ICO wiki - User contributions [en]

DDoS Eng

2017-05-09T09:48:07Z

Amannik: added a bit about defense

'''Overview'''

Written by Andris Männik

DDoS (Distributed Denial-of-Service) is an attack in which the goal is to flood a system with requests from a network of computers so that the system buckles under the weight of the bandwith, so that the system cannot process legitimate requests and if the attack is coming from a wide area it is incredibly difficult to filter legitimate and illegitimate traffic. DDoS'ing is most commonly done in botnets, zombie computers infected with malicious software to accept commands from the attacker's own computer, to start and stop flooding a service with requests whenever the attacker chooses.

As technology advances discovering and remedying DDoS attacks will be much more difficult.

DDoS is a more sophisticated version of DoS.

The difference comes from that in DDoS'ing, the requests are coming from a plethora of computers from many different networks, where as DoS'ing is when the requests are coming from a single computer from a single network.

'''Methods'''

Attack vectors

Generally, DDoS attacks can be divided into these categories:

Volumetric attacks, for example SYN flooding. This sort of attack is meant to utilize the 3 way TCP handshake in which computers are sending SYN packets and the receiving computer has to reply with an ACK packet. The most basic attack type. Devices which are capable of keeping up with millions of device requests are even brought low by this type of attack.

Application Layer Attack - This attack relies on the disruption of information between computers. This vector of attack is good for an attacker who doesn't have a big botnet, because the attacked server has to use a lot more resources to respond to the HTTP request, and there's little bandwith cost to the attacker, or at least, significantly lower to the attacker than it is to the attacked server or system.

Fragmentation Attacks - Fragmentation normally is done for data transmission, since each network has a unique limit for the size of datagrams that it can process. This pre-configured limit is known as the MTU (maximum transmission unit). In this example, sending a datagram the size of which is larger than the receiving server's MTU, the datagram has to be fragmented so that it can be transmitted wholly. The IP header in the datagram contains the flag detailing whether fragmentation is turned on or not to see if fragmentation is allowed to take place. In cases where the flag is set to no fragmentation in the IP header, then the packet is dropped. If the flag is turned on, then the offset would explain to the recipient device the exact order the fragments should be placed in for reassembly.

'''Attack amplification'''

DNS Reflection - By forging the victims IP address, the attacker can make small requests to the DNS server and allow the victim to be sent the replies. This allows the attacker to amplify the power of his or her botnet by up to 70 times,which makes it much easier to overflow the victim with requests.
Chargen Reflection - A vast majority of computers and printers which are connected to the internet support a service called Chargen. This allows random people to ask for a question from the device and the device replies with a random string containing letters. Chargen can be used to amplify the aforementioned DNS type attack.

'''Symptopms of DDoS'''

NOTE: All interruptions in a service can not be attributed to a DoS type attack, there are a plethora of reasons and possibilities why a service might be reacting similarily as it would if it were DDoS'ed, like the administrator doing maintenance and because of that, the services are temporarily slowed down or offline. Nevertheless, there are signs which should be paid attention to,which might indicate that the network or service is suffering a DDoS attack.

One sign of an attack is that the computer and internet are performing slower than usual. This would be noticeable when you try to open a file or go to a website and it takes longer than usual.
In addition to a system responding slowly, you might suffer issues with going to a website at all.
The increase in mail in your spambox can also be an indication that your computer has just recently suffered a DDoS attack.
Internet traffic may be slowed down in a geographic region, like a country experiencing a DDoS attack, the citizen's of the country will suffer from poor connection speed.

'''Prevention of DDoS'''

The easiest and also most expensive solution would be to buy more bandwith. For example : If you have 10000 systems all of which are capable of sending traffic 1Mbps then that means accumulatively you can send 10 gbps data. A systems administrator might also want to expand out to more servers in different data centers so that the load would be better distributed between servers. If the traffic is spread out well between the servers,then the load on that 1 server can handle the traffic better. Nowadays though, upping the bandwith isn't a cost effective solution but nevertheless it is a solution.
One of the most critical parts of a system is a DNS server. Generally it's a bad idea to leave it open for others to access. Restricting access to the DNS servers might be an option so that it couldn't be attacked so easily.

Similarily, what will happen if those servers are under attack? Even if there's access to the website, there's no connection to the DNS server and the domain name cannot be converted into an ip address which is also bad. A majority of providers use two DNS servers when registering a domain but often enough two DNS servers aren't enough.A systems administrator has to make sure that the DNS is as well protected as the web services and other affiliated resources.

When assessing your network there's quite a bit of measures to undertake in order to protect the network layer. You have ascertain that the router doesn't forward bad packets and the ICMP would have to be denied and to use proper firewall software.
Another idea would be to close all unused ports. A lot of ISP's offer a service to not allow access to specified ports which would be better than restricting access to them yourself. Should the company be the recepient of an attack the ISP will help the company manage it.

