Enterprise Security Reloaded - Loopback
Enterprise Security Reloaded DOAG Security Day 17.03.2016 DOAG Security Day 2016 1
Oracle Architektur & Performance Data Warehouse & Business Intelligence Jan Schreiber Loopback.ORG GmbH, Hamburg Database Operations & Security DOAG Security Day 2016 2
USER: SCOTT PW: TIGER USER: SYSTEM PW: MANAGER USER: OLAPSYS PW: OLAPSYS Table USER: ANONYMOUS PW: ANONYMOUS Table 8-2 Oracle 9i Default Accounts and Passwords DOAG Security Day 2016 3
DOAG Security Day 2016 4 Quelle: XKCD
Quelle: XKCD DOAG Security Day 2016 5
Oracle Hash Algorithmen Uralt: 3DEShash(upper (username password) ) 11g: password hash (20 bytes) sha1(password salt (10 bytes)) 12.1.0.2: 11g Hash 55C1 F56554A; H:DC9894A01797D91D92ECA1DA66242209; md5digest(‘USER:XDB:password') 2F75 79CD F22C PBKDF2-based SHA512 hash DOAG Security Day 2016 6
LDAP-Directory Anbindung Überprüft Passwort Hash, ordnet User Rollen und Schema zu Database Client (1) Connect Leonard. Nimoy/ BIGDB Ablage für User, Rollen & EUS Konfiguration (2) Request Leonard.Nimoy Oracle DB (3) Returned Leonard.Nimoy SQL alter user . identified externally; DOAG Security Day 2016 7 LDAP Server
Jeder nur ein Kreuz – Hashes im Verzeichnis DOAG Security Day 2016 8
Active Directory Verzeichnisintegration Database Client DB FARM (AUTH) Map Users, Schema,Roles SqlPlus, Java, etc Database Client SYNC (DIP) Keine AD-Schemaänderungen nötig AD Agent muss auf ADKontrollern laufen und Klartext-Passwörter mitlesen oidpwdcn.dll orclCommonAttribute DB FARM (AUTH) Map Users, Schema,Roles SqlPlus, Java, etc Database Client Oracle OID Synchronisation Hashes OUD Groups oidpwdcn.dll DB FARM SqlPlus, Java, etc DOAG Security Day 2016 (AUTH) Map Users, Schema,Roles hes Has ps u Gro Ha sh Grou es ps OV D 9 OID Proxy: AD-Schemaänderungen nötig Password Filter muss auf AD-Controllern laufen AD Update Recht muss vorhanden sein Virtualisierung: Nur ADSchemaänderung: Orclcommonattribute Rollentrennung DBA/AD
Domain Controller Key Distribution Center (KDC) Authentication Service (AS) Ticket Granting Service (TGS) Client-PC Domänenanmeldung User Password Ticket-Cache TGT (4) Authentisierung (1) Benutzer-Ticket TGT (3) Anforderung Service Ticket ST mit TGT (5) ST für Anwendungsserver mit TGT prüfen (6) ST (7) Serv i ce T i cket an AD Tausch eines gemeinsamen Schlüssels de n Anw e nd ung sser Kerberos-ADAnbindung DOAG Security Day 2016 Benutzerdatenprüfung (2) ver (8 ) Prüfung des ST (9) 10 DB Server
PKI-Authentifizierung Private Key Benutzer / Applikation User .csr SSL Handshake User/CA Certs DB/CA Certs Zertifizierungsstelle (CA) DOAG Security Day 2016 11 Datenbank Private Key DB .csr
Enterprise User Security (EUS) Oracle Internet Directory Enterprise User Datenbanken Enterprise Rollen Enterprise User RoleUserGlobal1 RoleEnterpriseUser RoleUserLocal1 RoleUserLocal2 User RoleUserGlobal2 RoleEnterpriseDBA RoleDBAGlobal DBA DOAG Security Day 2016 Enterprise Rollen 12 Resource DBA
AD-Integration mit Oracle Unified Directory (OUD) & Kerberos Database Client DB FARM SqlPlus, Java, etc OUD Proxy Setup: Kerberos Ticket (EUS) Map Users, Schema,Roles OUD Groups OracleContext [linux7 Oracle OUD1] ./oud-proxy-setup [linux6] okinit testuser [linux7] oklist DOAG Security Day 2016 13 Lesender AD-Benutzer Leserechte auf DBUsereinträge im AD Oracle Context im LDAP Software: OUD, WebLogic, ADF Funktioniert auch mit EUS
