Diari Seorang Awi

Another Step,, Another Level,,

2007-02-26T08:40:00.000-08:00

Bulan 2,,

Masuk je 1/2/2007 aku dah start gi training kat Kolej Telekom, Taiping. Kursus nie selama 4 hari hinggalah ke hari Ahad. Kat sini kami diajar dengan mendalam apa yang kami perlu buat sebagai T.A untuk installation antivirus nie.

Skop keja kami mudah je, install antivirus kat setiap pc "HAK KERAJAAN MALAYSIA". Siap skali dengan network agent ngan patch management nya skali. Dengan memang senang ajer, tapi boleh dikatakan kita akan berdepan dengan masalah2 baru setiap sekolah yang kita kena install tue.

Setiap masalah yang kadang2 memang menensionkan. But, responsibility kami memang camtue, nak buat camna. Masa nie lah kita nak cedok sebanyak mungkin masalah2 network atau pc error(hardware atau software error) yang mungkin berlaku. Yang kadang2 memang kita tak sangka akan berlaku.

5/2/2007...

Sekolah pertama menjadi tempat pertemuan semua T.A ntuk Kedah dan Perlis ialah Kolej Sultan Abdul Hamid. Iaitu salah sebuah skolah bistari yang wujud kat Kedah nie. Sekolah nie kalau tak silap ada lebih kurang 200 ++. Tapi aku tak diassign kan kat skolah nie. Aku dan dua tiga orang lagi member (member sebowling di Taiping) sebulat suara untuk berbakti di sekolah ASMA. Tempat remaja2 perempuan bistari bertapa.

Environment skolah nie, memang ada feel lah untuk belajar. Tanda yang kami aku masuk pun, pikir dua-tiga kali nak bukak kasut ke tak nie..? Takdak tue boleh kita standarkan 5 Star, marvellous. Tapi makmal komputernya tahap2 ok je. Sebab banyak PC yang agak sederhana lama. Masih pentium 4 tapi performance nya kurang sikit la.

Kat sekolah nie, masalah yang kami hadapi ialah dengan tiba2 wujudnya software yang dipanggil "DEEp FREEze", selalunya dengar tapi tak biasa guna pun. Sebab bagi "pc" aku ia adalah kurang praktikal, tapi untuk cyberface dan schoolnet, very realistic. Dan yang menjadi masalahnya benda nie akan menyebabkan update download yang kami buat untuk AV software menjadi kurang effective. DAn sebagai makluman, nak buang benda nie pula memerlukan software itu sendiri, dan untuk deactive kan plak,, selalunya kenalah menekan Ctrl+Alt+Del+F6 sekaligus (selalunya camnie la) sebelum ia bleh diuninstall terus..

Deep Freeze nie tak akan membenarkan sebarang file hinggap di drive yang diprotectnya sehingga kita sendiri memberi kebenaran atau kita buang dulu benda nie. That all..

6/2/2007...

Pagi2 kami terus singgah ke skolah Teknik Alor Setar Plak,, masalah timbul apabila cikgu ICT bermeeting di langkawi. Bila ni terjadi susah lah kita nak tau hal sebenar "ICT" kat skolah tue, berapa pc yang kita bleh guna, dan berapa pc yang kita takbleh guna. Esok sambung mengantuk

Sebelum masuknya bulan dua,,,

2007-01-30T17:51:00.000-08:00

Nie adalah psot terakhir aku untuk bulan 2,,

Aku ingat settlekan dulu sebelum bulan dua datang,, juga bermaksud untuk aku mulakan praktikal aku kat Hospital Sultan Abdul Halim,, harap2 nyer best lah nanti...

Ok, start now,, 13/01/07 to 31/01/07,,,

Yang aku ingat 15/01/07 kami kena buat satu public speaking tentang sebarang tajuk yang ada kaitan dengan network security,, mula2 aku pilih IDS,, pastu aku tukar kepada wireless IDS,, untuk tambahkan kefahaman aku lagi mengenai IDS dan applikasinya untuk wireless,,

Yang tiga hari tue aku tak ingat kena buat apa,, jadi kita terus ke hari khamis bersamaan 18-1-07,, masa nie kami kena setup satu pc router base on freeBSD,, Alhamdulillah after a few mistake, correction,, finally our project succesfully,, Nanti aku nak masukkan beberapa print screen sebagai panduan untuk masa depan,, masa tau nak kena buat lagi plak kan benda2 nie masa time keje nanti..

Hari Jumaat, kami continue balik buat freeBSD router,,, Pastu Sabtu Ahad Isnin, cuti,, sambil2 tue aku buat preparation ntuk inteview hari Ahad tue kat GITN,, tak tau la dapat ke tidak,, harap2 dapat la gamaknya..

23/01/07 -- Tuesday --

Aku rasa yang sebenarnya kami, betul2 siap buat pc base router tue mungkin pada hari nie kot,, biasa la nak habis2 kursus nie,, otak kadang2 menerawang gi ke tempat lain,,, kami khususkan pc base router nie kepada 2 segment (jantan ngan pompuan),,

24/01/07 -- Wednesday --

Hari nie, kami kena cari password ntuk kami crack balik window login password yang telah diubah oleh cik zaidi.. Oleh sebab aku ngan wan guna Window XP service pack 3,, so kami tak berjaya untuk crack balik password, seperti yang sepatutnya macam orang lain,, jadi keesokan harinya kami(aku ngan wan) terpaksa untuk meminta cik masukkan balik password,,

Tapi, lepas tue dapat jugak aku cari software yang baik punya untuk crack login passwords,, bukan setakat administrator,, tapi jugak user2 yang lain yang ada,, salah satu software yang aku rasa betul2 best,, dalam koleksi software yang pernah aku dapat...

25/01/2007 -- Thursday --

Hari nie kami buat "authentication for login" untuk tiga jenis side,, server side, client side, apache side,, Software2 untuk application camnie,, kita boleh browse kat mana,, memang banyak yang boleh kita dapat (free).

Untuk jenis side yang ketiga,, kita bleh tengok contoh posting/tutorial daripada kedahonline.net.
Hari jumaat pun kami sambung buat benda nie jugak,, alhamdulillah berjaya jgak akhirnya..

29/01/2007 -- Smoothwall,,

Kami diberi seminggu untuk siapkan pc base firewall using smoothwall express 2.0... Benda nie sebenarnya tak la sangat configurationnya,, tapi sebab aku tak berapa faham2 istilah basic,, yang sepatutnya aku faham dulu sebelum buat benda nie, jadi banyaklah masa yang terbuang untuk siapkan benda nie.. Dan finally akhirnya siap gak smoothwall / basic configuration yang kami buat.. Aku rasa smoothwall nie gabungan antara IDS/IPS.