Something to keep in mind would be how to mitigate an attack. It would be very wise to have a plan to quickly swap dynamic resources for static resources. If doing this, it would be highly advisable to have systems which would pick up attacks. There's not a worse situation for a company than have their systems offline, which is why it's necessary to be ready to go on the counter offensive as soon as tehe attack begins. Stopping a DDoS attack is very complicated because it's incredibly difficult to find the attacks point of origin. Which is why you have to set up an infrastructure from the get go which is hard to break into and would be up to the security standards of today.

'''Defending Against DDoS Attacks'''

Preparation for a DDoS attack should be something every company should think of in advance so if the attack should happen there's a general idea on what to do. DDoS attacks cannot be prevented but some steps can be taken to make it harder for an attacker to render a network unresponsive.

One of the things that can be done is in regard to the Architecture. It is Imperative to make the architecture as resistant as possible.

The following steps will help spread out organizational assets as to avoid making things easy for the attacker:

To place servers in different data centers.
To make sure that data centers are located on different networks.
To make sure that the data centers have no bottlenecks.

For a company that depends on the internet and servers it is important to make sure that resources are geographically dispersed.

Overall, priorities for architecture should be geographic diversity, provider diversity, and elimination of bottlenecks. While these are best practices for general business continuity and disaster recovery, they will help ensure organizational resiliency in response to a DDoS attack.

HARDWARE:

To deploy the hardware that can handle known attack types and use the options that are in the hardware that would protect network resources. Whilst adding greater hardware or special hardware won't prevent the attacks from happening, BUT taking thse steps will lessen the impact of an attack.

Hardware upgrading is effective against SYN flood attacks. Most modern hardware, network firewalls, web application firewallswill generally have a setting that allows a network operator to start closing out TCP connections if the requests are frequent enough.

SCRUBBING:

There are services available that are made for responding to the attacks. This service is called a scrubbing service, or rather cloud scrubbing service as the traffic gets rerouted through the scrubbing service before it ever hits a victim's network. Like all of the aforementioned ideas, it would be best to implement these before any actual DDoS attack takes place.

'''Mitigating damage'''

It's nigh on impossible to stop a DDoS attack. Which is why instead of trying to stop it, it might be better to mitigate damage instead what the attackers might do. In order for there to be any damage mitigation there has to be a plan at the earliest stages of the attack commencing and for that to happen you must know the early signs of a DDoS attack and to do that you have to monitor the network traffic so you can discover any unusual activity taking place.

Another good approach is to frequently scan the network and web applications to discover vulnerabilities to the system early. Protecting your infrastructure means protecting the laptops,servers and other devices which can be used in making a botnet.
There are some applications like IBM Security which protects devices from application layer attacks and have been shown to deter minor DDoS attacks.

'''Conclusion'''

Nowadays, DDoS attacks are one of the most common attacks being done in cyberspace, which take place every day. It's an attack, where the attacker takes advantage of other computers, the owners of which are unaware that their computers are being used to make these attacks. These computers are put into a network and they're used to attack one or several targets by sending the victims miljons of data packets. Even though a DDoS attack is nigh impossible to stop, the systems administrator has to do everything in his or her power to insure the safety of hte network. All system administrators should get acquainted with this type of attack because that's the best way to mitigate damage.
[[Category:Operatsioonisüsteemide administreerimine ja sidumine]]

DDoS Eng

2017-04-17T13:30:05Z

Amannik:

'''Overview'''

Written by Andris Männik

DDoS (Distributed Denial-of-Service) is an attack in which the goal is to flood a system with requests from a network of computers so that the system buckles under the weight of the bandwith, so that the system cannot process legitimate requests and if the attack is coming from a wide area it is incredibly difficult to filter legitimate and illegitimate traffic. DDoS'ing is most commonly done in botnets, zombie computers infected with malicious software to accept commands from the attacker's own computer, to start and stop flooding a service with requests whenever the attacker chooses.

As technology advances discovering and remedying DDoS attacks will be much more difficult.

DDoS is a more sophisticated version of DoS.

The difference comes from that in DDoS'ing, the requests are coming from a plethora of computers from many different networks, where as DoS'ing is when the requests are coming from a single computer from a single network.

'''Methods'''

Attack vectors

Generally, DDoS attacks can be divided into these categories:

Volumetric attacks, for example SYN flooding. This sort of attack is meant to utilize the 3 way TCP handshake in which computers are sending SYN packets and the receiving computer has to reply with an ACK packet. The most basic attack type. Devices which are capable of keeping up with millions of device requests are even brought low by this type of attack.