Secure External Password Store (1) orapki wallet create -wallet "/u01/app/oracle/wallet" \ -auto login local Oracle PKI Tool : Version 11.2.0.4.0 - Production Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved. Enter wallet password: sqlplus /@ORCL SQL*Plus: Release 12.1.0.2.0 Production on Wed Jan 13 15:38:50 2016 Copyright (c) 1982, 2014, Oracle. All rights reserved. ERROR: ORA-12578: TNS:wallet open failed Enter user-name: DOAG Security Day 2016 14
Secure External Password Store (2) 0x00 - 0x4C Header: 0x00 - 0x02 First 3 bytes are always A1 F8 4E (wallet recognition?) 0x03 Type SSO: 36; LSSO: 38 0x04 - 0x06 00 00 00 0x07 Version (10g: 05; 11g: 06) 0x08 - 0x0A 00 00 00 0x0B - 0x0C 11g: always the same (41 35) 0x0D - 0x1C DES key 0x1D - 0x4C DES secret (DES - CBC - PKCS7 padding) which contains the PKCS#12 password 0x4D - EOF PKCS#12 data (ASN.1 block) ./ssoDecrypt.sh ./PX-Linux11/cwallet.sso sso key: c29XXXXXXXXXX96 sso secret: 71c61e1XXXXXXXXXX99c77d747fa0f53e79ccd170409964b p12 password (hex): 1e482XXXXXXXXXX1f1f0b296f6178021c DOAG Security Day 2016 15
Trennung von Schema-Owner und Zugriffs-Benutzer n NT APPLICATION SCHEMA GRA DB USER 1 2 3 DOAG Security Day 2016 4 2 . 1 n 16 3
Kosten-Nutzen-Analyse Anforderung Alte Wallets AD-Kerberos SSL-PKI Schutz des Passworts gegen Auslesen Adminaufwand verringert für Passwortänderung Nachvollziehbarkeit von Änderungen verbessert Individuelle Benutzerkennungen EUS Zentrale Benutzerverwalt. & Passwortrichtlinien Zentrale Rollenverwaltung Lösung für alle Zugriffe geeignet CA erforderlich Kerberos Roll-out erforderlich Wallets können weiterhin verwendet werden Lizenkosten Directory entstehen DOAG Security Day 2016 17
Kerberos: SPNUseraccount im AD DOAG Security Day 2016 18
Kerberos Key Table PS C:\Users\Administrator ktpass.exe -princ oracle/ioaotow01.tested.lcl@TESTED.LCL -mapuser ioaotow01 -crypto RC4-HMACNT -pass XXX -out c:\ioaotow-hmac2.keytab -ptype KRB5 NT PRINCIPAL Targeting domain controller: test-dchh01.tested.lcl Successfully mapped oracle/ioaotow01.tested.lcl to ioaotow01. Password successfully set! Key created. Output keytab to c:\ioaotow-hmac2.keytab: Keytab version: 0x502 keysize 73 oracle/ioaotow01.tested.lcl@TESTED.LCL ptype 1 (KRB5 NT PRINCIPAL) vno 13 etype 0x17 (RC4-HMAC) keylength 16 (0xbd54ec4ab1feb299c0969b67f1d9deb8) [oracle@ioaotow01 TESTDB-KERB5] oklist -k ioaotow01.keytab Kerberos Utilities for Linux: Version 12.1.0.2.0 - Production on 13-JAN-2016 15:11:59 Copyright (c) 1996, 2014 Oracle. All rights reserved. Service Key Table: ioaotow01.keytab Ver Timestamp Principal 4 01-Jan-1970 01:00:00 oracle/ioaotow01.tested.lcl@TESTED.LCL DOAG Security Day 2016 19
Database Kerberos Konfiguration krc5.conf dns lookup realm false [domain realm] .tested.lcl TESTED.LCL tested.lcl TESTED.LCL sqlnet.ora General Settings NAMES.DIRECTORY PATH (TNSNAMES, HOSTNAME) SQLNET.AUTHENTICATION SERVICES (BEQ,TCPS,KERBEROS5PRE,KERBEROS5) Kerberos Settings SQLNET.KERBEROS5 CONF /etc/krb5.conf SQLNET.KERBEROS5 CONF MIT true SQLNET.AUTHENTICATION KERBEROS5 SERVICE oracle SQLNET.KERBEROS5 KEYTAB /oracle/product/12.1.0/dbhome 1/network/ admin/ioaotow01.keytab SQLNET.KERBEROS5 CC NAME /oracle/diag/krb/cc/krb5cc 99 DOAG Security Day 2016 20
Kerberos User Login SQL create user USER01 identified externally as 'USER01@TESTED.LCL'; User created. SQL grant connect to user01; [oracle@ioaotow01 ] okinit user01 Kerberos Utilities for Linux: Version 12.1.0.2.0 - Production Copyright (c) 1996, 2014 Oracle. All rights reserved. Password for user01@TESTED.LCL: [oracle@ioaotow01 ] oklist Kerberos Utilities for Linux: Version 12.1.0.2.0 - Production on 08-FEB-2016 16:24:43 Copyright (c) 1996, 2014 Oracle. All rights reserved. Ticket cache: /oracle/diag/krb/cc/krb5cc 99 Default principal: user01@TESTED.LCL Valid Starting Expires Principal 08-Feb-2016 14:11:20 08-Feb-2016 22:11:11 krbtgt/TESTED.LCL@TESTED.LCL 08-Feb-2016 14:11:33 08-Feb-2016 22:11:11 oracle/ioaotow01@TESTED.LCL 08-Feb-2016 14:16:40 08-Feb-2016 22:11:11 oracle/ioaotow01.tested.lcl@TESTED.LCL [oracle@ioaotow01 ] sqlplus /@TESTDB SQL*Plus: Release 12.1.0.2.0 Production on Mon Feb 8 16:24:51 2016 Copyright (c) 1982, 2014, Oracle. All rights reserved. Last Successful login time: Mon Feb 08 2016 14:17:35 01:00 Connected to: Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options SQL show user; USER is "USER01@TESTED.LCL DOAG Security Day 2016 21
Kerberos DatenbankAnmeldung am Windows-PC DOAG Security Day 2016 22
Kerberos & Datenbank 12c Neu geschriebener Stack RC4-HMAC-NT / W2012 Server ORA-12638: Credential retrieval failed – SQLNET.AUTHENTICATION SERVICES (BEQ,TCPS,KERBEROS5PRE,KERBEROS5) Bugs. Reading List: Doc ID 1958479.1: "Bug 19931730, The keytab has/uses arcfour-hmac encryption which currently has an open 12c bug:19636771. The workaround for this is to use AES encryption in the keytab" Doc ID 1611643.1: Bug 17497520 : KERBEROS CONNECTIONS USING A 12C CLIENT AND THE OKINIT REQUESTED TGT ARE FAILING Doc ID 182979.1: Oracle is not able to parse the krb5.conf file due to the tabs between the assignment operator in the domain to realm mapping section. Doc ID 185897.1: Kerberos Troubleshooting Guide Master Note For Kerberos Authentication (Doc ID 1375853.1) WNA- Kinit Fails with Exception: krb error 6 Client Not Found in Kerberos Database (Doc ID 294890.1): "While creating the keytab file, SSO hostname value was given without specifying fully qualified domain" How To Configure EUS Kerberos Authentication For Database Administrative Users (SYSDBA and SYSOPER) (Doc ID 2081984.1): "On a 12c database sqlplus connection fails with ORA-1017 and this is caused by Bug 19307420 : KERBEROS AUTHENTICATED EUS USER FAILS WITH ORA-01017 FOR ADMINISTRATIVE LOGIN." Configuring ASO Kerberos Authentication with a Microsoft Windows 2008 R2 Active Directory KDC (Doc ID 1304004.1) Microsoft Technet: Service Logons Fail Due to Incorrectly Set SPNs Laurent Schneider: The long long route to Kerberos Microsoft Technet: FIX: User accounts that use DES encryption for Kerberos authentication types cannot be authenticated in a Windows Server 2003 domain after a Windows Server 2008 R2 domain controller joins the domain WNA- Kinit Fails with Exception: krb error 6 Client Not Found in Kerberos Database (Doc ID 294890.1) Case Study: Configuring the Kerberos Adapter in a Windows Environment (Kevin Reardon, Consulting Technical Advisor) DOAG Security Day 2016 23
PKI: Zertifikate und Wallets Datenbank-Server 1. Leeres Wallet erstellen 2. Key und Zertifikat-Request stellen 3. Request durch CA signieren lassen (Z.B. CN db12c) 4. CA Zertifikat importieren (CN myCA) 5. Signiertes Zertifikat importieren Client 1. Leeres Wallet erstellen 2. Key und Zertifikat-Request stellen 3. Request durch CA signieren lassen (Z.B. CN jans) 4. CA Zertifikat importieren (CN myCA) 5. Signierte Zertifikat importieren DOAG Security Day 2016 24