Nanti2 lah aku diagramkan balik smoothwall segmentation untuk KISMEC nie..

2007-01-18T15:24:00.000-08:00

Simpulan ntuk 10, 11, 12 haribulan,,

Aku dah ingat2 lupa dah benda yang aku belaja ntuk 2-3 hari nie,, tapi aku rasa nielah benda2 yang aku belaja dalam tempoh tue...

Kami semua diberi waktu ntuk buat preparation untuk presentation macam Public Speaking untuk budak2 IT pada hari Selasa nie.

Untuk tajuk nie mula2 aku pilih IDS, tapi last2 minute aku tukar tajuk untuk sesuatu yang lebih mencabar sikit. Aku pilih wireless IDS (Barcoding Inc). Aku pilih tajuk nie sebab, aku rasa nie salah satu bab yang aku minat. IDS nie stand for Instrusion Detection System. Nak tau lebih lanjut, blehlah tengok kat bawah.

Untuk memudahkan kefahaman tentang analogi bagaimana benda nie berfungsi, aku memilih Barcoding Inc. product ntuk Wireless IDS nie. Aku simpulkan kat sini bagaimana wireless IDS nie berfungsi.

Wireless Device - Iaitu device yang menggunakan applikasi wireless dan menggunakan access point untuk masuk/join dalam sesuatu network tue.

Access Point - Boleh dikatakan sebagai medium perantaraan antara wireless devices dan server untuk pengongsian maklumat.

Wireless Switch - Central hub yang menjadi penghubung antara access point dan server.

Server - Yang menyimpan segala jenis maklumat. Yang kemudiannya menyebarkan maklumat tersebut. Yang mana segala report, logged report akan dihantar oleh IDS ke sini yang kemudiannya akan dihantar kepada monitoring system yang diselia oleh operator yang kemudiaannya akan memutuskan apa yang perlu dilakukan kepada potential threat yang diterima...

IDS devices,,'

Wireless Drones,,, Satu devices yang diletakkan pada tempat yang strategik untuk menyesan dan capture segala jenis radio fraquency yang dikeluarkan oleh wireless devices yang terdapat dalam sesebuah network itu yang cuba untuk join sesuatu WLAN itu.

YAng mana dengan radio frequency yang diterima dapat diperolehi daripadanya info2 seperti IP address, MAC address, access point yang digunakan sebagai pintu dan medium wireless yang digunakan. Dan kalau ditambah dengan GPS kita bleh dapat tau posisi yang lebih tepat kat mana sesuatu devices tue berada.

Yang mana selepas itu, IDS akan create email, pop-up alert yang kemudiannya akan dihantar kepada monitor system untuk tindakan susulan... Nanti sambung balik,,

Syarahan yang bertajuk, IDS "Intrusion Detection System"

2007-01-09T23:25:00.000-08:00

Rasanya post nie aku akan research aku dengan lebih mendalam. Sebelum tue aku settlekan dulu kerja yang diberi...

Pertama skali, kita kena tau IDS tue stand for what. "IDS" is stand for "Intrusion Detection System".

Secara amnya IDS nie digunakan untuk detect manipulasi yang tidak diingini terhadap system komputer kita terutamanya yang datang melalui internet. "Serangan2" dan ancaman2 nie semestinya datang daripada skilled hacker atau daripada "script kiddies" yang menggunakan software yang sedia ada, dan sangatlah senang untuk didownload di internet.

IDS nie digunakan untuk detect segala malicious(aktiviti jahat) network traffic dan penggunaan komputer(cubaan2 jahat) untuk menjahamkan komputer kita yang biasanya tidak boleh di kesan oleh convensional firewall(dinding api) yang biasa.

Ini termasuklah serangan yang dibuat melalui vulnerable services/perkhidmatan2 yang mengandungi lobang2/atau boleh kita katakan sebagai kecacatan yang mana, amat ditunggu- tunggu oleh hackers dan segala jenis script kiddies untuk menceroboh system yang terdedah dengan kelemahan itu.

Antara ancaman2 yang dapat dikesan/disekat oleh IDS ialah:-
-- Data driven attacks on application - Contohnya malware yang diselitkan pada software2.
-- Host based attacts such as privilege escalation.
-- Unauthorized logins and access to sensitive files.
-- Malware (Viruses, Trojan Horses, and also worms.

IDS nie terdiri daripada beberapa components that is Sensors, Console, Engines.

--Sensors which create security events.

--Console which monitor events and alerts and control the sensors.

-- Central ENGINE which records events logged by the sensors in a database and uses a systems of rules to generate alerts from security events received.

Ada beberapa cara untuk membezakan IDSs yang ada iaitu dengan melihat jenis, dan kedudukan SENSORS dan cara/kaedah/methodology yang digunakan central ENGINE untuk generate alerts. Secara simplenya, semua IDS component nie terletak pada device dan appliance yang sama...

Types of Intrusion-Detection Systems

Untuk NIDS (network-based Intrusion Detection System), sensors terletak pada "choke point" dalam sesuatu jaringan yang kita perhatikan/monitored. Selalunya pada DMZ - Demilitarized Zone (DMZ) atau pada network borders. Sensors pada kedudukan ini amat sesuai untuk memerhati, menganalisis, individual packets for malicious traffic.

Dalam sesuatu system tue(network), PIDS n' AIDS digunakan untuk mengawasi, the transport and protocols illegal and inappropriate traffic dan bahasa programming yang menarik(SQL). In a host-based system, sensor untuk system jenis nie biasanya terdiri daripada software agent, yang mana software agent nie akan mengawasi segala aktiviti pada hosts yang diistallkan benda nie. Ada juga system yang campur skali dua-dua jenis system nie (hybrids)

-- NIDS ialah satu platform bebas yang akan monitor network system tue dengan mengenal pasti intrusion yang datangnya dari network traffic dan multiple hosts yang ada. NIDS dapat mengawasi network traffic dan

Semalam 9/1/07

2007-01-09T23:13:00.000-08:00

Semalam kami skali lagi focus buat wireless network connection between two LAN. That is Johor and Kedah. We try to make in realtime application, mean that we can't connected to other network segment directly...

