How to create an Azure AD user ?

 In this article, we will explain how to create an Azure AD user via azure portal, azure cli

First with Azure Portal:

Search for Active Directory in the search box as by the screenshots below, then click on Azure Active Directory

In Azure Active Directory, click on +Add then click on  User

 Fill the fields, especially the user-princiapl-name.The user principal name is 2 parts: prefix is like an identifier for the user inside the domain, and the suffix is one of the domains you have added your azure AD

You can choose to auto-generate password. Password will be auto-generated with Azure and you can see what is the password that has been auto-generated. Or you create the password you want. Also, you can force the user to change his password on sign-in for first time

Once you click on the Click the button "Review + Create". It will create the user for you.

To create an AD user via azure cli, use the command:

az ad user create, the required parameters are the user-principal-name and the password

 

az ad user create --display-name 'John TheBlogger' --user-principal-name 'john.blogger@group-club.com' --password 'testpass'

To view the list of azure AD users, use the command:

az ad user list

To delete an Azure Ad user, it is enough to know the id (we can get the id from the list above)

az ad user delete --id 'abc'

We offer services for azure clouds, whether new projects, or support. For more information about our cloud services, please go to the link  https://http-cloud.com/cloud/

You can also contact us by going to https://http-cloud.com/contact-us/

We would like to thank you for reading our blog. Our next blog will be on how to create azure ad users in bulk

Sandbox versus Honeypot

What is the difference between sandbox and honeypot ?

A sandbox can be used by an enterprise to test softwares. An example of a sandbox, is a PC, isolated from the network , this PC is used to test softwares. If you doubt that a specific software contains malware, you run this software on that PC first, and then you will see the behavior of the software on that PC.

A sandbox is good for zero day malware. Note that zero day malware is a very new malware that does not have yet signatures from antivirus softwares.

A sandbox can also be used for lab and training puproses. By doing this you will protect your environment from any mistake or abnormal behaviour

A honeypot is a device that has security weakness. the device is installed in the network on a purpose. A honeypot is used to trap hackers. A condition for honeypot device, is that it must never be able to access other devices, or to be the road to access other devices. The role of honeypot is to trap hackers. Hackers will think that they took control of a PC in the company, they will try to get info from this PC, and they will try to use it to access other devices in the network. They will waste time, in addition they are exposing their infos (country of origin, IP address, company, purpose of the attack...), so the security team of the entreprise will take the appropriate action such as blocking them on firewall/IPS ...

A honeynet is similar to a honeypot, but it is a network not just one PC.

Would you like to know more about our IT Services? Click here

aaa Authentication, Authorization, Accounting

The model aaa stands for authentication, authorization and accoutning. In real, they are four not three. There is something called Identification and comes before the authentication. In order to access data or resources, users need to be identified and authenticated.

Identification : by name or username

If someone need to enter a restricted area for a private or public place, the guard or receptionist ask the first question " who are you ?" or "may I know with whom am I talking ?" and so on.... All these questions mean identify yourself

What is the receptionist asking the visitor is his identity, when the visitor replies by introducing himself (example I am Mr. X) or saying his name, he is identifying himself to the receptionist. This is the identification process.

Logging on the a computer, also needs identification. The identification is done when the employee writes his username to login. Whether the username exists or do not exists in the Active Directory, or in the SAM database; that person is identifying himself to the system. If the system recognizes the name, it will go to a further step which is the authentication. If the system didn't recognizes the name, it cannot move to the further step, and the employee will be denied access

Authentication is to prove the identity

Sometimes the receptionist might ask the visitor to see his identity card or his driving license or other ID cards with photos. In other terms the receptionist is asking the visitor, can I see an ID that proves that your are Mr X. This process is called authentication. The receptionist is asking Mr. John to authenticate himself by showing ID card, Mr John authenticated himself by providing the receptionist with his ID card.

Let's talk now about a user logging in to a system .The user will enter first his username, the system he is accessing will look in his database to see if there is a record for this username. What happened here, is that the user identified himself to the system, but the system saw that is user is not in the registered allowed users, so the system rejected this access.

