Showing posts with label Network Security. Show all posts
Showing posts with label Network Security. Show all posts

What is DHCP || DORA process || Guide and Details.

Here's a simple guide to DHCP (Dynamic Host Configuration Protocol) and its working details:


Introduction to DHCP:

The Dynamic Host Configuration Protocol (DHCP) is a network protocol that enables automatic configuration of IP addresses and other network settings for devices on a network. It eliminates the need for manual IP address assignment, making network administration more efficient.


How DHCP Works:


1. DHCP Discover:

When a device (known as a DHCP client) connects to a network, it sends a broadcast message called a DHCP Discover. This message seeks a DHCP server that can assign an IP address to the client. The DHCP Discover message contains information about the client, such as its MAC (Media Access Control) address.


2. DHCP Offer:

When a DHCP server receives a DHCP Discover message, it responds with a DHCP Offer message. The DHCP Offer includes an available IP address from the server's pool of addresses, along with other network configuration parameters like subnet mask, default gateway, and DNS (Domain Name System) server addresses.


3. DHCP Request:

The client receives multiple DHCP Offer messages (in case multiple DHCP servers are present) and selects one. It sends a DHCP Request message to the chosen DHCP server, confirming its acceptance of the offered IP address and configuration parameters.


4. DHCP Acknowledgment:

Upon receiving the DHCP Request, the DHCP server sends a DHCP Acknowledgment (DHCP ACK) message back to the client. The DHCP ACK message includes the lease duration for the IP address, indicating how long the client can use the assigned IP address and configuration.


5. IP Address Lease:

The client now configures its network settings according to the information received in the DHCP ACK. It assigns the offered IP address to itself, along with the subnet mask, default gateway, and DNS server addresses. The lease duration specifies the validity period of the IP address, after which the client must renew the lease.


6. Lease Renewal and Rebinding:

As the lease expiration time approaches, the client can attempt to renew its lease by sending a DHCP Request to the original DHCP server. If the server still exists and the lease is valid, it responds with a DHCP ACK, renewing the lease. If the original DHCP server is not available, the client enters a rebinding process, broadcasting a DHCP Request to any available DHCP server on the network. If successful, a DHCP ACK is received, renewing the lease.


Conclusion:

DHCP simplifies the process of IP address assignment and network configuration by automating the task. It enables devices to join a network and obtain the necessary network settings dynamically, reducing administrative overhead and minimizing the chances of address conflicts.


Certainly! Here are some additional details to further explain DHCP:


DHCP Lease Process:

1. Lease Allocation: When a DHCP server assigns an IP address to a client, it also specifies a lease duration. The lease duration determines how long the client can use the assigned IP address. Typically, lease durations can range from a few hours to several days or longer, depending on the network configuration.


2. Lease Renewal: As the lease expiration time approaches, the client attempts to renew its lease by sending a DHCP Request to the DHCP server from which it initially obtained the IP address. The client includes its lease information, such as the IP address and lease duration, in the renewal request. If the server still exists and the lease is valid, it responds with a DHCP ACK, renewing the lease for the client.


3. Lease Rebinding: If the original DHCP server does not respond to the renewal request, the client enters the rebinding process. It broadcasts a DHCP Request message to any available DHCP server on the network, requesting a lease renewal. The rebinding process typically occurs when the client cannot reach the original DHCP server due to network changes or server unavailability. If successful, a DHCP ACK is received from the new DHCP server, renewing the lease for the client.


4. Lease Expiration: If the client fails to renew the lease before its expiration, the IP address lease is released, and the IP address becomes available for reallocation. Once the lease expires, the client can no longer use the IP address and must obtain a new lease by going through the DHCP process again.


DHCP Relay:

In larger networks or when DHCP servers are not directly connected to the client's subnet, DHCP relay agents are used. A DHCP relay agent receives DHCP Discover messages broadcasted by clients and forwards them as unicast messages to the DHCP server. This allows the DHCP server to receive the client's request and respond with a DHCP Offer, even if the server is located on a different subnet.


DHCP Options:

DHCP provides additional configuration options beyond IP addressing. These options include:


1. Subnet Mask: Specifies the subnet mask to be used by the client.

2. Default Gateway: Informs the client about the IP address of the default gateway, which is the device used to reach networks outside the local subnet.

3. DNS Servers: Provides the IP addresses of DNS servers that the client should use for domain name resolution.

4. Domain Name: Specifies the DNS domain name associated with the client's IP address.

5. Time Servers: Supplies the IP addresses of time servers that the client can use for time synchronization.

6. DHCP Server Identification: Identifies the DHCP server that provided the IP address and configuration parameters to the client.


By utilizing these DHCP options, clients can receive comprehensive network configuration information, making it easier for them to connect to and operate within the network.


Conclusion:

DHCP is a crucial protocol in network administration, allowing for automatic and dynamic IP address allocation. It simplifies network configuration by eliminating the need for manual IP address assignment, streamlining the process of connecting devices to a network. The DHCP lease process ensures the efficient use of IP addresses and enables clients to renew their leases, maintaining network connectivity over extended periods. Additionally, DHCP relay agents and options further enhance the functionality and flexibility of DHCP in various network environments.


Certainly! Here are some examples to illustrate how DHCP works in practice:


Example 1: Home Network

Consider a home network with a DHCP server, a wireless router, and multiple devices such as laptops, smartphones, and smart TVs. When a new device, let's say a laptop, connects to the network, it sends a DHCP Discover message. The wireless router, acting as the DHCP server in this scenario, receives the message.


The router responds with a DHCP Offer, providing an available IP address from its pool, along with other configuration parameters like subnet mask, default gateway, and DNS server addresses. The laptop selects one of the offered IP addresses and sends a DHCP Request to the router, confirming its acceptance.


The router acknowledges the request with a DHCP ACK, and the laptop configures its network settings accordingly. It assigns the offered IP address to itself, along with the provided subnet mask, default gateway, and DNS server addresses. The laptop now has a valid IP address and can communicate on the network.


Example 2: Office Network

In a larger office network, multiple DHCP servers might be deployed to handle the increased number of devices. Let's say a new employee brings in their laptop and connects it to the network. The laptop sends a DHCP Discover message, which is received by a DHCP relay agent located in the subnet.


The relay agent forwards the Discover message to the appropriate DHCP server located in a different subnet. The DHCP server responds with a DHCP Offer, specifying an available IP address and other configuration parameters.


The relay agent relays the Offer message back to the laptop, which then sends a DHCP Request to the DHCP server. Upon receiving the Request, the DHCP server sends a DHCP ACK to the relay agent, confirming the lease.


The relay agent forwards the ACK to the laptop, which configures its network settings based on the provided information. The laptop now has a valid IP address and can access resources on the office network.


Example 3: Public Wi-Fi Network

In a public Wi-Fi network, DHCP is used to dynamically assign IP addresses to visiting devices. When a user connects their smartphone to the public Wi-Fi network at a coffee shop, for instance, the smartphone sends a DHCP Discover message.


The DHCP server within the coffee shop's network receives the Discover message and responds with a DHCP Offer, providing an available IP address and other necessary configuration parameters.


The smartphone sends a DHCP Request to accept the offered IP address, and the DHCP server acknowledges it with a DHCP ACK. The smartphone configures its network settings accordingly and gains internet access through the public Wi-Fi network.


These examples demonstrate how DHCP facilitates the automatic configuration of IP addresses and network parameters for devices, enabling seamless connectivity in various network environments.


Certainly! The DORA (Discover, Offer, Request, Acknowledge) process is a common acronym used to describe the flow of messages in DHCP. Here's an example illustrating the DORA process:


Example: Laptop Connecting to a Network


1. Discover:

- A laptop is powered on and connected to a network for the first time.

- The laptop sends a DHCP Discover message as a broadcast on the local network.

- The Discover message contains the laptop's MAC address, indicating its unique identifier.


2. Offer:

- The DHCP server(s) on the network receive the Discover message.

- One of the DHCP servers responds with a DHCP Offer message.

- The Offer message includes an available IP address and other configuration parameters such as subnet mask, default gateway, and DNS server addresses.

- The DHCP server reserves the offered IP address for the laptop during the lease duration.


3. Request:

- The laptop receives multiple Offer messages (if multiple DHCP servers exist).

- The laptop selects one DHCP Offer and sends a DHCP Request message to the DHCP server that made the offer.

- The Request message confirms the laptop's acceptance of the offered IP address and configuration parameters.


4. Acknowledge:

- The DHCP server receives the Request message and sends a DHCP Acknowledge (ACK) message back to the laptop.

- The ACK message confirms that the IP address and configuration parameters have been assigned to the laptop.

- The laptop configures its network settings according to the information provided in the ACK message.

- The laptop now has a valid IP address and can communicate on the network.


During the lease duration, the laptop can use the assigned IP address and network configuration. As the lease expiration approaches, the laptop may attempt to renew the lease by sending a renewal Request to the DHCP server. If successful, the DHCP server responds with a renewal ACK, allowing the laptop to continue using the IP address. If the lease expires, the IP address is released and can be reassigned to other devices.


The DORA process ensures the efficient allocation and management of IP addresses in a network, enabling dynamic and automatic configuration of devices without manual intervention.

Communicating with Clients Using Qualys: A Guide to Secure and Efficient Communication

Qualys is a cloud-based security and compliance platform that offers various tools for vulnerability management, policy compliance, and web application security. To communicate with a client PC using Qualys, you need to understand the different components and features available. Here's a general overview of the process:

1. Setup and Configuration:

   - Sign up for a Qualys account and obtain the necessary credentials.

   - Set up your client PC with a compatible operating system and internet connectivity.


2. Qualys Agent Installation:

   - Install the Qualys Cloud Agent on the client PC. The agent is a lightweight software that facilitates communication between the client and the Qualys platform.

   - Log in to your Qualys account and navigate to the "Assets" or "Agents" section.

   - Generate an activation key and download the agent installer package.

   - Install the agent on the client PC by running the installer and providing the activation key.


3. Agent Registration and Activation:

   - Once the agent is installed, it will attempt to register with the Qualys platform.

   - The agent will establish a secure communication channel with Qualys using SSL/TLS encryption.

   - After successful registration, the agent will be activated and associated with your Qualys account.


4. Asset Management and Scanning:

   - In the Qualys platform, you can view and manage the assets (client PCs) registered through the agents.

   - Assign appropriate tags and labels to organize and group assets.

   - Configure vulnerability scans, policy compliance checks, or other security assessments for the client PCs.

   - Schedule scans to run automatically or initiate on-demand scans.


5. Results and Reporting:

   - Once the scans are completed, Qualys will provide detailed reports and dashboards highlighting vulnerabilities, policy violations, or other security issues.

   - Analyze the reports and prioritize remediation actions based on the severity and impact of the findings.

   - Generate compliance reports to demonstrate adherence to security standards or regulations.


Remember that the exact steps and terminology might vary based on the specific version and configuration of Qualys being used. It's recommended to consult the official Qualys documentation or contact their support for detailed instructions based on your specific setup.


Example: Let's say you want to communicate with a client PC named "Client001" using Qualys. After installing the Qualys Cloud Agent on "Client001" and registering it with your Qualys account, you can perform vulnerability scans to identify any security weaknesses on the client PC. The scan results will be available in the Qualys platform, where you can view detailed reports and take appropriate actions to address the identified vulnerabilities and ensure the client PC's security.

Qualys: Cloud-Based Security and Compliance Solutions (Q/A)

 


Q: What is Qualys?


A: Qualys is a leading provider of cloud-based security and compliance solutions. It offers a wide range of services and products designed to help organizations assess, monitor, and protect their IT infrastructure and sensitive data.


Q: What are the main features of Qualys?


A: Qualys offers a comprehensive set of features to address various security and compliance needs. Some of the main features include vulnerability management, policy compliance assessment, web application scanning, network security assessment, threat protection, file integrity monitoring, and security configuration assessment.


Q: How does Qualys help with vulnerability management?


A: Qualys provides a robust vulnerability management solution that enables organizations to identify and prioritize vulnerabilities in their IT infrastructure. It offers continuous scanning capabilities to detect vulnerabilities across network devices, servers, applications, and endpoints. Qualys also provides detailed reports, remediation guidance, and integration with patch management systems to streamline the vulnerability management process.


Q: What is policy compliance assessment in Qualys?


A: Policy compliance assessment is a feature in Qualys that helps organizations ensure their IT systems comply with industry standards, regulatory requirements, and internal policies. It allows users to define custom policies or use pre-defined policies to assess the compliance posture of their infrastructure. Qualys scans systems for configuration errors, security policy violations, and other non-compliant conditions, and provides reports and remediation recommendations.