Same as yesterday, we redo again the same foolish mistake, that make us waste a lot of time. The mistake is only we cant us subnet mask class A for ip address class C. This mistake both for the router configuration and also on the host configuration itself.

BUt xtually the true mistake that we make are, misunderstanding between the two group itself. This happen because we dont make a basic plan for all what we will doing to setup the network and make sure that all connection are ok...

And then before, we go back home, we are given new task to test a web scanner software that is "nikto". Purpose of this software is to detect/find any valnurable that can be found on any website that we scan. This purpose make this software can be use on both side,, good or Evil. This software also give so much help for security auditor to close/prevent bad port from being "hacked".

That all, penat dah..

Jumaat dan Senayan

2007-01-08T18:57:00.000-08:00

Jumaat,, 5/1/07,,

Hari nie kami praktikkan balik apa yang kami buat semalam,, Benda ni sebenarnya senang, kalau kita ikut step by step. First skali benda yang kita kena buat ialah baca manual dia dulu. Pastu kita mulakan dengan configure router. After we configure the router like instructed then, we configure the host computer, until we can complete all the ping test:-

1. We ping all the host that enable in our LAN (localhost).
2. Then we ping the localhost(or we set it as default gateway on the host ipc setting)
3. After that we ping the WAN ip address.
4. After we finish with our 2 segmentation(our localhost (WAN and LAN)) and then we try to ping other LAN,, starting with other WAN IP.
5. After that we ping ip host in another LAN.

Isnin,, 6/1/2007,,

Today we learn setup the same network, but using different method of connection, that is wireless. For this purpose, we rename this 2 LAN as Kedah and Johor. After we do idiot mistake, (Actually we have to use pathway cd, but hahaha idiotly we used the router cd to install the driver for pathway).. But the genius begin with some idiot wright..?

OK,, for next post I will start to do a serioussss giler complete research that I can full fill with my heart, brain, soul and so onn lahhhHHH...

Khamis,, 4/01/2006

2007-01-03T23:55:00.000-08:00

Network Cabling,,,

Basically today we learn about network cabling,, Our purpose is to connect 2 LAN with different segmentation together,, THat it,, Esok kami akan buat practical tue jer...

27-12-06, Rabu

2007-01-03T17:31:00.000-08:00

Hari nie kami belaja serba sedikit pasal fiberoptic,,

simply fiber optic have 3 type
-single mode
-multimode
-plasticOpticalFiber

brief explain about single mode:-
Exp:- To connect two LAN or for fast transmission signal.

Hari nie jugak, kami ada short briefing about LIFE IN AUSTRALI,
- We are giving short briefing by brother bob about life is Australia, oppurtunities in getting Job, Business, studies and so on. Advantages that we get when we get the PR.

-----End of Rabu--

Masuk 28-12-06

Hari nie kami belajar pasal port scanning using nmap, and other utilities that available that we can choose as port scanner.

**Hari nie, hari Jumaat**

Kami belajar pasal threats untuk computer...

Focus on virus,,

----End of Friday, start holiday to celebrate NEW YEAR n' AIDILADHA... ----

Today, I try to build my first virus using a virus toolkit. Virus nie aku namakan patheticX. Virus nie takder la datangkan banyak masalah, sebab dia cuma bagi sedikit effect pada microsoft Outlook. Get all address on address books, and then sprade themself on the address,, do the same process(duplicate, and execute itself) again n' again...

Kami juga blaja pasal sub7, sejenis trojan(people call it backdoor). Trial nie tk jd, maybe sebab OS XP Pack2 nie dah ada security yang siap2 block on the virus to activate...

Summary from 11 to 22 DEC 06

2006-12-23T20:25:00.000-08:00

11 Dec monday,,

Hari nie kami kena buat resume dan cari tempat untuk praktikal. Untuk nie aku buat 20 copy, untuk possibility 20 company...

12 Dec Tuesday,,

Hari nie kami discuss about SQL,,

example for database programme, software, language, - MySQL
- Access
- FoxPro
- DBase
- Oracle

After that we learn, how to create our own database,, using phpMyAdmin

WED 13/12/06----------

Sanitization -- Make some restrictly condition that have to follow to neter/login.. Example ID: <>

Php Server side coding - XML client side
--ASP, jsp, perl -- Php server side
--Flash, xml, html, javascript, dhtml

--Ettercap (Benda nie akuk nak try untuk diri sendiri)

--Hari isnin 18/12/06

Network Security -- Satu lg prinsip ntuk network security aku blaja hari nie...

<<>>

This means that in order to protect ourselves effectively, we need to understand and experince the same tools and techniques are used against us...

Some basic of ettercap.. Are using MITM <> (-_-) senyap dok tengah2..
Eaves dropping(traffic analysis-known-plaintext)

--#ARP Poisoning#--

This is one of the option that are have in ettercap that we can use to sniff somebody with poisoning the ARP for the prey..

ARP - Is the mechanism for matching of IP addresses with the address in an ethernet network..

Broadcasting - Datagram addressed to all workstations in the network. (Broadcast - datagram)-->request for the IP address. This wil make the computer in current ethernet will compared the request send with their own IP...

--Tuesday-- 19/12/06

Today we learn on how to use the mySQLd

For this purpose we have setup a LAN network using this configuration:-

Network == 192.168.10.0 - 12
Subnet == 255.255.255 .0
Getway == 192.168.10.1 (Using Lut PC)

Khamis 21/12/06
-------------------------

We about FTP server _Example - vsFTPd (vs - very secure )
- pure FTD
- proFTPd

FTP client - DAP
- gFTP

Friday 22/12/06---------------------------------

Today we learn about - DDOS
- ICNP
- BFD/APF (Brute Force Detection/Advance Policy Firewall)

Tuesday, WeD

2006-12-10T17:26:00.000-08:00

KEYLOGGER,,

Hari nie kami blaja pasal keylogger, satu software yang tujuan asalnya digunakan sebagai parental purpose untuk monitor aktiviti anak2, atau pekerja yang surf internet,, kalau2 diorang masuk laman web yang tak dikehendaki/providence site.

This purpose then have been develope dan growth to make it more usefull, and multipurpose. And today, we can monitor in real time(screenshot) with more interactive presentation.

Kami juga ditambahkan lagi dengan projek baru iaitu menginstall keylogger nie pada komputer lain, for experimental purpose.

