Lesson 1 Hacks - 04/24/2023

• Alternatives to CertBot
  • OpenSSL Quiz
  • Lego Quiz
  • Hacks
• KASM Virtual Desktop on EC2 Guide
  • Hacks
• AWS
  • Quiz
  • FRQ
• Duck DNS
  • Introductory Question
  • Quiz
  • FRQ
  • Diagram
  • Reflection

Alternatives to CertBot

OpenSSL Quiz

1. What is the purpose of OpenSSL?

D. All of the above

The answer is D because OpenSSL genrates public keys, encrypts data, and signs certificates.

2. What is the role of the private key in OpenSSL?

C. It is used to encrypt data sent to the server

The answer is C because it secures communications through encryption and digital signatures.

3. What is the SSL/TLS handshake?

A. The process of signing a certificate request with a trusted CA

The answer is A because the SSL/TLS handshake happens to securely connect the server and web browser.

4. What are some command-line tools provided by OpenSSL?

A. openssl genpkey, openssl signcert, openssl encrypt

The answer is A because these commands help make keys, sign certificates, and codes web data.

Lego Quiz

1. What is Lego?

B. An open-source ACME client for obtaining SSL/TLS certificates

The answer is B because lego helps automate the process of obtaiing and renewing SSL/TLS certifcates.

2. What challenges does Lego support for domain validation?

B. HTTP-01 and DNS-01

The answer is B because it supports these for domain validation.

3. What features does Lego provide for managing SSL/TLS certificates?

D. All of the above

The answer is D because lego integrates with popular web servers and load balancers, has dvanced configuration options, and upport for multiple domains in a single certificate and wildcard certificate.

4. How does Lego ensure that SSL/TLS certificates are always up-to-date?

B. By automatically renewing the certificates because they expire

The answer is B because Lego ensures that domains are always secured with up to date certificates.

Hacks

OpenSSL and LibreSSL have several types of security features. They both provide a range of security features for applications and systems. One security feature is certificates where OpenSSL and LibreSSL both use SSL/TLS certificates. LibreSSL reduces the risk of memory leaks and elimnates attack vectors. In terms of API compatibility, LibreSSL is designed to be API-compatible with OpenSSL. The difference here is that LibreSSL uses a different random number generaotr than OpenSSL. Since LibreSSL has made changes to the OpenSSL codebase they have improved security and removed potential vulnerabilities, so it is a tiny bit more secure than LibreSSL. Ultimately, the security between the both mainly depends on the situation, use, and security requirements.

There have been recent vulnerabilites within OpenSSL and LibreSSL. OpenSSL vulnerabilities include CVE-2021-3449 which overflows in the X.509 certificate parsing code of OpenSSL. Another vulnerability is CVE-2020-1967, which is a padding oracle that can decrypt between a client and server. CVE-2020-1971 vulnerability is the X.509 certificate validation code of OpenSSL. LibreSSL vulnerabilites include CVE-2020-1972, a heap buffer overflow vulnerability in the ASN.1 parsing code of LibreSSL. CVE-2020-13777, a timing side-channel vulnerability in the ChaCha20-Poly1305 cipher implementation of LibreSSL. Lastly, another vulnerability is CVE-2019-1543, a denial of service vulnerability in the SSL/TLS certificate handling code of LibreSSL.

KASM Virtual Desktop on EC2 Guide

Hacks

1. Virtual desktops and KASM play signifcant roles in enhancing the security of computer systems. They both help run multiple desktop environments simoltaneously on one machine. The desktops prevent malware and security threats from transmitting to other desktop environments making it easier and convenient to manage security updates. Virtual desktops such as these can be utilized in our AP CSP environment by being processed when we use different applications and programs on our computers in different environments.

2. 

I followed the steps and attempted to download the single server through terminal. I tried logging into the web application on port 433 linked on the website, however it did not work. So, I was not able to login to get a screenshot of my KASM workspace.

AWS

Quiz

1. What is the main difference between relational and non-relational databases?

A. Relational databases are only used for structured data, while non-relational databases are only used for unstructured data.

B. Relational databases can easily handle high data volumes, while non-relational databases cannot.

C. Relational databases are based on tables and use SQL, while non-relational databases are based on collections and use JSON-like documents.

D. Relational databases are more expensive than non-relational databases.

The answer is C. because relational databases store in columns and rows.

2. Which AWS database service is best suited for applications that require low-latency speed?

A. Amazon ElastiCache

B. Amazon Neptune

C. Amazon DocumentDB

D. Amazon RDS

The answer is A. because Amazon ElastiCache processes high volumes of data quickly.

3. What is the purpose of the code example provided in the lesson?

A. To demonstrate how to create a table in Amazon Aurora.

B. To show how to query data from a DynamoDB table.

C. To provide an example of how to connect to a database instance in RDS using Python.

D. To showcase how to insert data into a MySQL table.

The answer is C. because it uses python in the databse instance.

