Tuesday, October 16, 2012

What is a firewall

Hello everyone I here again. Today I am going to describe about firewall. It is a common question which I answered to my friend or users about firewall. So today I’ll explain about firewall. Whenever you work on internet in office/home/school you always listen about firewall. Yes of course some of us always complain about it also, well-well that’s the other side of the coin. In this and upcoming post I’ll describe about firewall and how its work.

Firewall is basically kind of roadblock to keep unwanted/insecure force away from your own area. The job a firewall is very similar to physical firewall that keeps fire from spreading from one place to another.

A firewall is a software or hardware that filters information pass through the internet into our LAN or computer system. If accessed information packet is marked by filters, it is not allowed through the network.

One example I would like to give to better understand the concept the Firewall. Suppose you have 200 employees with the internet connection to all with no firewall in network. All the computers don’t have any restrictions over the internet. Employees accessing public mails/Accessing LAN FTP over internet without any restrictions. In this case hackers have 100% freedom to enter in your network and they can fully control your network, they can easily still company’s important data.

In apposite case if this company installed firewall with limited rights to access internet. They can access only that service what is permitted to them. Suppose an employee need to access FTP service, so in that case this service can be permitted to that employee only not to everyone.

Methods using by Firewalls: Every firewall use one or more three methods to control traffic flowing in and out of the network –

Packet Filtering: Packets (small piece of data) are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded.

Proxy Service: Information from the internet is retrieved by the firewall and then sent to the requesting system and vice versa.

Stateful Inspection: A newer method that doesn’t examine the contents of each packet but instead of this compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, and then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded. In next post we will talk about Firewall configuration/ and why firewall is secure to protect our network.

Friday, October 5, 2012

DCPromo in Active Directory

Every system admin or system eng. knew the tool DCPromo. It is use to install or modify AD/DC. But during the last 10 years DCPromo brings so many changes in it. So today I’ll describe some more things about DCPromo including the changes which it brings in new OS.

DCpromo introduce first in Windows 2000 Beta version, although Microsoft improved DCPromo with the updates and in their new versions of server OS but largely it remain same. There are a number of options (some undocumented) that has made DCPromo a valuable tool (in fact, the only tool) in building an AD domain or forest. It is a local program that could be run from a Windows Server (in 2000 and 2003) and from Server Manager in Windows Server 2008 and later. Beginning in Windows Server 2008, Active Directory Domain Services role had to be installed prior to running DCPromo, but it still needed to run to make the server a DC.

One of the tricks DCpromo plays on you is lulling you into false security. When the installation finished and the server rebooted, you thought it was promoted and ready to roll. What isn’t obvious is what happens after the reboot; an outbound connection is made, AD Replication and file replication service (FRS) connections are made to complete the sync and get group policies and Netlogon and Sysvol shares are created.

To determine if a DC is really a DC do a Net Share command from a command line and see if these two shares show up. If not, the replication failed. AD replication forced sync with the other DCs where only a single sourcing DC was involved prior to the reboot. In Windows 2000, getting each DC to do a full sync was a serial process. Windows Server 2003 got smarter and synched updates from the other DCs.

If you wanted to add a DC from a newer Windows version, such as adding a Windows 2008 DC into a Windows 2003 domain/forest, it was a complicated process. This required a few things to happen.

 The first was the raising the domain and forest functional levels. All domain controllers had to be raised to the Windows 2008 level, the domain level and the forest level. But a major problem with doing this was the changes being irreversible.

 The second was running ADPrep. This required schema administrator privileges because it had to contact the Schema Master. Because there was a fear of messing up the Schema, this was usually done prior to promoting a new DC.

The one missing element was that you had to be on the machine, physically or via remote desktop, and there was not a way to mass deploy DCs until Windows Server 2012.

Other highlights include:

Manual demotion of a DC in 2003: DCPromo /ForceRemoval. This was not documented, but it is handy in demoting a DC when it wasn’t replicating, if it was the only DC with the problem and if it would take more than a couple hours to fix. This required cleaning AD objects of that server via NTDSUtil and Sites and Services snap-in.

Doing a forceful removal has serious consequences, which include removing the server from the domain, putting it into a work group and breaking applications that depend on AD association. Use it only if there is no other way to recover.