PKI: Server-Wallet mkdir ORACLE BASE/admin/loopds/pki orapki wallet create -wallet \ ORACLE BASE/admin/loopds/pki -auto login -pwd XXX orapki wallet add -wallet ORACLE BASE/admin/loopds/pki \ -dn 'CN db12c' -keysize 2048 -pwd XXX orapki wallet export -wallet ORACLE BASE/admin/loopds/pki \ -dn 'CN db12c' \ -request /db12c.csr orapki wallet add -wallet ORACLE BASE/admin/loopds/pki \ -cert myca.pem –trusted cert –pwd XXX orapki wallet add -wallet ORACLE BASE/admin/loopds/pki \ -cert db12c.pem –user cert –pwd XXX DOAG Security Day 2016 25
PKI: Client-Wallet orapki wallet create -wallet \ ORACLE HOME/owm/wallets/client -auto login -pwd XXX orapki wallet add -wallet ORACLE HOME/owm/wallets/client \ -dn 'CN jans' -keysize 2048 -pwd XXX orapki wallet export -wallet ORACLE HOME/owm/wallets/client \ -dn 'CN jans' \ -request /jans.csr orapki wallet add -wallet ORACLE HOME/owm/wallets/client \ -cert myca.pem –trusted cert –pwd XXX orapki wallet add -wallet ORACLE HOME/owm/wallets/client \ -cert jans.pem –user cert –pwd XXX DOAG Security Day 2016 26
Display Wallet [oracle@linux11 ] orapki wallet display -wallet /u01/app/oracle/product/11.2.0/dbhome 1/network/pki Oracle PKI Tool : Version 11.2.0.3.0 - Production Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved. Requested Certificates: User Certificates: Subject: CN LOOPDS Trusted Certificates: Subject: OU Class 1 Public Primary Certification Authority,O VeriSign\, Inc.,C US Subject: CN LBO Root Certificate II,OU LoopCA,O Loopback.ORG GmbH,O Loopback.ORG,L Hamburg,ST No-State,C DE Subject: OU Secure Server Certification Authority,O RSA Data Security\, Inc.,C US Subject: CN GTE CyberTrust Global Root,OU GTE CyberTrust Solutions\, Inc.,O GTE Corporation,C US Subject: OU Class 3 Public Primary Certification Authority,O VeriSign\, Inc.,C US Subject: OU Class 2 Public Primary Certification Authority,O VeriSign\, Inc.,C US DOAG Security Day 2016 27
PKI: Listener-Konfiguration SSL CLIENT AUTHENTICATION FALSE WALLET LOCATION (SOURCE (METHOD FILE) (METHOD DATA (DIRECTORY ORACLE BASE/admin/loopds/pki) ) ) LISTENER (DESCRIPTION LIST (DESCRIPTION (ADDRESS (PROTOCOL TCP)(HOST db12c.loopback.org)(PORT 1521)) ) (DESCRIPTION (ADDRESS (PROTOCOL TCPS)(HOST db12c.loopback.org)(PORT 2484)) ) ) DOAG Security Day 2016 28
PKI: TNS-Konfiguration SQLNET.AUTHENTICATION SERVICES (BEQ, TCPS) NAMES.DIRECTORY PATH (TNSNAMES, HOSTNAME) SSL CLIENT AUTHENTICATION TRUE WALLET LOCATION (SOURCE (METHOD FILE) (METHOD DATA (DIRECTORY ORACLE BASE/admin/loopds/pki) ) ) DOAG Security Day 2016 29
Anmeldung mit User/Passwort und SSL sqlplus user/pwd@DB12C Connected. SQL select sys context('USERENV', 'NETWORK PROTOCOL') from dual; SYS CONTEXT('USERENV','NETWORK PROTOCOL') ---------------------tcps SQL select sys context('USERENV', 'AUTHENTICATION METHOD') from dual; SYS CONTEXT('USERENV','AUTHENTICATION METHOD') ---------------------PASSWORD DOAG Security Day 2016 30
PKI: Anmeldung mit Zertifikat SQL create user JANS identified externally as 'CN jans'; SQL grant create session to JANS; sqlplus /@DB12C Connected. SQL select sys context('USERENV', 'NETWORK PROTOCOL') from dual; SYS CONTEXT('USERENV','NETWORK PROTOCOL') tcps SQL select sys context('USERENV', 'AUTHENTICATION METHOD') from dual; SYS CONTEXT('USERENV','AUTHENTICATION METHOD') --SSL DOAG Security Day 2016 31
