A VPN supports at least three different modes of use:
· Remote access client connections
· LAN-to-LAN internetworking
· Controlled access within an intranet
However, it would be better to find to discuss about the types of VPNs before analyzing the things where it can accommodate.
Secure VPNs use cryptographic tunneling protocols to provide the necessary confidentiality (preventing snooping), sender authentication (preventing identity spoofing), and message integrity (preventing message alteration) to achieve the privacy intended. When properly chosen, implemented, and used, such techniques can provide secure communications over unsecured networks. Because such choice, implementation, and use are not trivial, there are many insecure VPN schemes on the market. Secure VPN technologies may also be used to enhance security as a 'security overlay' within dedicated networking infrastructures
Trusted VPNs do not use cryptographic tunneling, and instead rely on the security of a single provider's network to protect the traffic. Multi-protocol label switching (MPLS) is commonly used to build trusted VPNs
Technology Behind VPNs
Several network protocols have become popular as a result of VPN developments:
· PPTP
· L2TP
· IPsec
· SOCKS
These protocols emphasize authentication and encryption in VPNs. Authentication allows VPN clients and servers to correctly establish the identity of people on the network. Encryption allows potentially sensitive data to be hidden from the general public. Many vendors have developed VPN hardware and/or software products. Unfortunately, immature VPN standards mean that some of these products remain incompatible with each other.
VPN Tunneling: VPN technology is based on the idea of tunneling. Network tunneling involves establishing and maintaining a logical network connection .On this connection, packets constructed in a specific VPN protocol format are encapsulated within some other base or carrier protocol, then transmitted between VPN client and server, and finally de-encapsulated on the receiving side).
Two Types of VPN Tunneling
VPN supports both voluntary and compulsory tunneling. Both types of tunneling can be found in practical use. In voluntary tunneling, the VPN client manages connection setup. The client first makes a connection to the carrier network provider (an ISP in the case of Internet VPNs). Then, the VPN client application creates the tunnel to a VPN server over this live connection. In compulsory tunneling, the carrier network provider manages VPN connection setup. When the client first makes an ordinary connection to the carrier, the carrier in turn immediately brokers a VPN connection between that client and a VPN server. From the client point of view, VPN connections are set up in just one step compared to the two-step procedure required for voluntary tunnels.
Compulsory VPN tunneling authenticates clients and associates them with specific VPN servers using logic built into the broker device. This network device is sometimes called the VPN Front End Processor (FEP) (also Network Access Server (NAS) or Point of Presence (POP) servers). Compulsory tunneling hides the details of VPN server connectivity from the VPN clients and effectively moves control over the tunnels from clients to the ISP. In return, service providers must take on the additional burden of installing and maintaining FEPs.
VPN Tunneling Protocols
Several interesting network protocols have been implemented specifically for use with VPN tunnels. The three most popular VPN tunneling protocols listed below continue to compete with each other for acceptance in the industry. These protocols are generally incompatible with each other.
Point-to-Point Tunneling Protocol (PPTP)
Several corporations worked together to create the PPTP specification. People generally associate PPTP with Microsoft because nearly all flavors of Windows include built-in client support for this protocol. The initial releases of PPTP for Windows by Microsoft contained security features that some experts claimed were too weak for serious use. Microsoft continues to improve its PPTP support, though.
Layer Two Tunneling Protocol (L2TP)
The original competitor to PPTP for VPN tunneling was L2F, a protocol implemented primarily in Cisco products. In an attempt to improve on L2F, the best features of it and PPTP were combined to create new standard called L2TP.
Internet Protocol Security (IPsec)
IPsec is actually a collection of multiple related protocols. It can be used as a complete VPN protocol solution, or it can used simply as the encryption scheme within L2TP or PPTP. IPsec exists at the network layer (Layer Three) in OSI.
VPN SECURE
The most important part of a VPN solution is security, the nature of VPNs — putting private data on public networks — raises concerns about potential threats to that data and the impact of data loss, where a Virtual Private Network must address all types of security threats by providing security services in the areas of:
Authentication - Authentication is the process of ensuring that a user or system is who the user claims to be, there are many types of authentication mechanisms, all work off of one or more of the following principles: a login name, a password, a token, a card key, fingerprint, retinal scan. A weak authentication makes use of one of these components, usually a simple login/password sequence but a strong authentication combines at least two authentication components from different areas.
Presentation - Encryption is based on two components: an algorithm and a key, a cryptographic algorithm is a mathematical function that combines data with the string of digits contained in a key to produce encrypted text. There are several major types of encryption of varying degrees of complexity, as measured by lengths (bits) of cryptographic keys like Advanced Encryption Standard (AES), RSA, Elliptic Curve Cryptosystems (ECC).
Transportation - The modification of data packets in a network is an attack on data integrity. Message authentication is the procedure used to verify that received messages come from the alleged source and have not been altered
Non repudiation - Non-repudiation is a means to verify that an electronic message has been sent and received by the specified parties. This protects both parties to ensure that neither the sender nor the recipient can later claim the transaction did not take place, which is a vital not only while dealing contracts, but also for online sales of digital goods such as music and entertainment.
Unfortunately, VPN technology alone does not provide reliable proof about who is accessing the data at either end of the tunnel without strong authentication is incorporated, information may be shielded as it crosses the network only to fall into the wrong hands. However, RSA Security’s authentication solutions greatly reduce this risk by forcing external users to present multiple forms of identity to provide assurance that they are who they claim to be before they are granted access.
VPNs for Remote Access- A VPN can support the same intranet/extranet services as a traditional WAN, but VPNs have grown in popularity for their ability to support remote access service. In recent years, many organizations have increased the mobility of their workers by allowing more employees to telecommute where Employees continue to travel and face an increasing need to stay plugged in to the company network. Typically, a corporation that wishes to set up a large remote-access VPN provides some form of Internet dial-up account to their users using an Internet Service Provider (ISP). The telecommuter can then dial a 1-800 number to reach the Internet and use their VPN client software to access the corporate network. It can be better utilized when a company needs a remote-access for a large firm with hundreds of sales people in the field. Remote-access VPNs permit secure, encrypted connections between a company's private network and remote users through a third- party service provider. The overhead of maintaining such a system internally, coupled with the possibility of high long distance charges incurred by travelers, make VPNs an appealing option here.