Install From Media (IFM): First introduced in Server 2003, IFM permitted a DC to be promoted off line using backup media. It also got around the issue of a GC with a large DIT file having to replicate across the WAN to be rebuilt. I know of a company that used to take anywhere from three to five days to replicate. When they went to IFM, the time was reduced to less than one hour. IFM was implemented in 2003 with the DCPromo /ADV option, (Figure 1) and moved into the NTDSUtil tool in 2008 and included the ability to create snapshots without a separate backup tool. IFM is also improved in Windows Server 2012.


Figure 1. IFM was implemented in Windows Server 2003
Windows 2003 tweaked DCPromo to make DNS easier to install, though they did introduce a few problems initially.

Windows 2008 made a radical departure in the implementation of AD by stuffing AD into a service (Figure 2). Beginning in this version the Active Directory Domain Services role had to be installed on a server before running DCPromo. This allowed stopping AD without rebooting to the old DSRM mode.


 

Figure 2. In Windows Server 2008, AD was moved into a service,
which meant ADDS needed to be installed before running DCPromo.



DCPromo also plays a vital role in disaster recovery of a domain or forest DC. You may think that losing an entire domain or multiple domain forest is a remote possibility, but I have seen it happen.Yes it is a new thing for me also and I was surprised in same way what you are after reading mine above line on recovery of domain forest.

Microsoft one of the whitepaper defines this in recommends restoring a domain from backups. You can do this by restoring one DC, preferably a DNS server, from media. Then, use DCPromo to create replica DCs. You will bump up against the performance issue on the wire and slow other operations on the network.

Microsoft also recommends a forest recovery in a similar manner. Its recommendation includes restoring one DC from media for each domain, creating a replica DC in each domain before restoring another domain.

You can do a disaster recovery of a domain or forest by following the steps in Microsoft’s forest recovery whitepaper.

Hope this post will be usefull , best of luck.

Sunday, September 16, 2012

Malware being installed in PCs during manufacturing

New computers, still under development in factories, are being infected withmalware in their production lines, a new Microsoft study has suggested.

One virus called Nitol found by Microsoft steals personal details to help criminals plunder online bank accounts.

The viruses were discovered when Microsoft's digital crime investigators bought 20 PCs, 10 desktops and 10 laptops from different cities in China, out of which four were infected with malicious programmes even though they were fresh from the factory, the BBC reports.

Nitol was the most pernicious of the viruses Microsoft caught because, as soon as the computer was turned on, it tried to contact the command and control system set up by Nitol's makers to steal data from infected machines.
Further investigation revealed that the botnet behind Nitol was being run from a web domain that had been involved in cybercrime since 2008. Also on that domain were 70,000 separate sub-domains used by 500 separate strains of malware to fool victims or steal data.

"We found malware capable of remotely turning on an infected computer's microphone and video camera, potentially giving a cybercriminal eyes and ears into a victim's home or business," said Richard Boscovich, a lawyer in Microsoft's digital crimes unit in a blogpost.

A US court has now given Microsoft permission to seize control of the web domain, 3322.org, which it claims is involved with the Nitol infections.
By: BBC Reports

Sunday, August 26, 2012

What is VPN and how it works? (Part-3) - Final

In the last section we discussed about the types of VPN. It is as easy and cheap way to access your LAN over the VPN. But at the time of planning of VPN in for corporate network one question always asked about the reliability and security of communication over VPN. So lets discuss about the security of VPN.

Most VPNs rely on tunneling to create a private network that reaches across the Internet. Tunneling is the process of placing an entire packet within another packet before it's transported over the Internet. That outer packet protects the contents from public view and ensures that the packet moves within a virtual tunnel. This layering of packets is called encapsulation. Computers or other network devices at both ends of the tunnel, called tunnel interfaces, can encapsulate outgoing packets and reopen incoming packets. Users (at one end of the tunnel) and IT personnel (at one or both ends of the tunnel) configure the tunnel interfaces they're responsible for to use a tunneling protocol. Also called an encapsulation protocol, a tunneling protocol is a standardized way to encapsulate packets [L2F, PPTP, and L2TP].

The purpose of the tunneling protocol is to add a layer of security that protects each packet on its journey over the Internet. The packet is traveling with the same transport protocol it would have used without the tunnel; this protocol defines how each computer sends and receives data over its ISP. Each inner packet still maintains the passenger protocol, such as Internet protocol (IP) or AppleTalk, which defines how it travels on the LANs at each end of the tunnel. The tunneling protocol used for encapsulation adds a layer of security to protect the packet on its journey over the Internet.

