Posts

Showing posts from November, 2011

port numbers

Side ASide BSide ASide B1.IMAPInteractive Mail Access Protocol, Version...10.SNMPSimple Network Management ProtocolPort 161TCP,...2.SFTPSimple File Transfer ProtocolPort 115TCP

What is IP Spoofing?

IP Spoofing is a technique used to gain unauthorized access to machines, whereby an attacker illicitly impersonate another machine by manipulating IP packets. IP Spoofing involves modifying the packet header with a forged (spoofed) source IP address, a checksum, and the order value. Internet is a packet switched network, which causes the packets leaving one machine may be arriving at the destination machine in different order. The receiving machine resembles the message based on the order value embedded in the IP header. IP spoofing involves solving the algorithm that is used to select the order sent values, and to modify them correctly.

The Support Tools

Support Tools are the tools that are used for performing the complicated tasks easily. These can also be the third party tools. Some of the Support tools include DebugViewer, DependencyViewer, RegistryMonitor, etc. -edit by Casquehead I beleive this question is reffering to the Windows Server 2003 Support Tools, which are included with Microsoft Windows Server 2003 Service Pack 2. They are also available for download here:

http://www.microsoft.com/downloads/details.aspx?familyid=96A35011-FD83-419D-939B-A772EA2DF90&displaylang=en

You need them because you cannot properly manage an Active Directory network without them.
Here they are, it would do you well to familiarize yourself with all of them.

Acldiag.exe
Adsiedit.msc
Bitsadmin.exe
Dcdiag.exe
Dfsutil.exe
Dnslint.exe
Dsacls.exe
Iadstools.dll
Ktpass.exe
Ldp.exe
Netdiag.exe
Netdom.exe
Ntfrsutl.exe
Portqry.exe
Repadmin.exe
Replmon.exe
Setspn.exe

The Global Catalog

The global catalog contains a complete replica of all objects in Active Directory for its Host domain, and contains a partial replica of all objects in Active Directory for every other domain in the forest.

The global catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a multidomain Active Directory forest. The global catalog is stored on domain controllers that have been designated as global catalog servers and is distributed through multimaster replication. Searches that are directed to the global catalog are faster because they do not involve referrals to different domain controllers.

In addition to configuration and schema directory partition replicas, every domain controller in a Windows 2000 Server or Windows Server 2003 forest stores a full, writable replica of a single domain directory partition. Therefore, a domain controller can locate only the objects in its domain. Locating an object in a different…

What is Subnet Mask?

An IP address has two components, the network address and the host address. A subnet mask separates the IP address into the network and host addresses (<network><host>). Subnetting further divides the host part of an IP address into a subnet and host address (<network><subnet><host>). It is called a subnet mask because it is used to identify network address of an IP address by perfoming bitwise AND operation on the netmask. A Subnet mask is a 32-bit number that masks an IP address, and divides the IP address into network address and host address. Subnet Mask is made by setting network bits to all "1"s and setting host bits to all "0"s. Within a given network, two host addresses are reserved for special purpose. The "0" address is assigned a network address and "255" is assigned to a broadcast address, and they cannot be assigned to a host. Examples of commonly used netmasks for classed networks are 8-bits (Class A), 1…

SYSVOL folder

- All active directory data base security related information store in SYSVOL folder and its only created on NTFS partition.

- The Sysvol folder on a Windows domain controller is used to replicate file-based data among domain controllers. Because junctions are used within the Sysvol folder structure, Windows NT file system (NTFS) version 5.0 is required on domain controllers throughout a Windows distributed file system (DFS) forest.

This is a quote from microsoft themselves, basically the domain controller info stored in files like your group policy stuff is replicated through this folder structure

Install, configure, and use Microsoft’s iSCSI initiator?