Now let's say the username exists in the list of users, Before allowing access , the system will ask the user "can you proof your identity ? or can you proof that you are the person you are claiming to be ?" Here the username must authenticate himself. One type of authentication is the password. The system has already in his database the password for this user (or a hash for this password, we can talk about it later). If the username enter the correct password, meaning that he entered the password that the system has for this username, then authentication succeeded, and the user is allowed access. The system thinks that this user is not lying about his identity because he entered the correct password. If the user did not enter the correct password, the system will think that this user may not be the person who is claiming to be.

Because each company follow the same standards of username writing, employees can know each others usernames. One common standard is the first letter of the given name with the family name. Another common standard is firstname.lastname and so on...

So an employee can easily guess what is the username for each of the other employees. So a user can identify himself to the system as the general manager (by writing the general manager username), but the system will ask this fake general manager to prove his identity , he must enter the general manager's password. But this password is owned and known only by the general manager. As the bad employee doesn't have the appropriate password, the authentication will fail, and he will be blocked access to the system

Would you like to know more about cloud servcies? Click here

How to configure BIND

Installation:

•“yum install bind bind-utils”

•To start“named” service use “service named start”

•To verify that “named” service will start automatically: “chkconfig –list | grep named”

•To make “named” service start automatically in runlevel 3 and 5 “chkconfig –level 35 named on”

BIND Files:

•The main files:

–“/etc/named.conf” is the configuration of the DNS server

–The zone files example: “/var/named/data/test.com.zone

Named.conf

TCP Wrappers

To determine if a client is allowed to connect to a service, TCP Wrappers reference the following two files, which are commonly referred to as hosts access files:

/etc/hosts.allow

/etc/hosts.deny

Sequence

When a TCP-wrapped service receives a request:

It references /etc/hosts.allow, it parses sequentially the entries in /etc/hosts.allow and applies the first rule speicified for that service. If it finds a matching rule, it allows the connection, if not it moves the next step.

Next step: it references /etc/hosts.deny. The TCP-warpped service sequentially parses the entries in /etc/hosts.deny, if it finds a matching rule, it denies the connection. If not, it grants access to the service.

Points to Consider

When using TCP Wrappers to protect network servies:

Access rules in hosts.allow are applied first, so they take precedence over rules specified in hosts.deny. Therefore if a service is allowed in hosts.allow and is denied in hosts.deny, the entry in hosts.deny will be igonred

The rules from  each file are read from top, and the first matching rule is  the only applied.

If no rules for the service are found in either files, access to the service is granted.

If both files « hosts.allow » and « hosts.deny » do not exist, then access to the service is granted.

TCP-Wrapped services do not cache the rules from the hosts access files, so any changes to hosts.allow or hosts.deny take effect immeediately without restarting network services.

Formatting Access Rules

The format for both /etc/hosts.allow and /etc/hosts.deny is identical. Each rule must be on its own line. Blank lines or lines that start with a hash (#) are ignored.

Each rule uses the following basic format to control access to network services:

–<daemon list>: <client list> [: <option>: <option>: ...]

–<daemon list> — A comma-separated list of process names (not service names) or the ALL wildcard. The daemon list also accepts operators (refer to Operator Slide”) to allow greater flexibility.

–<client list> — A comma-separated list of hostnames, host IP addresses, special patterns, or wildcards which identify the hosts affected by the rule. The client list also accepts operators listed in Operator Slide to allow greater flexibility.

–<option> — An optional action or colon-separated list of actions performed when the rule is triggered. Option fields support expansions, launch shell commands, allow or deny access, and alter logging behavior

Wildcards

Allows TCP wrappers to more easily match groups of daemons or hosts:

–ALL matches everything, it can be used for daemon list and host list

–LOCAL matches any host that doesn`t contain a period (.) such as localhost

–KNOW , UNKNOWN AND PARANOID rarely used and should be used with DNS (known is a known host or user)

Example of Entries in hosts.allow

ALL : 192.168.128.0/255.255.254.0  Allows access to all daemons for requests that are coming from the network 192.168.128.0/23

ALL : ALL Allows access to all daemons fror requests coming from anywhere

sshd : 172.18. Allows access to sshd process from requests coming from IP addresses that start with 172.18.