VPNs INTERNETWORKING
VPN remote access architecture’s extension provides an entire remote network to join the local network. A server-server VPN connection joins two networks to form an extended Intranet or extranet rather than a client-server connection. To implement limited access to individual subnets on the private network, Intranets use VPN technology. In this mode, VPN clients hook up to a VPN server, which acts as a gateway to computers behind it on the subnet, However, it takes benefits of the security features and handiness of VPN technology.
ADVANTAGES
VPNs promise two main advantages over competing approaches – Cost Savings-One way a VPN lowers costs is by eliminating the need for expensive long-distance leased lines, with the help of VPNs, an organization needs only a relatively short dedicated connection to the service provider could be a local leased line (much less expensive than a long-distance one).
Another way VPNs reduce costs is by lessening the need for long distance telephone charges for remote access where VPN clients need only call into the nearest service provider's access point but in some cases it require a long distance call, but in many cases a local call will suffice.
A third, subtler way that VPNs may lower costs is through offloading of the support burden with VPNs, the service provider rather than the organization must support dial-up access, where Service providers can in theory charge much less for their support than it costs a company internally because the public provider's cost is shared amongst potentially thousands of customers.
Scalability -The cost to an organization of traditional leased lines may be reasonable at first but can increase exponentially as the organization grows. A Company with two branch offices, for example, can deploy just one dedicated line to connect the two locations. If a third branch office needs to come online, just two additional lines will be required to directly connect that location to the other two. However, as an organization grows and more companies must be added to the network, the number of leased lines required increases dramatically. Four branch offices require six lines for full connectivity, five offices require ten lines, and so on. Mathematicians call this phenomenon a "combinatorial explosion," and in a traditional WAN this explosion limits the flexibility for growth. VPNs that utilize the Internet avoid this problem by simply tapping into the geographically distributed access already available.
Compared to leased lines, Internet-based VPNs offer greater global reach, given that Internet access points are accessible in many places where dedicated lines are not available. The only way to properly deploy the appropriate VPN for any organization is to evaluate the needs of your operation and it’s remote clients. At that point you must evaluate the hardware involved on both ends, the operating systems on both ends, the Internet service on both ends, the applications software involved and more. Performance, security, and limitations of the existing infrastructure always dictate how you move ahead. Often this process is short and simple but there are a variety of unforeseen problems that can crop up if you do not carefully evaluate these elements. Whether in-house or through a vendor it is important to evaluate your existing systems and requirements first, to save time and money later. Once you have finished this part of the evaluation it will be a much simpler task to choose among various VPN approaches. Often something in the initial evaluation will mandate a certain VPN approach, if this is the case your choices will be easily defined. If you have very few limitations placed by your existing technology the decision becomes one of ROI, performance, and security demands.
DISADVANTAGES
With the hype that has surrounded VPNs historically, the potential pitfalls or weak spots in the VPN model can be easy to forget. These four concerns with VPN solutions are often raised like 1. VPNs require an in-depth understanding of public network security issues and taking proper precautions in VPN deployment. 2. The availability and performance of an organization's wide-area VPN (over the Internet in particular) depends on factors largely outside of their control. 3. VPN technologies from different vendors may not work well together due to immature standards. 4. VPNs need to accommodate protocols other than IP and existing ("legacy") internal network technology. Generally speaking, these four factors comprise the hidden costs of a VPN solution. Whereas VPN advocates tout cost savings as the primary advantage of this technology, detractors cite hidden costs as the primary disadvantage of VPNs.
CONCLUDING REMARKS:
The success of VPNs in the future depends mainly on industry dynamics. Most of the value in VPNs lies in the potential for businesses to save money. Should the cost of long-distance telephone calls and leased lines continue to drop, fewer companies may feel the need to switch to VPNs for remote access. Conversely, if VPN standards solidify and vendor products interoperate fully with other, the appeal of VPNs should increase. The success of VPNs also depends on the ability of Intranets and extranets to deliver on their promises. Companies have had difficulty measuring the cost savings of their private networks, but if it can be demonstrated that these provide significant value, the use of VPN technology internally may also increase. VPNs do not offer any network services that aren't already offered through alternative mechanisms. However, a VPN does use a unique mix of technologies that promises to improve on the traditional approaches. A well-designed VPN should incorporate the following: Security, Reliability, Scalability, Network Management, and Policy Management
"http://www.articlesbase.com/information-technology-articles/role-of-vpn-in-globalised-world-497961.html"
Saturday, March 27, 2010
Simple way To have Your Secure VPN Tunnel
First what do we are expecting from a VPN tool? Answers are very simple:
Since the Data should pass through a public network then you need to assure the protection (Data security).
SLA (service Level Agreement) as all amounts of Data is received by destination.
Easy to configure.
Multi-platform support.
Cost effective.
How Hamachi is going to protect our data privacy?
Since Hamachi is a central managed VPN connection that means the Server is managed by the Vendor.
Then all what you need is to install the Client software’s in order to connect to that server and establish your own group of computers. To perform this task Hamachi’s Client exchange a Key value with the server once they agreed on a Key then only peers you are targeting can encrypt your Data. LoGMeIn (Hamachi’s owner)servers authenticate all peers using RSA key-pair, then to login the client submit its Hamachi’s IP which is assigned by the server, when the client connect it announced what key is expect s the server to have. This simple logic cans grantee the establishment of your Tunnel but you need to enter a user name and password for the destination to be authenticated (OS user).
Data loss in communication ?
Off course data loss were depends on many items such as your ISP connection, firewall configuration, software’s you are using what if they are original or not, sending across different platform, etc.
If we can assure all mentioned items then you can guarantee a perfect data communication between your business units.
Further more Hamachi will not disturb your internet connection by taking all the bandwidth for the VPN tunnel as some Tools done instead Hamachi will work under virtual Ethernet Adapter giving different IP address, this will enable you to continue your normal web browsing while your secure communication with other Business unit is established.
Easy to configure ?
All you need to do is to click on the network menu and select create new network then type your new network name and password, and don’t forget to send to other people your network name and password to join you by selecting from network menu join an existing network. That is all what you need to spend on configuration 1 minute.
Multi-platform support ?
