jerseyBYTE

Weekly Website: academicearth.org

2011-10-19T15:59:00.003-04:00

With the revolution of the internet, online schooling is now a reality. Many reputable Universities offer distance learning opportunities via the web. Some courses would have to be purchased, however there are plenty of other topic materials that are uploaded free for the public good. Academic Earth has a plethora of academic resources at great quality streams, categorized, and at no cost to you. Just so you know, these are not quick how-to videos. It's a solid semester of respected professors through an assortment of subject matter. In fact, it so closely simulates the college lecture expirence that I dozed off during class.

Pick your vice! From Science to Religion, it's great to have this much access to remarkable knowledge.

Technical Difficulties

2011-10-19T15:05:00.000-04:00

Data Encryption

2010-11-28T17:08:00.001-05:00

Data encryption is one way to secure client information. As fast as digital communications are secured, attackers will test the security method and attempt to breach the system. To stay one step ahead and protect the data in your organization, you'll need to have an understanding of the fundamentals of data encryption and the choices you have for implementing data encryption in your network.

All data encryption depends on the use of a key to control how information is encoded and decoded. There are two main categories of key-based encryption.

In shared-key, or symmetric, encryption systems, the same key is used both to encode and to decode the message. The secret key must somehow be communicated securely between the two parties to the communication.
In key-pair, or asymmetric, encryption systems, each party has two keys: a public key, which anyone can obtain, and a private key, known only to the individual. Anyone can use the public key to encrypt data; only the holder of the associated private key can decrypt it.

Data Encryption Standard (DES) is a shared-key encryption standard that is based on a 56-bit encryption key that includes an additional 8 parity bits. DES applies the encryption key to each 64-bit block of the message. Triple DES or 3 DES is a more-secure variant of DES that uses three separate DES keys to repeatedly encode the message.

A digital certificate is an electronic document that associates credentials with a public key. Both users and devices can hold certificates. The certificate validates the certificate holder's identity and is also a way to distribute the holder's public key. A server called a Certificate Authority (CA) issues certificates and the associated public/private key pairs.

Public Key Infrastructure (PKI) is a hierarchical system that is composed of CAs, certificates, software, services, and other cryptographic components, for the purpose of authenticating and validating data and entities. To secure transactions over the Internet for example. A PKI issues and maintains public/private key pairs and certificates.

The PKI hierarchy consists of at least one top-level CA called the root CA. It can include addtional, subordinate CAs. The root CA issues itself a self-signed certificate. It is then possible for the root CA to provide certificates and key pairs directly to clients. However, it is more typical for the root CA to issue certificates to subordinate CAs, which handle the client certificates.

A private root CA is set up for internal use by a particular organization. Although it follows the hierarchical PKI structure, certificates from a private root CA are not available outside the organization that maintains it.

A public root CA is set up by a commercial vendor or other public authority for the express purpose of providing a common authentication structure between different organization and entities. For example, an e-commerce website might contract with a public CA provider, such as VeriSign, to obtain a certificate to demonstrate to customers that its website is secure and reliable.

Certificates can be used for data encryption. In the certificate encryption process:

A security principal obtains a certificate and public/private key pair from a CA.
The party who is encrypting the data obtains the user's public key from the user or from the CA's certificate repository.
The encrypting party uses the public key to encrypt the data and sends it to the other user.
The other user uses the private key to decrypt the data.

The Encrypting File System (EFS) is a file-encryption tool available on Windows systems that have partition formatted with NTFS. EFS encrypts file data by using digital certificates. If a CA is not avaible to ussue a file-encryption certificate, the local system can issue a self-signed encryption certificate to users who want to encrypt files. Unlike NTFS permission, which control access to the file, EFS protects the contents of the data. With EFS, you can keep data secure even if NTFS security is breached.

A sender can verify it's identity by attaching a small piece of encrypted data, called a digital signature, to a message. The digital signature is encrypted with the sender's private key; the receiver decrypts it by using the public key as obtained from the certificate repository. Because only the public key associated with the sender can decrypt the signature, it verifies the sender's identity and provides that the data has not been altered in transit.

