Continued my web security studies. I had opened up a few articles on networking a few days ago and I finally finished reading them. The last piece that is missing in my understanding of how the internet works is knowing what ports actually are and how they fit in with communication between electronic devices. For example, do IoT devices have ports or is it just servers?
Either way this was definitely one of those days where things started to click. It is like that 20/80 rule. I know almost nothing about computer networking and so with every little bit I learn a whole bunch of things start to make more sense. Right now I am only aiming at getting to that 20% value but I need to get back to the task at hand which is cyber security.
Just to be clear though, I was looking into networking concepts to help me better understand some points mentioned in the PassportJS playlist. So it wasn’t a complete tangent LOL.
TLDR;
Okay, so here are the highlights of what I did:
- Backend -> Continued studying the concepts mentioned in the web security section. Read and took notes on an article discussing the basics of computer networking. There are nodes and links that can be connected in a variety of different formats to produce what we know as a computer network. Expanded rough notes are below.
- Backend -> Read and took notes on an article explaining what OAuth is and how it works. It was really helpful.
Rough Notes – Computer Networking
What is Computer Networking?
Computer networking refers to interconnected computing devices that can exchange data and share resources with each other. These networked devices use a system of rules, called communication protocols, to transmit information over physical or wireless technologies.
But the question now becomes how can they make that exchange i.e. communicate with each other and what does that communication look like. Ultimately, it will and almost always has been through binary electrical or radio signals but beyond the bare basics mechanism we must figure out what takes place. The reason being that binary signals alone without interpretation rules or systems are not helpful for complex computing devices. It’s like speaking a language no one understands. That is just talking rather than communicating. We need to know how computers can communicate with each other successfully in a more complex manner.
How does a computer network work?
Nodes and links are the basic building blocks in computer networking. A network node may be data communication equipment (DCE) such as:
- a modem
- a hub
- a switch
Or data terminal equipment (DTE) such as two or more computers and printers.
A link refers to the transmission media connecting two nodes (i.e. The tool used to allow to nodes to communicate). Links may be physical, like:
- cable wires
- optical fibers
Or free space used by wireless networks.
In a working computer network, nodes follow a set of rules or protocols that define how to send and receive electronic data via the links. The computer network architecture defines the design of these physical and logical components. It provides the specifications for the network’s physical components, functional organization, protocols, and procedures.
What Do Computer Networks Do?
Computer networks were first created in the late 1950s for use in the military and defense. They were initially used to transmit data over telephone lines and had limited commercial and scientific applications. With the advent of internet technologies, a computer network has become indispensable for enterprises.
Modern-day network solutions deliver more than connectivity. They are critical for the digital transformation and success of businesses today. Underlying network capabilities have become more programmable, automated, and secure.
Modern computer networks can:
- Operate virtually
- Integrate on a large scale
- Respond quickly to changing conditions
- Provide data security
References:
Rough Notes – OAuth
This list of user authentication choices goes from least complex at 1. to the most complex:
- Session
- JSON Web Token
- OAuth
- In-House
- SaaS
- Other / Ad-Hoc
The confusing part is that OAuth is often listed as an authentication tool when it is more like an authorization tool. Maybe there is something that I am missing. My current understanding is that authentication relates to confirming your identity whereas authorization relates to managing your access level.
What is OAuth?
OAuth is an open-standard authorization protocol or framework that provides applications the ability for “secure designated access.” For example, you can tell Facebook that it’s OK for ESPN.com to access your profile or post updates to your timeline without having to give ESPN your Facebook password. This minimizes risk in a major way: In the event ESPN suffers a breach, your Facebook password remains safe.
OAuth doesn’t share password data but instead uses authorization tokens to prove an identity between consumers and service providers. OAuth is an authorization protocol that allows you to approve one application interacting with another on your behalf without giving away your password.
SAML vs. OAuth
SAML (Security Assertion Markup Language) is an alternative federated authentication standard that many enterprises use for Single-Sign On (SSO). SAML enables enterprises to monitor who has access to corporate resources.
There are many differences between SAML and OAuth. SAML uses XML to pass messages, and OAuth uses JSON. OAuth provides a simpler mobile experience, while SAML is geared towards enterprise security. That last point is a key differentiator: OAuth uses API calls extensively, which is why mobile applications, modern web applications, game consoles, and Internet of Things (IoT) devices find OAuth a better experience for the user. SAML, on the other hand, drops a session cookie in a browser that allows a user to access certain web pages – great for short-lived work days, but not so great when have to log into your thermostat every day.
References:
Goal For Round 8 of the #100DaysofCode Challenge
This is my eighth round of the “#100daysofcode” challenge. I will be continuing my work from round five, six, and seven into round eight. I was working through the book “Cracking the Coding Interview” by Gayle Laakmann McDowell. My goal was to become more familiar with algorithms and data structures. This goal was derived from my goal to better understand operating systems and key programs that I use in the terminal regularly e.g. Git. This goal was in turn derived from my desire to better understand the fundamental tools used for coding outside of popular GUIs. This in turn was derived from my desire to be a better back-end developer.
I am currently putting a pause on the algorithm work to build some backend/full stack projects. I primarily want to improve my skills with the back-end from an implementation perspective. I have improved tremendously in terminal and CLI skills but I lost focus due to how abstract the algorithm concepts got. I wanted to work on things that were more tangible until I can get to a position where I could directly benefit from improving my algorithm skills and theoretical knowledge. So that’s the focus right now. Build my backend skills and prove my full stack capabilities by building some dope projects.
Again, I still have no idea if my path is correct but I am walking down this road anyways. Worst case scenario I learn a whole bunch of stuff that will help me out on my own personal projects. Best case scenario I actually become one of those unicorn developers that go on to start a billion dollar company… You never know LOL.