Simply, YES. Further more it can work under virtual machine I tested.
Cost effective?
It’s free to use.
Also you can use Hamachi to perform a remote administration; this can be done as well by combine the benefits of VNC and Hamachi. We tested and the result was great. I can show you how to do it,
After installing Hamachi you will have a global IP address, through this IP you can reach your remote nodes if Hamachi and VNC are configured. All you need is to type that IP plus configured port in VNC Viewer as example:
Hamachi IP:0
Then presses connect and perform your remote administration.
"http://www.articlesbase.com/information-technology-articles/simple-way-to-have-your-secure-vpn-tunnel-589491.html"
Since the Data should pass through a public network then you need to assure the protection (Data security).
SLA (service Level Agreement) as all amounts of Data is received by destination.
Easy to configure.
Multi-platform support.
Cost effective.
How Hamachi is going to protect our data privacy?
Since Hamachi is a central managed VPN connection that means the Server is managed by the Vendor.
Then all what you need is to install the Client software’s in order to connect to that server and establish your own group of computers. To perform this task Hamachi’s Client exchange a Key value with the server once they agreed on a Key then only peers you are targeting can encrypt your Data. LoGMeIn (Hamachi’s owner)servers authenticate all peers using RSA key-pair, then to login the client submit its Hamachi’s IP which is assigned by the server, when the client connect it announced what key is expect s the server to have. This simple logic cans grantee the establishment of your Tunnel but you need to enter a user name and password for the destination to be authenticated (OS user).
Data loss in communication ?
Off course data loss were depends on many items such as your ISP connection, firewall configuration, software’s you are using what if they are original or not, sending across different platform, etc.
If we can assure all mentioned items then you can guarantee a perfect data communication between your business units.
Further more Hamachi will not disturb your internet connection by taking all the bandwidth for the VPN tunnel as some Tools done instead Hamachi will work under virtual Ethernet Adapter giving different IP address, this will enable you to continue your normal web browsing while your secure communication with other Business unit is established.
Easy to configure ?
All you need to do is to click on the network menu and select create new network then type your new network name and password, and don’t forget to send to other people your network name and password to join you by selecting from network menu join an existing network. That is all what you need to spend on configuration 1 minute.
Multi-platform support ?
Simply, YES. Further more it can work under virtual machine I tested.
Cost effective?
It’s free to use.
Also you can use Hamachi to perform a remote administration; this can be done as well by combine the benefits of VNC and Hamachi. We tested and the result was great. I can show you how to do it,
After installing Hamachi you will have a global IP address, through this IP you can reach your remote nodes if Hamachi and VNC are configured. All you need is to type that IP plus configured port in VNC Viewer as example:
Hamachi IP:0
Then presses connect and perform your remote administration.
"http://www.articlesbase.com/information-technology-articles/simple-way-to-have-your-secure-vpn-tunnel-589491.html"
Simple Way To Protect Against Malicious Programs
Ok let’s start by some definitions, all you need is to read carefully and feel free to contact me for any assistant, last days I have received a lot of inquiries concerning Viruses, Worms, and Bacteria, etc so I noticed that many people have confused about some terms, Let’s See
Viruses
A computer virus is a computer program or Script that can copy itself and contaminate a computer devoid of permission or knowledge of the user. The name "virus" is also commonly used to refer to many different types of malware and adware programs. The original virus may modify the copies, or the copies may modify themselves. A virus can only spread from one computer to another when its host is taken to the uninfected computer, for instance by a user sending it over a network or the Internet, or by carrying it on a removable medium such as a floppy disk, CD, or USB drive. Meanwhile viruses can spread to other computers by infecting files on a network shared file system.
Recent viruses may also take advantage of network services such as the World Wide Web, e-mail, Instant Messaging and file sharing systems to spread.
Virus Phases:
Virus Phases can be grouped into four categories as listed below:
Dormant Phase:The Virus is idle.
Propagation Phase:The Virus places an identical copy of itself into other programs.
Triggering Phase:The Virus is activated to perform the function for which it was intended.
Execution Phase:The function is performed.
Types of Viruses:
Parasitic Viruses
A parasitic virus attaches itself to a file in order to propagate. It generally keeps most of the file intact and either adds itself to the start or end of the file, COM and EXE files are easiest to infect, as they are simply loaded directly into memory and execution always starts at the first instruction.
Memory resident Viruses
A virus that stays in memory after it executes and after its host program is terminated. In contrast, non-memory-resident viruses only are activated when an infected application runs.
Resident viruses contain a replication module that is similar to the one that is employed by nonresident viruses. However, this module is not called by a finder module. Instead, the virus loads the replication module into memory when it is executed and ensures that this module is executed each time the operating system is called to perform a certain operation. For example, the replication module can be called each time the operating system executes a file. In this case, the virus infects every suitable program that is executed on the computer.
Resident viruses are sometimes subdivided into a category of fast infectors and a category of slow infectors. Fast infectors are designed to infect as many files as possible. For instance, a fast infector can infect every potential host file that is accessed. This poses a special problem to anti-virus software, since a virus scanner will access every potential host file on a computer when it performs a system-wide scan. If the virus scanner fails to notice that such a virus is present in memory, the virus can uses the virus scanner and in this way infect all files that are scanned. Fast infectors rely on their fast infection rate to spread. The disadvantage of this method is that infecting many files may make detection more likely, because the virus may slow down a computer or perform many suspicious actions that can be noticed by anti-virus software. Slow infectors, on the other hand, are designed to infect hosts infrequently. For instance, some slow infectors only infect files when they are copied. Slow infectors are designed to avoid detection by limiting their actions, they are less likely to slow down a computer noticeably, and will at most infrequently trigger anti-virus software that detects suspicious behavior by programs.
Boot Sector Viruses
A boot sector virus is a computer virus which infects the boot sector on hard disks, floppy disks, and theoretically also other bootable media such as CD's and DVD's.
A boot sector virus infects or substitutes its own code for either the DOS boot sector or the Master Boot Record (MBR). The MBR is small program that runs every time the computer starts up. It controls the boot sequence and determines which partition the computer boots from. The MBR generally resides on the first sector of the hard disk.
Since the MBR executes every time a computer is started, a boot sector virus is extremely dangerous. Once the boot code on the drive is infected, the virus will be loaded into memory on every startup. From memory the boot virus can spread to every disk that the system reads.