Q: How does Qualys perform web application scanning?


A: Qualys offers web application scanning capabilities to identify security vulnerabilities in web applications and APIs. It uses automated scanning techniques to crawl web applications, simulate attacks, and detect vulnerabilities such as SQL injection, cross-site scripting (XSS), and insecure server configurations. Qualys provides detailed reports, prioritized remediation guidance, and integration with development tools for seamless vulnerability management.


Q: What is network security assessment in Qualys?


A: Network security assessment in Qualys involves scanning and assessing network devices, such as routers, switches, and firewalls, for potential vulnerabilities and misconfigurations. It helps organizations identify weak points in their network infrastructure and provides recommendations for enhancing security controls. Qualys' network security assessment feature enables regular scanning, monitoring, and reporting on the security posture of network devices.


Q: How does Qualys provide threat protection?


A: Qualys offers threat protection capabilities by integrating with various threat intelligence sources and leveraging real-time vulnerability data. It helps organizations identify vulnerabilities that are actively exploited by threat actors and prioritize their remediation efforts accordingly. Qualys also provides actionable insights and alerts to help organizations mitigate emerging threats and strengthen their security posture.


Q: What is file integrity monitoring in Qualys?


A: File integrity monitoring (FIM) is a feature in Qualys that monitors critical files and directories for unauthorized changes or modifications. It helps organizations detect potential security incidents, malware infections, or unauthorized access to sensitive data. Qualys' FIM feature provides real-time alerts, detailed audit logs, and integration with security information and event management (SIEM) systems for enhanced threat detection and response.


Q: How does Qualys perform security configuration assessment?


A: Qualys' security configuration assessment feature enables organizations to assess the security configurations of their IT assets against industry best practices and benchmarks. It helps identify misconfigurations that could expose systems to security risks and provides remediation recommendations. Qualys supports various configuration assessment frameworks, such as CIS benchmarks, and offers comprehensive reporting and tracking capabilities.


Q: What are the deployment options for Qualys?


A: Qualys offers flexible deployment options to meet the diverse needs of organizations. It provides a cloud-based solution, known as Qualys Cloud Platform, which allows users to access and manage their security and compliance programs through a web browser. Additionally, Qualys offers virtual appliances that can be deployed on-premises or in hybrid environments, allowing organizations to maintain control over sensitive data while leveraging Qualys' powerful capabilities.


Q: Can Qualys integrate with other security tools and systems?


A: Yes, Qualys is designed to integrate with a wide range of security tools and systems to streamline security operations and enhance overall security posture. It offers integration options with security information and event management (SIEM) systems, ticketing systems, asset management tools, patch management systems, and more. These integrations enable organizations to automate workflows, share data, and improve collaboration across their security infrastructure.


Q: How does Qualys assist with compliance requirements?


A: Qualys provides comprehensive capabilities to help organizations meet compliance requirements and streamline the compliance process. It supports a variety of compliance frameworks and regulations, such as PCI DSS, HIPAA, GDPR, NIST, and more. Qualys assists in conducting compliance assessments, generating audit reports, monitoring compliance status, and providing continuous visibility into the compliance posture of IT assets.


Q: Can Qualys scale to accommodate large enterprise environments?


A: Yes, Qualys is built to scale and can effectively handle the security and compliance needs of large enterprise environments. Its cloud-based architecture allows for easy scalability, ensuring that organizations can assess and protect a large number of assets across multiple locations. Qualys also provides multi-account management and centralized reporting capabilities, enabling efficient management of security programs across complex and distributed infrastructures.


Q: How does Qualys ensure the security and confidentiality of customer data?


A: Qualys takes security and data privacy seriously and implements robust measures to protect customer data. It follows industry-leading security practices and maintains strict compliance with global data protection regulations. Qualys employs encryption technologies, access controls, intrusion detection systems, and regular security audits to safeguard customer data from unauthorized access, loss, or breaches.


Q: Does Qualys offer training and support for its customers?


A: Yes, Qualys provides training and support services to help customers make the most of their security and compliance programs. It offers comprehensive training resources, including online courses, documentation, and webinars, to educate users on the effective use of Qualys solutions. Additionally, Qualys offers technical support through various channels, including phone, email, and an online support portal, to assist customers in resolving issues and optimizing their security deployments.


