostly used with TCP. The IP addresses in packets help in routing them through different nodes in a network until it reaches the destination system. TCP/IP is the most popular protocol connecting the networks.
- Current version: IPv4
- 32 Bit Addresses
- Standardized since 1981
- Upcoming version: Ipv6
- 128 Bit Addresses
- Initially standardized in 1998
- Standardized protocol that forms together with TCP and UDP the core functionality of the internet.
What is a 32 BIT IP address?
IPv4
4 times 1 Byte separated by a dot, e.g.: 193.135.244.87
•each block can have a value between 0 and 255
•allows for 2³² = 4294967296 combinations/addresses
Some of the combinations are not valid addresses
- Reserved for internal networks (Private Address Spaces):
- from 10.0.0.0 to 10.255.255.255
- from 172.16.0.0 to 172.31.255.255
- from 192.168.0.0 to 192.168.255.255
- Reserved for the local host / local pc:
- from 127.0.0.0 to 127.255.255.255
- Broadcast IP 255.255.255.255
- Loopback 127.0.0.0 – 127.255.255.255
- Etc…
What is a 128 Bit address?
IPv6
8 blocks separated by a colons, e.g.: 2001:0db8:0000:0000:0000:8a2e:0370:7334
•each block have 4 digits.
•each digit can have a value on Base16, between 0 and F. E.g. 0,1,2,3,4,5,6,7,8,9, a,b,c,d,e,f
•allows for 2128 combinations/addresses
0 at the beginning of a block may be skipped. E.g. 2001:0db8:0000:0000:0000:8a2e:0370:7334 becomes 2001:db8:0:8d3:0:8a2e:70:7344
Consecutive blocks of zeros may be skipped and replaced by two colons. E.g. 2001:db8:0:0:0:0:1428:57ab becomes 2001:db8::1428:57ab
-
- 1 / 130
-