Sunday, August 26, 2012

What is VPN and how it works? (Part-3) - Final

In the last section we discussed about the types of VPN. It is as easy and cheap way to access your LAN over the VPN. But at the time of planning of VPN in for corporate network one question always asked about the reliability and security of communication over VPN. So lets discuss about the security of VPN.

Most VPNs rely on tunneling to create a private network that reaches across the Internet. Tunneling is the process of placing an entire packet within another packet before it's transported over the Internet. That outer packet protects the contents from public view and ensures that the packet moves within a virtual tunnel. This layering of packets is called encapsulation. Computers or other network devices at both ends of the tunnel, called tunnel interfaces, can encapsulate outgoing packets and reopen incoming packets. Users (at one end of the tunnel) and IT personnel (at one or both ends of the tunnel) configure the tunnel interfaces they're responsible for to use a tunneling protocol. Also called an encapsulation protocol, a tunneling protocol is a standardized way to encapsulate packets [L2F, PPTP, and L2TP].

The purpose of the tunneling protocol is to add a layer of security that protects each packet on its journey over the Internet. The packet is traveling with the same transport protocol it would have used without the tunnel; this protocol defines how each computer sends and receives data over its ISP. Each inner packet still maintains the passenger protocol, such as Internet protocol (IP) or AppleTalk, which defines how it travels on the LANs at each end of the tunnel. The tunneling protocol used for encapsulation adds a layer of security to protect the packet on its journey over the Internet.

Encryption and Security Protocols in a VPN

Encryption is the process of encoding data so that only a computer with the right decoder will be able to read and use it. You could use encryption to protect files on your computer or e-mails you send to friends or colleagues. An encryption key tells the computer what computations to perform on data in order to encrypt or decrypt it. The most common forms of encryption are symmetric-key encryption or public-key encryption:
  • In symmetric-key encryption, all computers share the same key used to both encrypt and decrypt a message.
  • In public-key encryption, each computer has a public-private key pair. One computer uses its private key to encrypt a message, and another computer uses the corresponding public key to decrypt that message.
VPN needs more than just a pair of keys to apply encryption. That's where protocols come in. A site-to-site VPN could use either Internet protocol security protocol (IPsec) or generic routing encapsulation (GRE). GRE provides the framework for how to package the passenger protocol for transport over the Internet protocol (IP). This framework includes information on what type of packet you're encapsulating and the connection between sender and receiver.

IPSec is a widely used protocol for securing traffic on IP networks, including the Internet. IPSec can encrypt data between various devices, including router to router, firewall to router, desktop to router, and desktop to server. IPSec consists of two sub-protocols which provide the instructions a VPN needs to secure its packets:
  • Encapsulated Security Payload (ESP) encrypts the packet's payload (the data it's transporting) with a symmetric key.
  • Authentication Header (AH) uses a hashing operation on the packet header to help hide certain packet information (like the sender's identity) until it gets to its destination.
In a remote- access VPN, tunneling typically relies on Point-to-point Protocol (PPP) which is part of the native protocols used by the Internet. More accurately, though, remote-access VPNs use one of three protocols based on PPP:
  • L2F (Layer 2 Forwarding) -- Developed by Cisco; uses any authentication scheme supported by PPP
  • PPTP (Point-to-point Tunneling Protocol) -- Supports 40-bit and 128-bit encryption and any authentication scheme supported by PPP
  • L2TP (Layer 2 Tunneling Protocol) -- Combines features of PPTP and L2F and fully supports IPSec; also applicable in site-to-site VPNs
So after this final part of VPN, I believe everyone got the full concept of VPN and its working topology as well as the types of VPN. Yes, may be before this article you had doubts about the reliability of communication over VPN. It is secure or not. Hopefully this article cleared your doubts about the security of the data when you are keeping it in VPN.

Thanks so much for reading this article, your feedback is required.

Sunday, August 19, 2012

What is VPN and how it works? (Part-2)

In the last section we discussed about VPN and its benefits. Now in this section we will discuss about the types of VPN. Following are the 2 types of VPN connection:-

1) Remote-Access VPN
2) Site-to-Site VPN

Remote-Access VPN: - A remote-access VPN allows individual users to establish secure connections with a remote computer network. Those users can access the secure resources on that network as if they were directly plugged in to the network's servers. An example of a company that needs a remote-access VPN is a large firm with hundreds of salespeople in the field. Another name for this type of VPN is virtual private dial-up network (VPDN), acknowledging that in its earliest form, a remote-access VPN required dialing in to a server using an analog telephone system.

