Tuesday, October 11, 2022

Computer Ports

There are many types of computer ports (i.e. usb, serial, NIC port, fiber, etc..), but we will tackle with the ports specific for communication or transfer of data.

There are two types of communication ports: Physical and Logical

Physical Ports are ports on your computer (NIC), switch or router to which a communication media (network cable) interconnects them. They are connected either by utp cable or fiber.



Logical Ports are numbers assigned to the OS and it's application, tied up with an ip address for communication.

In our example below, the User wants to access the web server below by opening his browser and types in http:example.com. The http protocol uses port 80. The client machine then uses random ports when it comes out from the machine. On the receiving end which is the web server, listens on port 80 (http). The requests from the client machine enters the webserver in port 80. When the webserver responds, it will enter the same or different port on the client machine.



Posted by at No comments:

Thursday, July 28, 2022

Powershell: ping multiple machines

 A simple powershell script to ping multiple IPs/Hostname

How to use


  • Replace the value of the variable $variable (example: $variable = “ipaddress”,”hostname”,”computername”,”website”)

  • Copy and paste the script in notepad and save with extension “.ps1

  • Run via the commandline in powershell

PS C:\Temp> .\ping.ps1

  • Or you can right click the file and run by “Run with PowerShell”




The Code
Read more »
Posted by at No comments:
Labels:

Wednesday, July 27, 2022

Remote Authentication Dial-In User Service (RADIUS)

Network Policy Server (NPS) as a Remote Authentication Dial-In User Service (RADIUS) server


Is a client-server protocol that enable radius clients to submit authentication and authorization requests to a radius server. The radius server passes the authentication request to an Identity Provider such Active Directory.

NPS performs authentication, authorization, and accounting for connection requests for the local domain and for domains that trust the local domain

In a WiFi network controller-based dominated by products such as Cisco, Aruba, Huawei, etc. and with the budget constraint, you can use Microsoft's NPS Radius feature. It is a more affordable way of implementing radius architecture in your network. The wireless controller is the source of RADIUS requests. In the case where there are no wireless controllers, the Access Points are the source of RADIUS requests.

Remote Authentication Dial-In User Service (RADIUS)

Is a client-server protocol that enable radius clients to submit authentication and authorization requests to a radius server.

The radius server passes the authentication request to an Identity Provider such Active Directory or to local database or even external database such as SQL.

Radius Client = Wireless Controller/Access Point


Requirements:

  • Port 1812 UDP Authentication

  • Port 1813 UDP Accounting

  • NPS Radius Server Certificate


Policies:

  • Connection Request Policies

  • Health Policies

  • Network Policies




With Wireless Controller







Without Wireless Controller


Posted by at No comments:
Labels:

Tuesday, July 26, 2022

Light-weight Directory Access Protocol

What is LDAP?

LDAP stands for Light-weight Directory Access Protocol. It is used to connect to a Directory Server to query Users and other Directory Objects.

How to integrate your apps to Active Directory via LDAP?

When you have apps on your on-premise network and need to use user authentication via Active Directory, you can connect your app to AD using LDAP protocol.


Two types of connectivity via LDAP


  1. Unsecure

  • using only ldap without security in place will expose password being sent on the network as plain text


  1. Secure

  • Using ldaps or SSL/TLS LDAP or Secure LDAP you are able to obscure ldap traffic

  • This will require you to have the ldap server’s certificate installed on the app server or imported to your app


Basic LDAP details


The basic ldap details you need to configure on your application are:


LDAP url

(ex. ldap://ldapserver.domain.com or ldaps://ldapserver.domain.com)


BaseDN

(ex. DC=domain,DC=com)


BindDN

(ex. CN=ldap_admin,OU=Users,DC=domain,DC=com)


Bind Password

(This will be the password of the ldap_admin account)


LDAP Port

(389, 636, 3268, 3269)



Final Notes

  • LDAPS would require you to install the ldap certificate on the app server end or imported in the app.


  • Some apps would require you to have the root certificate, chain certificate or just the ldap server certificate.


  • The ldap account used by your application must be non-expiring and it’s password must not expire as well, otherwise there will be issue with users logging in to the app.


  • LDAP url for secure ldap has ldaps indicated in the header


Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)