Encryption and Security Protocols in a VPN

Encryption is the process of encoding data so that only a computer with the right decoder will be able to read and use it. You could use encryption to protect files on your computer or e-mails you send to friends or colleagues. An encryption key tells the computer what computations to perform on data in order to encrypt or decrypt it. The most common forms of encryption are symmetric-key encryption or public-key encryption:
  • In symmetric-key encryption, all computers share the same key used to both encrypt and decrypt a message.
  • In public-key encryption, each computer has a public-private key pair. One computer uses its private key to encrypt a message, and another computer uses the corresponding public key to decrypt that message.
VPN needs more than just a pair of keys to apply encryption. That's where protocols come in. A site-to-site VPN could use either Internet protocol security protocol (IPsec) or generic routing encapsulation (GRE). GRE provides the framework for how to package the passenger protocol for transport over the Internet protocol (IP). This framework includes information on what type of packet you're encapsulating and the connection between sender and receiver.

IPSec is a widely used protocol for securing traffic on IP networks, including the Internet. IPSec can encrypt data between various devices, including router to router, firewall to router, desktop to router, and desktop to server. IPSec consists of two sub-protocols which provide the instructions a VPN needs to secure its packets:
  • Encapsulated Security Payload (ESP) encrypts the packet's payload (the data it's transporting) with a symmetric key.
  • Authentication Header (AH) uses a hashing operation on the packet header to help hide certain packet information (like the sender's identity) until it gets to its destination.
In a remote- access VPN, tunneling typically relies on Point-to-point Protocol (PPP) which is part of the native protocols used by the Internet. More accurately, though, remote-access VPNs use one of three protocols based on PPP:
  • L2F (Layer 2 Forwarding) -- Developed by Cisco; uses any authentication scheme supported by PPP
  • PPTP (Point-to-point Tunneling Protocol) -- Supports 40-bit and 128-bit encryption and any authentication scheme supported by PPP
  • L2TP (Layer 2 Tunneling Protocol) -- Combines features of PPTP and L2F and fully supports IPSec; also applicable in site-to-site VPNs
So after this final part of VPN, I believe everyone got the full concept of VPN and its working topology as well as the types of VPN. Yes, may be before this article you had doubts about the reliability of communication over VPN. It is secure or not. Hopefully this article cleared your doubts about the security of the data when you are keeping it in VPN.

Thanks so much for reading this article, your feedback is required.

Sunday, August 19, 2012

What is VPN and how it works? (Part-2)

In the last section we discussed about VPN and its benefits. Now in this section we will discuss about the types of VPN. Following are the 2 types of VPN connection:-

1) Remote-Access VPN
2) Site-to-Site VPN

Remote-Access VPN: - A remote-access VPN allows individual users to establish secure connections with a remote computer network. Those users can access the secure resources on that network as if they were directly plugged in to the network's servers. An example of a company that needs a remote-access VPN is a large firm with hundreds of salespeople in the field. Another name for this type of VPN is virtual private dial-up network (VPDN), acknowledging that in its earliest form, a remote-access VPN required dialing in to a server using an analog telephone system.

There are two components required in a remote-access VPN. The first is a network access server (NAS, usually pronounced "nazz" conversationally), also called a media gateway or a remote-access server (RAS) or VPN Server. (Note: IT professionals also use NAS to mean network-attached storage.) A NAS might be a dedicated server, or it might be one of multiple software applications running on a shared server. It's a NAS that a user connects to from the Internet in order to use a VPN. The NAS requires that user to provide valid credentials to sign in to the VPN. To authenticate the user's credentials, the NAS uses either its own authentication process or a separate authentication server running on the network it can be an AD based authentication.

The other required component of remote-access VPNs is client software. In other words, employees who want to use the VPN from their computers require software on those computers that can establish and maintain a connection to the VPN. Most operating systems today have built-in software that can connect to remote-access VPNs, though some VPNs might require users to install a specific application instead. The client software sets up the tunneled connection to a NAS, which the user indicates by its Internet address. The software also manages the encryption required to keep the connection secure. I will explain more about tunneling and encryption later in coming parts.

