Information distribution, authentication and privacy

Network monitoring

Network monitoring consists of analyzing information that flows on the edges of a connected graph over time. At the graph level, network monitoring helps balance workload, plan for increased capacity or change in the graph topology. In the context of computing vertices mutually distrutful of each other, merely passing incoming information around is not a begning act. Complex processing of that information, such as executing it as code, increases the risk of compromising the integrity of the vertex.

Network monitoring can be decomposed in three logical steps:

  • logging

    Protocols, applications and further analysis algorithms dictates the information to log but source, destination, packet type and length are amongst the minimum requirements. (\todo log storage and deletion.)

  • categorizing

    Categorization tools will put log entry into buckets based on different matching rules. This can be done either in real-time as the log is generated or off-line on a captured log file. When real-time categorization is done, there is further the possibility to either do log polling or direct trigger by kernel events. (\todo schema polling, triggers )

  • reacting

    The purpose of categorization is to make informed decisions. One of the major decision of any network vertex is to decide if it is safe to accept some incoming packet or not.

Network Intrusion Detection System
Description Available Implememtation License logging categorizing reacting report tools
Wireshark


apt-get install wireshack
			
C GPLv2 kernel, ldcap files regex filters call external shell Cascade Pilot
Snort (see also Snort-Setup for Statistics HOWTO)


apt-get install snort
			
GPLv2 C kernel, pcap files regex filters not sure yet Snorby, SnortSnarf, SnortAlog
fail2ban


apt-get install fail2ban
			
perl GPL poll any log files regex filters iptables updates none?
sshguard


apt-get install sshguard
			
BSD C poll sshd, dovecot log files built-in regex iptables updates? none?

Filesystem Auditing

Either through a deliberate act of sabotage or a simple programming mistake, programs run amock. It is thus important to audit all parts of the system regularly, especially persistent storage mostly meaning the file system.

Authentication and privacy

Once systems to monitor and analyze a computer infrastructure are understood, it is time realize how access is granted to computing resources.

Encryption tools and libraries
Description Implementation License
GnuPG C GPL
PolarSSL C GPL

Routing

Everyday life rely increasingly on distributed computing infrastructure, it becomes of primary importance that no single entity can arbitrarly monitor nor shutdown complete services as it sees fit. As technology solutions, peer-to-peer infrastructures go to great length to implement de-centralized control structures. Peer-to-peer networks concerns about privacy heavily rely on understanding routing algorithms.

Peer-to-peer projects
Description Implementation License
The Freenet Project ? ?
The Monkeysphere Project extends OpenPGP's web of trust to new areas of the Internet. ? ?

Cloud computing

The requirements to deploy highly-scalable peer-to-peer infrastructure with the possibility to provision and decomission virtual machines on the fly poised "cloud computing" to be an integral part of any future network infrastructure.

DeltaCloud and OpenStack are two competiting APIs for managing cloud clusters.

This is a great starting point to create an EC2-like on a local machine.

The Ubuntu Cloud portal contains all things ubuntu-cloud related.

Penetration testing

There is preparation than running drills, actively trying to get into the system.

Web technologies

Standards

  • HTML5
  • URL encoding (also known as Percent-encoding) is a mechanism for encoding information in a Uniform Resource Identifier (URI) and is often used in the submission of HTML form data in HTTP requests.
  • base64 is a group of similar encoding schemes that represent binary data in an ASCII string format. It is often used to present cryptographic keys.
  • FastCGI
  • OAuth 2.0
  • WebDAV
  • iCalendar is a data format for calendaring and scheduling information.

Web presentation engines, templates and validators