There are two components required in a remote-access VPN. The first is a network access server (NAS, usually pronounced "nazz" conversationally), also called a media gateway or a remote-access server (RAS) or VPN Server. (Note: IT professionals also use NAS to mean network-attached storage.) A NAS might be a dedicated server, or it might be one of multiple software applications running on a shared server. It's a NAS that a user connects to from the Internet in order to use a VPN. The NAS requires that user to provide valid credentials to sign in to the VPN. To authenticate the user's credentials, the NAS uses either its own authentication process or a separate authentication server running on the network it can be an AD based authentication.

The other required component of remote-access VPNs is client software. In other words, employees who want to use the VPN from their computers require software on those computers that can establish and maintain a connection to the VPN. Most operating systems today have built-in software that can connect to remote-access VPNs, though some VPNs might require users to install a specific application instead. The client software sets up the tunneled connection to a NAS, which the user indicates by its Internet address. The software also manages the encryption required to keep the connection secure. I will explain more about tunneling and encryption later in coming parts.

Large corporations or businesses with knowledgeable IT staff typically purchase, deploy and maintain their own remote-access VPNs. Businesses can also choose to outsource their remote-access VPN services through an enterprise service provider (ESP). The ESP sets up a NAS for the business and keeps that NAS running smoothly.

A remote-access VPN is great for individual employees, but what about entire branch offices with dozens or even hundreds of employees? In that case the 2nd type of VPN come in light to full fill the need of entire business including branch office connections.

Site-to-Site VPN: - A site-to-site VPN allows offices in multiple fixed locations to establish secure connections with each other over a public network such as the Internet. Site-to-site VPN extends the company's network, making computer resources from one location available to employees at other locations. An example of a company that needs a site-to-site VPN is a growing corporation with dozens of branch offices around the world.

There are two types of site-to-site VPNs:
• Intranet-based -- If a company has one or more remote locations that they wish to join in a single private network, they can create an intranet VPN to connect each separate LAN to a single WAN.

• Extranet-based -- When a company has a close relationship with another company (such as a partner, supplier or customer), it can build an extranet VPN that connects those companies' LANs. This extranet VPN allows the companies to work together in a secure, shared network environment while preventing access to their separate intranets.

Even though the purpose of a site-to-site VPN is different from that of a remote-access VPN, it could use some of the same software and equipment. Ideally, though, a site-to-site VPN should eliminate the need for each computer to run VPN client software as if it were on a remote-access VPN.

So after reading this part you easily understood two types of VPNs. In next part, I will describe how your data is always secure when we use VPN.

Tuesday, August 14, 2012

What is VPN and how it works? (Part-1)

VPN stand for Virtual Private Network. A VPN is a private network that uses a public network (off course Internet) to connect remote sites or users together. VPN uses “virtual” connections routed through the internet from the business’s private network to remote site or employee. By using a VPN, businesses ensure security – anyone intercepting the encrypted data can’t read it. In the field of remote connections VPN was not the first technology, before VPN Leased line was the common way to connect multiple offices. Leased lines provided a company with a way to expand its private network beyond its immediate geographic area. These connections form a single Wide Area Network (WAN) for the business. Though leased lines are reliable and secure, the leases are expensive, with costs rising as the distance between offices increases.

What Makes a VPN?
A VPN's purpose is providing a secure and reliable private connection between computer networks over an existing public network, typically the Internet. Before looking at the technology that makes a VPN possible, let's consider all the benefits and features a business should expect in a VPN.
 
A well-designed VPN provides a business with the following benefits:
  •  Extended connections across multiple geographic locations without using a leased line
  • Improved security for exchanging data
  • Flexibility for remote offices and employees to use the business intranet over an existing Internet connection as if they're directly connected to the network
  • Savings in time and expense for employees to commute if they work from virtual workplaces
  • Improved productivity for remote employees
A business might not require all these benefits from its VPN, but it should demand the following essential VPN features:
  •  Security -- The VPN should protect data while it's traveling on the public network. If intruders attempt to capture the data, they should be unable to read or use it. 
  • Reliability -- Employees and remote offices should be able to connect to the VPN with no trouble at any time (unless hours are restricted), and the VPN should provide the same quality of connection for each user even when it is handling its maximum number of simultaneous connections. 
  • Scalability -- As a business grows, it should be able to extend its VPN services to handle that growth without replacing the VPN technology altogether.
One interesting thing to note about VPNs is that there are no standards about how to set them up. This article covers network, authentication and security protocols that provide the features and benefits listed above. It also describes how a VPN's components work together. If you're establishing your own VPN, though, it's up to you to decide which protocols and components to use and to understand how they work together.
In the next part i’ll describe two common types of VPN. I'll start with the type that's most synonymous with the term VPN.

