Tuesday, March 11, 2008

About About.Com

I've signed up for a few lists at About.com's "About U" partly out of need, and partly out of curiosity. The Spanish stuff is out of need (sorta) and the network, web, and security lists out of curiosity. First, how do they present the material? Second, how reliable is their information? Third, I might learn something even from introductory materials. I'll comment on these from time-to-time, but overall my early impression is that they do a pretty good job. I just read the "Introduction to Security Tools" introduction to packet sniffing, and have a couple specific comments. First, they give the impression that a sniffer can sniff an entire subnet. This is likely an intentional oversimplification. With a wired network, e.g., Ethernet, sniffing beyond a subnet requires planting a tool (malware) on a host on another subnet. However, on Ethernet, a sniffer mostly sees frames on a single LAN segment, which is more local than just the subnet. Most Ethernets are switched, and so the switches learn where various hosts are, and then filter out frames that individual hosts have no need to see. A sniffer will still see various multicasts and broadcasts on the Ethernet, but will miss most unicasts not directed to the host running the sniffer. On 802.11, the situation's not so straightforward. Any particular receiver may be within range of multiple subnets, and if the WLANs aren't encrypted, multiple subnets could be sniffed at one time. The other issue is that the receiver may be within range of some nodes on a subnet and not others. This particular About U "course" includes quizzes at the end of each session. One of the questions is predicated upon the statement that "usernames and passwords are generally transmitted across the network in" cleartext. This may be true--it certainly was up to, say, the mid '90s--but I certainly hope it's not true today. Anyhow, I think About U is a valuable service for beginners.

2 comments:

Jeff Martens said...

Nope. Some IS 430 material, though.

Jeff Martens said...

I took a networking course long ago, did some network programming and a couple distributed systems in industry, and then I've used three different texts since I started teaching networking. And I read: IEEE and ACM have very good professional magazines (and academic journals) and occasionally I'll read other networking-oriented books or parts thereof; a great example of that is the IBM redbook on TCP/IP. The lecture notes tend to follow the current text, but material could come from any of the above. There are references at the end of each set of notes, but these are typically not complete.