davethemaker

Works by David Eliason

Security Tools: IAM

Some of the foundational security concepts include the CIA Triad (confidential, integrity, availability) of data, identification/authentication/authorization, and AAA (authentication, authorization, accounting). A user provides an identity, confirms and authenticates that identity through a variety of means, and subsequently, after providing the identity, is allows appropriate access to resources. Discretionary Access Control (DAC) is what I’ve…

February 8, 2024
Hardening a Router (ACL)

I’ve been talking a lot about switches and how those need to be locked down in a network to mitigate vulnerabilities. Switches are such an important piece of the network, offering the connections between the different endpoints and clients. Previously, I talked a little about creating VLANs to help create sub-networks which will help with…

February 7, 2024
Network Adress Translation (NAT)

In the continuing deep-dive of Switching and Routing, as part of my networking class, I have been getting some hands-on experience with both learning about NAT and configuring those within a network. Every device on a network, including the internet, needs to have an unique IP address, and these are in short demand (and growing…

February 6, 2024
Routing: QoS

As part of the networking class that I am studying, we did a deep dive into routing. The class allows for hands-on practice using a virtual machine sandbox (which I’ll be sharing screenshots here), but I have also been supporting that with studying pages 395-420, and 231-277 in the All-In-One Network+ study book by Mike…

February 6, 2024
Switch Hardening: pt 2 (ACE)

Today I’ve been spending quite a bit of time learning about how to make a network more secure through hardening a switch. One additional way to do so is through MAC-based access control entries.

February 6, 2024
Switch Hardening pt 2

Other options to harden a switch include the creation of an access profile. In the following, I have created such a profile that has an implicit deny: Next, I added a profile rule that would allow HTTP access from a particular IP address:

February 6, 2024
Hardening Switches

In my networking class studies, I have been learning a range of topics, from firewall design and implementation, designing a screened subnet (DMZ), configuring intrusion detection devices (such as Snort), and more. Today I have diving deep into the world of switching and routing, such as configuration of switches, including that of switch ports –…

February 6, 2024
Networks: Implementation & Troubleshooting

I’m currently taking a Networking class to help meet my goal of successfully passing the CompTIA Network+ exam. The class offers virtual machine labs where I can put into practice the theoretical learning- really helpful! So, for example, Networking Addressing and Services in the subject matter, which included a number of important topics: IP Addressing,…

January 23, 2024
RaspberryPi and Hardware Control

This post is going to be somewhat rambling without a clear destination, as this is my initial foray into configuring the Rpi to interact with sensors and such, and thus will be filled with my pokings and proddings. Here we go! First, I have been using the book ‘Make: Linux for Makers’ by Aaron Newcomb,…

December 27, 2023
Access Control Lists

For files and directories, permissions can be set in terms of the user, group and other. Read has a value of 4, Write has a value of 2, and Execute has a value of 1. So, if one wants to change the permission of a file, one can add those numbers to the permission level…

December 23, 2023