Secure Sockets Layer (SSL) is a security protocol that combines digital certificates for authentication with RSA public-key data encryption. SSL is a server-driven process; a client that supports SSL does not need a registered certificate to connect securely to an SSL-enabled server. SSL is widely deployed on the web. A website that supports the secure HTTPS protocol must have an SSL security certificate.

The RSA encryption algorithm, named for its inventors (Rivest, Shamir, and Adelman) is a well known and widely implemented public-key data encryption standard. Mathematically, it is based on the difficulty of factoring extremely large numbers. Most web browsers, including Internet Explorer, support RSA encryption.

The SSL process starts with a client requesting a session from a server. The server sends its digital certificate and public key to the client. The server and client negotiate an encryption level. The client then generates and encrypts a session key using the server's public key, and returns it to the server. The client and server then use the session key for data encryption.

For more information, tips, and tricks, be sure to follow me on Twitter.

Responsible Computing

2009-12-20T17:49:00.004-05:00

Have you ever gotten vertigo or burning eyes while surfing the web? Thumb ever cramp up after owning that noob clan? Perhaps your back hurt after winning that Christmas bid. Did you answered yes to any of these questions or have similar aches and pains while sitting in front of the computer? Then you need to take a break. Other symptoms of prolonged computer use may include numb fingers and sore wrists. Including neck, shoulder, arm, thigh and lower leg strain. The eyes are sensitive to the light being emitted from your monitors -- Redness, dryness, temporary blurring of vision, and headaches have been reported as well.

Our bodies were not designed to sit still, even in correct potion, for long periods of time. Many individuals find that using a computer extensively can cause discomfort, so regular pauses are not a waste of time. Change your seated position occasionally. Stand up or stretch whenever you start to feel tired. Rolling your head, lifting and dropping your shoulders, and pulling your hand backwards and downward help stretch critical points of stress. It would be wise to take 5 minute "eye breaks" for every hour in front of your screen. Depending of your work regulations and limitations, turning the monitor's brightness and contrast down can be a substitute for eye breaks. Using anti-reflection lens (for glasses) can also help. Keep in mind that colored contact lenses distort color and could contribute to headaches.

In order to prevent such problems, using a properly set up workstation is ideal. In the case of desktop keyboards, keep your fingers relaxed while typing and using a mouse. Use a soft touch on the keys rather then pounding the keyboard with unnecessary force. Your wrists should NEVER drop while typing. This will cause serious strain on your tendons rustling in carpal tunnel syndrome. Grasp the mouse gently and avoid holding a pen or anything else for that matter while the mouse is in use. The computer screen should be about 2 feet away and the top of the screen should be at or close to eye level. The chair you use is just as important as your habits. You should feel relaxed and comfortable while siting. The height of the chair should be adjusted according to your height. Your feet should rest flat with your legs perpendicular to the floor. You should keep your spin straight with your upper arms close to the body.

The design of laptops and other mobile computing devices are inherently problematic because the screen and keyboard are not in separate locations. When using these computers, your head/neck bend to see the screen or your hands and wrists bend in order to type. Keep in mind that these devices are intended for occasional use. You may find that positioning the laptop on your lap is ideal for the most neutral wrist position. Though, if you are using the mobile computer frequently in doors, consider purchasing an external monitor or external keyboard to improve the workstation set up.

Remember to use common sense when operating, not just computers, but all machines.

Military Robots

2009-12-06T17:53:00.004-05:00

I've been reading a lot on subjects a la information theory, robotics, and artificial intelligence this past month with a focus on security and warfare. Not to my surprise, I find myself blurring the lines between what is fiction and what is nonfictional.