---End of 5/12/05--

Then we are showed a movie about hackers in their own world, and the title is "HACKERS". Before the big screen on, encik Kamal give us short briefing about hacker and some of hacker/cracker technique that usually being used by hacker, or script kiddies, or anyone that like to hack someone site. Like:-

-- nmap
--exploit
--netcat
--ettercat
--google
--browser

Protection,, Here are some useful technique/software to secure "our belonging"

-- snort
-- APF
-- BFD

----End of 6/12/06--

7/12/06 -- Thursday --

--SECURITY from the NON-Ethical Hackers--

Simple we can conclude that security have 3 main issues that is:-
-- Productivity # information
# networking
-- Service
-- Process

New Economy Thread
-- Agriculture
-- Industrial
-- IT
-- ICT
-- Nanotechnology # Example verichip.

*remote - exploit.org
*unicode bug.(effect 2000 server)
*zone-h
*anthiphising.org
*LC5 (scan password - windowXP)
*@stakeLC5
*Example of good password = p@ssw0rd

Types of attacks
--Access
--Modification
--Denial of service
--Repudiction
Example software
.Archilles (Modification)
.SynDos (Denial)

--Ettercap (Hacking tool for centOS)
--GFILAN Guard
--Tor website

Yehaaa,,,!!! Dah sampai level 7 ... Thank u to all the sifuuu... Untuk level 5 nie dia injectionnya javascript:alert( document.forms[0].to.valve = "nawawi.84@gmail.com" )

0-- End of 7/12/06 --0

That day we learn about Hacking-Phreaking-Cracking
-- the differentation between that group.

From my opinion, hacker is a person that understand the coding and then use the weakness or vulnerable of the website that he/she want to hack and then go inside it. Crackers for me are kiddies, and hackers are genius(natural genius or build up genius).

hari Rabu, Khamis, Jumaat

2006-12-04T20:31:00.000-08:00

KAmi waktu blaja pasal cat 5 cable, cat 6 ngan dia punya ciri2nya skali, secara umumnya.. Macam tranmission, max speed, max length.. Ngan 2 jenis standard yang kita slalu gunakan T568A(American) -T568B(British). Kami blaja pasal CABLE MANAGEMENT, ntuk nie kami fokuskan kalau terjadi WORST CASE SCENARIOS".. Kalau2 la terjadi benda macam nie, dan memang akan terjadi bila kita kerja nanti. Patch panel yang kami gunakan jenis AMP Netconnect. Kami blaja berdasarkan konsep "try n error". Kami kena cari connection untuk setiap segment dan pinnya skali. Kami juga kena buat line phone untuk local guna PABX. Blaja guna konsep nie memang akan menyusahkan kapla. Tiga hari kami blaja buat benda nie. Tapi sikit jer yang aku faham sebab benda sikit, tapi yang nak try buat ramai.

isnin dan selasa

2006-11-27T23:16:00.000-08:00

Hari isnin kami blaja pasal cracking/hacking. Kami tengok clip2 pasal benda2 tue semua. Tapi satu benda pun aku tak faham. Takper slow2. Kami diberi domain buat satu web. Laman web nie, macam kubu yang kami kena pertahankan, sambil serang-menyerang antara satu sama lain,, rasa2nya macam best je..

----->End of Day monday<----

Pastu hari selasa plak kami blaja pasal "tembaga" atau dalam nama standardnya copper. Kami buat straight-through cable. Kami juga blaja serba sedikit, basic plan untuk buat sesuatu LAN network. Apa faktor2 yang kami kena ambil kira.. Pastu kami blaja pasal jack modulator... Yang nie aku buat tak jadi sebab, jack RJ45 dah habis stok. Takper nanti blaja lain... <<---End Of today-->>

Linux Security Basic

2006-11-26T17:21:00.000-08:00

-Intro-

Dunia IT sentiasa bergerak pantas dari saat ke saat, seiring dengan "Software Development" yang juga semakin maju. Ditambah pula dengan kos penggunaan internet yang semakin murah dan senang didapati di mana saja di seluruh dunia menjadikan isu security satu isu yang tak pernah ada penghujungnya.

Tapi sebagai seorang pengguna atau bakal pentadbir IT sistem, kita hendak tahu camner nak melindungi sistem yang kita gunakan. Sebab isu security adalah satu isu besar yang tak bleh diremehkan.

Controlling File Permissions and Attributes:-

Ini merupakan langkah basic yang bleh kita gunakan untuk monitoring user yang dok guna user kita. Ini untuk mengelakkan sebarang aktiviti yang tidak sepatutnya berlaku dapat kita disekat.

Selalulah audit systems kita daripada sebarang "unauthorized" and "unnecessary" use of the setuid and setgid permissions. Untuk tujuan ini kita gunakan "Set-user-ID root" programs setelah kita log sebagai su atau root user. Actually, banyak program yang setuid dan setid dibenarkan untuk benda yang tidak sepatutnya. Yang pada asalnya ialah hanya untuk kegunaan root user.

-->root# find / -type f -perm +6000 -ls

59520 30 - rwsr-xr-x 1 root root 30560 Apr 15 1999 /usr/bin/chage
59560 16 - r-sr-sr-x 1 root lp 15816 Jan 6 2000 /usr/bin/lpq

-->root# chmod -s /use/bin/chage /usr/bin/lpq
-->root# ls -1 /usr/bin/lpq /usr/bin/chage

-rwxr-xr-x 1 root root 30560 Apr 15 1999 /usr/bin/chage
-r-xr-xr-x 1 root lp 15816 Jan 6 2000 /usr/bin/lpq

World-writable file senang diubah dan dibuang, jadi cari semua world-writable.

-->root# find / -perm -2 ! -type 1 -ls

Dalam normal course operation, kadang2 file dari /dev dan /tmp juga adalah world-writable file. Kadang2 file macam nie milik intruder yang ingin buat onar dalam system kita.

Kemudian kita cari file yang takder tuan atau takder join mana2 group...

Untuk mulakan proses ini, kita hendaklah mencari semua setgid and setuid program dalam host kita dan "kill" dan keluarkan setuid or setgid permissions untuk program yang suspicious dengan menggunakan chmod;-

root# find / -nouser -o -nogroup

Menggunakan lsattr dan chattr commands, admin bleh mengubah characteristics file dan directories, termasuklah untuk buang atau ubah berdasarkan chmod. Penggunaan "append-only' dan "immutable" attributes adalah salah satu cara effective untuk menghalang log files daripada didelete, atau "Kuda trojan" daripada dimasukkan dalam binaries tertentu yang penting untuk sistem kita.