Large corporations or businesses with knowledgeable IT staff typically purchase, deploy and maintain their own remote-access VPNs. Businesses can also choose to outsource their remote-access VPN services through an enterprise service provider (ESP). The ESP sets up a NAS for the business and keeps that NAS running smoothly.

A remote-access VPN is great for individual employees, but what about entire branch offices with dozens or even hundreds of employees? In that case the 2nd type of VPN come in light to full fill the need of entire business including branch office connections.

Site-to-Site VPN: - A site-to-site VPN allows offices in multiple fixed locations to establish secure connections with each other over a public network such as the Internet. Site-to-site VPN extends the company's network, making computer resources from one location available to employees at other locations. An example of a company that needs a site-to-site VPN is a growing corporation with dozens of branch offices around the world.

There are two types of site-to-site VPNs:
• Intranet-based -- If a company has one or more remote locations that they wish to join in a single private network, they can create an intranet VPN to connect each separate LAN to a single WAN.

• Extranet-based -- When a company has a close relationship with another company (such as a partner, supplier or customer), it can build an extranet VPN that connects those companies' LANs. This extranet VPN allows the companies to work together in a secure, shared network environment while preventing access to their separate intranets.

Even though the purpose of a site-to-site VPN is different from that of a remote-access VPN, it could use some of the same software and equipment. Ideally, though, a site-to-site VPN should eliminate the need for each computer to run VPN client software as if it were on a remote-access VPN.

So after reading this part you easily understood two types of VPNs. In next part, I will describe how your data is always secure when we use VPN.

Tuesday, August 14, 2012

What is VPN and how it works? (Part-1)

VPN stand for Virtual Private Network. A VPN is a private network that uses a public network (off course Internet) to connect remote sites or users together. VPN uses “virtual” connections routed through the internet from the business’s private network to remote site or employee. By using a VPN, businesses ensure security – anyone intercepting the encrypted data can’t read it. In the field of remote connections VPN was not the first technology, before VPN Leased line was the common way to connect multiple offices. Leased lines provided a company with a way to expand its private network beyond its immediate geographic area. These connections form a single Wide Area Network (WAN) for the business. Though leased lines are reliable and secure, the leases are expensive, with costs rising as the distance between offices increases.

What Makes a VPN?
A VPN's purpose is providing a secure and reliable private connection between computer networks over an existing public network, typically the Internet. Before looking at the technology that makes a VPN possible, let's consider all the benefits and features a business should expect in a VPN.
 
A well-designed VPN provides a business with the following benefits:
  •  Extended connections across multiple geographic locations without using a leased line
  • Improved security for exchanging data
  • Flexibility for remote offices and employees to use the business intranet over an existing Internet connection as if they're directly connected to the network
  • Savings in time and expense for employees to commute if they work from virtual workplaces
  • Improved productivity for remote employees
A business might not require all these benefits from its VPN, but it should demand the following essential VPN features:
  •  Security -- The VPN should protect data while it's traveling on the public network. If intruders attempt to capture the data, they should be unable to read or use it. 
  • Reliability -- Employees and remote offices should be able to connect to the VPN with no trouble at any time (unless hours are restricted), and the VPN should provide the same quality of connection for each user even when it is handling its maximum number of simultaneous connections. 
  • Scalability -- As a business grows, it should be able to extend its VPN services to handle that growth without replacing the VPN technology altogether.
One interesting thing to note about VPNs is that there are no standards about how to set them up. This article covers network, authentication and security protocols that provide the features and benefits listed above. It also describes how a VPN's components work together. If you're establishing your own VPN, though, it's up to you to decide which protocols and components to use and to understand how they work together.
In the next part i’ll describe two common types of VPN. I'll start with the type that's most synonymous with the term VPN.

Monday, August 13, 2012

Top 10 Ways to Protect Your Computer from Hackers

In this daily Hi-Tech life the use of computers has become an important part and risk of information theft increasing in the same ratio. Therefore, it’s only natural for IT specialists to create a general awareness in all the users so that they can also learn the ways of protecting their information as well as PC.

At any rate, below are the top ten steps you can take to help safeguard your computer from digital destruction:

1. Anti-Virus/Anit-Spy Software: Running your machine without anti-virus/anit-spyware software especially if it's regularly connected to the Internet is downright suicidal in these modern, computer-virus-ridden times. Get one as soon as you can, and always confirm if its virus definitions are regularly updated. Some of the free antivirus like Avast / Avira / AVG / can be use, but recommendation is only for licensed version.

