Академический Документы
Профессиональный Документы
Культура Документы
Education
KRISHNA KAUSHIK.Y
Bachelor of Engineering in Electronics and
Email Communication (B.E) from S.S.N.C.E, Chennai, TamilNadu.
ykrishnakaushik@rediffmailmail.com (2002-2005)
ykrishnakaushik@gmail.com
Certification
Passport No: G2611457
Sun Micro Systems Certified Engineer
Contact Number : HP Certified Engineer
Personal Data :
Sex : Male
Languages : C and Perl
Nationality : Indian
Technology :Firewall, Network Security Tools , Linux
Marital Status : Single
security, VPN, Firewall, LTSP with Windows , LARTC, IDS,
Fathers Name : MRTG, Proxy Server, HTTP, SMTP, POP3 , LDAP with
Y.V.Satyanarayana
Windows PDC, etc.
Reference:
OS : Redhat Linux 9, Sun Solaris 9 and
HR: Sudha Bindhu Meka
PH: 040 - 64568555
Windows XP
ID: sudha.m@meotexsolutions.com
RDBMS : Oracle.
Meotex Solutions
8-2-269/N/1B, Vivekananda
Areas of Interest
Enclave, Arora Colony, Road No. 2,
Banjara Hills. Linux & Solaris System Administration
Hyderabad-500038
Network Security
Linux security
Linux Firewall(iptables)
PROJECT EXPERIENCE
Project #1
Description:
VPN solutions offer the comprehensive security your extended network needs, combined
with the flexibility and manageability that long-term growth demands. Its used to secure tunnel between
Network-to-Network and also used to route packets between to different network.
Os: Solaris 9.0
Script language: Shell scripting.
Team Size: 2
Project #2
Description:
Centralized User Authentication and Address book maintenance Using Light Weight Directory Access
Protocol. Hands on experience in cross platform authentication.
Information on the LDAP server can be easily used for several purposes. As outlined in this
HOWTO, the same users entries on the LDAP database can be used for other applications like
phone directories, mail routing, staff databases etc., thus avoiding data replication and
inconsistency.
LDAP allows complex access control lists to be applied on the database. This allows for a fine grain
tuning of permissions on the database entries.
A secure transmission channel between the LDAP server and the clients can be implemented
through the Secure Socket Layer (SSL).
A fault tolerant service can be implemented using slapd replication and DNS round robin queries.
Having a single instance of users on the network helps to maintain users on many hosts from a
single management point (i.e. you can create and delete accounts in the LDAP server and this
changes are available immediately to LDAP clients).
Project #3
Linux Firewall
Description:
Firewall Software is a basic requirement for anyone using broadband to prevent hacking, virus, and
other security risks. Firewall software is software designed to prevent unauthorized access to a computer
or network that is connected to the Internet. Firewall software comes in a variety of forms, offering a wide
variety of features, protection capabilities, scalability and cost.
Linux Network Address Translation
Network Address Translation (NAT) is a vitally important Internet technology for a variety of
reasons. It can provide load balancing for parallel processing, it can provide several types of strong
access security, and it can provide fault-tolerance and high-availability. Finally, it can simplify some basic
network administration functions. Below, we sketch the possible uses, and then follow up with Linux-
specific applications
Firewall Security through Masquerading
One important security concept is that it is much easier to guard a single point of entry than it is to
guard many points. This is the principle behind the Internet firewall:
By protecting the single network firewall, the entire internal network can be protected.
Masquerading allows insiders to get out, without allowing outsiders in. Masquerading re-writes the
IP headers of internal packets going out, making it appear that they all came from the firewall.
Reply packets coming back are translated back, and forwarded to the appropriate internal machine.
Thus, inside machines are allowed to connect to the outside world. However, outside
machines cannot: in fact, they cannot even *find* the internal machines, since they are aware of only
*one* IP address, that of the firewall. Thus, they cannot attack the internal machines directly.
The admin of the internal network can choose reserved IP addresses, e.g. in the
10.x.x.x range, or the 192.168.x.x range. These addresses do not have to be registered with the
InterNIC, and can be used however the sysadmin wants, as long as they are not used on the
external network. Note that this also alleviates the shortage of IP addresses that ISP's are facing: A
site with hundreds of computers can get by with a mere 8 or 16 Internet IP addresses, without
denying any of it's users Internet access.
Os: Redhat Enterprise Linux 3
Script language: Shell scripting.
Team Size: 2
Project #4
Functionally, the user's Internet Explorer requests a browsing session with the Squid proxy, for which
it offers its AD authentication token. Squid hands off the authentication request to the Samba-3
authentication helper application called ntlm_auth. This helper is a hook into winbind, the Samba-3 NTLM
authentication daemon. Winbind enables UNIX services to authenticate against Microsoft Windows
Domains, including Active Directory domains. As Active Directory authentication is a modified Kerberos
authentication, winbind is assisted in this by local Kerberos 5 libraries configured to check passwords with
the Active Directory server. Once the token has been checked, a browsing session is established. This
process is entirely transparent and seamless to the user.
I here by declare that the information and particulars mentioned above are correct to the best of
knowledge.
Date: