Edel Grace

Programmer, Developer, Enthusiast

Technology

LFTP Fatal Error: Certificate verification

Oct 11, 2016 | Comments

The error:

~$ git-ftp pull<br /> ~$ cd: Fatal error: Certificate verification: certificate common name doesn’t match requested host name ‘ftp.mazohyst.org’<br /> ~$ mirror: Fatal error: Certificate verification: certificate common name doesn’t match requested host name ‘ftp.mazohyst.org’

Solution:

Edit ~/.lftp/rc so that it contains set ssl:check-hostname no. What this does is pretty self explanatory. If the hostname in the certificate does not match the hostname you’re attempting to connect to, it doesn’t matter because it won’t check for that in the first place.

The context:

I recently wanted to implement version control for my websites because all too often I think to myself, “I wish I knew what a previous version of this file looked lik”. So since I’m on shared hosting and don’t have my own server, I resorted to using git-ftp for deploying my websites. So far, it’s working great. However, I momentarily forgot I started using this and made some changes on one of my pages through cPanel. I tried pulling the latest pages using git-ftp pull and encountered this error.

Sources:

Speaking of Security

Jun 7, 2016 | Comments

My last post was about security by obscurity and I talked a little about trying to implement security techniques into my projects. This is really great timing.

Last week, various online services ran by my university were down. It was really inconvenient not having access to my e-mail but I took it in stride. I figured it was just the servers acting up or malware or something like that. It turns out that my university was dealing with a ransomware attack. I was half right. Ransomware is malware that basically holds a system hostage until a ransom is paid. My university gave into it and paid $20 000 to get the systems back.

Honestly, it seems to me like paying the ransom was the smart choice. Thousands of users were affected by this attack and it’s probably costing them a lot more not having their systems than to pay the money. It’s probably the easiest route. I haven’t done much research on it but apparently FBI recommends this. It’s better if you don’t pay the ransom but if you’re not tech savvy or the stakes are too high (but not like top secret government stakes), it’s probably a good idea.

Also, personal anecdote. I’ve had an instance of “ransomeware.” It was more like adware ransomware. I was browsing around and all of a sudden my screen flashed and accused me of a crime and asked me to pay a fine. I read through it several times and I froze a bit. I was innocent of the crime (of course) but I was worried that maybe it was something that could easily look like I commited it (think like authors who joke about being on some kind of list for researching murder methods for a book). But I calmly opened up my phone and looked up the message. Common ransomware. So I safely ignored it. Thank goodness because the amount they were asking was easily ten times more than what’s in my bank account.

Security By Obscurity: Just Hide It?

Jun 7, 2016 | Comments

Last semester I took an introductory course to information security. One of the concepts we touched on was “security by obscurity.” Basically what that means is if no one is aware of something, they can’t possibly break into it. For example, hiding your diary is a form of security by obscurity. Of course, this has it flaws. There is always the possibility that someone could somehow stumble upon your diary by accident. There might people actively looking for something valuable to you but they won’t know what it is until they find it. Notice I didn’t mention “if” they find it. It’s always a good practice to assume that they will find it. This is one of the reasons why security by obscurity is not ideal.

Truth be told, I use security by obscurity. The diary analogy I used was something that I actually do. Now, my mom loves to poke around and I still live with her. She has read my diaries in the past so it’s not far-fetched that she would find my diary one day and read it. This is why I don’t use it as my only form of security. My journal entries are either about really mundane stuff or encrypted with Elian script. So unless my mother is good at cracking ciphers (which I highly doubt as English is her second language and frequency analysis is probably lost on her), I can safely assume that my secrets are safe with me.

The reason why I suddenly started thinking about this is because I have a project that I’ve been working on. I’ve been trying to build a book management script. Right now I’m just finishing up simple features for the admin panel such as tagging a book, adding a review to a book, editing author names, etc. All of this is currently in a folder with an obscure name. At first I thought that if my admin folder wasn’t named something obvious like “admin,” I would less likely have a security breach. Who would want to hack my tiny and unpopular websites anyway? Then I realized, wait, that’s a really bad idea.

Curious, I looked up if there was a way to discover folders that were not explicitly linked publically. I was not surprised when I saw that such a way does indeed exist. In fact, there are several ways (or programs) to do this. Software like URL Fuzzer and DirBuster utilize a method called fuzzing. In my introductory class, we would classify this as a brute force method. What fuzzing does is try any possible number of combinations in order to find a weakness. In this case, it tries to find out if a folder exists. Specifically, DirBuster goes through a list of words (have not checked if it includes random strings or just common words) and appends them to a URL. Depending on the HTTP status code (things like 404 not found or 403 forbidden), it can determine if a folder exists on the website or not.

So, knowing this, I could still use security by obscurity. However, like my diary, I plan to implement other layers of security. Whether or not it will increase security or just give it security it didn’t have in the first place, I’m not sure (entropy wasn’t my strong point in my information security course). But I am sure that leaving it as a randomly named folder is not the way to go. I know how to do simple PHP sessions with a login but only with matching the submitted password with a plaintext password in a database. That’s a whole other realm of security issues so I’m going to start reading up on hashing passwords in PHP. I’ve poked around some open source scripts and have found MD5 hash functions so that’s probably what I’m aiming for. Honestly, I’m not well-versed in web security specifically (other than SQL injections are bad and you have to sanitize them) but that’s why I’m still learning.