2. Hacker-Controlled Websites: Common sense dictates that you should avoid going to bad neighborhoods, especially if you carry a lot of valuables. The same could be said in the wild, wild world of the worldwide web. Avoid getting snared by dubious sites dedicated to porn, free downloads, online games, and so on; this way, there are less chances for you to be hacked.

3. Firewall: If you don't have a third-party firewall like Cyberoam/Cisco/Sonicwall/Fortigate installed in your network, then it's highly recommended for you to activate your Windows firewall (available on all Windows versions from XP/7/8). Firewalls help filter your traffic, and there are some products that even filter both incoming and outgoing data streams.

4. Spam Email: Unsolicited messages should never be opened, and that goes double for unsolicited messages with file attachments. Fortunately, web-based email sites like Gmail (if you are not using any company email account) have an extra layer of protection integrated in them. When in doubt, just delete the message.

5. Data Backup: If you have critical data, work-related documents, or personal files, then you must back them up as often as possible, because you never know what will happen to your computer. From viruses to system crashes, these sensitive bits of information can be wiped clean from your hard drive in the blink of an eye, so it's best to always have a backup at hand.

6. Windows Updates: Let's face it; the many different iterations of the world's best-selling OS have all been targeted by hackers so often that it's become a given to provide continuous daily, weekly, or monthly updates to your Windows-based computer. It's important for you to keep your OS up to speed in order to minimize the possibility of having worms or viruses compromise your system.

7. Software Updates: As with the above example, it's important for you to get the latest fixes or versions of your favorite applications in order to never let hackers find the opportunity to invade your virtual turf. Make sure that your web browsers and other web-based programs are given good upgrades or patches.

8. Password Policies: The passwords you pick could mean the difference between a breached computer and a safe computer. At any rate, the most common recommendations when it comes to picking a password includes not using the same password on every one of your accounts, using combinations of letters and numbers, and making sure that your password is as arcane as possible without necessarily making it too difficult for you to remember it. Never give your password to anyone.

9. Be careful what you attach to your computer: This is a more common way to transfer viruses than you might think. Everyone now has a USB flash stick that they carry around on their key chains, ready to snap into any computer. But who knows what your viruses are on your friends computers and what accidentally got transferred to their USB stick. A lot of virus programs will auto launch right when the USB stick is put into the computer, so you don’t even have to open or download any of the files to be infected.

10. Do not click on Ads: Avoid clicking on ads if you can. Especially those ads where something is flying around and if you shoot the duck, you win some prize! Ads have become more sophisticated in that they try to make the ad interactive so that you’ll be tempted to play it like a game.

Saturday, August 11, 2012

How to Protect Yourself from the “Flame” Virus

Recently, reports have been circulating that a virus, called “Flame,” has been infecting users in the Middle East, particularly Iran. This has led many to conclude it is the work of Israel’s engineers. Experts also suggest there is more evidence to suggest this including the links of this malware with previous malware targeting Iran. The official name for Flame is W32.Flamer because it targets 32bit Windows PC users.

The “Flame” Virus Looks to be the Work of Professionals
According to the USA Today, the reason for the suspicion existing about Israel being pinned as the culprit is that Iran has been particularly affected by it. This led Kaspersky Lab to conclude engineers in Israel should claim responsibility as there is distrust and animosity between the two nations.

Another virus launched last November, called Stuxnet that targeted nuclear centrifuges in Iran and Flame. It shares a lot of similarity to Flame, according to reports. It has been speculated for quite a while now that engineers from Israel created Stuxnet.

The New York Times reported last November, the virus was precisely created to disrupt Iran’s nuclear program. It caused nuclear centrifuges to be sent out of control.

The Russian anti-virus company, Kaspersky Lab, also claims responsibility for the discovery of its existence, as reported by a company news brief. However, other anti-virus companies have also been analyzing it and trying to address its reach as well.

According to USA Today, a unit within Iran’s communication and information technology ministry claimed it has anti-virus software capable of identifying and removing it:

“Tehran has not said whether it lost any data to the virus, but a unit of the Iranian communications and information technology ministry said it had produced an anti-virus capable of identifying and removing Flame from its computers.”

When Israel’s Vice Premier Moshe Yaalon didn’t outright dismiss Israel’s responsibility for it when asked about its significance. This leads to further conclusion Israel’s hands were at work here.