Application Layer Attack - This attack relies on the disruption of information between computers. This vector of attack is good for an attacker who doesn't have a big botnet, because the attacked server has to use a lot more resources to respond to the HTTP request, and there's little bandwith cost to the attacker, or at least, significantly lower to the attacker than it is to the attacked server or system.

Fragmentation Attacks - Fragmentation normally is done for data transmission, since each network has a unique limit for the size of datagrams that it can process. This pre-configured limit is known as the MTU (maximum transmission unit). In this example, sending a datagram the size of which is larger than the receiving server's MTU, the datagram has to be fragmented so that it can be transmitted wholly. The IP header in the datagram contains the flag detailing whether fragmentation is turned on or not to see if fragmentation is allowed to take place. In cases where the flag is set to no fragmentation in the IP header, then the packet is dropped. If the flag is turned on, then the offset would explain to the recipient device the exact order the fragments should be placed in for reassembly.

'''Attack amplification'''

DNS Reflection - By forging the victims IP address, the attacker can make small requests to the DNS server and allow the victim to be sent the replies. This allows the attacker to amplify the power of his or her botnet by up to 70 times,which makes it much easier to overflow the victim with requests.
Chargen Reflection - A vast majority of computers and printers which are connected to the internet support a service called Chargen. This allows random people to ask for a question from the device and the device replies with a random string containing letters. Chargen can be used to amplify the aforementioned DNS type attack.

'''Symptopms of DDoS'''

NOTE: All interruptions in a service can not be attributed to a DoS type attack, there are a plethora of reasons and possibilities why a service might be reacting similarily as it would if it were DDoS'ed, like the administrator doing maintenance and because of that, the services are temporarily slowed down or offline. Nevertheless, there are signs which should be paid attention to,which might indicate that the network or service is suffering a DDoS attack.

One sign of an attack is that the computer and internet are performing slower than usual. This would be noticeable when you try to open a file or go to a website and it takes longer than usual.
In addition to a system responding slowly, you might suffer issues with going to a website at all.
The increase in mail in your spambox can also be an indication that your computer has just recently suffered a DDoS attack.
Internet traffic may be slowed down in a geographic region, like a country experiencing a DDoS attack, the citizen's of the country will suffer from poor connection speed.

'''Prevention of DDoS'''

The easiest and also most expensive solution would be to buy more bandwith. For example : If you have 10000 systems all of which are capable of sending traffic 1Mbps then that means accumulatively you can send 10 gbps data. A systems administrator might also want to expand out to more servers in different data centers so that the load would be better distributed between servers. If the traffic is spread out well between the servers,then the load on that 1 server can handle the traffic better. Nowadays though, upping the bandwith isn't a cost effective solution but nevertheless it is a solution.
One of the most critical parts of a system is a DNS server. Generally it's a bad idea to leave it open for others to access. Restricting access to the DNS servers might be an option so that it couldn't be attacked so easily. Similarily, what

will happen if those servers are under attack? Even if there's access to the website, there's no connection to the DNS server and the domain name cannot be converted into an ip address which is also bad. A majority of providers use two DNS servers when registering a domain but often enough two DNS servers aren't enough.A systems administrator has to make sure that the DNS is as well protected as the web services and other affiliated resources.

When assessing your network there's quite a bit of measures to undertake in order to protect the network layer. You have ascertain that the router doesn't forward bad packets and the ICMP would have to be denied and to use proper firewall software.
Another idea would be to close all unused ports. A lot of ISP's offer a service to not allow access to specified ports which would be better than restricting access to them yourself. Should the company be the recepient of an attack the ISP will help the company manage it.

Something to keep in mind would be how to mitigate an attack. It would be very wise to have a plan to quickly swap dynamic resources for static resources. If doing this, it would be highly advisable to have systems which would pick up attacks. There's not a worse situation for a company than have their systems offline, which is why it's necessary to be ready to go on the counter offensive as soon as tehe attack begins. Stopping a DDoS attack is very complicated because it's incredibly difficult to find the attacks point of origin. Which is why you have to set up an infrastructure from the get go which is hard to break into and would be up to the security standards of today.

'''Mitigating damage'''

It's nigh on impossible to stop a DDoS attack. Which is why instead of trying to stop it, it might be better to mitigate damage instead what the attackers might do. In order for there to be any damage mitigation there has to be a plan at the earliest stages of the attack commencing and for that to happen you must know the early signs of a DDoS attack and to do that you have to monitor the network traffic so you can discover any unusual activity taking place.

Another good approach is to frequently scan the network and web applications to discover vulnerabilities to the system early. Protecting your infrastructure means protecting the laptops,servers and other devices which can be used in making a botnet.
There are some applications like IBM Security which protects devices from application layer attacks and have been shown to deter minor DDoS attacks.