So the next time you think you’re just going to hide something and think you’ll be fine, you probably will be but it’s better if you combine it with some other security technique especially if it contains sensitive information.

CCNA1 8.2.1.4 Packet Tracer – Designing and Implementing a VLSM Addressing Scheme

Jun 4, 2016 | Comments

I’m currently taking the CCNA1 course offered by Cisco. I struggled a lot with this activity so I thought it would be good to share how I finally figured it out. If you’re a little lazy and just want the answers, click here to go straight to the addressing table or here to download the PDF. Be aware that the addresses may vary but the process is the same regardless.

I am only human and will make mistakes so do not hesitate to point out any errors!

Part 1: Examine the Network Requirements

Step 1: Determine the number of subnets needed.

You will subnet the network address 192.168.72.0/24. The network has the following requirstrongents:

  • ASW-1 LAN will require 7 host IP addresses
  • ASW-2 LAN will require 15 host IP addresses
  • ASW-3 LAN will require 29 host IP addresses
  • ASW-4 LAN will require 58 host IP addresses
How many subnets are needed in the network topology?

8

5 subnets are needed. If you look at the topology, there are 4 LANs (coloured in orange) and 1 serial connection between Building1 and Building2. Therefore, you need 5 subnets.

Step 2: Determine the subnet mask information for each subnet.

The original subnet mask of the network address is 255.255.255.0. This comes from the prefix length /24, which indicates that there are 24 bits set in the subnet mask. We will use this as the basis for subnetting.

11111111 11111111 11111111 00000000
255 255 255 00000000
a. Which subnet mask will accommodate the number of IP addresses required for ASW-1?

255.255.255.240 with a prefix length of /28.

First, calculate the number of host bits that will be able to contain at least 7 hosts. (2^n-2\

= 2^4 – 2\

= 14 usable >= 7 required)

14 is greater than 7, so this gives 4 bits are not set in the subnet mask.

255 255 255 240
128+64+32+16+8+2+1 128+64+32+16+8+2+1 128+64+32+16+8+2+1 128+64+32+16
11111111 11111111 11111111 11110000
How many usable host addresses will this subnet support?

14. This comes from the formula in the previous question.

b. Which subnet mask will accommodate the number of IP addresses required for ASW-2?

255.255.255.224 with a prefix length of /27. (2^n-2\

= 2^5 – 2\

= 30 usable >= 15 required)

255 255 255 224
11111111 11111111 11111111 11100000
How many usable host addresses will this subnet support?

30.

c. Which subnet mask will accommodate the number of IP addresses required for ASW-3?

255.255.255.224 with a prefix length of /27. (2^n-2\

= 2^5 – 2\

= 30 usable >= 29 required)

255 255 255 224
11111111 11111111 11111111 11100000
How many usable host addresses will this subnet support?

30.

d. Which subnet mask will accommodate the number of IP addresses required for ASW-4?

255.255.255.192 with a prefix length of /26. (2^n-2\

= 2^6 – 2\

= 62 usable >= 58 required)

255 255 255 224
11111111 11111111 11111111 11000000
How many usable host addresses will this subnet support?

62.

e. Which subnet mask will accommodate the number of IP addresses required for the connection between Building1 and Building2?

255.255.255.2552 with a prefix length of /30.

We can use one subnet for the WAN. Since there are only two routers involved, we just need two addresses for this subnet. (2^n-2\

= 2^2 – 2\

= 2 usable >= 2 required)

255 255 255 252
11111111 11111111 11111111 11111100

Part 2: Design the VLSM Addressing Schstronge

Step 1: Divide the 192.168.72.0/24 network based on the number of hosts per subnet.

a. Use the first subnet to accommodate the largest LAN.

192.168.72.0/26. The largest LAN is ASW-4 with 58 hosts. Subnet 192.168.72.0/24 into 192.168.72.0/26. This will give us 4 subnets ((2^2 = 4)) with 64 hosts per subnet.

The subnets are:

  • 192.168.72.0
  • 192.168.72.64
  • 192.168.72.128
  • 192.168.72.192

Since the subnets each contain 64 hosts, simple add 64 to the last octet. This method will not be as feasible for subnets with a large number of hosts. Another way is to convert everything to binary. Only the first 2 bits will change while the rstrongaining 6 bits stay the same.

192.168.72.0 110000.10101000.01001000.00000000
192.168.72.64 110000.10101000.01001000.01000000
192.168.72.128 110000.10101000.01001000.10000000
192.168.72.192 110000.10101000.01001000.11000000
b. Use the second subnet to accommodate the second largest LAN.

192.168.72.6427.. We are using the second subnet because we are reserving the first subnet for the ASW-4 network. The second largest LAN is ASW-3 with 29 hosts. Subnet 192.168.72.6226 into 192.168.72.6227. This will give 2 subnets ((2^1 = 2)) with 32 hosts per subnet. We use (2^1) because the base is /26 and /27 is only one bit longer.