PKI: JDBC Auch per JDBC kann SSL verwendet werden Integration auch über keytool String url "jdbc:oracle:thin:@(DESCRIPTION (ADDRESS (PROTOCOL tcps) (HOST servernam e)(PORT 2484))(CONNECT DATA (SERVICE NAME servicename)))"); Properties props new Properties(); props.setProperty("user", "scott"); props.setProperty("password", "tiger"); props.setProperty("javax.net.ssl.trustStore", "/truststore/ewallet.p12"); PKCS12"); d","welcome123"); Connection conn DriverManager.getConnection(url, props); How to configure Oracle SQLDeveloper to use a SSL connection that was configured as per Note 401251.1 -jdbc-thin-ssl-130128.pdf DOAG Security Day 2016 32
PKI: ODBC Oracle ODBC Treiber verwenden: Oracle Data Access Components (ODAC) DOAG Security Day 2016 33
Be a Certificate Authority (CA) AD Certificate Service Kommerzielle Produkte – Auch Open Source: EBJCA OpenXPKI Alle Schritte sind in OpenSSL implementiert – Nicht mit selbstsignierten Zertifikaten zu verwechseln openssl genrsa -out rootCA.key 2048 openssl req -x509 -new -nodes -key rootCA.key -days 1024 -out rootCA.pem openssl ca -policy policy anything -config loopca-url.cnf -out Certs/ 1.pem\ -infiles Reqs/ 1.req DOAG Security Day 2016 34
Windows AD CA mit Autoenrollment DOAG Security Day 2016 35
Certificate Chaining für Sub-CA DOAG Security Day 2016 36
database intelligence operations excellence bi solutions Vielen Dank für Ihre Aufmerksamkeit! Jan Schreiber Loopback.ORG GmbH, Hamburg jans@loopback.org blogs.loopback.org DOAG Security Day 2016 37
Linux-Workstations: DOAG Security Day 2016 38
OUD-Einrichtung mit aktuellen Versionen eusm listMappings realm dn "OU AO,OU IT-Department,DC tested,DC lcl" ldap port 1389 ldap host ioaotow03.tested.lcl ldap user dn "cn Directory Manager" ldap user password welcome1 database name testdb javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials] This is caused by Bug 21678564: A quick workaround is to remove all the whitespaces and have all the characters written in lower case Nicht Patches 21678564/20851192 einspielen! SASL DIGEST-MD5 protocol error: SaslException(DIGEST-MD5: digest response format violation. Bug: 20529805 - SUPPORT FOR EUSM 12C AUTHENTICATION SCHEME IN OUD IS MISSING: As of now OUD SASL implementation assumes that a DN identity is prefixed by the dn: prefix as defined in RFC 2829 ({ }http://www.ietf.org/rfc/rfc2829.txt ). EUSM does not uses the dn: prefix, so default identity mapping in OUD is applied and EUS SASL authentication will fail. Solution: Install patch 20529805. OUD has to be stopped for the patch installation. BIND RES conn 2 op 1 msgID 2 result 49 authFailureID 1245392 authFailureReason "SASL DIGEST-MD5 authentication is not possible for user cn Directory Manager,cn Root DNs,cn config because none of the passwords in the user entry are stored in a reversible form“ "You need to modify Root Password Policy using dsconfig to add a default-password-storage-scheme (either AES or Base64 or Blowfish or Clear or RC4 or TripleDES, ie one of the reversible storage schemes)“ Go to "Change root password policy". This currently is set to: 6) default-password-storage-scheme Salted SHA-512 Change to: 6) default-password-storage-scheme AES, Salted SHA-512 ERROR: ORA-28030: Server encountered problems accessing LDAP directory service msg "Client requested protocol SSLv3 not enabled or not supported“ We can re-enable SSLv3 in our Java version to get running for the time being DOAG Security Day 2016 39