'''Conclusion'''

Nowadays, DDoS attacks are one of the most common attacks being done in cyberspace, which take place every day. It's an attack, where the attacker takes advantage of other computers, the owners of which are unaware that their computers are being used to make these attacks. These computers are put into a network and they're used to attack one or several targets by sending the victims miljons of data packets. Even though a DDoS attack is nigh impossible to stop, the systems administrator has to do everything in his or her power to insure the safety of hte network. All system administrators should get acquainted with this type of attack because that's the best way to mitigate damage.

DDoS Eng

2017-04-17T13:21:06Z

Amannik:

'''Overview'''

Written by Andris Männik

DDoS (Distributed Denial-of-Service) is an attack in which the goal is to flood a system with requests from a network of computers so that the system buckles under the weight of the bandwith, so that the system cannot process legitimate requests and if the attack is coming from a wide area it is incredibly difficult to filter legitimate and illegitimate traffic. DDoS'ing is most commonly done in botnets, zombie computers infected with malicious software to accept commands from the attacker's own computer, to start and stop flooding a service with requests whenever the attacker chooses.

As technology advances discovering and remedying DDoS attacks will be much more difficult.

DDoS is a more sophisticated version of DoS.

The difference comes from that in DDoS'ing, the requests are coming from a plethora of computers from many different networks, where as DoS'ing is when the requests are coming from a single computer from a single network.

'''Methods'''

Attack vectors

Generally, DDoS attacks can be divided into these categories:

Volumetric attacks, for example SYN flooding. This sort of attack is meant to utilize the 3 way TCP handshake in which computers are sending SYN packets and the receiving computer has to reply with an ACK packet. The most basic attack type. Devices which are capable of keeping up with millions of device requests are even brought low by this type of attack.

Application Layer Attack - This attack relies on the disruption of information between computers. This vector of attack is good for an attacker who doesn't have a big botnet, because the attacked server has to use a lot more resources to respond to the HTTP request, and there's little bandwith cost to the attacker, or at least, significantly lower to the attacker than it is to the attacked server or system.

Fragmentation Attacks - Fragmentation normally is done for data transmission, since each network has a unique limit for the size of datagrams that it can process. This pre-configured limit is known as the MTU (maximum transmission unit). In this example, sending a datagram the size of which is larger than the receiving server's MTU, the datagram has to be fragmented so that it can be transmitted wholly. The IP header in the datagram contains the flag detailing whether fragmentation is turned on or not to see if fragmentation is allowed to take place. In cases where the flag is set to no fragmentation in the IP header, then the packet is dropped. If the flag is turned on, then the offset would explain to the recipient device the exact order the fragments should be placed in for reassembly.

'''Attack amplification'''

DNS Reflection - By forging the victims IP address, the attacker can make small requests to the DNS server and allow the victim to be sent the replies. This allows the attacker to amplify the power of his or her botnet by up to 70 times,which makes it much easier to overflow the victim with requests.
Chargen Reflection - A vast majority of computers and printers which are connected to the internet support a service called Chargen. This allows random people to ask for a question from the device and the device replies with a random string containing letters. Chargen can be used to amplify the aforementioned DNS type attack.

'''Symptopms of DDoS'''

NOTE: All interruptions in a service can not be attributed to a DoS type attack, there are a plethora of reasons and possibilities why a service might be reacting similarily as it would if it were DDoS'ed, like the administrator doing maintenance and because of that, the services are temporarily slowed down or offline. Nevertheless, there are signs which should be paid attention to,which might indicate that the network or service is suffering a DDoS attack.

One sign of an attack is that the computer and internet are performing slower than usual. This would be noticeable when you try to open a file or go to a website and it takes longer than usual.
In addition to a system responding slowly, you might suffer issues with going to a website at all.
The increase in mail in your spambox can also be an indication that your computer has just recently suffered a DDoS attack.
Internet traffic may be slowed down in a geographic region, like a country experiencing a DDoS attack, the citizen's of the country will suffer from poor connection speed.

'''Prevention of DDoS'''

The easiest and also most expensive solution would be to buy more bandwith. For example : If you have 10000 systems all of which are capable of sending traffic 1Mbps then that means accumulatively you can send 10 gbps data. A systems administrator might also want to expand out to more servers in different data centers so that the load would be better distributed between servers. If the traffic is spread out well between the servers,then the load on that 1 server can handle the traffic better. Nowadays though, upping the bandwith isn't a cost effective solution but nevertheless it is a solution.
One of the most critical parts of a system is a DNS server. Generally it's a bad idea to leave it open for others to access. Restricting access to the DNS servers might be an option so that it couldn't be attacked so easily. Similarily, what

will happen if those servers are under attack? Even if there's access to the website, there's no connection to the DNS server and the domain name cannot be converted into an ip address which is also bad. A majority of providers use two DNS servers when registering a domain but often enough two DNS servers aren't enough.A systems administrator has to make sure that the DNS is as well protected as the web services and other affiliated resources.