Q: What industries and sectors can benefit from Qualys' solutions?


A: Qualys solutions cater to a wide range of industries and sectors that prioritize security and compliance. This includes but is not limited to finance, healthcare, retail, manufacturing, technology, government, and education. The customizable nature of Qualys' offerings allows organizations in different sectors to tailor the solutions to their specific needs and meet the unique challenges they face in their respective industries.


Please note that while the information provided here offers a general understanding of Qualys' features, capabilities, and benefits, it is recommended to refer to official Qualys resources and consult with a Qualys representative for specific details and the most up-to-date information.

Essential Network Security Measures: Protecting Your Network from Threats || Types of network security

Network security encompasses various measures and techniques designed to protect computer networks and the data transmitted within them from unauthorized access, misuse, and cyber threats. Here are some common types of network security:



1. Firewalls: Firewalls are the first line of defense for a network. They monitor and control incoming and outgoing network traffic based on predefined security rules, filtering out potentially harmful or unauthorized communication.


2. Intrusion Detection System (IDS) and Intrusion Prevention System (IPS): IDS and IPS solutions monitor network traffic for suspicious activities or patterns that may indicate an intrusion attempt. IDS detects and alerts administrators about potential threats, while IPS takes proactive measures to block or prevent those threats from entering the network.


3. Virtual Private Network (VPN): VPNs provide secure remote access to private networks over public networks such as the internet. They encrypt the communication between the user's device and the network, ensuring confidentiality and integrity of data transmitted over the connection.


4. Secure Sockets Layer/Transport Layer Security (SSL/TLS): SSL/TLS protocols provide secure communication over the internet by encrypting data between a web server and a user's browser. This ensures that sensitive information, such as login credentials or financial data, remains private and protected from eavesdropping or tampering.


5. Access Control and Authentication: Access control mechanisms enforce restrictions on network resources based on user identities, roles, or permissions. This includes strong authentication methods like two-factor authentication (2FA) or multi-factor authentication (MFA), which add an extra layer of security by requiring users to provide additional proof of their identity.


6. Network Segmentation: Network segmentation involves dividing a network into multiple subnetworks to create separate security zones. This helps contain potential security breaches, limiting the impact of an attack and preventing lateral movement within the network.


7. Wireless Network Security: Wireless networks present unique security challenges. Implementing protocols like Wi-Fi Protected Access (WPA) or WPA2/WPA3, using strong encryption, and disabling unnecessary network services help secure wireless networks from unauthorized access and eavesdropping.


8. Network Monitoring and Logging: Network monitoring involves continuous surveillance of network traffic to detect anomalies or suspicious activities. Logging network events and activities allows for forensic analysis, audit trails, and helps in investigating security incidents.


9. Data Loss Prevention (DLP): DLP solutions prevent sensitive or confidential data from leaving the network or being accessed by unauthorized individuals. They monitor data flow, apply content filtering, and enforce data protection policies.


10. Security Incident and Event Management (SIEM): SIEM solutions collect and analyze security event data from various network devices and systems. They provide real-time threat detection, log management, and generate alerts to help security teams respond to and mitigate security incidents.


11. Antivirus and Anti-Malware: Antivirus software and anti-malware tools are designed to detect, prevent, and remove malicious software (malware) such as viruses, worms, Trojans, and ransomware. They scan files, programs, and network traffic to identify and neutralize potential threats.


12. Secure Email Gateways (SEG): SEG solutions filter incoming and outgoing email traffic to identify and block email-based threats, including spam, phishing emails, malicious attachments, and malware-laden links. They help protect against email-borne attacks and ensure the integrity and confidentiality of email communications.


13. Web Application Firewall (WAF): A WAF is a security appliance or software that filters and monitors HTTP/HTTPS traffic between web applications and users. It protects against common web-based attacks such as cross-site scripting (XSS), SQL injection, and remote file inclusion by inspecting and filtering incoming requests.


14. Network Access Control (NAC): NAC solutions enforce security policies and control access to a network based on the health and compliance status of devices. They authenticate and validate devices before granting network access, ensuring that only authorized and secure devices are allowed to connect.


15. Data Encryption: Data encryption involves converting data into a secure form using encryption algorithms. Encrypted data is unintelligible to unauthorized individuals and can only be decrypted with the appropriate decryption key. Encryption protects data confidentiality and integrity, particularly during transmission or storage.


