CS338 Computer Security
Friday, 13 October 2023


The students in this class have my permission to scan my server during this class period. If you are such a student and you want to do more scanning after class today, I'm willing to consider granting you permission, but please talk to me first. Actual people use the services on this server, and I'd like to avoid having it crash when I'm not available to fix it.

+ What can you learn about jeffondich.com?
- What is its IPv4 address?
- Does it have an IPv6 address, and if so, what is it?
- What subdomains does it have?
- What other domains or subdomains have the same IP address?
- What operating system does the jeffondich.com server use?
- What web server software is it using?
- Who is in charge of it?
- What ports are open on it, and what kinds of servers are listening
    on those ports?
- etc.

+ Ideas
    nginx 1.18.0 - port 80, 443
    http proxy - port 8080
    45.79.89.123 - vulnerable to DDoS
    certificate - let's encrypt; valid until Dec 4; 
    what other domains?
           

+ What threats is jeffondich.com subject to?
- Consider the proprietor of the domain, but also the users
    of the software found on the same server

+ A couple handy tools
    nmap domain_name
    nmap -sV domain_name
    nmap -v -sV domain_name
        [so many nmap flags! nmap --help; search "nmap examples" online; etc.]
    nslookup domain_name
    burpsuite
    ...

=========

+ Recap
- TCP, IP, packets
- HTTP basics
- Some cryptographic basics
    symmetric encryption
    asymmetric (public-key) encryption
        & RSA specifically
    cryptographic hashes
    digital signatures
    Diffie-Hellman key exchange
    X.509 certificates
    PEM, DER, ASN.1


+ Next
- A few security conceptual frameworks
- Threat modeling
- Authentication (including some password cracking)
- Intro to pen-testing
- Malware
- A little history
- Some simple ethical analysis
- ...

======