Log files bleh dilindungi dengan membubuh permit kat situ. Apabila data telah dimasukkan/ditulis maka ia tidak bleh diubah. Untuk menggunakan option ini, kita hendaklah melakukan sedikit pengubahsuaian pada log rotation scripts kita. Ini juga sebagai perlindungan tambahan daripada percubaan biskut "cracker" untuk remove track dia. Log file hendaklah dijadikan immutable. File yang sesuai untuk buat benda nie ialah /bin/login, /bin/rpm/etc/shadow atau sebagainya yang tidak berubah selalu.

# chattr +i /bin/login
# chattr +i /var/log/messages
# lsattr /bin/login /var/log/messages
----1--- /bin/login
-----a-- /var/log/messages

Sebenarnya takder alasan untuk membenarkan users to run setuid program daripada directories rumah(home) mereka. Jadikan gunakan option dalam /etc/fstab untuk partition yang dibuat oleh user(selain root). Bleh juga kalau nak guna nodev dan noeexec pada partition rumah user, sama macam /var. Benda nie semua adalah digunakan untuk menghalang execution of programs, and creation of character or block devices.

**********************General Security Tips:**********************************

AutoRPM on Red Hat and apt-get on Debian can be used to download and install
any packages on your system for which there are updates. Use care when
automatically updating production servers.

IP Masquerading enables a Linux box with multiple interfaces to act as a gateway to remote networks for hosts connected to the Linux box on the internal network interface. See the IP Masquerading HOWTO for implementation information.

Install nmap to determine potential communication channels. Can determine remote OS version, perform stealth scans by manipulating ICMP, TCP and UDP, and even potentially determine the remote username running the service. Start with something simple like:

# nmap 192.168.1.1

Password-protect LILO for servers in public environments to require authorization when passing LILO command-line kernel parameters at boot time. Add the password and restricted arguments to /etc/lilo.conf, then be sure to re-run /sbin/lilo:

image = /boot/vmlinuz-2.2.17
label = Linux
read-only
restricted
password = your-password

The OpenWall kernel patch is a useful set of kernel security improvements that helps to prevent buffer overflows, restrict information in /proc available to normal users, and other changes. Requires compiling the kernel, and not for newbies.

Ensure system clocks are accurate. The time stamps on log files must be accurate
so security events can be correlated with remote systems. Inaccurate records make it impossible to build a timeline. For workstations, it is enough to add a crontab entry:

0-59/30 * * * * root /usr/sbin/ntpdate -su time.timehost.com

Install and execute the Bastille Linux hardening tool. Bastille is a suite of shell scripts that eliminates many of the vulnerabilities that are common on default Linux installations. It enables users to make educated choices to improve security by asking questions as it interactively steps through securing the host. Features include basic packet filtering, deactivating unnecessary network services, auditing file permissions, and more. Try the non-intrusive test mode first.

Configure sudo (superuser do) to execute privileged commands as a normal user
instead of using su. The administrator supplies his own password to execute specific commands that would otherwise require root access. The file /etc/sudoers file controls which users may execute which programs. To permit Dave to only manipulate the printer on magneto:

Cmnd_Alias LPCMDS = /usr/sbin/lpc, /usr/bin/lprm
dave magneto = LPCMDS

Dave executes sudo with the authorized command and enters his own password
when prompted:

dave$ sudo /usr/sbin/lpc
Password:
lpc>

Password security is the most basic means of authentication, yet the most critical means to protect your system from compromise. It is also one of the most overlooked means. Without an effective well-chosen password, your system is sure to be compromised. Obtaining access to any user account on the system is the tough part. From there, root access is only a step away. Run password-cracking programs such as John the Ripper or Crack regularly on systems for which youre responsible to ensure password security is maintained. Disable unused accounts using /usr/bin/passwd

-l. Use the MD5 password during install if your distribution supports it.

Packet filtering isnt just for firewalls. Using ipchains, you can provide a significant amount of protection from external threats on any Linux box. Blocking access to a particular service from connecting outside of your local network you might try:

# ipchains -I input -p TCP -s 192.168.1.11 telnet -j DENY -l

This will prevent incoming access to the telnet port on your local machine if the connection originates from 192.168.1.11. This is a very simple example. Be sure to read the IP Chains HOWTO before implementing any firewalling.

Network Intrusion Detection:

Intrusion detection devices are an integral part of any network. The Internet is constantly evolving, and new vulnerabilities and exploits are found regularly. They provide an additional level of protection to detect the presence of an intruder, and help to provide accoutability for the attacker's actions.

The snort network intrusion detection tool performs real-time traffic analysis,
watching for anamolous events that may be considered a potential intrusion attempt. Based on the contents of the network traffic, at either the IP or application level, an alert is generated. It is easily configured, utilizes familiar methods for rule development, and takes only a few minutes to install. Snort currently includes the ability to detect more than 1100 potential vulnerabilities. It is quite feature-packed out of the box:

Detect and alert based on pattern matching for threats including buffer overflows, stealth port scans, CGI attacks, SMB probes and NetBIOS queries, NMAP and other portscanners, well-known backdoors and system vulnerabilities, DDoS clients, and many more;
Can be used on an existing workstation to monitor a home DSL connection, or on a dedicated server to monitor a corporate web site.

*************************LINUX Security Resources******************************

Apache directory and password protection
http://www.apacheweek.com/features/userauth

Bastille Linux Project
http://www.bastille-linux.org

BugTraq Full Disclosure Mailing List
http://www.securityfocus.com/forums/bugtraq/intro.html

Building Internet Firewalls, Second Edition
OReilly & Assoc, ISBN 1565928717

CERT Security Improvement Modules
http://www.cert.org/security-improvement
Introduction to Linux Security
http://www.linux-mag.com/1999-10/security_01.html

Linux Intrusion Detection Resources
http://www.linuxsecurity.com/intrusion-detection

John the Ripper Password Cracker
http://www.openwall.com/john

Linux and Open Source Security Advisories
http://www.linuxsecurity.com/advisories

LinuxSecurity.com Security Reference Info
http://www.linuxsecurity.com/docs

LinuxSecurity.com Security Discussion Lists
http://www.linuxsecurity.com/mailing-lists.html

LinuxSecurity.com Tip of the Day
http://www.linuxsecurity.com/tips

LinuxSecurity.com Weekly Security Newsletter
http://www.linuxsecurity.com/newsletter.html