Some CMOS setups can be configured to prevent writing to the boot sector of the hard drive. This may be of some use against boot sector viruses. However, if you need to reinstall or upgrade the operating system, you will have to change the setting back to make the MBR writable again.
Stealth Viruses
A stealth virus is a file virus that uses special techniques to hide its presence from users and virus scanners. This is achieved by intercepting the read request to the file and returning the content of the original read request to the uninfected file. Once the computer has been infected, the virus can make modifications to allow the computer to appear that it has not lost any memory and/or that the file size has not changed.
When an antivirus program tries to detect the virus, the stealth virus feeds the antivirus program a clean image of the file or boot sector.
Polymorphic Viruses
It’s a Virus that changes its signature every time by replicates and infects a new file in order to trick the antivirus program. But what is the Virus signature? The virus signature is like a fingerprint in that it can be used to detect and identify specific viruses. Also it could refer to an algorithm or hash that uniquely identifies a specific virus. It may be a static hash that calculated numerical value of a snippet of code unique to the virus. Also, the algorithm may be behavior-based Anti-virus software uses the virus signature to scan for the presence of malicious code.
Bacteria
Bacteria are programs that do not explicitly damage any files. Their only purpose is to replicate themselves. Bacteria reproduce exponentially, eventually taking up all the processor capacity, memory, or disk space.
Worms
A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes (computer terminals on the network) and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program. Worms almost always cause harm to the network, if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.
Many worms come in the form of email file attachments, or as hidden additions to actual email messages, which trigger the execution of infectious code, In addition to email, worms can also infect computers via web sites, file sharing systems, instant messages, and more. Therefore, any computer connected to the Internet runs the risk of being infected with a malicious worm.
Once installed on a computer, worms spontaneously generate additional email messages containing copies of the worm. They may also open TCP ports to create networks security holes for other applications.
Trojan horse
The phrase is derived from the classical story of the Trojan horse. In computer security a Trojan is a program or command procedure containing hidden code that, when invoked, performs some unwanted or harmful function. Trojan horse programs can be used to accomplish functions indirectly that an unauthorized user could not accomplish directly. For example, to gain access to the files of another user on a shared system, a user could create a Trojan horse program that, when executed, changed the invoking user's file permission so that the files are readable by any user.
Trojan horse is almost designed to cause harm, but it can also be harmless. They are classified based on how they violate and damage systems. The six main areas where Trojan horse are often used:
· Remote Access
Data Destruction
· Downloader
· Servers (Proxy, FTP, IRC, Email, HTTP/HTTPS, etc.)
· Security settings disabler
· Denial-of-service attack (DoS)
Logic Bomb
A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting some important files.
Some use for a logic bomb is to ensure payment for software. If payment is not made by a certain date, the logic bomb activates and the software automatically deletes itself. A more malicious form of that logic bomb would also delete other data on the system.
Trap Door
Undocumented entry point written into code for debugging that can allow unwanted user to access the system.
Trap Door can be a hardware or software-based and it’s always hidden acting as entrance to a computer system that can be used to bypass the system's security policies.
Dear reader now it’s the time to learn how to simply distinguish between mentioned malicious programs, some one may ask why I need to distinguish among such programs. OK, in order to protect your system you need to know first you are protecting against what. Because each malicious program has its own technique in order to defend.
Let’s be more practical and learn how malicious programs can affect our files, we will mainly talk about Windows operating system.
The Windows operating system recognizes file types and associates them with programs based on their file extension. That means Windows might recognize filename.htm as being associated with Internet Explorer. Thus, when a user opens filename with htm extension, Windows will first open Internet Explorer that will handle opening the file. When Windows is first installed, certain file type associations are automatically assigned, as example the default handler for .TXT files is the Notepad program.
When new programs are installed to the system, they will often add new file types associated with that program or even change previous file type associations to be handled by the new program. Consider Windows Media Player (WMP) is the default handler for .MP3 files, if similar program is installed, it will prompt during the installation to change the default handler from WMP to that new similar one (Since both applications has the ability to open same data files). And If allowed, this will cause an MP3 files (or any others it may have re-registered) to be opened by new installed program in the future, instead of WMP.
Viruses can do exploit files and their associations moreover Virus can change some extension or redirect them to another hidden program. It is important that file extension viewing is enabled and that you are aware of which extensions are associated with which programs. Before proceeding further, ensure file extension viewing is enabled on your system.
Most of common malicious codes contaminates are done through compiling some scripts. When you have .vbs extension file (these files written using VBScript and it is a scripting language) it’s executed by wscript.exe as its associated program.
The main purpose of this program is to enable developers to construct their own instruction using notepad or any free editor to write the code and save it with .vbs extension (or any other script formats), when you click on such file some function or functions are performed through its associated program mainly the Windows based script host (wscript.exe) to do specific task, if the code was written by a Hacker or Cracker then this task may harm your computer.
The question is do we really need the wscript.exe? Ok, this depends on many items like whether you are using individual computer or not? What if you or the one who may share the computer with you are interesting in code development? Number of useful programs that have been installed to your system and they require to use or to access some script files.
If you are confused about your answer or you are not sure don’t worry we will show you a easy way to get a ride of unwanted script debugging without the need to remove the wscript.exe, simply we are going to change the association of the script file that have the .vbs extension to be established using non related program example Notepad.
Let’s start step by step, first on your Windows explorer select Tools,
Second from the tools menu select Folder Options, and then click on the tab File Types and navigate till you find your desired extension, here we need to mention that its totally danger to randomly change the file association for any extension unless you know what you are doing otherwise you will case a serious problem for your Operating system and it may totally be damaged. So please try to be careful while choosing your file extension.
Third, press on button Change, and from Open With window choose Notepad .
Make sure that the option always use the selected program to open this kind of file, is ticked then press Ok, and Close.
By this point you should know how to disable the ability of Windows from executing some scripts data file based on their extensions. without deleting the program wscript.exe, To re-enable the script debugging for some extension do the same procedure and select wscript instead of notepad or simply press on reset button.