(iSCSI) has taken the storage world by storm. No longer is shared storage a niche enjoyed by only large, wealthy corporations. Internet SCSI is leveling the playing field by making shared storage available at a reasonable cost to anyone. By leveraging the ubiquitous Ethernet networks prevalent in most organizations, IT staff training costs for iSCSI are very low and result in quick, seamless deployments. Further, operating system vendors are making it easier than ever to get into the iSCSI game by making iSCSI initiator software freely available. iSCSI networks require three components: An iSCSI target— A target is the actual storage array or volume, depending on how you have things configured. An iSCSI initiator— An iSCSI initiator is the software component residing on a server or other computer that is installed and configured to connect to an iSCSI target. By using an iSCSI initiator, target-based volumes can be mounted on a server as if they were local volumes and are managed as such…

Folders are related to AD

AD Database is saved in %systemroot%/ntds. You can see other files also in this folder. These are the main files controlling the AD structure

ntds.dit

edb.log

res1.log

res2.log

edb.chk

When a change is made to the Win2K database, triggering a write operation, Win2K records the transaction in the log file (edb.log). Once written to the log file, the change is then written to the AD database. System performance determines how fast the system writes the data to the AD database from the log file. Any time the system is shut down, all transactions are saved to the database.

During the installation of AD, Windows creates two files: res1.log and res2.log. The initial size of each is 10MB. These files are used to ensure that changes can be written to disk should the system run out of free disk space. The checkpoint file (edb.chk) records transactions committed to the AD database (ntds.dit). During shutdown, a “shutdown” statement is written to the edb.chk file. Then, during a reboot, AD dete…

Active Directory to other 3rd-party Directory Services?

-Yes you can connect other vendors Directory Services with Microsoft’s version.

-Yes, you can use dirXML or LDAP to connect to other directories (ie. E-directory from Novell or NDS (Novel directory System).

-Yes you can Connect Active Directory to other 3rd -party Directory Services such as dictonaries used by SAP, Domino etc with the help of MIIS ( Microsoft Identity Integration Server )

Active Directory to other 3rd-party Directory Services?

-Yes you can connect other vendors Directory Services with Microsoft’s version.

-Yes, you can use dirXML or LDAP to connect to other directories (ie. E-directory from Novell or NDS (Novel directory System).

-Yes you can Connect Active Directory to other 3rd -party Directory Services such as dictonaries used by SAP, Domino etc with the help of MIIS ( Microsoft Identity Integration Server )

iSCSI initiator configuration in RedHat Enterprise Linux 5

[root@rhel5 ~]# rpm -ivh /tmp/iscsi-initiator-utils-6.2.0.871-0.16.el5.x86_64.rpm Preparing… ########################################### [100%] 1:iscsi-initiator-utils ########################################### [100%] [root@rhel5 ~]# [root@rhel5 ~]#rpm -qa | grep iscsi iscsi-initiator-utils-6.2.0.871-0.16.el5 [root@rhel5 ~]# rpm -qi iscsi-initiator-utils-6.2.0.871-0.16.el5 Name : iscsi-initiator-utils Relocations: (not relocatable) Version : 6.2.0.871 Vendor: Red Hat, Inc. Release : 0.16.el5 Build Date: Tue 09 Mar 2010 09:16:29 PM CET Install Date: Wed 16 Feb 2011 11:34:03 AM CET Build Host: x86-005.build.bos.redhat.com Group : System Environment/Daemons Source RPM: iscsi-initiator-utils-6.2.0.871-0.16.el5.src.rpm Size : 1960412 License: GPL Signature : DSA/SHA1, Wed 10 Mar 2010 04:26:37 PM CET, Key ID 5326810137017186 Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> URL : http://www.open-iscsi.org Summary : iSCSI daemon and utility programs Description : The iscs…

What is LDAP?

The Lightweight Directory Access Protocol, or LDAP , is an application protocol for querying and modifying directory services running over TCP/IP. Although not yet widely implemented, LDAP should eventually make it possible for almost any application running on virtually any computer platform to obtain directory information, such as email addresses and public keys. Because LDAP is an open protocol, applications need not worry about the type of server hosting the directory.

Technical Interview Questions

What is Active Directory?

An active directory is a directory structure used on Microsoft Windows based computers and servers to store information and data about networks and domains. It is primarily used for online information and was originally created in 1996. It was first used with Windows 2000.

An active directory (sometimes referred to as an AD) does a variety of functions including the ability to rovide information on objects, helps organize these objects for easy retrieval and access, allows access by end users and administrators and allows the administrator to set security up for the directory.