PKI mit Smartcards Authentifizierung an Besitz der Karte gekoppelt Zertifikat kann nicht kopiert werden Vorraussetzung: Kartenleser, Middleware, PKI und Smartcards müssen miteinander kompatibel sein Ansonsten wie bei SSL-Wallets DOAG Security Day 2016 40
Smartcard-PKI: Client-Konfiguration Middleware im Wallet verankern Middleware muss PKCS#11 implementieren Oracle liefert keine Liste kompatibler Hardware SmartCard-Einführung hat Projektcharakter orapki wallet p11 add -wallet Wallet PFAD \ -p11 lib DLL PFAD DOAG Security Day 2016 41
Public Key Cryptography Standards (PKCS) DOAG Security Day 2016 42
Smartcard und Oracle Wallet orapki wallet p11 verify -wallet . pkcs11 wallet -pwd XXX Oracle PKI Tool : Version 11.2.0.4.0 – Production Number of certificates found on token 1 Cert with subject name: CN Stapff Pablo has a matching private key on token. Cert with subject name: CN Stapff Pablo installed as user cert in wallet. DOAG Security Day 2016 43
Enterprise User Security (EUS) Oracle Internet Directory Datenbanken Enterprise User User DBA RoleEnterpriseUser RoleEnterpriseDBA Enterprise Rollen Enterprise User Enterprise Rollen RoleUserGlobal1 RoleUserGlobal2 RoleDBAGlobal RoleUserLocal1 RoleUserLocal2 Resource DBA. DOAG Security Day 2016 13 AD-Integration mit Oracle
increments. See Hard and Soft Loopback Verification for details of this step. 5. See the procedure to create a loopback plug for a T1 CSU/DSU in Loopback Tests for T1/56K Lines. This is an image of a T1/E1 loopback plug: This is an example of the configuration of the c
- Analog loopback, Digital loopback, Remote loopback and Inband loopback Ł Cable attenuation indication Ł Adaptive receive sensitivity Ł Non-intrusive monitoring per ITU G.772 specification Ł Short circuit protection and internal protection diode for line drivers Ł LOS (Loss Of Signal)
The loopback sequence is interrupted by the framing bit after 192 loopback bits and resumes after the framing bit (193rd bit) is inserted. Overwriting the loopback code with framing bits. With this option, the loopback bits are sent as a continuous sequence with framing bits overwriting the loopb
Loopback Address The loopback address is a reserved address. The address 0:0:0:0:0:0:0:1 is called the loopback address. It cannot be assigned to any physical interface. It allows local applications to send messages to each other. The loopback address cannot be used as the source
Task 1: Configure IPv6 OSPF Summarization Step 1 In the configuration mode of router configure 4 loopbacks with network address in sequence R1: interface loopback 0 ipv6 address 11:0:0::1/64 exit interface loopback 1 ipv6 address 11:0:1::1/64 exit interface loopback 2 ipv6 address 11:0:2::1/64 exit interface loopback 3 ipv6 address 11:0:3::1/64 .
hardware functioning properly. In the case of eBGP, peer routers are frequently directly connected and loopback doesn't apply. If you use the IP address of a loopback interface in the neighbor command, you need some extra configuration on the neighbor router. The neighbor router needs to tell BGP it's using a loopback interface
SINGLE CHANNEL T1/E1/J1 LONG HAUL/SHORT HAUL LINE INTERFACE UNIT DESCRIPTION The IDT82V2081 can be configured as a single channel T1, E1 or J1 . - Analog loopback, digital loopback, remote loopback and inband loop-back Cable attenuation indication Adaptive receive sensitivity S
Instructional Topics . 1 : 1: Building a Reading Life . Topic 1: Making Reading Lives Topic 2: Making Texts Matter Topic 3: Responding to Our Reading Through Writing . 2: Nonficti