Monday, August 13, 2012

Top 10 Ways to Protect Your Computer from Hackers

In this daily Hi-Tech life the use of computers has become an important part and risk of information theft increasing in the same ratio. Therefore, it’s only natural for IT specialists to create a general awareness in all the users so that they can also learn the ways of protecting their information as well as PC.

At any rate, below are the top ten steps you can take to help safeguard your computer from digital destruction:

1. Anti-Virus/Anit-Spy Software: Running your machine without anti-virus/anit-spyware software especially if it's regularly connected to the Internet is downright suicidal in these modern, computer-virus-ridden times. Get one as soon as you can, and always confirm if its virus definitions are regularly updated. Some of the free antivirus like Avast / Avira / AVG / can be use, but recommendation is only for licensed version.

2. Hacker-Controlled Websites: Common sense dictates that you should avoid going to bad neighborhoods, especially if you carry a lot of valuables. The same could be said in the wild, wild world of the worldwide web. Avoid getting snared by dubious sites dedicated to porn, free downloads, online games, and so on; this way, there are less chances for you to be hacked.

3. Firewall: If you don't have a third-party firewall like Cyberoam/Cisco/Sonicwall/Fortigate installed in your network, then it's highly recommended for you to activate your Windows firewall (available on all Windows versions from XP/7/8). Firewalls help filter your traffic, and there are some products that even filter both incoming and outgoing data streams.

4. Spam Email: Unsolicited messages should never be opened, and that goes double for unsolicited messages with file attachments. Fortunately, web-based email sites like Gmail (if you are not using any company email account) have an extra layer of protection integrated in them. When in doubt, just delete the message.

5. Data Backup: If you have critical data, work-related documents, or personal files, then you must back them up as often as possible, because you never know what will happen to your computer. From viruses to system crashes, these sensitive bits of information can be wiped clean from your hard drive in the blink of an eye, so it's best to always have a backup at hand.

6. Windows Updates: Let's face it; the many different iterations of the world's best-selling OS have all been targeted by hackers so often that it's become a given to provide continuous daily, weekly, or monthly updates to your Windows-based computer. It's important for you to keep your OS up to speed in order to minimize the possibility of having worms or viruses compromise your system.

7. Software Updates: As with the above example, it's important for you to get the latest fixes or versions of your favorite applications in order to never let hackers find the opportunity to invade your virtual turf. Make sure that your web browsers and other web-based programs are given good upgrades or patches.

8. Password Policies: The passwords you pick could mean the difference between a breached computer and a safe computer. At any rate, the most common recommendations when it comes to picking a password includes not using the same password on every one of your accounts, using combinations of letters and numbers, and making sure that your password is as arcane as possible without necessarily making it too difficult for you to remember it. Never give your password to anyone.

9. Be careful what you attach to your computer: This is a more common way to transfer viruses than you might think. Everyone now has a USB flash stick that they carry around on their key chains, ready to snap into any computer. But who knows what your viruses are on your friends computers and what accidentally got transferred to their USB stick. A lot of virus programs will auto launch right when the USB stick is put into the computer, so you don’t even have to open or download any of the files to be infected.

10. Do not click on Ads: Avoid clicking on ads if you can. Especially those ads where something is flying around and if you shoot the duck, you win some prize! Ads have become more sophisticated in that they try to make the ad interactive so that you’ll be tempted to play it like a game.

Saturday, August 11, 2012

How to Protect Yourself from the “Flame” Virus

Recently, reports have been circulating that a virus, called “Flame,” has been infecting users in the Middle East, particularly Iran. This has led many to conclude it is the work of Israel’s engineers. Experts also suggest there is more evidence to suggest this including the links of this malware with previous malware targeting Iran. The official name for Flame is W32.Flamer because it targets 32bit Windows PC users.