The United States along with 40 other counties are developing and testing unmanned vehicles. Matter of fact, within the Iraq and Afghanistan theater, there are over 5,000 robots in service. These robots assist with the day-to-day military tasks as finding booby traps and searching for the enemy. The idea is not to put the soldiers in harm's way. So, you can imagine that these devices can make an infantry man's life a whole lot easier and with higher rates of success. There has never been a robotic deployment this large in military history as there is today. In Iraq alone there has been over 10,000 I.D.E. situations dissolved with the help of robots. That is one of the reasons why the Pentagon wants to push for more machines and will do so by investing nearly 2 billion dollars over the next 5 years. Robots ranging in size from multi ton mine sweepers to tiny bots now in use by special forces will all get upgrades. But we are forgetting one undeniable by-product of war, death. There is now an influx of robotic technology that is much more lethal and it is a far cry from the cute caregivers and dancers from Tokyo. Technicians are mounting fully automatic assault rifles and grenade launchers onto a four wheel or track driven chassis. Complete with long range scopes, night vision, and thermal sensors all tied to a smart grid of embedded integrated circuits. Granted, there is a man in the loop. These robots are designed to be controlled from a far, either through close range radio or satellites overhead, and a solider must press the fire button. The government insists that they are not unleashing mindless killing machines. However, completely autonomous robotics is not far away and is ultimately the goal. The United States Army is already testing supply robots that move across vast distances without a human operator. The Defense Advanced Research Project Agency (DARPA), an arm of the Department of Defense, spearheads robotic challenges where American universities compete to construct cars that drive themselves. Though, there are other projects that are more amazing as they are sinister. Projects such as merging the soldier's body, mind, and machine. From there, connecting platoons and their robots to networks and mainframes controlled by an artificial intelligent, self maintaining, super computer. I would like to point your attention now to a video montage of DARPA's IXO (Information Exploitation Office) initiative. Mind you, the quotes are from real DoD documentation.

Sega Genesis games on your computer.

2009-11-28T12:48:00.012-05:00

My second video game console was the 16-bit Genesis from Sega. How I loved to hear that logo scream onto the screen every time I popped in Sonic The Hedgehog. Now I can relive my 90s video game obsession by using emulators. You can find video game emulation software easy and quickly. After some search, you can discover the Atari, NES, N64, and Playstation emulators along with others. You can even get your Commodore64 fix. I found a few for the Genesis platform. Genecyst for DOS, Genesis Plus for Mac, Gens and Xega for Windows.

Before ripping up the gift wrapping, begin a search for your game of choice. You will need to feed the application with instructions in the form of ROM files. Think of it as a game cartridge in a computer file. Mind you, file formats vary depending on emulator. Nonetheless, you no longer need to blow at your games through your shirt to magically revive the connectors in order for the game to work. You'll most likely find them zipped so once you downloaded the compressed files, it is as easy as extracting them onto your hard drive and loading the game files with the emulator application.

Due to the small size of these files and little graphic processes, you can run emulators of old game consoles on just as old computer systems. So there is no need to worry about hardware requirements. For a comfortable trip down memory lane, I suggest using a 6-button game pad that can be connected through game port or USB.

DISCLAIMER: I am not responsible nor will I be held accountable for copyright laws you may or may not violate.

Gangstar: West Coast Hustle for the iPhone/iPod

2009-11-22T15:02:00.005-05:00

I have new appreciation for Apple's iPhone as a mobile gaming device. I got to try out Gangstar West Coast Hustle. Yes, the name is very cheesy but the app is not. For all GTA fans, you will trip for this download.

If your new to playing platform games on the iPhone and iPod touch, then it make take some time adjusting to the touch sensitive controls. I would recommend downloading via iTunes because the program is 175 MB. Also, the game runs better on the S as apposed to other models. You can imagine why.

Virus Protection

2009-08-27T13:23:00.003-04:00

In a previous post, we discussed major categories of network threats. In this post, and others to follow, we will identify some of the methods you can use to protect against those threats. Viruses are among the most common network threat. Because viruses are such a common and serious type of network threat, a good virus defense plan is critical to securing a network system. All networks will encounter a viruses. Viruses are insidious threat because of their ability to replicate themselves and thus spread to multiple systems. Viruses can use different propagation methods, such as attaching itself to removable media. A virus on the Internet can attach itself to a file. When a user downloads and runs the file, the virus is activated. A virus can attach to email. When a user opens or runs the attachment, the virus is activated. Viruses can be categorized into several types:

Boot Sector. The original floppy-based virus. Writes itself into the boot sector of a floppy disk. When a system attempts to boot from the disk, the virus is moved onto the system. Once on the system, the virus attempts to move itself to every disk placed in the system.
File infecting. Infects executable programs and uses operating system resources to propagate itself. It often destroys the executable file unless it's well written.
Macro. A macro is a group of application-specific instructions that executes as a group within a specific application. A macro virus uses other programs' macro engines to propagate or dump its payload. True macro viruses don't actually infect files or data, but attach themselves to the file's template, document, or macro code.
Mailer/Mass Mailer. A mailer virus sends itself to other users through the email system. It simply rides along with any email that is sent. A mass mailer virus searches the email system for mailing lists and sends itself to all users on the list. Often, the virus doesn't have a payload, but it's purpose is to disrupt the email system by swamping it with mail messages in a form of DoS attack.
Polymorphic. This type of virus can change as it moves around, acting differently on different systems. It can sometimes even change the virus code, making it harder to detect.
Script. A small program that runs code using the Windows scripting host, on Windows operating systems. It's written as script in Visual Basic or JavaScript and executes when the script runs. Scripts are often distributed by email and require a user to open them.
Stealth. A stealth virus moves and attempts to conceal itself until it can propagate. After that, it drops its payload.
Worm. A self-contained program, similar to a virus, that spreads and can exist without a carrier file. It detects a connection and establishes communications with other devices on its own. It propagates on any network connection or email system.

How to combat? Antivirus software is an application that scans files for executable code that matches patterns, known as signature or definitions, that are known to be common to viruses. The antivirus software also monitors systems for activity that is associated with viruses, such as accessing the boot sector. Antivirus software is typically deployed on the gateway computers at the perimeter of the network as well as on individual desktop systems. Two major antivirus software vendors are Symantic and McAfee, though they charge yearly subscriptions for their products. AVG and A-Vast are more economical choices.

The antivirus software vendor maintains and updates the libraries of virus definitions. The customer must periodically update the definitions on the all systems where the software is installed. Most vendors provide an automatic update service that enables customers to obtain and distribute current virus definitions on a schedule. Periodically, administrators should manually check to verify that the updates are current. When there is a known active threat, administrators should also manually update definitions.

Some vendors offer enterprise virus suites that include virus protection for all systems in a company, automatic updating, and the ability to download and and distribute updates from a central server. Distributing the updates from a local server instead of obtaining them directly from the vendor enables the antivirus administrator to review and verify virus definitions before they are deployed.

Because almost all computer systems today are connected to the Internet, Internet email is a source of serious virus threats. Companies can implement Internet email virus protection by:

Screening the Internet gateway computers for viruses.
Employing good desktop antivirus software.
Scanning incoming email between the Internet and the email server.
Scanning email again at the desktop.
If a virus attack is detected, disabling all Internet connections and isolating affected systems.

Change Windows User Account passwords using Command Prompt

2009-08-10T12:10:00.008-04:00

The Windows Command Prompt is a command-line interpreter (also called a command line shell) that is a computer program which reads lines of text entered by the user. There are two conventional ways to start the Windows Command Prompt. Start, Programs, Accessories, and click Command Prompt. The other way would be to click Start, Run, and type "cmd" (without the quotes of course) and press enter.

You will see some text, but pay no attention to them at this time. Simply type "help" into the command prompt and you will get a list of some general commands you may use. Though all are useful, this post will be centered around the "net user" command. This command is used to create and modify user accounts. When you use this command without switches, which are added parameters to specify the command, the user accounts for the computer will be listed.

The following show an example of the net user syntax:

net user [username [password | *] [options]] [/domain]

username {password | *} /add [options] [/domain]

username [/delete] [/domain]

Notice the order in which you type the switches. The parameters are as followed:

username Is the name of the user account you want to add, delete, modify, or view. The name of the user account can have as many as 20 characters.
password Assigns or changes a password for the user's account. A password must satisfy the minimum length set with the /minpwlen option of the net accounts command. It can contain as many as 14 characters.
* (Yes, the asterisk) Produces a prompt for the password. The password is not displayed when you type it at the password prompt.
/domain Performs the operation on the primary domain controller (PDC) of the current domain. This parameter applies only to the computers running Windows NT Workstation that are members of the Windows NT Server domain. By default, Windows NT Server-based computers perform operations on the PDC.
/add Adds a user account to the user accounts database.
/delete Removes a user account from the user accounts database.

