CS469/569
Home
Course Info
Contact
Course materials
Lessons
Syllabus
In Class Code
Course Policy
Assignments
Homework
Quizzes and Tests
Resources
Links
logoISU  

CS469/569 - Linux and Unix Administration and Networking

Spring 2022

Displaying ./code/04-14/README 

q10
- Over lesson 14 and sql tasks needed in h9. Read lesson 14, try to finish h9, and then take the quiz. Most of the questions ask for basic mariaDB / mysql commands for doing things we needed to do on h9.  It is timed for 30 minutes.
- Due next Wednesday

q9
- graded
- you can see the answers now (also for q8, q7 that I forgot to set so you can see the answers)
- difference between /etc/passwd and /etc/shadow
- difference between /var/run logs and /var/log/wtmp

Attendance

h9
- questions?

Next material
- Lesson 15 certificates, and h10 will be over this


Certificates, on page load in the web browser, sequence of events...
* Cast of characters
  + client computer (client) - web browser that the user is using
  + web server (CS) - has the site that the user wants to see
  + Domain Name Server server (DNS) - translating cs.indstate.edu into an IP #
  + Certificate Authority (CA) - validating certificates (identity)
* DNS lookup
  + browser asks the OS to lookup cs.indstate.edu
  + OS ask the DNS server for this
  + DNS replies with: 139.102.14.201
  + client use 139.102.14.201 to communicate with CS
  - Note: why trust DNS?  authenticate/identity/security/something - later?
- Note: assume any transmission out of your computer is plain text (not encrypted)
* Establish a secure connection to CS - goal is to agree on
  encryption keys (password) that only CS and client know.
  + client: send to CS - hello, and encryption/hash/etc. algorithms client can do (RSA, AES, md5, ...)
  + CS: pick some encryption method (AES, ...) and send to the client
        also send the certificate to client
  + client: receive certificate and validate, ask CA (note that this requires secure communication/authentication with CA)
  - Note: certificate includes the public-key for CS, allows client to send encrypted messages to CS
  + client: pick a random password, encrypt with CS's public-key, send to CS
  + CS: receives encrypted message, decrypt with CS's private-key, and CS has the random password as well!
  - Assumptions of private/public stuff...
    - Client encrypts to CS by applying the public-key
    - Given a users's public-key, cannot decrypt (efficiently)
      - Note - this is like a "one way function" (multiplication of huge numbers)
               - multiplying is # of digits squared (1000 digits) - 10**6
	       - factoring a 1000 digit # by brute force - sqrt(10**1000) = 10**500
    - Given a users's private-key, can decrypt (efficiently)
      - this implies that the private-key and public-key are related
    - Everyone knows everyone else's public keys - it's easy to encrypt to someone else
* Secure communication/authentication with CA
  + This goes before communicating with CS, actually
  + Same basic thing as with CS, but we need to already know the CA's public key
    - All web browsers have some built-in CA public keys
    - There have been a few security issues when a root CA was hacked
      - Need "revoke" those certificates - security updates/patches
        Might also revoke for old, not as secure any more cert's.
	
* https://en.wikipedia.org/wiki/Public-key_cryptography

Working on step 4 in the Steps to then create the CA
- Do it as well on your u's, will be part of h10