Beside scripts debugging some large packages are often include their own built-in programming languages. In such case malicious code could be written as macros. Before going further let’s agree on that, macro is an instruction that carries out a list of program commands automatically. Some applications (Example: Word Processing, spreadsheets, presentation slides and more some.) allow macro programs to be embedded in documents, so that the macros may be executed automatically when the document is opened, this provides a suitable way by which malicious program’s can be spread.
When accessing a document with embedded macro code’s a copy of that macro resides on the computer and then any document on same computer that uses the same application can become infected. If a copy of an infected file is passed to anyone else through email or any removable media the malicious program can spread to the recipient's computer. This process of infection will end only when the malicious program is detected and disabled or removed. But the main difficulty is that many popular modern applications allow macros, also macro codes can be written with very little specialist knowledge. You can create your own trusted certificate (Certificate is a unique ID same as fingerprints) to enable digital authority for macros debugging and this certificate should be assigned to specific document, as example Microsoft Office supports such kind of certificates and all you need to do is to Run Selfcert.exe from My Computer or Windows Explorer (you can find it in Microsoft Office tools under the name Digital certificates for VBA projects). Then in the Your name box, type the name you want to associated with this certificate, and then click OK, Selfcert.exe will create and install a self-signed certificate that you can use to sign VBA projects on the current computer. More setting is required to make the system trust your certificate and this can be done using certmgr.msc. To open this program from Start menu choose run and type certmgr.msc. Then move your certificate from personal to trusted certification folder.
Don’t forget to associate your new certificate with your existing documents; this can be obtained by pressing keys alt+f11 to open the VB editor for the document then choose from the bar Tools, from Tools menu select Digital Signature, from the new opened window select your certificate note that one certificate can be assigned for many documents.
Malicious Code Execution Prevention
Another technique you can use in order to prevent malicious programs as of been executed from the memory is to use that well known security feature the Data Execution Prevention (DEP). DEP can be defined as a set of hardware and software technologies that perform additional checks on memory to avert malicious code from running on a system and it’s available in Microsoft Windows XP Service Pack 2 (SP2) and Microsoft Windows XP Tablet PC Edition 2005 and Windows Vista (also its included in Windows server 2003, 2008 but this Article i will cover just the OS for personal computers), these technologies can be enabled for both hardware and software. However you need to be aware about the compatibility of your processor (some processors does not support the DEP) in case of hardware enforced DEP or the compatibility of your applications and services in case of software enforced DEP.
Hardware-enforced DEP
Hardware-enforced DEP flags all memory locations in a process as non-executable except if the location trustily contains executable code. When a malicious program tries to insert and run code from non-executable memory locations Then DEP will act to prevent these attacks by intercepting them immediately.
Software-enforced DEP
With software enforced Data Execution Prevention, security checks will be enabled in order to block malicious code that takes advantage of exception-handling mechanisms in Windows. Software-enforced DEP runs on any processor that can run Windows XP SP2. By default, software-enforced DEP helps protect only limited system binaries, regardless of the hardware-enforced DEP capabilities of the processor.
Viruses
A computer virus is a computer program or Script that can copy itself and contaminate a computer devoid of permission or knowledge of the user. The name "virus" is also commonly used to refer to many different types of malware and adware programs. The original virus may modify the copies, or the copies may modify themselves. A virus can only spread from one computer to another when its host is taken to the uninfected computer, for instance by a user sending it over a network or the Internet, or by carrying it on a removable medium such as a floppy disk, CD, or USB drive. Meanwhile viruses can spread to other computers by infecting files on a network shared file system.
Recent viruses may also take advantage of network services such as the World Wide Web, e-mail, Instant Messaging and file sharing systems to spread.
Virus Phases:
Virus Phases can be grouped into four categories as listed below:
Dormant Phase:The Virus is idle.
Propagation Phase:The Virus places an identical copy of itself into other programs.
Triggering Phase:The Virus is activated to perform the function for which it was intended.
Execution Phase:The function is performed.
Types of Viruses:
Parasitic Viruses
A parasitic virus attaches itself to a file in order to propagate. It generally keeps most of the file intact and either adds itself to the start or end of the file, COM and EXE files are easiest to infect, as they are simply loaded directly into memory and execution always starts at the first instruction.
Memory resident Viruses
A virus that stays in memory after it executes and after its host program is terminated. In contrast, non-memory-resident viruses only are activated when an infected application runs.
Resident viruses contain a replication module that is similar to the one that is employed by nonresident viruses. However, this module is not called by a finder module. Instead, the virus loads the replication module into memory when it is executed and ensures that this module is executed each time the operating system is called to perform a certain operation. For example, the replication module can be called each time the operating system executes a file. In this case, the virus infects every suitable program that is executed on the computer.
Resident viruses are sometimes subdivided into a category of fast infectors and a category of slow infectors. Fast infectors are designed to infect as many files as possible. For instance, a fast infector can infect every potential host file that is accessed. This poses a special problem to anti-virus software, since a virus scanner will access every potential host file on a computer when it performs a system-wide scan. If the virus scanner fails to notice that such a virus is present in memory, the virus can uses the virus scanner and in this way infect all files that are scanned. Fast infectors rely on their fast infection rate to spread. The disadvantage of this method is that infecting many files may make detection more likely, because the virus may slow down a computer or perform many suspicious actions that can be noticed by anti-virus software. Slow infectors, on the other hand, are designed to infect hosts infrequently. For instance, some slow infectors only infect files when they are copied. Slow infectors are designed to avoid detection by limiting their actions, they are less likely to slow down a computer noticeably, and will at most infrequently trigger anti-virus software that detects suspicious behavior by programs.
Boot Sector Viruses
A boot sector virus is a computer virus which infects the boot sector on hard disks, floppy disks, and theoretically also other bootable media such as CD's and DVD's.
A boot sector virus infects or substitutes its own code for either the DOS boot sector or the Master Boot Record (MBR). The MBR is small program that runs every time the computer starts up. It controls the boot sequence and determines which partition the computer boots from. The MBR generally resides on the first sector of the hard disk.
Since the MBR executes every time a computer is started, a boot sector virus is extremely dangerous. Once the boot code on the drive is infected, the virus will be loaded into memory on every startup. From memory the boot virus can spread to every disk that the system reads.