There is no need to continue with more options for the net user command, for this is enough for any novice to get their feet wet. On that note, let's try an exercise. Make sure you are logged on to an administrator account, open the command prompt, and type net user. Pick a user name that you see from the list, and now type the command with the following switches:

net user [enter the account name here (without brackets of course)] *

That asterisk is very important after the username. As we learned, it will prompt for the password. When it asks for a password, leave it blank (to remove the current password with no password) and hit enter. It will ask for a password confirmation, leave that blank as well. If done correctly, the next line will state your success. To confirm you successfully removed the password, log off the user account you are using and attempt to log into the account you modified.

The OSI Model

2009-08-10T11:28:00.002-04:00

The infamous Open Systems Interconnection (OSI) model. Being able to identify the various OSI layers and their purpose will enable you to design and troubleshoot different types of networks effectively and quickly. This model is a seven-layer framework that defines and describes how software or hardware operating at that layer will act on the data packet being sent. The model consists of two functional blocks: application support and network support. The application block is made up of the upper three layers: Application, Presentation, and Session. It is responsible for connecting software programs to the network. The network block consists of the lower four layers: Transport, Network, Data-link, and Physical. This block is responsible for moving data on the network. Lets break them down further.

Layer 7: Application layer. This layer provides services and utilities that enable application programs to access a network and its resources. This enables applications to save files to the network server or print to network printers. The Application layer also advertises resources that each system has available for network use.

Layer 6: Presentation layer. This layer translates data so that it can be moved on the network. This translation is only an intermediary format, and will change at lower layers. The Presentation layer also adds services such as data compression and encryption.

Layer 5: Session Layer. The Session layer establishes a connection between network devices, maintaing that connection and then terminating it when appropriate. It controls how, when, and for how long a device transmits.

Layer 4: Transport layer. This layer ensures reliable data transmission by breaking up big data blocks into smaller packets that can be sent more efficiently on the network. Because these smaller packets might get out of order during transmission and arrive out of sequence, the Transport layer adds a sequence number so that the original order can be reconstructed. Lastly, the Transport layer is responsible for doing some error correction and sending acknowledgements. Gateways can operate at this layer and at higher layers of the OSI model.

Layer 3: Network Layer. Addresses and ensures delivery of the packets across a network. This is where the protocol address is attached to the data packet. Routing devices within the Network layer make their decisions bases on the protocol address, not the MAC address. Routers and some switches operate at this layer.

Layer 2: Data-link layer. This layer ensures that individual frames get from one device to another without error. After sending frames, the Data-link layer waits for acknowledgements from receiving devices. The Data-link layer attaches the MAC address and makes MAC-level routing decisions. The Data-link layer can be divided into two sections, or categories: Logical Link Control (LLC) and Media Access Control (MAC). The LLC sub-layer enables multiple upper-layer protocols to share the same media. It controls how frames are placed on the media by controlling the Physical layer device. The LLC checks the CRC, and either ACKs or NACKs the data. It also controls data flow so that the input doesn't flood. The MAC sub-layer manages the media access method. Don't confuse this with the MAC address. In a contention-bases network, the MAC sub-layer is responsible for the carrier sense; in a token passing network, it's responsible for the token. Bridges and some switches operate at this layer.

Layer 1: Physical layer. Physical layer moves bits of data on and off the physical cabling media. Where the upper layers deal with data bits, the Physical layer deals with voltages and frequencies. Physical-layer devices set the electrical characteristics of the transport -- They receive a fully formatted data packet from the Data-link layer and put it on the media. Network adapters, hubs, and wireless access points operate at this layer.

How safe is your GMail?

2009-08-07T12:28:00.007-04:00

Recently, a hacker had obtained quite a bit of information from a Twitter employee and passed that along to some tech news sites. The hacker gained access to the employee's Gmail account, which then gave way to GoogleDocs and then company systems. That employee most likely thought they had proper security in place. Do you? Let's go through the steps of this hacker's attack and, most importantly, learn from them.

