I have tried to do node creation in ns2. now i want to authenticate nodes in that one node behaves as a server and authenticate nodes with passing password between them. I have tried but i don't know more about how to do c++ programming with ns2. I am using cygwin for ns2.
You can use existing protocols in ns2 as a base of your work. For example VANETRBC protocol written by Daniel Jungels in vehicular ad-hoc networks give you a general view for designing new communication protocols. Or project report in the following document can help your for starting your project: http://sce.uhcl.edu/transa/Sourcecode/NS-2_Security_Node_Document.doc
Related
Is it possible to identify if the login is being made from a strange machine? Creating a list of machines recognized by login?
I have tried methods to capture data from the browser through .js, thus generating a fingerPrint but without success, because it is not possible to identify the machine if it is in a network for example.
Here's an example where Google or Microsoft do this, I logged into my account on a computer that I had never used, so I get the notification and I can administer the machines that are recognized for my login.
Is it possible to implement this without installing plug ins on the user's machine? through only my WEB application?
Examples:
you want to do something called fingerprinting. This is client side code
basically you are uniquely identifying the user, with all the possible information in which you believe is unique.
This could be a concatenation:
- using cookies
- ip address
- browser agent (which has os, and browser, and some plugins)
- java version (if installed)
- flash version (if installed)
- screen resolution
- all misc versions of information you can grab via javascript
take a look at
https://github.com/jackspirou/clientjs
https://github.com/Valve/fingerprintjs
There are couple of ways to achieve this.
If your clients are having static IPs then probably you can maintain a list of IPS (Kind of whitelist). Any other request can be treated as unintended request and you can write a logic to generate an alert. This is cumbersome method since static IP may be changed over a period of time.
If you have limited no of users, then probably you can generate a certificate and install it on clients machine. Other users who is not having the certificate can be treated as unintended users. They can't access your application since they don't have your certificate. This method is feasible only if your application is intended only for some small no of users since you need to install the certificate on your clients machine.
Hello or Good evening,
I actually work as a trainee for a small society and one of the improvement that they want, is to have a central authentication server. After some research, we chose to use UCS (Univention Corporate Server) which handle a lot of tools that they want to use in the future. And my problem begin here ...
I want to do a authentication at computer startup and only authentication, by my UCS (no roaming profile or else). I just need to get a ticket to allow the user to have a single sign on, on the intranet (to access NAS or cluster for example). I know that an LDAP server run on my UCS because when I use univention-ldapsearch, I can see a big file with a lot of information ... However, I don't know which LDAP server it is. I have kerberos v5, slapd, pam (maybe), so everything for an SSO and authenticate a user.
What they want to have is this :
--> When a user start a computer, they can connect with their login/password from everywhere.
--> The home directory have to stay ONLY on the main user computer. (so the fact that they can connect from everywhere is more for accessing to data in the intranet)
--> They can access, with SSO to all device (allowed for the user) in the intranet.
Now :
I know :
how to add a user / group. UCS is very user friendly for that,
that an LDAP server is running on UCS.
that I have samba but i'm pretty sure I can do it without using it.
I don't know :
how to set up the authentication at startup (nsss doesn't want to install on UCS and the documentation from UCS using PAM don't take missing files inside UCS -_- ...),
Which LDAP server is running (not an openldap (no directory from them.))
If it's possible to create (ONLY) if it's not the main user computer, an empty home directory and how.
I don't know if someone is familiar with this tech, I hope so because it's more like : "I need a tutorial" than "RTFD" where, a lot of point are missing.
I prefer to specify that we don't have an heterogeneous network, all computer are linux based.
If someone can help me,
Please,
I spent the day trying to do one startup connection and nothing ...
(I can connect from a browser but it's just to change password. And we really need a central authentication).
Thank's in advance,
Regards.
Hello Black Butterfly,
I am working at Univention and know that UCS is quite versatile, so you can connect pretty much any box to it.
UCS comes with OpenLDAP and Kerberos which are closely connected (and even the PAM-Stack uses Kerberos in the end). The important part to know is, that OpenLDAP is running on ports 7389 (LDAP with StartTLS) and 7636 (LDAPS).
Samba/AD is optional and "only" needed if you have Windows(-like) clients. But since you said that you only have Linux boxes, you don't need Samba/AD.
Now, if you want to connect Linux/Unix-like clients to UCS, you will have to ...
1. create a computer object for the client in the UCS LDAP/management system. There's a webmodule for that: http://docs.software-univention.de/manual-4.1.html#computers::hostaccounts
2. configure the client:
- use UCS as nameserver
- use UCS as timeserver
- configure the LDAP-client to use UCS as LDAP-Directory server
- configure the Kerberos-client to use UCS as KDC/Kerberos-Realm
- use some kind of identity/group caching and bridging software like NSS and/or SSSD
Unfortunately every Linux distro behaves differently regarding the nitty-gritty details.
There is a straight forward tutorial on how to do this with Ubuntu - it's mostly copy&paste:
http://docs.software-univention.de/domain-4.1.html#ext-dom-ubuntu
What Linux distro(s) are you using at your organisation for the Linux clients? Maybe I can give you better advice if I know.
Regarding home directories: Do I understand correctly, that you don't want "Roaming Profiles" or shared home directories? That would be the default.
For further advice, you can also always refer to the Univention forum.
Is ngrok a safe tool to use? I was reading a tutorial which recommended to use ngrok test API responses that I make to outside services that need to connect to my endpoints also.