“Israel is blessed with high technology, and we boast tools that open all sorts of opportunities for us,” he said.

What Makes “Flame” Stand Out Among Malware
Flame is particularly alarming in terms of the security concerns it poses for users on the recipient end of it. It really shows just how exposed anyone of us can be online if we do not take precautions. Examples of damage it can do include allowing its creators to take screenshots, log keystrokes, and even steal data from mobile devices via Bluetooth.

“It can be used to spy on everything that a user is doing,” said researcher Roel Schouwenberg in the USA Today report.
I recently spoke to the director of Norton’s Star Program, Kevin Haley, about the threat and what risks it poses for end users.
Besides its ability to spy on users; take screenshots of user activity and send it back for analysis; and steal files, it can also be improved upon or patched.

Haley said that its creators can write modules adding functionality to it over time. This means they do not have to create new malware but simply modify Flame for added functionality end threats.

“It was clearly built so it could be added upon again and again.”

He also pointed out its complexity when analyzing it and looking at its size. The actual file size is about 200MB, which makes it much larger in scope than most other malware. It also makes Flame harder to detect in many cases due to users thinking it is a legitimate application or program.

“It is like 20 times as large as Stuxnet. It is bigger and more modular, Haley said. “It is built like multiple people worked on it and didn’t know what other people were doing.”

What he meant by calling its engineering modular was that multiple groups of professional engineers were probably contracted to create it in different steps. Then their work was put together into what is now known as Flame.

Haley also indicated that in his opinion it probably took about 6 months to create and it will take Norton months to fully comprehend it. Norton has only been analyzing it for the last few days although there are indications it was around for at least two years in one shape or form.

A Disguised File
Haley said that its creators found clever ways to hide it inside systems it infects. Because of its large size, it may trick users into thinking it is harmless, but also in the way it runs on machines without showing indications of its approach.

“It tries to hide itself inside other applications to disguise itself,” he said. “It also hides itself inside another process inside the computer.

“If you weren’t examining it closely, you would think it is doing things that are harmless. It has functionality that normal programs have to make users think it is not doing anything not unique.”

Command-and-Control Server
The way its authors use Flame is through a command-and-control server (C&C). Its authors give it instructions through this structure to accomplish certain tasks.

“Typically once it gets on a machine it will report back to CMC server and wait for instructions,” haley said. “The author gives commands like show what documents they are and these are the ones I want you to copy.”

By the way, Symantec has provided further analysis of the virus in a blog posting on the company’s website titled “Painting a Picture of @32.Flamer.” This analysis points out that Flame is actually a whole platform and not just a file with a single function. It includes a Web server, a database server, and secure shell communications. It also includes a scripting editor.

How to Protect Yourself from the “Flame” Threat
What makes Flame such a threat is that it may have the potential of infecting users who have great firewalls or are not even connected online. Malware can, for instance, be infected from a USB drive.

However, Haley said that anyone with an updated version of Norton’s or Symantec’s anti-malware programs should be safe (these two product lines are linked to the same company, but Symantec is geared for enterprise users while Norton is geared for regular computing users). It should automatically detect and remove Flame. He even pointed out that competitor products are also able to remove it now. It is the users who are not protected that should make sure their system is safe.

Haley described how in 2011 alone there were over 400 million unique threats and he expects 2012 to show greater figures.

He thinks that a layered approach is needed with anti-virus software, firewalls, and other tools. He described one of these tools, which Norton uses, as the intrusion prevention systems (IPS).

“IPS intrusion prevention systems looks for patterns in network traffic,” Haley said. “It will detect malware unlike firewall that just blocks it.”

Despite Haley’s enthusiasm for anti-virus software being able to remove it, keep in mind that he did also say its creators have the ability to modify it and add functionality to it. Take that as you will, but it may mean that it still can pose a danger to any user.

Conclusion
Viruses like Flame show the challenges users and companies face every day when targeted by calculating and skillful threats. However, do not expect the average hacker to be able to create something this sophisticated. A group like Anonymous may have the potential over time so do not rule the idea out. However, this was most likely the work of engineers being hired full time to work on it over a period of numerous months as Haley pointed out.

HSRP vs. VRRP

Ever heard of Redundant Routing Protocols? If not, it’s not that surprising, since this is a purely technical term; but once you stumble upon router problems, and when you have a demand for an increased or sustained network performance, then this article may help you in one way or another. In the process, you may encounter the terms HSRP and VRRP. To learn more about these terms, continue to read.