ALL : .test.com  Allows access to all daemons from hosts that that have at the end of their fully qualidified domain name .test.com

Tips: To get an ip address for a specific PC in Linux, you can use the command "ifconfig". But for later version like "CentOS 7", ifconfig is not available by default, you can use the command "ip addr"
to get an IP address for a specific PC in windows, you can use the command "ipconfig"
What if you need to allow specific access to your server from an Internet user. Then you need to know his public IP address. If someone needs to know his public/Real IP address, all what he needs is to click on this link http://www.myip.services

Refering to a file

If we want to permit many IP addresses or names, instead of writing them, we reference to a file, but the filename should start from the / so that TCP wrappers file can identify that it is a file and it should find the entries inside that file

–In.telnetd : /etc/telnet/hosts

It is more secure to use IP addresses than DNS names

Operator

Access control rules accept one operator EXCEPT which allows exception from a specific matches:

ALL :  .test.com EXCEPT abc.test.com

So it matches all computers that they have their fully qualified domain name ending with test.com except the  PC « abc.example.com »

ALL EXCEPT vsftpd: 192.168.0.

So if it is in hosts.allow it allows the PCs that have ip address starts with 192.168.0 to access all daemons except the vsftpd daemon

Portmap and TCP Wrappers

Portmap`s implementation of TCP wrappers doesn`t support host look-ups, which means portmap cannot use hostnames to identify hosts. Consequently  access contorl rules for portmap in hosts.allow or hosts.deny must use IP addresses or the keyword All ,

Changes to portmap access control rules may not take effect immediately. You may need to restart the portmap service

Are you looking for a part-time job ? 

Create your CV in the website below

https://www.security-architecture.com/add-cv/

You can also follow our other blogs:

http://www.ftp.services
http://dhcpservices.blogspot.com


I hope this was helpful, and I would like to thank you for reading

How to allow or deny ssh access

To block or permit remote access to any service in Linux, we can use "hosts.deny" and "hosts.allow"

To allow or deny specific IPs from ssh to the server:

–Edit “hosts.deny” File:

•sshd:all

–Edit “hosts.allow” File:

•sshd:192.168.0.102 (where 192.168.0.102 is the address that will be permitted to ssh to the server)

–You can also add a network to hosts.allow

sshd:192.168.0.0/255.255.255.0

Are you looking to find a flexible job ? 

check this website

https://www.security-architecture.com/job/

You can also follow our other blogs:

http://www.ftp.services

http://dhcpservices.blogspot.com

How to Map network drives in Linux

Map Samba Drive (SMB drive or CIFS)

First create a directory on linux, better to create it under /mnt if /mnt directory exists, because /mnt directory is for mapping drives. you must not write anything in this directory before creating the map.

Second, prepare your share on the windows server:Make sure that you add the appropriate permissions on the shared directory ( in the directory tab and the sharing tab). example the user (jdoe) is the user who must be used to map the drive. So you must have the user jdoe in your windows server (or in Active directory) and you must add this user to the list of users in the security tab and the sharing permissions tab.

To mount the drive you have to execute the command (where winserver is the name of your windows server , linuxshare is the share name of your windows folder, jdoe is windows username)

cifs is the filesystem type, and it should be used when we map drives from windows

mount -t cifs -o username=jdoe //winserver/linuxshare /mnt/linuxshare

To umount: umount /mnt/linuxshare

Map NFS Drive

How to mount nfs

–mount testa.domain.com:/myshare /mnt/testnfs/

–the name of the server should be exactly the same as the name in exportfs file of the destination server(and it should be the same in hosts)

•Depending on the release, you might need to specify the filesystem type

are you looking for a flexible job ? A job that can be done remotely ? Post your CV in this website:
https://www.security-architecture.com/add-cv/

We invite you also to read our other blogs:
https://www.ftp.services
https://dhcpservices.blogspot.com