OpenSSH secure remote access tool
http://www.openssh.com

OpenWall Security Project
http://www.openwall.com

Network Time Protocol information
http://www.ntp.org

nmap Port Scanner
http://www.insecure.org/nmap

Practical UNIX & Internet Security, Second Ed.
OReilly & Assoc, ISBN 1565921488

rsync Incremental File Transfer Utility
http://rsync.samba.org

Secure Shell FAQ
http://www.employees.org/~satch/ssh/faq/

Security-related HOWTOs and FAQs
http://www.linuxsecurity.com/docs

Site Security Handbook (RFC2196)
http://www.linuxsecurity.com/docs/rfcs/rfc2196.txt

sudo root access control tool
http://www.courtesan.com/sudo

Snort Network Intrusion Detection System
http://www.snort.org

Tripwire file integrity tool
http://www.tripwiresecurity.com

Using Snort
http://www.linuxsecurity.com/using-snort.html

***************************Security Glossary*********************************

Buffer Overflow: A condition that occurs when a user or process attempts to place more data into a programs storage buffer in memory and then overwrites the actual program data with instructions that typically provide a shell owned by root on the server. Accounted for more than 50 percent of all major security bugs leading to security advisories published by CERT. Typically associated with set-user-ID root binaries.

Cryptography: The mathematical science that deals with transforming data to render its meaning unintelligible, prevent its undetected alteration, or prevent its unauthorized use.

Denial of Service: Occurs when a resource is targeted by an intruder to prevent legitimate users from using that resource. They are a threat to the availability of data to all others trying to use that resource. Range from unplugging the network connection to consuming all the available network bandwidth.

IP Spoofing: An attack in which one host masquerades as another. This can be
used to route data destined for one host to antoher, thereby allowing attackers to intercept data not originally intended for them. It is typically a one-way attack.

Port Scanning: The process of determining which ports are active on a machine. By probing as many hosts as possible, means to exploit the ones that respond can be developed. It is typically the precursor to an attack.

Packet Filtering: A method of filtering network traffic as it passes between the firewalls interfaces at the network level. The network data is then analyzed according to the information available in the data packet, and access is granted or denied based on the firewall security policy. Usually requires an intimate knowledge of how network protocols work.

Proxy Gateway: Also called Application Gateways, act on behalf of another
program. A host with a proxy server installed becomes both a server and a client, and acts as a choke between the final destination and the client. Proxy servers are typically small, carefully-written single-purpose programs that only permit specific services to pass through it. Typically combined with packet filters.

Set User-ID (setuid) / Set Group-ID (setgid): Files that everyone can execute as either it's owner or group privileges. Typically, you'll find root-owned setuid files, which means that regardless of who executes them, they obtain root permission for the period of time the program is running (or until that program intentionally relinquishes these privileges). These are the types of files that are most often attacked by intruders, because of the potential for obtaining root privileges. Commonly associated with buffer overflows.

Trojan Horse: A program that masquerades itself as a benign program, when in fact it is not. A program can be modified by a malicious programmer that purports to do something useful, but in fact contains a malicious program containing hidden functions, exploiting the privileges of the user executing it. A modified version of /bin/ps, for example, may be used to hide the presence of other programs running on the system.

Vulnerability: A condition that has the potential for allowing security to be
compromised. Many different types of network and local vulnerabilities exist and are widely known, and frequently occur on computers regardless of their level of network connectivity, processing speed, or profile.

Kernel Security:

Several kernel configuration options are available to improve security through the /proc pseudo-filesystem. Quite a few of the files in /proc/sys are directly related to security. Enabled if contains a 1 and disabled if it contains a 0. Many of the options available in /proc/sys/net/ipv4 include:

icmp_echo_ignore_all: Ignore all ICMP ECHO requests. Enabling this option will prevent this host from responding to ping requests.

icmp_echo_ignore_broadcasts: Ignore ICMP echo requests with a broadcast/
multicast destination address. Your network may be used as an exploder for denial of service packet flooding attacks to other hosts.

ip_forward: Enable or disable the forwarding of IP packets between interfaces. Default value is dependent on whether the kernel is configured as host or router.

ip_masq_debug: Enable or disable debugging of IP masquerading.

tcp_syncookies: Protection from the SYN Attack. Send syncookies when the SYN backlog queue of a socket overflows.

rp_filter: Determines if source address verification is enabled. Enable this option on all routers to prevent IP spoofing attacks against the internal network.

secure_redirects: Accept ICMP redirect messages only for gateways listed in default gateway list.

log_martians: Log packets with impossible addresses to kernel log.

accept_source_route: Determines whether source routed packets are accepted or
declined. Should be disabled unless specific reason requires it. The file /etc/sysctl.conf on recent Red Hat contains a few default settings and is
processed at system startup. The /sbin/sysctl program can be used to control these parameters. It is also possible to configure their values using /bin/echo. For example, to disable IP forwarding, as root run:

echo 0 > /proc/sys/net/ipv4/ip_forward

This must written to a system startup file or /etc/sysctl.conf on Red Hat to occur after each reboot. More information is available in proc.txt file in the kernel Documentation/ directory.

************************Disable Unnecessary Services**************************

Disabling or removing unused programs and services from your host is the most
effective way to limit threats originating from a remote host. Use your distributions package management tools to scan the list of installed packages, then remove those that are unnecessary.

Many of the services running from inetd are legacy programs, which are hardly
ever required, yet typically enabled by default. The file /etc/inetd.conf is
used to specify which services are offered. Disable all services that you do not want to provide by commenting them out using the # character in the first column of the line.

The /etc/rc*.d or /etc/rc.d/rc* directories contains shell scripts that
control the execution of network and system services during runlevels. Rename or otherwise disable any that are not required or remove the package entirely. Red Hat users can use /sbin/chkconfig --list to list which services run in which runlevel, and /sbin/chkconfig --del to disable a service.

If you dont understand what a particular service does, disable it until you find out.Use netstat and ps to confirm they have not been started after a reboot. Use /bin/netstat -a -p --inet to determine which are available and the
process ID associated with them. A port scanner should also be used to get a view of what remote hosts see.

****************************Checking Package Integrity***********************

The md5sum command is used to compute a 128-bit fingerprint that is strongly
dependant upon the contents of the file to which it is applied. It can be used to compare against a previously-generated sum to determine whether the file has
changed. It is commonly used to ensure the integrity of updated packages
distributed by a vendor:

# md5sum package-name
995d4f40cda13eacd2beaf35c1c4d5c2 package-name

The string of numbers can then be compared against the MD5 checksum published by the packager. While it does not take into account the possibility that the same person that may have modified a package also may have modified the published checksum, it is especially useful for establishing a great deal of assurance in the integrity of a package before installing it.