FRQ

1. Are there any outdated Nginx/Docker functionalities to address? AND Is there anything unclear that we need to communicate further to the students for deployment?

No, there are not any outdated Nginx/Docker funtionalities to address. Something unclear that can be communicated further to the students for deployment is dependencies.

1. 

Duck DNS

Introductory Question

In 2-3 sentences, explain the purpose of DuckDNS as a DNS alternative to what is already in place (Freenom). Do you think we should use one or the other? Why or why not?

The purpose of DuckDNS as a DNS alternative to what is already in place Freenom is to allow users to assign a domain name to a dynamic IP address. It provides a convenient way to access your home network from anywhere on the internet. Also, it provide a more specialized solution that's tailored specifically to dynamic IP addresses.

Quiz

import getpass, sys

# method to display question and get user's answers
def question_with_response(prompt, qCount):
    print("Question " + str(qCount)  + " : " + prompt)
    msg = input()
    return msg

# dictionary to hold questions and answers as key : value pairs
questionsDict = {"What does Domain Name Server represent?": "DNS",
    "What does this Represent: Amazon Web Services, which is a cloud computing platform provided by Amazon.": "AWS", 
    "What is the first Step to setting up an AWS Server? 1: Connecting to a Ubuntu EC2 Instance, 2: Start updating the system, 3: Clone the repository which one wishes to deploy, 4: Run the command: main.py to start the project": "1",
    "What is the third Step to setting up an AWS Server? 1: Connecting to a Ubuntu EC2 Instance, 2: Start updating the system, 3: Clone the repository which one wishes to deploy, 4: Run the command: main.py to start the project": "3",
    "What is the fourth Step to setting up an AWS Server? 1: Connecting to a Ubuntu EC2 Instance, 2: Start updating the system, 3: Clone the repository which one wishes to deploy, 4: Run the command: main.py to start the project": ".4",
    "What is the second Step to setting up an AWS Server? 1: Connecting to a Ubuntu EC2 Instance, 2: Start updating the system, 3: Clone the repository which one wishes to deploy, 4: Run the command: main.py to start the project": "2",
    "What files are you supposed to edit after finishing the first steps of setting up the server and cloning it within the AWS Server? 1: Edit the docker files and docker.yml, 2: Edit the main.py file to change the characteristcs.": "1",
    "What is the first step to setting up a DuckDNS Server? 1: Sign in with your DuckDNS account using Github, 2: Configure current ip to the IP address that you want to access and click update ip button , 3: Create the subdomain, 4: Access site by typing in subdomain.duckdns.org": "1",
    "What is the second step to setting up a DuckDNS Server? 1: Sign in with your DuckDNS account using Github, 2: Configure current ip to the IP address that you want to access and click update ip button , 3: Create the subdomain, 4: Access site by typing in subdomain.duckdns.org": "3",
    "What is the third step to setting up a DuckDNS Server? 1: Sign in with your DuckDNS account using Github, 2: Configure current ip to the IP address that you want to access and click update ip button , 3: Create the subdomain, 4: Access site by typing in subdomain.duckdns.org": "2",
    "What is the fourth step to setting up a DuckDNS Server? 1: Sign in with your DuckDNS account using Github, 2: Configure current ip to the IP address that you want to access and click update ip button , 3: Create the subdomain, 4: Access site by typing in subdomain.duckdns.org": "4"
}

# number of questions as length of the dictionary
questions = len(questionsDict)

# set correct to 0
correct = 0


print('Hello, ' + getpass.getuser() + " running " + sys.executable)
print("You will be asked " + str(questions) + " questions.")
print("Are you ready to take a test! Press Enter key to begin. Best of luck :)")
input()

questionCount = 0
# iterate over list of keys from the dictionary. pass dictionary key as question to the question_with_response function
for key in questionsDict:
    questionCount += 1
    rsp = question_with_response(key, questionCount)
    # compare the value from the dictionary to the user's input
    if rsp.lower() == questionsDict[key].lower():
        print(rsp + " is correct! Good Job!")
        correct += 1
    else:
        print(rsp + " is incorrect! Better Luck next time.")