There is no source code available for Version 2.0, considering it started as an open source project in 2014. I am suspect of any code that opens a tunnel to my localhost from the cloud. Pretty scary stuff especially without source code!
It opens up a tunnel to your dev machine, which is partially secured by obscurity (a hard to guess subdomain), and can be further secured by requiring a password. But you're still opening yourself up to ngrok itself, and the company is completely opaque (no address, no employees, no business name, no LinkedIn presence; all I can find is that it has 1-10 employees and is private; not even sure what country its based in). On top of that the code is not open-sourced. No reason to think they're not legit, but not a lot of information available to build trust.
You may be able to use ngrok and other local tunnel services with more security by encrypting the traffic. See https://security.stackexchange.com/questions/177280/end-to-end-encryption-for-localtunnel-ngrok-setup/177357#177357 for more information.
I found good rating, but vacuous information here:
http://www.scamadviser.com/is-ngrok.com-a-fake-site.html
The kicker for me is
https://developer.atlassian.com/blog/2015/05/secure-localhost-tunnels-with-ngrok/
where the Atlassian folks recommend it highly.
I think I am going to use it.
If anyone is concerning compromising their development environment, you can use Docker. There are many ngrok/docker projects but here is the one I chose: https://github.com/gtriggiano/ngrok-tunnel
for macOS, use "TARGET_HOST=docker.for.mac.localhost"
They now offer a service where you locally run only ssh, no need to run any of their code on your machine.
You run something like ssh -R 80:localhost:8501 tunnel.us.ngrok.com http. This connects to one of their hosts and forwards connections they receive back to your machine and the service you run on localhost:8501.
This seems secure to me, the only thing is that you don't know what information they collect and who is connecting to your exposed service. They print all connections, but it's their binary that does this and someone might well listen in without you noticing. You can check connections on your end, but you cannot be sure who it is that connects.
Ngrok is a convenient and highly secure utility for creating tunnels to locally hosted applications via a reverse proxy. This is a utility for publishing locally hosted applications on the web. style="letter-spacing: 0px;">Simply put, any locally hosted application provides a publicly accessible web URL to the . H. Either a Spring Boot or Nodejs based web application, or a webhook for a chat application, etc.
I'm trying to build a Node.JS project that takes advantage of LDAP authorization so that existing user authentication information can be used. The catch is that all our machines are Windows machines. All the solutions I've found so far (node-LDAP, ldapjs, ldapauth, etc) are built for Linux, and npm install [some_package] fails on Windows. More scrounging yielded complicated solutions or required building Node.JS packages from Python/C++ source locally, which starts getting messy and leads to dependency hell, as in this solution:
http://tochedev.blogspot.be/2012/07/i-wanted-to-add-ldapjs-to-my-windows.html
Kudos to the author for putting that effort in and publishing his path to success but if that level of complexity is required in dependency, then the solution isn't appropriate for my application.
That leaves me with limited options: redesign architecture around a Linux VM just so I can have LDAP authentication, which isn't much simpler than the linked solution above; abandon entire Node.JS project and do everything in another language just to support LDAP; dive into dependency hell just so I can have LDAP authentication; give up on LDAP authentication. I would love there to be a fourth option, a straightforward method of LDAP authentication in Node.JS for Windows, but I haven't found one so far. Now I've spent enough time searching that I'm ready to beg for help.
Sorry if this question is on the wrong StackExchange, I'll repost if necessary, didn't know exactly where it fit.
In my experience, there aren't a lot of good ldap tools for node (period). One of the alternatives is using something like Stormpath to handle this. Basically, you'd have to create a Stormpath account, run their LDAP agent, and they'll basically sync your LDAP accounts into their REST API which you can then access via their Node libraries.
This is a nice way to do it as you can interact with the LDAP accounts using a simple Node library, without needing to talk to your LDAP server directly.
I'm developing a chat application (in VB.Net). It will be a "secure" chat program. All traffic will be encrypted (I also need to find the best approach for this, but that's not the question for now).
Currently the program works. I have a server application and a client application. However I want to setup the application so that it doesn't need a central server for it to work.
What approach can I take to decentralize the network?
I think I need to develop the clients in a way so that they do also act as a server.
How would the clients know what server it needs to connect with / what happens if a server is down? How would the clients / servers now what other nodes there are in the network without having a central server?
At best I don't want the clients to know what the IP addresses are of the different nodes, however I don't think this would be possible without having a central server.
As stated the application will be written in VB.Net, but I think the language doesn't really matter at this point.
Just want to know the different approaches I can follow.
Look for example at the paper of the Kademlia protocol (you can find it here). If you just want a quick overview, look at the Wikipedia page http://en.wikipedia.org/wiki/Kademlia. The Kademlia protocol defines a way of node lookups in a network in a decentral way. It has been successfully applied in the eMule software - so it is tested to really work.
It should cause no serious problems to apply it to your chat software.
You need some known IP address for clients to initially get into a network. Once a client is part of a network, things can be more decentralized, but that first step needs something.
There are basically only two options - either the user provides one (for an existing node of the network - essentially how BitTorrent trackers work), or you hard-code in a gateway node (which is effectively a central server).
Maybe you can see uChat program. It's a program from uTorrent creator with chat without server in mind.
The idea is connect to a swarm from a magnetlink and use it to send an receive messages. This is as Amber answer, you need an access point, may it be a server, a know swarm, manual ip, etc.
Here is uChat presentation: http://blog.bittorrent.com/2011/06/30/uchat-we-just-need-each-other/