The “Flame” Virus Looks to be the Work of Professionals
According to the USA Today, the reason for the suspicion existing about Israel being pinned as the culprit is that Iran has been particularly affected by it. This led Kaspersky Lab to conclude engineers in Israel should claim responsibility as there is distrust and animosity between the two nations.

Another virus launched last November, called Stuxnet that targeted nuclear centrifuges in Iran and Flame. It shares a lot of similarity to Flame, according to reports. It has been speculated for quite a while now that engineers from Israel created Stuxnet.

The New York Times reported last November, the virus was precisely created to disrupt Iran’s nuclear program. It caused nuclear centrifuges to be sent out of control.

The Russian anti-virus company, Kaspersky Lab, also claims responsibility for the discovery of its existence, as reported by a company news brief. However, other anti-virus companies have also been analyzing it and trying to address its reach as well.

According to USA Today, a unit within Iran’s communication and information technology ministry claimed it has anti-virus software capable of identifying and removing it:

“Tehran has not said whether it lost any data to the virus, but a unit of the Iranian communications and information technology ministry said it had produced an anti-virus capable of identifying and removing Flame from its computers.”

When Israel’s Vice Premier Moshe Yaalon didn’t outright dismiss Israel’s responsibility for it when asked about its significance. This leads to further conclusion Israel’s hands were at work here.

“Israel is blessed with high technology, and we boast tools that open all sorts of opportunities for us,” he said.

What Makes “Flame” Stand Out Among Malware
Flame is particularly alarming in terms of the security concerns it poses for users on the recipient end of it. It really shows just how exposed anyone of us can be online if we do not take precautions. Examples of damage it can do include allowing its creators to take screenshots, log keystrokes, and even steal data from mobile devices via Bluetooth.

“It can be used to spy on everything that a user is doing,” said researcher Roel Schouwenberg in the USA Today report.
I recently spoke to the director of Norton’s Star Program, Kevin Haley, about the threat and what risks it poses for end users.
Besides its ability to spy on users; take screenshots of user activity and send it back for analysis; and steal files, it can also be improved upon or patched.

Haley said that its creators can write modules adding functionality to it over time. This means they do not have to create new malware but simply modify Flame for added functionality end threats.

“It was clearly built so it could be added upon again and again.”

He also pointed out its complexity when analyzing it and looking at its size. The actual file size is about 200MB, which makes it much larger in scope than most other malware. It also makes Flame harder to detect in many cases due to users thinking it is a legitimate application or program.

“It is like 20 times as large as Stuxnet. It is bigger and more modular, Haley said. “It is built like multiple people worked on it and didn’t know what other people were doing.”

What he meant by calling its engineering modular was that multiple groups of professional engineers were probably contracted to create it in different steps. Then their work was put together into what is now known as Flame.

Haley also indicated that in his opinion it probably took about 6 months to create and it will take Norton months to fully comprehend it. Norton has only been analyzing it for the last few days although there are indications it was around for at least two years in one shape or form.

A Disguised File
Haley said that its creators found clever ways to hide it inside systems it infects. Because of its large size, it may trick users into thinking it is harmless, but also in the way it runs on machines without showing indications of its approach.

“It tries to hide itself inside other applications to disguise itself,” he said. “It also hides itself inside another process inside the computer.

“If you weren’t examining it closely, you would think it is doing things that are harmless. It has functionality that normal programs have to make users think it is not doing anything not unique.”

Command-and-Control Server
The way its authors use Flame is through a command-and-control server (C&C). Its authors give it instructions through this structure to accomplish certain tasks.

“Typically once it gets on a machine it will report back to CMC server and wait for instructions,” haley said. “The author gives commands like show what documents they are and these are the ones I want you to copy.”

By the way, Symantec has provided further analysis of the virus in a blog posting on the company’s website titled “Painting a Picture of @32.Flamer.” This analysis points out that Flame is actually a whole platform and not just a file with a single function. It includes a Web server, a database server, and secure shell communications. It also includes a scripting editor.

How to Protect Yourself from the “Flame” Threat
What makes Flame such a threat is that it may have the potential of infecting users who have great firewalls or are not even connected online. Malware can, for instance, be infected from a USB drive.

