KERBEROS The Windows Authentication Protocol

The Internet is an insecure place. Many of the protocols used in the Internet do not provide any security. Tools to sniff passwords off of the network are in common use by malicious hackers. Thus, applications which send an unencrypted password over the network are extremely vulnerable. Worse yet, other client/server applications rely on the client program to be honest about the identity of the user who is using it. Other applications rely on the client to restrict its activities to those which it is allowed to do, with no other enforcement by the server.

Some sites attempt to use firewalls to solve their network security problems. Unfortunately, firewalls assume that the bad guys are on the outside, which is often a very bad assumption. Most of the really damaging incidents of computer crime are carried out by insiders. Firewalls also have a significant disadvantage in that they restrict how your users can use the Internet. (After all, firewalls are simply a less extreme example of the dictum that there is nothing more secure then a computer which is not connected to the network and powered off!) In many places, these restrictions are simply unrealistic and unacceptable. Continue reading…

SE Linux

SELINUX (Security-Enhanced Linux)

SELinux History

SELinux was originally a development project from the National Security Agency (NSA), Secure Computing corporation (SCC) and others. It is an implementation of SCC and others. It is an implementation of Flask Operating System security architecture. As a step in its evolution, SELinux was integrated into Linux kernel using the Linux Security Modules (LSM) framework. SELinux motivated the creation of LSM, at the suggestion of Linus Torvalds, who wanted a modular approach to security instead of just accepting SELinux into kernel. SELinux in now a standard component of RHEL and non-commercial distros like Fedora, Debian GNU/Linux, Gentoo Linux etc.


In the world of Linux, SELinux is the new buzzword. Most OS use access controls to limit the access a user/process has on other parts of the system such as files, devices, sockets, ports and other processes (called objects in SELinux). The two main types are

Continue reading…

Simple Network Management Protocol(SNMP)

The Simple Network Management Protocol (SNMP) is an application layer protocol that facilitates the exchange of management information between network devices. It is part of the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite.Two versions of SNMP exist: SNMP version 1 (SNMPv1) and SNMP version 2 (SNMPv2). Both versions have a number of features in common, but SNMPv2 offers enhancements, such as additional protocol operations.

Components of SNMP

An SNMP-managed network consists of three key components: managed devices, agents, and network-management systems (NMSs). A managed device is a network node that contains an SNMP agent and that resides on a managed network. Managed devices collect and store management information and make this information available to NMSs using SNMP. Managed devices, sometimes called network elements, can be routers and access servers, switches and bridges, hubs, computer hosts, or printers. An agent is a network-management software module that resides in a managed device. An agent has local knowledge of management information and translates that information into a form compatible with SNMP.An NMS executes applications that monitor and control managed devices. NMSs provide the bulk of the processing and memory resources required for network management. One or more NMSs must exist on any managed network.
Continue reading…

Exim – Basics


* Exim was written by Philip Hazel at the University of Cambridge in 1995.
* Written using the basic philosophy of Smail
* The name was derived from Experimental Internet Mailer as the outcome of the project at start was unknown.


* Exim is Open Source and distributed under the GNU General Public License (GPL)
* Exim is a Mail Transfer Agent (MTA)

Continue reading…