Some CMOS setups can be configured to prevent writing to the boot sector of the hard drive. This may be of some use against boot sector viruses. However, if you need to reinstall or upgrade the operating system, you will have to change the setting back to make the MBR writable again.
Stealth Viruses
A stealth virus is a file virus that uses special techniques to hide its presence from users and virus scanners. This is achieved by intercepting the read request to the file and returning the content of the original read request to the uninfected file. Once the computer has been infected, the virus can make modifications to allow the computer to appear that it has not lost any memory and/or that the file size has not changed.
When an antivirus program tries to detect the virus, the stealth virus feeds the antivirus program a clean image of the file or boot sector.
Polymorphic Viruses
It’s a Virus that changes its signature every time by replicates and infects a new file in order to trick the antivirus program. But what is the Virus signature? The virus signature is like a fingerprint in that it can be used to detect and identify specific viruses. Also it could refer to an algorithm or hash that uniquely identifies a specific virus. It may be a static hash that calculated numerical value of a snippet of code unique to the virus. Also, the algorithm may be behavior-based Anti-virus software uses the virus signature to scan for the presence of malicious code.
Bacteria
Bacteria are programs that do not explicitly damage any files. Their only purpose is to replicate themselves. Bacteria reproduce exponentially, eventually taking up all the processor capacity, memory, or disk space.
Worms
A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes (computer terminals on the network) and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program. Worms almost always cause harm to the network, if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.
Many worms come in the form of email file attachments, or as hidden additions to actual email messages, which trigger the execution of infectious code, In addition to email, worms can also infect computers via web sites, file sharing systems, instant messages, and more. Therefore, any computer connected to the Internet runs the risk of being infected with a malicious worm.
Once installed on a computer, worms spontaneously generate additional email messages containing copies of the worm. They may also open TCP ports to create networks security holes for other applications.
Trojan horse
The phrase is derived from the classical story of the Trojan horse. In computer security a Trojan is a program or command procedure containing hidden code that, when invoked, performs some unwanted or harmful function. Trojan horse programs can be used to accomplish functions indirectly that an unauthorized user could not accomplish directly. For example, to gain access to the files of another user on a shared system, a user could create a Trojan horse program that, when executed, changed the invoking user's file permission so that the files are readable by any user.
Trojan horse is almost designed to cause harm, but it can also be harmless. They are classified based on how they violate and damage systems. The six main areas where Trojan horse are often used:
· Remote Access
Data Destruction
· Downloader
· Servers (Proxy, FTP, IRC, Email, HTTP/HTTPS, etc.)
· Security settings disabler
· Denial-of-service attack (DoS)
Logic Bomb
A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting some important files.
Some use for a logic bomb is to ensure payment for software. If payment is not made by a certain date, the logic bomb activates and the software automatically deletes itself. A more malicious form of that logic bomb would also delete other data on the system.
Trap Door
Undocumented entry point written into code for debugging that can allow unwanted user to access the system.
Trap Door can be a hardware or software-based and it’s always hidden acting as entrance to a computer system that can be used to bypass the system's security policies.
Dear reader now it’s the time to learn how to simply distinguish between mentioned malicious programs, some one may ask why I need to distinguish among such programs. OK, in order to protect your system you need to know first you are protecting against what. Because each malicious program has its own technique in order to defend.
Let’s be more practical and learn how malicious programs can affect our files, we will mainly talk about Windows operating system.
The Windows operating system recognizes file types and associates them with programs based on their file extension. That means Windows might recognize filename.htm as being associated with Internet Explorer. Thus, when a user opens filename with htm extension, Windows will first open Internet Explorer that will handle opening the file. When Windows is first installed, certain file type associations are automatically assigned, as example the default handler for .TXT files is the Notepad program.
When new programs are installed to the system, they will often add new file types associated with that program or even change previous file type associations to be handled by the new program. Consider Windows Media Player (WMP) is the default handler for .MP3 files, if similar program is installed, it will prompt during the installation to change the default handler from WMP to that new similar one (Since both applications has the ability to open same data files). And If allowed, this will cause an MP3 files (or any others it may have re-registered) to be opened by new installed program in the future, instead of WMP.
Viruses can do exploit files and their associations moreover Virus can change some extension or redirect them to another hidden program. It is important that file extension viewing is enabled and that you are aware of which extensions are associated with which programs. Before proceeding further, ensure file extension viewing is enabled on your system.
Most of common malicious codes contaminates are done through compiling some scripts. When you have .vbs extension file (these files written using VBScript and it is a scripting language) it’s executed by wscript.exe as its associated program.
The main purpose of this program is to enable developers to construct their own instruction using notepad or any free editor to write the code and save it with .vbs extension (or any other script formats), when you click on such file some function or functions are performed through its associated program mainly the Windows based script host (wscript.exe) to do specific task, if the code was written by a Hacker or Cracker then this task may harm your computer.
The question is do we really need the wscript.exe? Ok, this depends on many items like whether you are using individual computer or not? What if you or the one who may share the computer with you are interesting in code development? Number of useful programs that have been installed to your system and they require to use or to access some script files.
If you are confused about your answer or you are not sure don’t worry we will show you a easy way to get a ride of unwanted script debugging without the need to remove the wscript.exe, simply we are going to change the association of the script file that have the .vbs extension to be established using non related program example Notepad.
Let’s start step by step, first on your Windows explorer select Tools,
Second from the tools menu select Folder Options, and then click on the tab File Types and navigate till you find your desired extension, here we need to mention that its totally danger to randomly change the file association for any extension unless you know what you are doing otherwise you will case a serious problem for your Operating system and it may totally be damaged. So please try to be careful while choosing your file extension.
Third, press on button Change, and from Open With window choose Notepad .
Make sure that the option always use the selected program to open this kind of file, is ticked then press Ok, and Close.
By this point you should know how to disable the ability of Windows from executing some scripts data file based on their extensions. without deleting the program wscript.exe, To re-enable the script debugging for some extension do the same procedure and select wscript instead of notepad or simply press on reset button.
Beside scripts debugging some large packages are often include their own built-in programming languages. In such case malicious code could be written as macros. Before going further let’s agree on that, macro is an instruction that carries out a list of program commands automatically. Some applications (Example: Word Processing, spreadsheets, presentation slides and more some.) allow macro programs to be embedded in documents, so that the macros may be executed automatically when the document is opened, this provides a suitable way by which malicious program’s can be spread.