Developed by Cisco, HSRP, or Hot Standby Router Protocol, is a propriety redundancy protocol that establishes an error-free default gateway. This means that for multiple routers inside a network, there is a framework readily established by HSRP to make a default gateway, in the event that the main gateway inadvertently becomes inaccessible. It acts as a fail-safe, to put it in simple terms. This ensures a sustained connectivity even if certain problems are encountered. It was actually in 1994 when Cisco created a redundancy router protocol for its own use. This also utilizes a default hello countdown timer for 3 seconds, along with a hold timer that spans for 10 seconds.

On the contrary, the VRRP is a non-propriety protocol developed and invented by IEFT, back in 1999. This protocol is said to work for a wide range of systems. It even boasts of a faster timer of 1 second for its default hello, and a 3-second hold timer as well. Moreover, it has been observed that VRRP’s standby speaker is not able to send hellos, as opposed to its availability in the HSRP protocol.

In regards to VRRP, there is a backup router that supports the role of the master router, in the event that the latter fails to function. This redundancy protocol is basically used for routers that are not Cisco-based, such as the Juniper, although one type of Cisco model (the Cisco 3000) can utilize this protocol.

Although these two protocols share the same concepts, they are still somewhat incompatible. Overall, the two redundancy router protocols differ in the following aspects:

  1. HSRP is propriety protocol developed by CISCO, whereas VRRP is a non-propriety protocol created by IFET.
  2. HSRP was created in an earlier year compared to the more recent VRRP.
  3. VRRP has a faster time for its default hello, and a faster hold time, as opposed to the slower HSRP timers.
  4. VRRP’s standby speaker cannot send hellos like the HSRP protocols.

Leader Vs Manager

Managers are people who do things right and leaders are people who do the right thing. The difference may be summarized as activities of vision and judgment — effectiveness —versus activities of mastering routines — efficiency. The chart below indicates key words that further make the distinction between the two functions:

• The manager administers; the leader innovates.

• The manager is a copy; the leader is an original.

• The manager maintains; the leader develops.

• The manager accepts reality; the leader investigates it.

• The manager focuses on systems and structure; the leader focuses on people.

• The manager relies on control; the leader inspires trust.

• The manager has a short-range view; the leader has a long-range perspective.

• The manager asks how and when; the leader asks what and why.

• The manager has his or her eye always on the bottom line; the leader has his or her eye on the horizon.

• The manager imitates; the leader originates.

• The manager accepts the status quo; the leader challenges it.

• The manager is the classic good soldier; the leader is his or her own person.

• The manager does things right; the leader does the right thing.

The most dramatic differences between leaders and managers are found at the extremes: poor leaders are despots, while poor managers are bureaucrats in the worst sense of the word. Whilst leadership is a human process and management is a process of resource allocation, both have their place and managers must also perform as leaders. All first-class managers turn out to have quite a lot of leadership ability.

Monday, July 30, 2012

UAC differences between Windows Vista and Windows 7

In Windows 7, Microsoft made changes that improve users' User Account Control (UAC) experience but don't decrease the overall security posture of UAC. They increased the number of tasks that a standard account user can perform and that don't prompt for administrator approval in Windows 7. For example, standard account users can now install updates from Windows Update and reset network adapters without receiving a UAC prompt. In Windows 7, Microsoft disabled the built-in administrator account by default. The admin account also can't log on to a computer in Safe Mode.
A very visible Windows 7 UAC change is the new User Account Control Settings dialog box, which is available from the User Accounts Control Panel applet. This dialog box lets an administrator account user configure the UAC experience with settings ranging from Always notify to Never notify. Windows 7 includes four UAC configuration levels. Windows Vista offers only two options: UAC is either on or off.

Finally, in Windows 7, Microsoft provides additional Group Policy Object (GPO) options to let administrators change the behavior of the UAC messages for privileged-account users and for limited-account users.


Source: Jan De Clercq(Windows IT PRO)

Saturday, July 28, 2012

Web inventor Tim Berners-Lee stars in Olympics opening ceremony

Summary: 'This is for everyone', Berners-Lee says in a tweet as London 2012 organisers honour the inventor of the web in the Olympic Games opening extravaganza

Sir Tim Berners-Lee, the inventor of the web, was greeted by cheers on Friday as the opening ceremony of the London Olympic Games celebrated his work.