Active Directory is a hierarchical collection of network resources that can contain users, computers, printers, and other Active Directories. Active Directory Services (ADS) allow administrators to handle and maintain all network resources from a single location . Active Directory stores information and settings in a central database

How to Mount an ISO

Image
An ISO file is an image that contains all the data files and file system metadata (i.e. boot code, structures, and attributes) of a CD/DVD. In order to mount an ISO image, a disk image emulator that will allow the content of a CD/DVD to be read from an ISO image via a virtual drive is needed. Depending on the Operating System being used, the user can open built-in disk image emulators or download and install free software from the Internet.
How to Mount an ISO Image under Microsoft Windows

Windows OS users can download and install free disk image mounting programs like Daemon Tools Lite, the non-commercial version of Daemon Tools Pro Standard. It has a graphical user interface (GUI) and command-line interface. It can support up to 4 virtual SCSI CD/DVD devices and can bypass copy protection schemes like SafeDisc and SecuROM.



To mount an ISO image using Daemon Tools, take the steps listed below:
After installation, right click the Daemon Tools icon (lightning bolt) located in the syst…

PXE Boot

Image
PXE Boot (Pre-eXecution Environment) is a protocol that boots computers without using a hard drive or an operating system. It is often used in industrial computers that do not require a graphical user interface, but require other applications to be run. PXE Boot is run over a network of computers and may or may not include Internet access. It is almost exclusively used in systems that are connected to a central server and uses subsequent computers to run virtual operating systems or DOS-like APIs.

How PXE Boot Works

PXE Boot requires that the computer it is installed on to boot from a network before any other operating systems or hard drives. If a local hard drive is connected to the computer, PXE Boot will be able to access it, but will also run if the hard drive is corrupted or nonexistent. PXE Boot receives all of its commands directly from the network server that it is connected to, with the network server handling all storage and user accessibility. The network server sends the na…

How to Use Recovery Console

Image
What is The Recovery Console?

The Recovery Console is a command-line prompt that is available in most versions of the Windows Operating System. It allows users to repair/replace broken, corrupted, or missing system files. These files are crucial to Windows' normal functionality and performance and the entire operating system can stop working if these files are damaged. In fact, Windows may not startup at all when these files are missing and requires the user to open the Recovery Console from the Installation CD or boot menu. The Recovery Console can be found in Windows XP, Windows 2000, and Windows Servers 2003. However, it has been replaced in Windows Vista and Windows 7 with an array of features known as System Recovery.

How To Install The Recovery Console
Users can take advantage of the Recovery Console by using the installation CD that came with the computer. If this disc is no longer available, the user can open the Recovery Console in the boot menu, but only if it has been pr…

usbehci.sys

Image
Usbehci.sys is a USB controller driver for Windows XP Service Pack 1. Usbehci.sys is a required file that manages USB ports and Plug-and-Play services. While Usbehci.sys should be included in any Windows Operating System installation, this file is often missing and may prevent the user from installing Windows XP properly. Usbehci.sys runs exclusively on the Windows Operating System and can be found in the Drivers subfolder of the primary hard drive’s System32 folder.



How Usbehci.sys Works

Usbehci.sys is the software component that allows the computer to run its USB ports and recognize USB-based devices that are connected to it. If Usbehci.sys is missing from the computer, the user may not be able to install the Windows Operating System properly, make repairs to it, or use the USB ports. If Usbehci.sys is not included in the Windows XP Service Pack 1 or Windows Operating System installation disc, the copy of either of these services is most likely corrupted or faulty.



Is Usbehci.sys Har…

csrss.exe

Image
Csrss.exe (Client/Server Runtime Subsystem) is a critical Windows Operating System process that manages console windows such as command line interface tools, command line interpreters, and text editors that do not need to display images. Csrss.exe runs in the Windows 2000, Windows XP, Windows 2003, Windows Vista, Windows Server 2008, and Windows 7 operating systems and can be found in the primary hard drive’s C:\Windows\System32 folder.



How Csrss.exe Works

Csrss.exe works bridges the gap between kernel space and user space on the computer. Kernel space refers to an area of the hard drive that is dedicated to running the core system files and maintaining the programming that supports the Windows Operating System. User space refers to an area of the hard drive that is dedicated to applications, programs, tools, and other software on the computer, whether it is system-related or not. By translating information between these two hard drive sectors, Csrss.exe is able to help maintain the W…