When assessing your network there's quite a bit of measures to undertake in order to protect the network layer. You have ascertain that the router doesn't forward bad packets and the ICMP would have to be denied and to use proper firewall software.
Another idea would be to close all unused ports. A lot of ISP's offer a service to not allow access to specified ports which would be better than restricting access to them yourself. Should the company be the recepient of an attack the ISP will help the company manage it.
Something to keep in mind would be how to mitigate an attack. It would be very wise to have a plan to quickly swap dynamic resources for static resources. If doing this, it would be highly advisable to have systems which would pick up attacks. There's not a worse situation for a company than have their systems offline, which is why it's necessary to be ready to go on the counter offensive as soon as tehe attack begins. Stopping a DDoS attack is very complicated because it's incredibly difficult to find the attacks point of origin. Which is why you have to set up an infrastructure from the get go which is hard to break into and would be up to the security standards of today.

'''Mitigating damage'''

It's nigh on impossible to stop a DDoS attack. Which is why instead of trying to stop it, it might be better to mitigate damage instead what the attackers might do. In order for there to be any damage mitigation there has to be a plan at the earliest stages of the attack commencing and for that to happen you must know the early signs of a DDoS attack and to do that you have to monitor the network traffic so you can discover any unusual activity taking place.

Another good approach is to frequently scan the network and web applications to discover vulnerabilities to the system early. Protecting your infrastructure means protecting the laptops,servers and other devices which can be used in making a botnet.
There are some applications like IBM Security which protects devices from application layer attacks and have been shown to deter minor DDoS attacks.

'''Conclusion'''

Nowadays, DDoS attacks are one of the most common attacks being done in cyberspace, which take place every day. It's an attack, where the attacker takes advantage of other computers, the owners of which are unaware that their computers are being used to make these attacks. These computers are put into a network and they're used to attack one or several targets by sending the victims miljons of data packets. Even though a DDoS attack is nigh impossible to stop, the systems administrator has to do everything in his or her power to insure the safety of hte network. All system administrators should get acquainted with this type of attack because that's the best way to mitigate damage.

DDoS Eng

2017-04-17T09:58:37Z

Amannik:

DDoS Eng

2017-04-17T09:24:01Z

Amannik: Created page with "'''Overview''' Written by Andris Männik DDoS (Distributed Denial-of-Service) is an attack in which the goal is to flood a system with requests from a network of computers..."

OSadmin wiki article

2017-04-10T09:56:36Z

Amannik: /* Chosen topics */

=Intro=
*Choose a topic from personal experience related with the subject or from topics found on the wiki page
*[[#Chosen_topics|Write the topic here]].
*Lecturer will confirm the topic
*Write your article in wiki environment
*Inform the [[Operating_systems#Lecturer|lecturer]] when the article is finished
*Receive feedback for corrections

=Requirements for the wiki article=
Author: name, group and date when the article is written

==Introduction ==
Covers points what will be discussed in the article, what are the requirements for the article reader; what are the operating system’s requirements.

==Contents==
All commands should be easily separable from the overall text.
Users should be able to copy the commands directly (additional info like prompt and user distinction symbols should be left out from the command description area)
The text should determine what user permissions are needed to perform these tasks.
The reader of your article is your fellow students, so try to avoid irrelevant information and stay on topic (don’t explain the meaning of IP address or how to install Ubuntu, when your topic is actually about htop)
All the content should be referenced.
Do not use slang and try to be grammatically correct. 

Bear in mind that this is an open environment, so everything you write in your wiki article, will be public. 

==Referencing==
Best practises of wiki referencing should be used.
Terms are but between square brackets to reference other articles in the system.
All drawing and images have to be referenced below the picture and in the text. (for example “System architecture can be viewed on image x, y and z.”)
Author’s own ideas have to be clearly presentable. Everything used from the sources have to be referenced.

==Fellow student review==
Please find a fellow student who will review your article and give a feedback on the discussion tab of the article using [http://enos.itcollege.ee/~edmund/materials/viki-artikkel/Assessment-model-for-the-wiki-article.html the following assessment model].

==Summary==
Besides a short overview, what was discussed in this article, it should also include the author's own opinion about the topic.