The subnets are:

  • 192.168.72.64
  • 192.168.72.96
192.168.72.64 110000.10101000.01001000.0100000
192.168.72.96 110000.10101000.01001000.01100000
c. Use the third subnet to accommodate the third largest LAN.

192.168.72.9627. The third largest LAN is ASW-2 with 15 hosts. In the previous question, we already have 2 subnets that have 32 addresses each. The second subnet will be able to accomodate ASW-2. So we do not need to subnet further.

d. Use the fourth subnet to accommodate the fourth largest LAN.

192.168.72.12828. Subnet 192.168.72.12826 into 192.168.72.12828. This will give 4 subnets ((2^2 = 4)) with 16 hosts per subnet. We use (2^2) because the base is /26 and /28 is two bits longer.

The subnets are:

  • 192.168.72.128
  • 192.168.72.144
  • 192.168.72.160
  • 192.168.72.176
192.168.72.128 110000.10101000.01001000.10000000
192.168.72.144 110000.10101000.01001000.10010000
192.168.72.160 110000.10101000.01001000.10100000
192.168.72.176 110000.10101000.01001000.10110000
e. Use the fifth subnet to accommodate the connection between Building1 and Building2.

192.168.72.14530 and 192.168.72.14630. Subnet 192.168.72.14428 into 192.168.72.14430. This will give 4 subnets ((2^2 = 4)) with 2 hosts per subnet.

The subnets are:

  • 192.168.72.144
  • 192.168.72.148
  • 192.168.72.152
  • 192.168.72.156
192.168.72.144 110000.10101000.01001000.10010000
192.168.72.148 110000.10101000.01001000.10010100
192.168.72.152 110000.10101000.01001000.10011000
192.168.72.156 110000.10101000.01001000.10011100

Step 2: Document the VLSM subnets.

Complete the Subnet Table, listing the subnet descriptions (e.g. ASW-1 LAN), number of hosts needed, then network address for the subnet, the first usable host address, and the broadcast address. Repeat until all addresses are listed.

Subnet Table
Subnet Description Number of Hosts Needed Network Address/CIDR First Usable Host Address Broadcast Address
ASW-1 LAN 7 192.168.72.12828 192.168.128.129 192.168.128.143
ASW-2 LAN 15 192.168.72.6427 192.168.72.65 192.168.72.95
ASW-3 LAN 29 192.168.72.9627 192.168.72.97 192.168.72.127
ASW-4 LAN 58 192.168.72.0/26 192.168.72.1 192.168.72.63
Serial WAN 2 192.168.72.14430 192.168.72.145 192.168.72.147

Step 3: Document the addressing schstronge.

  • ASW-1 LAN: 192.168.72.129
  • ASW-2 LAN: 192.168.72.97
  • Serial WAN: 192.168.72.145
  • ASW-3 LAN: 192.168.72.65
  • ASW-4 LAN: 192.168.72.1
  • Serial WAN: 192.168.72.146
c. Assign the second usable IP addresses to the switches.
  • ASW-1: 192.168.72.130
  • ASW-2: 192.168.72.98
  • ASW-3: 192.168.72.66
  • ASW-4: 192.168.72.2
d. Assign the last usable IP addresses to the hosts.
  • Host-A: 192.168.72.142
  • Host-B: 192.168.72.94
  • Host-C: 192.168.72.126
  • Host-D: 192.168.72.62

Part 3: Assign IP Addresses to Devices and Verify Connectivity

Now it’s just a matter of plugging in values into Packet Tracer if you haven’t already.

Addressing Table

Remote-Site 1

Remote-Site 2

Device Interface IP Address Subnet Mask Default Gateway
G0/0 192.168.72.129 255.255.255.240 N/A
G0/1 192.168.72.97 255.255.255.224 N/A
S0/0/0 192.168.72.145 255.255.255.252 N/A
G0/0 192.168.72.65 255.255.255.224 N/A
G0/1 192.168.72.1 255.255.255.192 N/A
S0/0/0 192.168.72.146 255.255.255.252 N/A
SW1 VLAN 1 192.168.72.130 255.255.255.240 192.168.72.129
SW2 VLAN 1 192.168.72.98 255.255.255.224 192.168.72.97
SW3 VLAN 1 192.168.72.66 255.255.255.224 192.168.72.65
SW4 VLAN 1 192.168.72.2 255.255.255.192 192.168.72.1
User-1 NIC 192.168.72.142 255.255.255.240 192.168.72.129
User-2 NIC 192.168.72.126 255.255.255.224 192.168.72.97
User-3 NIC 192.168.72.94 255.255.255.224 192.168.72.65
User-4 NIC 192.168.72.62 255.255.255.192 192.168.72.1

About

A photo of me

My name is Edel Grace Altares. My programming interests include full stack development and back end development. My languages of choice are Python and Java. Outside of programming I enjoy crocheting, video games, cats, historical fiction, and reading.

Categories

Archives

Blogroll