However, Haley said that anyone with an updated version of Norton’s or Symantec’s anti-malware programs should be safe (these two product lines are linked to the same company, but Symantec is geared for enterprise users while Norton is geared for regular computing users). It should automatically detect and remove Flame. He even pointed out that competitor products are also able to remove it now. It is the users who are not protected that should make sure their system is safe.

Haley described how in 2011 alone there were over 400 million unique threats and he expects 2012 to show greater figures.

He thinks that a layered approach is needed with anti-virus software, firewalls, and other tools. He described one of these tools, which Norton uses, as the intrusion prevention systems (IPS).

“IPS intrusion prevention systems looks for patterns in network traffic,” Haley said. “It will detect malware unlike firewall that just blocks it.”

Despite Haley’s enthusiasm for anti-virus software being able to remove it, keep in mind that he did also say its creators have the ability to modify it and add functionality to it. Take that as you will, but it may mean that it still can pose a danger to any user.

Conclusion
Viruses like Flame show the challenges users and companies face every day when targeted by calculating and skillful threats. However, do not expect the average hacker to be able to create something this sophisticated. A group like Anonymous may have the potential over time so do not rule the idea out. However, this was most likely the work of engineers being hired full time to work on it over a period of numerous months as Haley pointed out.

HSRP vs. VRRP

Ever heard of Redundant Routing Protocols? If not, it’s not that surprising, since this is a purely technical term; but once you stumble upon router problems, and when you have a demand for an increased or sustained network performance, then this article may help you in one way or another. In the process, you may encounter the terms HSRP and VRRP. To learn more about these terms, continue to read.

Developed by Cisco, HSRP, or Hot Standby Router Protocol, is a propriety redundancy protocol that establishes an error-free default gateway. This means that for multiple routers inside a network, there is a framework readily established by HSRP to make a default gateway, in the event that the main gateway inadvertently becomes inaccessible. It acts as a fail-safe, to put it in simple terms. This ensures a sustained connectivity even if certain problems are encountered. It was actually in 1994 when Cisco created a redundancy router protocol for its own use. This also utilizes a default hello countdown timer for 3 seconds, along with a hold timer that spans for 10 seconds.

On the contrary, the VRRP is a non-propriety protocol developed and invented by IEFT, back in 1999. This protocol is said to work for a wide range of systems. It even boasts of a faster timer of 1 second for its default hello, and a 3-second hold timer as well. Moreover, it has been observed that VRRP’s standby speaker is not able to send hellos, as opposed to its availability in the HSRP protocol.

In regards to VRRP, there is a backup router that supports the role of the master router, in the event that the latter fails to function. This redundancy protocol is basically used for routers that are not Cisco-based, such as the Juniper, although one type of Cisco model (the Cisco 3000) can utilize this protocol.

Although these two protocols share the same concepts, they are still somewhat incompatible. Overall, the two redundancy router protocols differ in the following aspects:

  1. HSRP is propriety protocol developed by CISCO, whereas VRRP is a non-propriety protocol created by IFET.
  2. HSRP was created in an earlier year compared to the more recent VRRP.
  3. VRRP has a faster time for its default hello, and a faster hold time, as opposed to the slower HSRP timers.
  4. VRRP’s standby speaker cannot send hellos like the HSRP protocols.

Leader Vs Manager

Managers are people who do things right and leaders are people who do the right thing. The difference may be summarized as activities of vision and judgment — effectiveness —versus activities of mastering routines — efficiency. The chart below indicates key words that further make the distinction between the two functions:

• The manager administers; the leader innovates.

• The manager is a copy; the leader is an original.

• The manager maintains; the leader develops.

• The manager accepts reality; the leader investigates it.

• The manager focuses on systems and structure; the leader focuses on people.

• The manager relies on control; the leader inspires trust.

• The manager has a short-range view; the leader has a long-range perspective.

• The manager asks how and when; the leader asks what and why.

• The manager has his or her eye always on the bottom line; the leader has his or her eye on the horizon.

• The manager imitates; the leader originates.

• The manager accepts the status quo; the leader challenges it.

• The manager is the classic good soldier; the leader is his or her own person.

• The manager does things right; the leader does the right thing.

The most dramatic differences between leaders and managers are found at the extremes: poor leaders are despots, while poor managers are bureaucrats in the worst sense of the word. Whilst leadership is a human process and management is a process of resource allocation, both have their place and managers must also perform as leaders. All first-class managers turn out to have quite a lot of leadership ability.