==Category==
Add the following category to the end of the article (last row): 
'''<nowiki>[[Category:Operatsioonisüsteemide administreerimine ja sidumine]]</nowiki>'''

=Chosen topics=
Please write here your topic and name, group:
* '''Basic Automation with Python'''; Ardi Vaba; CSE-11
* '''SSH Encryption'''; Frank Korving; CSE-11
* '''Translation of OSadmin wiki help page to English [[https://wiki.itcollege.ee/index.php/Osadmin_spikker]]'''; Peep Kuulme; CSE-11
* '''XSS Attack Vectors'''; Masaki Ihara; CSE-11
*[https://wiki.itcollege.ee/index.php/Auditd '''Auditd - Linux system monitoring with audit daemon'''], Nika Ptskialadze, CSE-11
* '''GNU Privacy Guard (GnuPG)'''; Patricia Bruno Barbosa; CSE-11
* '''BackBox OS'''; Ats Tootsi; CSE-11
*[https://wiki.itcollege.ee/index.php/creating_malware_lab '''How to create your own malware analysis lab'''], Mikus, CSE-11
*''''Arch Linux'''';Farhan Nayeem Islam;CSE-C11
* ''''VPN basics'''', Christian Cataldo, CSE-C11; [https://wiki.itcollege.ee/index.php/VPN_(English_version)]
* ''Translation of DDoS Wiki page[[https://wiki.itcollege.ee/index.php/DDoS_Eng]]'''; Andris Männik; CSE-11
==Ideas==
* UNIX CLI password manager https://www.passwordstore.org and its GUI http://qtpass.org/

=References=
* [https://wiki.itcollege.ee/index.php/Osadmin_referaadi_teemad counterpart article in Estonian]
* http://manpage.io
* https://linuxjourney.com/
* [https://linux.die.net/man/ Linux man-pages]
* [https://linux.die.net Linux docs]
* http://www.tecmint.com/60-commands-of-linux-a-guide-from-newbies-to-system-administrator/
* http://www.tecmint.com/useful-linux-commands-for-system-administrators/
* http://www.cyberciti.biz/tips/top-linux-monitoring-tools.html
* http://www.thegeekstuff.com/2010/12/50-unix-linux-sysadmin-tutorials

[[Category:Operatsioonisüsteemide administreerimine ja sidumine]]

OSadmin wiki article

2017-04-10T09:35:11Z

Amannik: /* Chosen topics */

=Intro=
*Choose a topic from personal experience related with the subject or from topics found on the wiki page
*[[#Chosen_topics|Write the topic here]].
*Lecturer will confirm the topic
*Write your article in wiki environment
*Inform the [[Operating_systems#Lecturer|lecturer]] when the article is finished
*Receive feedback for corrections

=Requirements for the wiki article=
Author: name, group and date when the article is written

==Introduction ==
Covers points what will be discussed in the article, what are the requirements for the article reader; what are the operating system’s requirements.

==Contents==
All commands should be easily separable from the overall text.
Users should be able to copy the commands directly (additional info like prompt and user distinction symbols should be left out from the command description area)
The text should determine what user permissions are needed to perform these tasks.
The reader of your article is your fellow students, so try to avoid irrelevant information and stay on topic (don’t explain the meaning of IP address or how to install Ubuntu, when your topic is actually about htop)
All the content should be referenced.
Do not use slang and try to be grammatically correct. 

Bear in mind that this is an open environment, so everything you write in your wiki article, will be public. 

==Referencing==
Best practises of wiki referencing should be used.
Terms are but between square brackets to reference other articles in the system.
All drawing and images have to be referenced below the picture and in the text. (for example “System architecture can be viewed on image x, y and z.”)
Author’s own ideas have to be clearly presentable. Everything used from the sources have to be referenced.

==Fellow student review==
Please find a fellow student who will review your article and give a feedback on the discussion tab of the article using [http://enos.itcollege.ee/~edmund/materials/viki-artikkel/Assessment-model-for-the-wiki-article.html the following assessment model].

==Summary==
Besides a short overview, what was discussed in this article, it should also include the author's own opinion about the topic.

==Category==
Add the following category to the end of the article (last row): 
'''<nowiki>[[Category:Operatsioonisüsteemide administreerimine ja sidumine]]</nowiki>'''