Obviously, you should start by picking a strong password. Not a dictionary word or something that can be easily guessed. Nonetheless, the password can only be as strong as the recovery system. Your Google account provides you with three options to recovery your password. Email, SMS, and a security question. These could be potential avenues for an attacker. You should check to see what you have set. While logged into your Gmail, go into your Settings, choose Accounts. Click on Google Account Settings, then finally click 'change password recovery options.' The Email recovery method is what tripped the Twitter employee. This type of recovery method will send you a password-reset link to another email address which you provide. This is very common practice among many web services. Allegedly, the Twitter employee had their recovery email set to a Hotmail account that had been deactivated. What the hacker simply did was reregister that account then was able to get the password-reset link. How to protect yourself against that? Make sure you have valid email account set as your secondary email address for the password-reset link. Keep in mind of that account's security protection. Or better yet, don't use this method at all. The other option is SMS. It is fairly secure. Since the attacker would need access to your phone or be near you to intercept that signal. Not impossible, though it will need more work. Google account's last password reset option, and very common, is the security question. This is where a lot of people fail. If you write a simple question, or something that is easy to figure out. Then the strength of your password won't matter. Google does suggest some good questions. Like your first phone number or your father's middle name. Though, this information can be discovered by a persistent attacker. Thankfully, Google lets your write your own question. My advice is to treat this security question like another password. Write a really difficult question, a la "What have you never told anyone else?" Answer that question with a password.

These types of Email breaches don't require a lot of technical know-how. Which increases the pool of possible attackers. Might sound silly as well, but if you remember, Sarah Palin had her email hijacked during the campaign when a hacker guessed her security question. I believe the question was, "Who was your High School sweetheart?" Which, as we all learned from the media, was her only and current husband.

iPhone tethering without jailbreaking!

2009-08-06T13:11:00.003-04:00

Random post. Yes, you may tether your iPhone without the need to jailbreak. Yes, it is free. For those of you who are not familiar with tethering, "tethering" is connecting your phone to a laptop (desktops my apply) and using the phone's data connection as your laptop's internet connection.

Disclaimer: AT&T does not officially support this tethering feature. It could potentially break your agreement with AT&T or your carrier internationally. Do this at your own risk. Normally, tethering plans cost an additional amount on your plan. So, who knows how long this will work, or if your carrier will bill you more. Nonetheless, it's here now. It's really easy, and it works for most people.

First step, launch the Safari browser on your iPhone. You want to go to BenM's iPhone Help Center at http://help.benm.at/help.php Scroll down to Tethering & Internet Settings. Press on the download link, select your country, and then your carrier. You'll get to the final page where you press the Install button. Then it'll download specific iPhone settings for your phone, taking a few seconds. Once that's done, we'll go to the Home Screen, Open Settings, then General, then Network. You will now see an Internet Tethering option. You may now turn it on, and you'll get an option to tether over BlueTooth or USB.

Network Connection Mechanisms

2009-07-22T15:26:00.004-04:00

Hello! I've been gone for some time. Enjoying my time on the beach with close friends. I highly suggest evading our perpetual society from time to time and find some much needed enlightenment. Sandy shores and great laughs worked for me.

Down to business. I've posted about data delivery earlier. I went through identifying elements of the data addressing and delivery process, but did not cover some common network connection mechanisms. Before packet exchanges, nodes must connect to each other. If the connection can not be established, the packets can not be sent. Therefor, knowing the ways that devices on a network are supposed to connect will help you identify the symptoms that occur when those devices don't link up.

Simplex mode communication is the one way transmission of information. There is no return path. Because the transmission operates in only one direction, simplex mode can use the full bandwidth of the medium for transmission. Radio and television broadcasts and public address (PA) systems operate in simplex mode. Some of the very first serial connections between computers were simplex mode connections, though, this mode is not suggested for modern computer networking.

Half duplex mode communications permit two-way communications, but in only one direction at a time. When one device sends, the other must receive; then they can switch roles to transfer information in the other direction. Half duplex mode can use the full bandwidth of the medium because the transmission occurs in only one direction at a time. Some networking devices use this transmission mode, as do devices such as walkie-talkies and CB radios.