# print final score    
print(getpass.getuser() + " you scored " + str(correct) +"/" + str(questions))

# calculate percentage
page = correct/questions * 100

# print percentage


print("Total Percentage: " + str (format(page,".2f")) + "%")

Hello, amitha running /Users/amitha/opt/anaconda3/bin/python
You will be asked 11 questions.
Are you ready to take a test! Press Enter key to begin. Best of luck :)
Question 1 : What does Domain Name Server represent?
DNS is correct! Good Job!
Question 2 : What does this Represent: Amazon Web Services, which is a cloud computing platform provided by Amazon.
AWS is correct! Good Job!
Question 3 : What is the first Step to setting up an AWS Server? 1: Connecting to a Ubuntu EC2 Instance, 2: Start updating the system, 3: Clone the repository which one wishes to deploy, 4: Run the command: main.py to start the project
1 is correct! Good Job!
Question 4 : What is the third Step to setting up an AWS Server? 1: Connecting to a Ubuntu EC2 Instance, 2: Start updating the system, 3: Clone the repository which one wishes to deploy, 4: Run the command: main.py to start the project
3 is correct! Good Job!
Question 5 : What is the fourth Step to setting up an AWS Server? 1: Connecting to a Ubuntu EC2 Instance, 2: Start updating the system, 3: Clone the repository which one wishes to deploy, 4: Run the command: main.py to start the project
4 is incorrect! Better Luck next time.
Question 6 : What is the second Step to setting up an AWS Server? 1: Connecting to a Ubuntu EC2 Instance, 2: Start updating the system, 3: Clone the repository which one wishes to deploy, 4: Run the command: main.py to start the project
4 is incorrect! Better Luck next time.
Question 7 : What files are you supposed to edit after finishing the first steps of setting up the server and cloning it within the AWS Server? 1: Edit the docker files and docker.yml, 2: Edit the main.py file to change the characteristcs.
4 is incorrect! Better Luck next time.
Question 8 : What is the first step to setting up a DuckDNS Server? 1: Sign in with your DuckDNS account using Github, 2: Configure current ip to the IP address that you want to access and click update ip button , 3: Create the subdomain, 4: Access site by typing in subdomain.duckdns.org
1 is correct! Good Job!
Question 9 : What is the second step to setting up a DuckDNS Server? 1: Sign in with your DuckDNS account using Github, 2: Configure current ip to the IP address that you want to access and click update ip button , 3: Create the subdomain, 4: Access site by typing in subdomain.duckdns.org
1 is incorrect! Better Luck next time.
Question 10 : What is the third step to setting up a DuckDNS Server? 1: Sign in with your DuckDNS account using Github, 2: Configure current ip to the IP address that you want to access and click update ip button , 3: Create the subdomain, 4: Access site by typing in subdomain.duckdns.org
2 is correct! Good Job!
Question 11 : What is the fourth step to setting up a DuckDNS Server? 1: Sign in with your DuckDNS account using Github, 2: Configure current ip to the IP address that you want to access and click update ip button , 3: Create the subdomain, 4: Access site by typing in subdomain.duckdns.org
4 is correct! Good Job!
amitha you scored 7/11
Total Percentage: 63.64%

FRQ

Question 1: How does AWS Work?

AWS works by building and running applications and services in the cloud. By using the services such as EC2 it helps compute the database. The tools and services provided by AWS help users manage cloud resources and help users create, configure, and monitor autonmous tasks.

Question 2: How is AWS useful for projects?

AWS is useful for projects because AWS projects let you scale up or down based on demand and traffic in order to accomdate growth over time. AWS is also cost effective because users can pay as they go. Users can also deploy projects and applications fairly easily because AWS provides tools and services to deply in the cloud. There is also a lot of security surrounded around AWS because there are several security features that protect data and applications.

Question 3: How does Duck DNS Work?

Duck DNS works as a free service that allows users to assign a domain name to a IP address. Users first have to make a account and sign to chose a domain name. The domain name already has a given form and it installs a client on the device that has the IP address. Later, the configuration occurs and Duck DNS account information is used for your domain name and accout token. Duck DNS processes all updates by itself. Users can access their IP address easily and can access it from anywhere after.

Question 4: How is Duck DNS useful for projects?

Duck DNS is useful for projects because it has a easy setup process that helps set up and configure. Several other services and tools can be used along with DuckDNS, so it ends up being more useful for specific projects and situations. Users can assign a domain name to nay device with a IP address, so there is a lot of flexibility included too. Lastly, Duck DNS is a free service online, so it is a cost effective way of getting a domain for free without paying expensive prices.

Diagram

What are the pros and cons of using Duck DNS Show a diagram of an application running on AWS using a Duck DNS system

Reflection

Duck DNS is useful for our projects and works by projects that involve remote access or control of a device, such as setting up a home security camera, remote desktop access, or hosting a website or game server from a home network. By using Duck DNS, the device or service can be accessed using a static hostname, which is more convenient than having to remember or constantly look up the device’s changing IP address. Also, Duck DNS is easy to set up and does not require any special hardware or software. It can be configured to update the IP address automatically, making it a reliable and low-maintenance solution for dynamic IP addresses. Steps are to create a free account, choose hostname, configure to update IP address with DuckDNS own domain name, and test hostname through browser. Duck DNS is a useful tool for any project that requires a static hostname for remote access or control of a device or service. Duck DNS is a unique tool because it is simple and is integrated with other automation services.