When accessing a document with embedded macro code’s a copy of that macro resides on the computer and then any document on same computer that uses the same application can become infected. If a copy of an infected file is passed to anyone else through email or any removable media the malicious program can spread to the recipient's computer. This process of infection will end only when the malicious program is detected and disabled or removed. But the main difficulty is that many popular modern applications allow macros, also macro codes can be written with very little specialist knowledge. You can create your own trusted certificate (Certificate is a unique ID same as fingerprints) to enable digital authority for macros debugging and this certificate should be assigned to specific document, as example Microsoft Office supports such kind of certificates and all you need to do is to Run Selfcert.exe from My Computer or Windows Explorer (you can find it in Microsoft Office tools under the name Digital certificates for VBA projects). Then in the Your name box, type the name you want to associated with this certificate, and then click OK, Selfcert.exe will create and install a self-signed certificate that you can use to sign VBA projects on the current computer. More setting is required to make the system trust your certificate and this can be done using certmgr.msc. To open this program from Start menu choose run and type certmgr.msc. Then move your certificate from personal to trusted certification folder.
Don’t forget to associate your new certificate with your existing documents; this can be obtained by pressing keys alt+f11 to open the VB editor for the document then choose from the bar Tools, from Tools menu select Digital Signature, from the new opened window select your certificate note that one certificate can be assigned for many documents.
Malicious Code Execution Prevention
Another technique you can use in order to prevent malicious programs as of been executed from the memory is to use that well known security feature the Data Execution Prevention (DEP). DEP can be defined as a set of hardware and software technologies that perform additional checks on memory to avert malicious code from running on a system and it’s available in Microsoft Windows XP Service Pack 2 (SP2) and Microsoft Windows XP Tablet PC Edition 2005 and Windows Vista (also its included in Windows server 2003, 2008 but this Article i will cover just the OS for personal computers), these technologies can be enabled for both hardware and software. However you need to be aware about the compatibility of your processor (some processors does not support the DEP) in case of hardware enforced DEP or the compatibility of your applications and services in case of software enforced DEP.
Hardware-enforced DEP
Hardware-enforced DEP flags all memory locations in a process as non-executable except if the location trustily contains executable code. When a malicious program tries to insert and run code from non-executable memory locations Then DEP will act to prevent these attacks by intercepting them immediately.
Software-enforced DEP
With software enforced Data Execution Prevention, security checks will be enabled in order to block malicious code that takes advantage of exception-handling mechanisms in Windows. Software-enforced DEP runs on any processor that can run Windows XP SP2. By default, software-enforced DEP helps protect only limited system binaries, regardless of the hardware-enforced DEP capabilities of the processor.
Thursday, March 25, 2010
What Social Needs Does Chatroulette Fill?
I believe you have already heard of Chatroulette, the new video chat platform that has attracted the attention of millions. In February there were 30 million unique visitors to the site. That's 1 million new users each day. The site made quite a buzz on the news media, blogs, and Twitter. Comscore reports 1 million U.S. visitors in February with a predominance of 18- to 24-year-old males.
The platform looks premature (it might be part of its charm) as it comes with one feature only: the next button. (By clicking it you are skipping from one user to another.) The next feature is vital as it gives the user a sense of control. I would even consider naming the hype around its users the "Next" Generation.
Sponsor
Guest author Dr. Taly Weiss is a marketing trends researcher with a PhD in Social Psychology, a digital research expert, and the founder of TrendsSpotting trends agency. Her digital trends insights are presented at The TrendsSpotting Blog and she follows consumer trends at TrendOriginal.com. Taly's academic work contributes to the field of Behavioral Economics. TrendsSpotting offers customized and syndicated research reports, published at top market research databases. She can be contacted at talyweiss@trendsspotting.com.
What a powerful (yet dangerous) tool that can be for people who seek to experience the control they lack in their personal life. The Next Effect is well embedded in the whole Chatroulette random experiment.
What social needs does such a platform serves?
Psychologically speaking, these random experiences can teach us on few important needs about social interactions.
- the crave for peeking
- (online) face to face
- control (and at the same time - lack of control)
- The no commitment effect.
Combine the four together and you understand the power and the addiction potential of Chatroulette.
We are all well familiar with the above needs:
- Peeking into strangers' lives is what brought popularity to the reality TV shows. We humans receive instant gratification from the arousing feeling that comes when we are allowed inside private personal places.
- Face to face interactions are certainly not new experiences on the Web. But they are getting to an extreme when you personally encounter strangers in their natural surroundings.
- As to control, Chatroulette can well imitate an act of meeting strangers on the street. You can choose between two acts: you can play active or passive. They are both highly addictive. You can actively approach, and they might not get interested in you. You keep on trying. At the same time, you can choose to be the one who turns down interactions. That can be satisfying don't you think?
- The no commitment part is achieved by users' anonymity. Chatroulette doesn't require any identification or user subscription. You don't have to work hard and fake your identity.
Finally, there is something new in these sets of random acquaintances that leaves you unprepared. This surprise element can never be achieved offline. While Twitter and Facebook let you follow strangers you choose to, Chatroulette adds more dimensions to these interactions. It is no longer about your friend's whereabouts or images, nor about reporting what's going on now. It's live and you get a chance to play with an imaginary sense of control. While in real life you hardly talk to strangers, here you get it as a social norm.
The future of random interactions:
I can think of several ways of making these interactions more intriguing - mobile interactions on the move (following people wherever they go) would definitely be hot, as well as the option to filter the people you meet by their location, age or gender.
But forget that for now. If Chatroulette were to succeeded in controlling immoral and pornographic activity, what a great human experiment it would open!DiscussRead More... [Source: ReadWriteWeb - Posted by FreeAutoBlogger]
Gravity: New Form of Fun for Groups or a Dinosaur at Launch?
High-profile startup Gravity launched its group conversation website to the public tonight. Founded by three former MySpace executives - Amit Kapur, Steve Pearman, and Jim Benedetto - and backed by Redpoint Ventures and August Capital, Gravity "connects people with shared interests and helps them engage in meaningful and fun conversations."