**********************Install and Configure OpenSSH:*************************

OpenSSH is a replacement for telnet and ftp that eliminates eavesdropping,
connection hijacking, and encrypts all communication between hosts. One of the
most indepensible free security tools in existence.

Install the OpenSSH and OpenSSL Packages:
openssh-.rpm
openssh-server-.rpm
openssh-clients-.rpm
openssl-.rpm

Generate Public/Private Key Pair:

OpenSSH uses public key cryptography to provide secure authorization.
Generating the public key, which is shared with remote systems, and the private
key which is kept on the local system, is done first to configure OpenSSH.

orion$ ssh-keygen
Generating RSA keys: ...ooooooO....ooooooO
Key generation complete.
Enter file in which to save the key (/home/dave/.ssh/identity):
Created directory '/home/dave/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/dave/.ssh/identity.
Your public key has been saved in /home/dave/.ssh/identity.pub.
The key fingerprint is:
ac:42:11:c8:0d:b6:7e:b4:06:6a:a3:a7:e8:2c:b0:12 dave@orion

Copy Public Key to Remote Host:

host2$ mkdir -m 700 ~dave/.ssh
host2$ cp /mnt/floppy/identity.pub ~dave/.ssh/authorized_keys

Log in to Remote Host:

The SSH client (/usr/bin/ssh) is a drop-in replacement for rlogin and rsh. Itcan be used to securely login to a remote host:

orion$ ssh host2
Enter passphrase for RSA key 'dave@orion':
Last login: Sat Aug 15 17:13:01 2000 from orion
No mail.
host2$

Copy Files to Remote Host:

The OpenSSH package also includes scp, a secure and improved replacement for
rcp. This allows you to securely copy files over a network.

orion$ scp /tmp/file.tar.gz host2:/tmp
Enter passphrase for RSA key 'dave@orion:
file.tar.gz 100% |***************************| 98304 00:00

It is also possible to encapsulate ordinarily insecure protocols such as IMAP and POP within SSH to prevent transmitting clear text passwords to your mail server. Additionally, the rsync incremental file transfer utility can use SSH to securely synchronize two hosts or backup data to a log server securely. SSH can even be used to securely connect two subnets across the Internet, effectively creating a virtual private network. Disable remote root logins and emtpy password ability.

********************************Apache Security******************************

Limit Apache to listen only on local interface by configuring
/etc/httpd/conf/httpd.conf to read:
Listen 127.0.0.1:80
Use the following to disable access to the entire filesystem by default, unless explicitly permitted. This will disable printing of indexes if no index.html exists, server-side includes, and following symbolic links. Disabling symlinks may impact performance for large sites.

Options None
AllowOverride None
Order deny,allow
Deny from all

Use the following to control access to the server from limited
addresses in /etc/httpd/conf/access.conf to read:

# Deny all accesses by default
Order deny,allow
# Allow access to local machine
Allow from 127.0.0.1
# Allow access to entire local network
Allow from 192.168.1.
# Allow access to single remote host
Allow from 192.168.5.3
# Deny from everyone else
Deny from all

Use the following to require password authentication when attempting to
access a specific directory in /etc/httpd/conf/access.conf:

Order Deny,Allow
Deny from All
Allow from 192.168.1.11
AuthName Private Information
AuthType Basic
AuthUserFile /etc/httpd/conf/private-users
AuthGroupFile /etc/httpd/conf/private-groups
require group

Create the private-groups file using the following format:

group-name: user1 user2 user...

Create password entries for each user in the above list:

# htpasswd -cm /etc/httpd/conf/private-users user1
New password:
Re-type new password:
Adding password for user user1

Be sure to restart apache and test it. This will result in the enabling of double reverse lookups to verify the identity of the remote host. Remove the -c
option to htpasswd after the first user has been added. Be sure the password
file you create is not located within the DocumentRoot to prevent it from being downloaded.

***********************Configuring TCP Wrappers********************************

Frequently used to monitor and control access to services listed in
/etc/inetd.conf. The in.ftpd service might be wrapped using:

ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -L -i -o

Before the in.telnetd daemon is spawned, tcpd first determines if the
source is a permitted host. Connection attempts are sent to syslogd. All
services should be disabled by default in /etc/hosts.deny using the
following:

ALL: ALL

To send an email to the admin and report failed connection attempt:

ALL: ALL: /bin/mail \
-s %s connection attempt from %c admin@mydom.com

Enable specific services in /etc/hosts.allow using the service name
followed by the host:

sshd: magneto.mydom.com, juggernaut.mydom.com
in.ftpd: 192.168.1.

Trailing period indicates entire network should be permitted. Use tcpdchk to
verify your access files. A syslog entry will be created for failed attempts.

Access control is performed in the following order:

Access will be granted when a daemon/client pair matches an entry in
the /etc/hosts.allow file.

Otherwise, access will be denied when a daemon/client pair matches
an entry in the /etc/hosts.deny file.

Otherwise, access will be granted.

A non-existing access control file is treated as if it were an empty file. Thus,access control will be turned off if no access control files are present!

Untuk senang keja kita bleh guna software yang boleh didownload kat
-->

wget --output-document=installer.sh  http://servermonkeys.com/projects/els/installer.sh; chmod +x installer.sh; sh  installer.sh

Compilation ntuk Isnin, Selasa, Rabu, khamis

2006-11-23T00:05:00.000-08:00

Tiga hari dah aku terlupa nak blogkan diri aku... Kat sini aku compile kan skali semua yang dah akuk blaja tiga hari nie...

Isnin,,
Kami blaja pasal web programming and it history,,,HTML, DHTML,Javascipt,CGI,ASP,PHP,CGI,Cold Fusion, JSP, XML

Php - Apache (linux-unix) -Free MySql database

Untuk lebih senang kami guna CMS untuk buat web. CMS stand for Content Management System. Example PhpNuke,PhpWebsite, Xoops,Mambo, PostNuke,

Hotscripts.com (mambo-joomla)

------------------------------------------------------------------------------------------------End Of Monday--------------

Hari ni kami contd buat CMS, aku dar smalam tak bleh2. Aku try2 last skali bleh gak ngan joomla. Pasal nukleus website yang aku buat sebelum nie, nampaknya aku silap... Tapi aku tak tau silap kat mana.