Sir Tim Berners-Lee live-tweets during the 2012 Olympics opening ceremony

The event showed how digital communications have become part of everyday life via the story of Frankie and June, a pair of kids who hook up via social networking on their mobile phones. At the end, Berners-Lee sat in the middle of the Olympic Stadium live-tweeting a message for the occasion:

As well as appearing on Twitter, the message flashed around the stadium, with the letters made up of 'pixel' paddles held by 70,500 members of the audience. It reached a television audience estimated at one billion.

Olympics organisers' decision to honour Berners-Lee placed the digital revolution he helped spark on a level with the Industrial Revolution in changing ordinary lives.

The opening ceremony took British creativity, eccentricity, daring and openness as its theme, and the technological shifts these have generated. It looked at how the invention of iron smelting led to factories, cities and prosperity, and how Berners-Lee's creation of the web was just as far-reaching.
 
The British inventor now works with the UK government on open data, and previously on the data.gov.uk project to share public data. He was also at one time lined up to be a director at a new Institute for Web Science at Southampton University, but this plan was shelved by the coalition government when it got into power.

“The values and achievements of the Olympics will be amplified by the World Wide Web. It will be like millions of digital torches carrying the spirit of the Games to every corner of the world," Berners-Lee said, according to a report in Pocket-Lint.

The fading line between Personal and Official life

‘Keep your personal and official life different’ is the guideline we have been hearing from our previous generations. But is this practiced anymore? Today, it is truly difficult find someone of such sorts.

Hereon, I will list few trends that have made such a practice rare and more difficult to follow

Trend 1: ‘Dear. My boss /client has called. Give me a minute’ Official phone calls spilling into non-official time. However simple it may sound, but its impact cannot be ignored. For most of us, it all began with having official con-calls after office hours.

Trend 2: ‘Hey dear! Yippee. I got a laptop from my office’….. ‘But I did’nt know it was going to take a piece of my personal time’ Offices started providing laptops to required employees. The intention was to provide mobility within office and when on an official trip. Unfortunately, the work mobility with the laptops got extended when at home. This coupled with ‘Work from home’ which is mostly by employee’s choice is one more reason.

Trend 3: ‘Blackberries, Smartphones, Tablets and BYOD’
The device explosion is one of the last in this sequence. I am pretty sure that most of us reading this blog would be using a Smartphone or iPhone and Tablet trend is just following. For the sake of simplicity, let me call them Smart devices. Every day, we check our official data like emails, presentations, business documents on our Smart devices. These same devices are also used for our personal work and have our important contacts, credit card numbers, passwords, personal sms’es on it.

The above may not be all, but are few of the major trends that have caused the line between personal and official life to fade.

Source: One of my blogger friend

Battery-saver app on Android is malware



A new piece of malware is trying to take advantage of poor battery life on Android smartphones.Cybercriminals have created an app that is supposed to reduce battery use, but in reality steals the user's contacts data stored on the device. Symantec, which first discovered the malware, is calling this particular threat Android.Ackposts. Here's the official description Android.Ackposts is a Trojan horse for Android devices that steals the Contacts information from the compromised device and sends it to a predetermined location. The Trojan may arrive as a package with the following name: BatteryLong.apk.

As opposed to using third-party app stores or even the official Google Play store, this app is pushed via Japanese spam e-mail that includes a link to download and install it. Although the messages claim the app reduces battery use by half, the app does nothing to save battery power. It does, however, send the user's contacts data (name, phone number, e-mail address, and more) to an external website for safe keeping.

As you can see in the screenshot in the top right, this malicious app only requests two permissions when it installs: "Network communication" (to access the Internet and upload the personal data) and "Your personal information" (to read and acquire the user's contacts data in the first place). The developer may have limited the number of required permissions as much as possible to avoid suspicion.

Once the app is installed and launched, a setup screen appears for a second, followed by a message stating that the device does not support the app. That is when the app steals the user's contacts data in the background. The developers of this malicious app are most likely trying to harvest e-mail addresses for spamming purposes. Symantec traced the spam message back to the sender, and discovered that the cybercriminals are also operating various social networking and dating sites already notorious for sending spam.
   
Source: ‐ Emil Protalinski, Security journalist, ZDNet Publication