Unlike other social networks that rely on previous relationships, Gravity connects users with others "you should know and should be talking to because they share your passions." Rather than rely on existing social connections, Gravity encourages users to make new ones.
Sponsor
Using metaphors from astrophysics Gravity allows users to create "Worlds" (topics)
that they can "orbit" (follow). �This metaphor does not extend to "Amir, the friendly neighborhood dinosaur" that serves as the guide.
There are real-time notifications to conversations that one "orbits," and the company indicates there will be an API that allows widgets to be embedded elsewhere.
Although Gravity seeks to do something new, the dinosaur might be an apt mascot, for the site seems to be in most respects a combination of forums and groups - two of the Internet's earliest forms of social networking. �The threads are organized chronologically, with embedded comments and the ever-popular "like" feature.
Liz Gannes wrote tonight on GigaOm that "the back end is a dynamic 'interest graph' with deep analytics about people's participation." She notes though that Om Malik "thinks the company is just hoping to latch onto general tech industry excitement about big data." TechCrunch had in-depth coverage of the companies plans for its data in December.
The service has been in private beta since December, and those who are active on Gravity already seem to be pleased with the service and with its look-and-feel. �I did get quick and friendly responses to the conversations I started there, although admittedly the topics seemed, well, conversational. �Contrast this with an informational site like Quora, a site founded by former Facebook CTO Adam D'Angelo, where users participate less in conversation than in Q&A. SnapGroups, a site started by Yahoo Groups inventor Mark Fletcher earlier this month, is similar as well.
Some say there are two types of people in social networking: �those who like Facebook and those who prefer MySpace. �The difference between Quora and Gravity might just echo this.
DiscussRead More... [Source: ReadWriteWeb - Posted by FreeAutoBlogger]
Startup Strategy Roundtable: Validate Your Ideas
I started doing my free Online Strategy Roundtables for entrepreneurs in the fall of 2008. Based on this work, I've been able to draw a few conclusions.
First, a good percentage of entrepreneurs don't bother validating their ideas. Another percentage are immediately interested in raising money. Raising money without validating the business is pretty much impossible. If we can address some of these patterns we have a chance at significantly reducing infant entrepreneur mortality.
At this morning's roundtable I worked with four new entrepreneurs, and this is what I learned.Sponsor
Sramana Mitra is a technology entrepreneur and strategy consultant in Silicon Valley. She has founded three companies and writes a business blog, Sramana Mitra on Strategy. She has a masters degree in electrical engineering and computer science from the Massachusetts Institute of Technology. Her three books, Entrepreneur Journeys, Bootstrapping, Weapon Of Mass Reconstruction, and Positioning: How To Test, Validate, and Bring Your Idea To Market are all available from Amazon. Her new book Vision India 2020 was recently released. Mitra is also a columnist for Forbes and runs the 1M/1M initiative.
Mel Marten presented ClaroConnect, described as being like a match.com for financial advisors and clients.� There was a discussion about the best way to monetize the business, whether charging an annual fee is preferred to monetizing every lead. Then the conversation turned to affiliate marketing.
Albert Santalo with CareCloud was next.� This Internet-based service simplifies the many tasks of the modern medical office. While this business has been validated by a growing list of clients, the positioning of their service needs to be more sharply defined in order to scale the business.� Through much give and take, the importance of segmentation and focusing on the strongest segment of their market was emphasized.�
Martin Linkov presented Favit, a product aiming to personally curate and simply present online content.� As a blogger and potential customer, I said I am looking for a service to curate and prioritize what other bloggers are saying about a topic I am blogging about to give my readers a fuller perspective.� But Martin is not looking to answer that need.� He demonstrates how difficult it can be to explain a complex service, while being pressed to succinctly define who the user is for this service, and what is the value proposition for the bloggers who are the stated channel.� The most valuable selling proposition for this service still needs to be defined and validated.�
Mark Hernandez pitched his business, After COOL Fitness.� I liked this business idea, there is clearly a need to fill in as physical education and recreation programs are being cut from school budgets.� Currently they are paid by grants and parents.� When I learned of the lopsided ownership structure of the business, I felt Mark's main priority should be to rework the capital structure of the business while continuing to organically grow the business regionally.
The roundtables are the cornerstone programming of a global initiative that I have started called One Million by One Million (1M/1M). Its mission is to help a million entrepreneurs globally to reach $1 million in revenue and beyond, build $1 trillion in sustainable global GDP, and create 10 million jobs.
In 1M/1M, I teach the EJ Methodology which is based on my Entrepreneur Journeys research, and emphasize bootstrapping, idea validation, and crisp positioning as some of the core principles of building strong fundamentals in early stage ventures.
You can find the recording of this roundtable session here.�Recordings of previous roundtables are all available here. You can register for the next roundtable here.
Photo by Laurent Cottier.
DiscussRead More... [Source: ReadWriteWeb - Posted by FreeAutoBlogger]
Sweden is the World's Most Networked Country - U.S. Drops to Fifth Place
In 2005, the U.S. still ranked as the most networked country in the world according to the World Economic Forum's Global Information Technology Report. This report, which provides an extensive analysis of the economies and network infrastructures of 133 countries, has now demoted the U.S. to fifth place, and ranks Sweden, Singapore, Denmark and Switzerland as the most networked countries in the world. With regards to broadband adoption, the U.S. only ranks 22nd in the world.
Sponsor
U.S. Has Some Catching Up to Do
As the report notes, the U.S. still boasts an environment that is highly conducive for information and communication technologies. The U.S. still ranks first when it comes to IT usage in business, and fourth for IT usage in government. On an individual level, however, the U.S. lags behind many other countries, mainly due to the low mobile subscription penetration rate - where the U.S. only ranks 72nd in the world - and the relatively low number of broadband subscribers (22nd). The report's authors base this assessment on information from 2008, however, and according to some data we saw earlier this year, broadband penetration in the U.S. was actually down in 2009.
China and India
China, which ranked at the bottom of the report's annual rankings in 2002 (64th out of 74 countries) has now moved up to 37th place (out of 133 countries). India, too, continues to climb up the the World Economic Forum's rankings and has now moved up to 43rd place.
DiscussRead More... [Source: ReadWriteWeb - Posted by FreeAutoBlogger]
Subscribe to:
Posts (Atom)
Posts