=Chosen topics=
Please write here your topic and name, group:
* '''Basic Automation with Python'''; Ardi Vaba; CSE-11
* '''SSH Encryption'''; Frank Korving; CSE-11
* '''Translation of OSadmin wiki help page to English [[https://wiki.itcollege.ee/index.php/Osadmin_spikker]]'''; Peep Kuulme; CSE-11
* '''XSS Attack Vectors'''; Masaki Ihara; CSE-11
*[https://wiki.itcollege.ee/index.php/Auditd '''Auditd - Linux system monitoring with audit daemon'''], Nika Ptskialadze, CSE-11
* '''GNU Privacy Guard (GnuPG)'''; Patricia Bruno Barbosa; CSE-11
* '''BackBox OS'''; Ats Tootsi; CSE-11
*[https://wiki.itcollege.ee/index.php/creating_malware_lab '''How to create your own malware analysis lab'''], Mikus, CSE-11
*''''Arch Linux'''';Farhan Nayeem Islam;CSE-C11
* ''''VPN basics'''', Christian Cataldo, CSE-C11; [https://wiki.itcollege.ee/index.php/VPN_(English_version)]
* ''BASH_shell Translation[[https://wiki.itcollege.ee/index.php/BASH_shell]]'''; Andris Männik; CSE-11
==Ideas==
* UNIX CLI password manager https://www.passwordstore.org and its GUI http://qtpass.org/

=References=
* [https://wiki.itcollege.ee/index.php/Osadmin_referaadi_teemad counterpart article in Estonian]
* http://manpage.io
* https://linuxjourney.com/
* [https://linux.die.net/man/ Linux man-pages]
* [https://linux.die.net Linux docs]
* http://www.tecmint.com/60-commands-of-linux-a-guide-from-newbies-to-system-administrator/
* http://www.tecmint.com/useful-linux-commands-for-system-administrators/
* http://www.cyberciti.biz/tips/top-linux-monitoring-tools.html
* http://www.thegeekstuff.com/2010/12/50-unix-linux-sysadmin-tutorials

[[Category:Operatsioonisüsteemide administreerimine ja sidumine]]

OSadmin wiki article

2017-04-09T18:52:46Z

Amannik: /* Chosen topics */

=Intro=
*Choose a topic from personal experience related with the subject or from topics found on the wiki page
*[[#Chosen_topics|Write the topic here]].
*Lecturer will confirm the topic
*Write your article in wiki environment
*Inform the [[Operating_systems#Lecturer|lecturer]] when the article is finished
*Receive feedback for corrections

=Requirements for the wiki article=
Author: name, group and date when the article is written

==Introduction ==
Covers points what will be discussed in the article, what are the requirements for the article reader; what are the operating system’s requirements.

==Contents==
All commands should be easily separable from the overall text.
Users should be able to copy the commands directly (additional info like prompt and user distinction symbols should be left out from the command description area)
The text should determine what user permissions are needed to perform these tasks.
The reader of your article is your fellow students, so try to avoid irrelevant information and stay on topic (don’t explain the meaning of IP address or how to install Ubuntu, when your topic is actually about htop)
All the content should be referenced.
Do not use slang and try to be grammatically correct. 

Bear in mind that this is an open environment, so everything you write in your wiki article, will be public. 

==Referencing==
Best practises of wiki referencing should be used.
Terms are but between square brackets to reference other articles in the system.
All drawing and images have to be referenced below the picture and in the text. (for example “System architecture can be viewed on image x, y and z.”)
Author’s own ideas have to be clearly presentable. Everything used from the sources have to be referenced.

==Fellow student review==
Please find a fellow student who will review your article and give a feedback on the discussion tab of the article using [http://enos.itcollege.ee/~edmund/materials/viki-artikkel/Assessment-model-for-the-wiki-article.html the following assessment model].

==Summary==
Besides a short overview, what was discussed in this article, it should also include the author's own opinion about the topic.

==Category==
Add the following category to the end of the article (last row): 
'''<nowiki>[[Category:Operatsioonisüsteemide administreerimine ja sidumine]]</nowiki>'''

=Chosen topics=
Please write here your topic and name, group:
* '''Basic Automation with Python'''; Ardi Vaba; CSE-11
* '''SSH Encryption'''; Frank Korving; CSE-11
* '''Translation of OSadmin wiki help page to English [[https://wiki.itcollege.ee/index.php/Osadmin_spikker]]'''; Peep Kuulme; CSE-11
* '''XSS Attack Vectors'''; Masaki Ihara; CSE-11
*[https://wiki.itcollege.ee/index.php/Auditd '''Auditd - Linux system monitoring with audit daemon'''], Nika Ptskialadze, CSE-11
* '''GNU Privacy Guard (GnuPG)'''; Patricia Bruno Barbosa; CSE-11
* '''BackBox OS'''; Ats Tootsi; CSE-11
*[https://wiki.itcollege.ee/index.php/creating_malware_lab '''How to create your own malware analysis lab'''], Mikus, CSE-11
*''''Arch Linux'''';Farhan Nayeem Islam;CSE-C11
* '''VPN basics'''; Christian Cataldo; CSE-11
* '''Virtual memory[[https://wiki.itcollege.ee/index.php/Virtual Memory]]'''; Andris Männik; CSE-11
==Ideas==
* UNIX CLI password manager https://www.passwordstore.org and its GUI http://qtpass.org/

