What Is Email Spoofing?

Email spoofing

Email spoofing is a fraudulent email activity hiding email origins. The act of e-mail spoofing occurs when imposters are able to deliver emails by altering emails’ sender information. Although this is usually done by spammers and through phishing emails for advertising purposes, email spoofing can have malicious motives such as virus spreading or attempts to gain personal banking information.

Simple Mail Transfer Protocol (SMTP) does not provide any type of authentication process for persons sending emails. Yet, it is the primary email system for most people, facilitating email spoofing. Now a days, most email servers can provide further security. Also many digital software vendors have created products remedying this problem.

---

Anything that I can do?

If you don’t believe that an email is truthful or that the sender is legitimate, don’t click on the link and type your email address. If there is a file attachment, don’t open it lest it contains a virus payload. If the email seems too good to be true, then it probably is, and your skepticism will save you from divulging your banking information.

---

Examples of properties that can be spoofed include:

• FROM name/address
• REPLY-TO name/address
• RETURN-PATH address
• SOURCE IP address

The first three properties can be easily altered by using settings in Microsoft Outlook, Gmail, Hotmail, or other email software. The fourth property, the IP address, can also be altered but doing so requires sophisticated user knowledge to make a false IP address convincing

 

 

Group Policy Object (GPO)

What is it?

Group Policy Object (GPO) is a collection of settings that define what a system will look like and how it will behave for a defined group of users. The Group Policy Management Console tools are installed with Active Directory, but you need Active Directory Domain Services for group policies to actually work. To control servers or workstations, they must be connected to the domain. Although local policies can be configured for individual  PCs, it’s a one-off scenario that doesn’t tap into the core value of implementing group policy to control multiple systems and users at once.

In Windows Server, group policy can be accessed easily. Group Policy rules can divide into two ways.

• User policies – applies only to user accounts
• Computer policies – applies only to the physical computer operating systems

Some examples

Share Drive Mappings:
You can map drives using Group Policy.  It is also possible to remove drive mappings for users.

What is it?

Group Policy Object (GPO) is a collection of settings that define what a system will look like and how it will behave for a defined group of users. The Group Policy Management Console tools are installed with Active Directory, but you need Active Directory Domain Services for group policies to actually work. To control servers or workstations, they must be connected to the domain. Although local policies can be configured for individual  PCs, it’s a one-off scenario that doesn’t tap into the core value of implementing group policy to control multiple systems and users at once.

In Windows Server, group policy can be accessed easily. Group Policy rules can divide into two ways.

• User policies – applies only to user accounts
• Computer policies – applies only to the physical computer operating systems

---

Some examples

Share Drive Mappings:
You can map drives using Group Policy.  It is also possible to remove drive mappings for users.

Printers:
The Print Management snap-in with Group Policy can be used to automatically deploy printer connections to users or computers and install the appropriate printer drivers.

 

 

DNS Malware

It’s always important to be running an antivirus program. One reason is that malware can attack your computer in a way that changes the DNS server settings, which is definitely something you don’t want to happen.

As an example that your computer is using Google’s DNS servers 8.8.8.8and 8.8.4.4. Under these DNS servers, accessing your bank website with your bank’s URL would load the correct website and let you login to your account.

However, if the malware changed your DNS server settings (which can happen behind the scenes without your knowledge), entering the same URL might take you to a completely different website, or more importantly, to a website that looks like your bank website but really isn’t. This fake bank site might look exactly like the real one but instead of letting you log in to your account, it might just record your username and password, giving the scammers all the information they need to access your bank account.

Usually, however, malware that hijacks your DNS servers generally just redirects popular websites to ones that are full of advertisements or fake virus websites that make you think you have to buy a program to clean an infected computer.

There are two things you should do to avoid becoming a victim in this way. The first is to install an antivirus program so that malicious programs are caught before they can do any damage. The second is to be aware of how a website looks. If it’s slightly off of what it usually looks like or you’re getting an “invalid certificate” message in your browser, it might be a sign that you’re on an imitation website.

TCP/IP ports

Some TCP and UDP ports

Port No	Protocol	Description
TCP 20/21	File Transfer Protocol – FTP.	FTP is one of the most commonly used file transfer protocols on the Internet and within private networks
TCP 22	Secure Shell – SSH.	SSH is the primary method used to manage network devices securely at the command level
TCP 25	Simple Mail Transfer Protocol – SMTP	Used to transfer mail (email) from source to destination between mail servers and it is used by end users to send email to a mail system.
TCP/UDP 53	Domain Name System – DNS	Translate domain names into IP addresses. Read more..
UDP 67	Dynamic Host Configuration Protocol – DHCP	DHCP is used to assign IPs in a network. Read more..
TCP 80	Hyper Text Transfer Protocol – HTTP	HTTP is the set of rules for transferring files on the World Wide Web.
TCP 143	Simple Network Management Protocol – SNMP	SNMP is used by network administrators as a method of network management. SNMP has a number of different abilities including the ability to monitor, configure and control network devices
TCP 443	Hypertext Transfer Protocol over SSL/TLS (HTTPS)	HTTPS is used in conjunction with HTTP to provide the same services but doing it using a secure connection

Network Hardware Devices

Hubs

Hubs are probably the most common piece of network hardware. Physically, they are boxes of varying sizes that have multiple female RJ-45 connectors.