16. Network Behavior Analysis (NBA): NBA tools monitor network traffic and analyze patterns and behaviors to identify anomalies or abnormal activities. They use machine learning algorithms and baselines to detect potential network threats, including insider threats and zero-day attacks.


17. Patch Management: Patch management involves keeping operating systems, software applications, and network devices up to date with the latest security patches and updates. Regular patching helps address known vulnerabilities and weaknesses, reducing the risk of exploitation by attackers.


18. Network Hardening: Network hardening involves configuring network devices, servers, and endpoints to eliminate unnecessary services, disable default or weak configurations, and apply security best practices. It reduces the attack surface and strengthens the overall security of the network infrastructure.


19. Network Traffic Analysis (NTA): NTA solutions monitor and analyze network traffic to identify and investigate suspicious or malicious activities. They provide visibility into network communication, detect anomalies, and help security teams respond to and mitigate potential threats.


20. Security Awareness Training: Educating users about common security risks, best practices, and social engineering techniques is crucial for network security. Security awareness training raises user awareness, reduces the likelihood of falling victim to attacks, and fosters a security-conscious culture within the organization.


for more details about the :- Network Security Details


These are just a few examples of network security measures. Implementing a combination of these techniques, along with regular updates, patch management, and user education, helps enhance the overall security posture of a network.

Remember that network security is a multi-layered approach, and combining multiple security measures provides a more robust defense against a wide range of threats.

Essential Terminology for Security Frameworks

It's security framework graphic, really tells how complicated security can get.


It shows how having the right security architecture can make all the difference in the world to your security program.

















When it comes to discussing security frameworks, it is important to use precise and professional language to ensure clear communication. Here are some key terms and concepts related to security frameworks:

1. Security Framework: A comprehensive and structured approach to managing and implementing security measures within an organization. It provides a set of guidelines, best practices, and controls to protect information, assets, and systems from potential threats.

2. Risk Assessment: The process of identifying, assessing, and prioritizing potential risks to determine the level of threat they pose to an organization. This evaluation helps in developing appropriate security controls and countermeasures.

3. Threat Modeling: A technique used to identify potential threats and vulnerabilities by analyzing the system's architecture, components, and potential attackers. It helps in understanding potential attack vectors and assists in designing effective security controls.

4. Security Controls: Safeguards and countermeasures implemented to mitigate or reduce the risk of security threats. Controls can include technical measures (firewalls, encryption), physical measures (locks, access control systems), and procedural measures (policies, training).

5. Incident Response: A structured approach to handling and managing security incidents. It involves detecting, analyzing, containing, eradicating, and recovering from security breaches or unauthorized activities. Incident response plans outline the necessary steps to be taken during such incidents.

6. Vulnerability Assessment: The process of identifying and evaluating vulnerabilities in systems, networks, or applications. This assessment helps in determining weaknesses that can be exploited by attackers and guides the implementation of appropriate security measures.

7. Penetration Testing: Also known as ethical hacking, it involves simulating real-world attacks to identify vulnerabilities in a system's security. Penetration testing helps in evaluating the effectiveness of existing security controls and uncovering potential weaknesses.

8. Security Policy: A formal document that outlines an organization's approach to security. It provides guidelines and procedures for protecting assets, sets expectations for employee behavior, and establishes consequences for policy violations.

9. Compliance: The adherence to laws, regulations, standards, and best practices relevant to security. Compliance ensures that an organization meets the necessary requirements and follows industry-specific guidelines to protect sensitive information.

10. Security Awareness: The promotion of knowledge and understanding of security risks and best practices among employees. Security awareness programs aim to educate and empower individuals to recognize and respond to security threats effectively.

Remember, these terms are just a starting point, and security frameworks can be complex and highly specialized depending on the context. It's important to consult relevant industry standards and frameworks such as ISO 27001, NIST Cybersecurity Framework, or CIS Controls for further details and specific terminology.

Visit in our channel video:-

https://youtu.be/O9MQ_q2J5lM
https://youtu.be/FqNvwpKiumA
https://youtu.be/kzTZTIb-oL4

For Social Media:- t.ly/fZhL
https://www.facebook.com/TechGurukuls-105297657895201/

Don't forget to subscribe to our channel, like, and share.