=References=
* [https://wiki.itcollege.ee/index.php/Osadmin_referaadi_teemad counterpart article in Estonian]
* http://manpage.io
* https://linuxjourney.com/
* [https://linux.die.net/man/ Linux man-pages]
* [https://linux.die.net Linux docs]
* http://www.tecmint.com/60-commands-of-linux-a-guide-from-newbies-to-system-administrator/
* http://www.tecmint.com/useful-linux-commands-for-system-administrators/
* http://www.cyberciti.biz/tips/top-linux-monitoring-tools.html
* http://www.thegeekstuff.com/2010/12/50-unix-linux-sysadmin-tutorials

[[Category:Operatsioonisüsteemide administreerimine ja sidumine]]

OSadmin wiki article

2017-04-09T18:51:55Z

Amannik: /* Chosen topics */

=Intro=
*Choose a topic from personal experience related with the subject or from topics found on the wiki page
*[[#Chosen_topics|Write the topic here]].
*Lecturer will confirm the topic
*Write your article in wiki environment
*Inform the [[Operating_systems#Lecturer|lecturer]] when the article is finished
*Receive feedback for corrections

=Requirements for the wiki article=
Author: name, group and date when the article is written

==Introduction ==
Covers points what will be discussed in the article, what are the requirements for the article reader; what are the operating system’s requirements.

==Contents==
All commands should be easily separable from the overall text.
Users should be able to copy the commands directly (additional info like prompt and user distinction symbols should be left out from the command description area)
The text should determine what user permissions are needed to perform these tasks.
The reader of your article is your fellow students, so try to avoid irrelevant information and stay on topic (don’t explain the meaning of IP address or how to install Ubuntu, when your topic is actually about htop)
All the content should be referenced.
Do not use slang and try to be grammatically correct. 

Bear in mind that this is an open environment, so everything you write in your wiki article, will be public. 

==Referencing==
Best practises of wiki referencing should be used.
Terms are but between square brackets to reference other articles in the system.
All drawing and images have to be referenced below the picture and in the text. (for example “System architecture can be viewed on image x, y and z.”)
Author’s own ideas have to be clearly presentable. Everything used from the sources have to be referenced.

==Fellow student review==
Please find a fellow student who will review your article and give a feedback on the discussion tab of the article using [http://enos.itcollege.ee/~edmund/materials/viki-artikkel/Assessment-model-for-the-wiki-article.html the following assessment model].

==Summary==
Besides a short overview, what was discussed in this article, it should also include the author's own opinion about the topic.

==Category==
Add the following category to the end of the article (last row): 
'''<nowiki>[[Category:Operatsioonisüsteemide administreerimine ja sidumine]]</nowiki>'''

=Chosen topics=
Please write here your topic and name, group:
* '''Basic Automation with Python'''; Ardi Vaba; CSE-11
* '''SSH Encryption'''; Frank Korving; CSE-11
* '''Translation of OSadmin wiki help page to English [[https://wiki.itcollege.ee/index.php/Osadmin_spikker]]'''; Peep Kuulme; CSE-11
* '''XSS Attack Vectors'''; Masaki Ihara; CSE-11
*[https://wiki.itcollege.ee/index.php/Auditd '''Auditd - Linux system monitoring with audit daemon'''], Nika Ptskialadze, CSE-11
* '''GNU Privacy Guard (GnuPG)'''; Patricia Bruno Barbosa; CSE-11
* '''BackBox OS'''; Ats Tootsi; CSE-11
*[https://wiki.itcollege.ee/index.php/creating_malware_lab '''How to create your own malware analysis lab'''], Mikus, CSE-11
*''''Arch Linux'''';Farhan Nayeem Islam;CSE-C11
* '''VPN basics'''; Christian Cataldo; CSE-11
* '''Address space layout randomization (ASLR)[[https://wiki.itcollege.ee/index.php/ASLR]]'''; Andris Männik; CSE-11
==Ideas==
* UNIX CLI password manager https://www.passwordstore.org and its GUI http://qtpass.org/

=References=
* [https://wiki.itcollege.ee/index.php/Osadmin_referaadi_teemad counterpart article in Estonian]
* http://manpage.io
* https://linuxjourney.com/
* [https://linux.die.net/man/ Linux man-pages]
* [https://linux.die.net Linux docs]
* http://www.tecmint.com/60-commands-of-linux-a-guide-from-newbies-to-system-administrator/
* http://www.tecmint.com/useful-linux-commands-for-system-administrators/
* http://www.cyberciti.biz/tips/top-linux-monitoring-tools.html
* http://www.thegeekstuff.com/2010/12/50-unix-linux-sysadmin-tutorials

[[Category:Operatsioonisüsteemide administreerimine ja sidumine]]