Hubs are essentially multi-port repeaters that support twisted-pair cables in a star typology. Each node communicates with the hub, which in turn amplifies the signal and transmits it on its remaining ports. As with a repeater, hubs work at the electrical level. Because hubs have no way to determine if a frame is good or bad, they should be looked at, when you design your network typology, as functionally identical to repeaters.

Bridge

A bridge operates at data link layer. A bridge is a repeater, with add on functionality of filtering content by reading the MAC addresses of source and destination. It is also used for interconnecting two LANs working on the same protocol. It has a single input and single output port, thus making it a 2 port device.

Switch

A switch is a multi port bridge with a buffer and a design that can boost its efficiency(large number of  ports imply less traffic) and performance. Switch is data link layer device. Switch can perform error checking before forwarding data, that makes it very efficient as it does not forward packets that have errors and  forward good packets selectively to correct port only.  In other words, switch divides collision domain of hosts, but broadcast domain remains same.

Router

Router is a device like a switch that routes data packets based on their IP addresses. Router is mainly a Network Layer device. Routers normally connect LANs and WANs together and have a dynamically updating routing table based on which they make decisions on routing the data packets. Router divide broadcast domains of hosts connected through it.

What is DHCP?

When you go online for email, to shop or chat, your request has to be sent out to the right destination, and the responses and information you want need to come back directly to you. An IP address plays a significant role in that. IP address represent you on the internet for what you are doing on the internet.  Your device need an IP address for this and DHCP server will handle this problem.

A computer or any other device that connects to a network must be properly configured to communicate on that network. DHCP allows that configuration to happen automatically, it’s used in almost every device that connects to a network including computers, switches, smartphones, gaming consoles, etc.

 

DHCP (Dynamic Host Configuration Protocol)

DHCP (Dynamic Host Configuration Protocol) is a protocol used to provide automatic and central management for the distribution of IP addresses within a network. DHCP is allow you to assign subnet mask, default gateway and DNS information for the network.

A DHCP server is used to issue unique IP addresses and automatically configure other network information. In most homes and small businesses, the router acts as the DHCP server. In large networks, a single computer might act as the DHCP server.

A DHCP server defines a scope, or range, of IP addresses that it uses to serve devices with an address. This pool of addresses is the only way a device can obtain a valid network connection. You can use IPV4 or IPV6 or the both.

 

• In a future post I will show how to create a DHCP server on Windows Server and connect client PCs to server. 

DNS – Domain Name System

What is DNS?

Domain Name Servers (DNS) are the Internet’s equivalent of a phone book. They maintain a directory of domain names and translate them to Internet Protocol (IP) addresses.

This is necessary because, although domain names are easy for people to remember, computers or machines, access websites based on IP addresses.

Information from all the domain name servers across the Internet are gathered together and housed at the Central Registry. Host companies and Internet Service Providers interact with the Central Registry on a regular schedule to get updated DNS information.

When you type in a web address, e.g., http://www.google.com your Internet Service Provider views the DNS associated with the domain name, translates it into a machine friendly IP address (for example 216.58.220.142 is the IP for google.com) and directs your Internet connection to the correct website.

DNS information is shared among many servers, but is also cached locally on client computers. Chances are that you use google.com several times a day. Instead of your computer querying the DNS name server for the IP address of google.com every time, that information is saved on your computer so it doesn’t have to access a DNS server to resolve the name with its IP address. Additional caching can occur on the routers used to connect clients to the internet, as well as on the servers of the user’s Internet Service Provider (ISP). With so much caching going on, the number of queries that actually make it to DNS name servers is a lot lower than it would seem.

 

 

What is a Network?

A network is two or more computer systems linked together by some form of transmission medium that enables them to share information. It does not matter whether the network contains two or thousands of machines; the concept is essentially the same.

A network will provide services to its users. Historically, these services have included access to shared files, folders, and printers plus email and database applications. Modern networks are evolving to provide more diverse services, including web applications, Voice over IP, and multimedia conferencing.

There are also three basic types of networks: Local Area Networks (LANs), Metropolitan Area Networks (MANs), and Wide Area Networks (WANs)

Windows Active Directory

What is Windows Active Directory?

A directory is a hierarchical structure that stores information about objects on the network. A directory service, such as Active Directory Domain Services (AD DS), provides the methods for storing directory data and making this data available to network users and administrators, And enables other authorized users on the same network to access this information.

Active Directory stores information about objects on the network and makes this information easy for administrators and users to find and use. Active Directory uses a structured data store as the basis for a logical, hierarchical organization of directory information.

This data store, also known as the directory, contains information about Active Directory objects. These objects typically include shared resources such as servers, volumes, printers, and the network user and computer accounts. For more information about the Active Directory data store.

Source: Microsoft

---

Why I Need Active Directory?

If your office used Active Directory, all of the machines would be connected on a domain, which means all of the information is stored in a central location, not locally on the individual computers’ hard drives. The domain is controlled by a global catalog, which keeps track of all of the devices that are registered to the network.

Global Catalog
The global catalog stores the IP addresses, computer names, and users, so that the global administrator can oversee everything that happens on the domain. In order to access someone else’s computer, a user would just need that computer’s name, because everything is already linked on the back end.

Active Directory also provides a useful configuration management service called Group Policy, which can be used to manage computers which connect to the domain in order to install packages, configure software, and much more.