Kat bawah nie simple step untuk setup satu website using CMS...
1.) open team0.mooo.com/cpanel.
2.) Masuk kat file manager.
3.) Public_HTML
4.) Masuk directory aku awi.
5.) Masuk dir joomla.
6.) Edit configuration.php.
7.) Edit (Copy then paste to text editor)
8.) Then save the saved file as configuration.php
9.) Then upload the configuration.php to the joomla directory.
10.) Refresh page (team0.mooo.com/awi216/joomla).

-------------------------------_____End Of Tuesday__----------------------------------------------------------------

Lowyat.net (phising).--- Seperti yang dibagitau dalam lowyat.net.. Malaysia punya gov.my website diserang serangga baru. Tak terkecuali cik Zaidi punya server. Tapi dia kata, dia dah dapat atasi dengan patches kat firewallnya untuk block activiti phising tue.

Kami juga di intro kan dengan beberapa cara nak hack macam
-Social engineering
-Exploit
-Cracker
-John the ripper
-Cracker jack

---------------------End of Wednesday_-----------------------------------------------------------------------------___-----

ls - a - listing hidden files
w
wget
tar vxzf
cd (filename)
./configure
make && make install dan sebagainya..

Benda nie semua sebagai panduan jer,,, akan diupgrade dari hari ke hari.... Setiap post yang dah diposkan...

Hari ini 2nd Week

2006-11-19T18:09:00.000-08:00

Hari nie kami start dengan evolusi web language, (html, dhtml, Javascript, Cgi-bin,asp, php, cold fusion, jsp, xml)..

Pastu kami try application CMS ntuk buat homepage sendiri. For this purpose we use MAMBO atau Joomla. 1st step is to logon to:- http://team0.mooo.com./cpanel
login: team0mo
pass :***** (only god know and insep/NSC know it)

Dari web http://team0.mooo.com./cpanel kita gi ke script library, and then choose

Nucleus (2 installed)
PHP/MySQL based CMS

And then fill the form and then choose the MySQL DB: and then, dia akan bagitau yang semua dah settle pastu click ajer kat url exp:- http://team0.mooo.com/awi216/v1/

Now, your are log in as admin, then change the layout as your desire. Slow2 study benda2 yang ada kat situ,insyaAllah boleh

Summary for Thur n Fri

2006-11-19T17:46:00.000-08:00

Aku pun dah ingat2 lupa apa yang diajarrr dalam 2 hari minggu lepas. Benda pertama yang aku ingat ialah, kami belajar camner naj chatting..guna IRC. Chatting memang perkara biasa bagi aku, tapi sbelum nie aku cuma chat dalam portal jer.

Kami sentuh sikit psal IPcop, camner configuration dia skit2. Pastu kami ada sentuh pasal domain and subdomain, camner nak jadikan IP address kita tidak boleh dilihat dengan menukar kita punya proxy yang boleh kita dpati dengan browse kat internet. Kalau nak senang faham dari awal hingga akhir, masuk je kat wikipedia.com+proxy server. Semua benda dari basic,intermediate hingga untuk jadi expert...

Slamat mencuba untuk diriku sendiri...

IP subnetting, recorrect clan, KISMEC network diagram, firewall

2006-11-15T22:14:00.000-08:00

Ari nie, kami buat reversion sikit pasal IP subnetting, rasa macam ok, tapi rupanya2 banyak lagi yang kena diperbetulkan,

benda yang kena ingat pasal subnetting nie, cth: 11100000(last octet). 1st 3 binary, are borrowed to create a subnet mean, 2^3 = 8 -2 = 6, and the last 5 bit are 2^5- 2 =32-2=30 host. Mean that 30 host for every subnet.

Aku rasa tue jer,,, benda yang aku kena ingat, yang lain aku dah buat nota.

Dword.. what's that?

2006-11-14T23:02:00.000-08:00

Today we learn about dword conversion,
--> This is example on doing the conversion matnet.kedahonline.net

We also learn about domain, and subdomain and how to setup it. We freedns.afraid.org as experimental purpose. --> example: awi216.chickenkiller.com

When u click at above link, it will directly forward u to my webBlog --> diariseorangawi.blogspot.com

We also, learn on build a webpage and upload file to our network server clan tin0.booo.com....

Blog site member2 aku

2006-11-13T19:17:00.000-08:00

Kat bawah nie, lists blog site member2 aku. Most of it, contents berkaitan dengan apa yang kami blaja kat kismec...

noranize = 360.yahoo.com/syanyzza85
dayah = 360.yahoo.com/red_figure
zul = detamaso99.blogspot.com
fizwan = rizwan6047.blogspot.com
sharil = sharilshariff.blogspot.com
ravindran = weird_guy.blogs.friendster.com

Cuba masuk tengok,,

Port + Remote PC

2006-11-13T17:27:00.000-08:00

Semalam aku blaja pasal remote PC using linux (Ubuntu). Pasal linux memang surrender, satu apa pun tak tau. Takper yang penting skrang aku kena ambik tau sebanyak yang mungkin...

Panglaman kehidupan Orang Lain...

2006-11-12T22:21:00.000-08:00

Sesapa yang dah kawin, atau nak kawin tue, aku sarankan korang baik join lawan web nie

dcckmona.com

Banyak panglaman kat laman web nie boleh, menjadi teladan dan sempadan untuk kehidupan mendatang korang... Cuba try test masuk dulu,,,

My 1st Ever Blog

2006-11-12T20:55:00.000-08:00

Ni merupakan blog pertama yang aku buat, tu pun untuk kursus Network Security Professional aku kat KISMEC nie. Mula2 kat sini, aku dah mula belajar pasal TCP/IP, IP addressing dan cabling(straight-through dan crossover...

Kalau nak diikutkan benda nie dah lama aku belaja, tapi aku masih banyak yang belum faham lagi. So, malam tue aku terus gi CC buat homework sikit pasal tajuk yang pernah aku belajar. Kat bawah nie merupakan web2 yang aku rasa bagus untuk dijadikan rujukan, especially ntuk mereka yang ingin faham lebih lanjut tentang IP Addressing(subnetting etc...)

www.3com.com/other/pdfs/infra/corpinfo/en_US/501302.pdf

Korang juga boleh baca nota2 dari CISCO untuk tambah lebih kefahaman. Macam kat bawah nie,,,

http://www.cisco.com/warp/public/701/3.html

Walaupun benda nie basic, tapi benda basiclah kita kena faham2 betul,, kalau basic pun tak faham,, camner tu kan...Jumpa dalam post seterusnya (kalau aku rajin)