Full duplex mode communications permit simultaneous two-way communications. A device can both send and receive at the same time. Sending and receiving could occur over different channels or on the same channel. Generally, neither the sender nor the receiver can use the full bandwidth for their individual transmission because transmissions are allowed in both directions simultaneously. Think of the telephone -- All persons involved can talk simultaneously. Many modern networking cards support full duplex mode.

Point-to-Point connection is a direct connection between two nodes. Data transmitted by one node goes directly to the other. Dail-up modem connection are point-to-point connections. Multipoint connections are connections between many nodes. Each multipoint connection has more then two endpoints. A signal transmitted by any device on the medium is not private. All devices that share the medium can detect the signal but do no receive it. Radiated connections are wireless point-to-point or multipoint connection between devices. Think WiFi.

There are connection services that are responsible and ensure reliable delivery by detecting and attempting to correct transmission problems. Unacknowledged Connectionless is a service that provides no acknowledgement of successfully transmitted data. The application must provide its own reliability checks. Simplex communications use this type of service. In an Acknowledged Connectionless nodes do not establish a virtual connection. However, they do acknowledge the successful receipt of packets. Web (HTTP) communications use this type of connection service. Connection-oriented services on the other hand have nodes establishing a virtual connection for the duration of the session. Nodes negotiate communication parameters and typically share security information to establish a connection. This connection service provides the means for flow control, packet sequencing, and error recovery functions. Traditional, non-web-based networking applications often use connection oriented services.

One of my professors compared these connection services types to everyday communication methods when trying to help us understand and remember the different connection service types:

Unacknowledged connectionless ervice can be compared to regular USPS mail. You drop a letter in the mailbox and get no notification if its delivered.
Acknowledged connectionsless service can be compared to requesting a return receipt for your letter from the post office. In this instance, you get acknowledgement that your letter was delivered.
Connection-oriented service is similar to a phone connection. You get a virtual private channel between you can the person you call.

Network Threats

2009-07-15T15:35:00.005-04:00

A lot of business owners ask me how to protect their data. There are a lot of major issues and technologies in network security. Starting point for understanding any type of network security measure is understanding the threats it is designed to combat.

To secure your network, you have to protect against threats, but you can not protect against threats you don't understand. In order to properly develop, deploy, and maintain a network security plan, one must understand the different types of threats and how they can affect the network.

Unauthorized access is any type of network or data access that is not explicitly approved by the organization. General, yes. But still counts. It can be a deliberate attack by an outsider, a misuse of valid privileges by an authorized user, or it can be inadvertent. Unauthorized access does not necessarily result in data loss or damage, but it is the first step in mounting a number of attacks against the network.

Data theft is a big deal. This type of attack is when an unauthorized access is used to obtain protected network information. The attacker can use stolen credentials to authenticate to a server and read data stored in files. Or, the attacker can steal data in transit on the network media by using a hardware or software based "sniffer," which is a device or program that monitors network communications and captures data.

Your run-of-the-mill password attack is any type of unauthorized effort to discover a user's valid password. The attacker can steal the password or guess the password. Once the attacker has obtained a valid password, the attacker can use it to gain unauthorized access to the network. A brute force password attack is a method of guessing password by using software that systematically generates password combinations until a valid one is found. Brute force password attacks, given enough time and sufficiently complex password-cracking software, will usually succeed.

A trojan horse attack is an attempt to gain unauthorized access through the use of a trojan horse program, which masquerades as valid software. the trojan horse is often delivered as an email attachment; the user runs the trojan horse thinking it is a harmless or approved file. The trojan horse then performs functions such as stealing or corrupting passwords, credit card information, or other data.

Spoofing attacks is a type of attack in which a device outside the network uses an internal network address to masquerade as a device inside the network. Because network devices often authenticate by address only, rather then by password, the external device can use a legitimate internal address to authenticate on the network and obtain network information.

Session hijacking is a type of spoofing in which the attacker takes over an existing network communication session between two devices after the session has already been authenticated. the hijacker can either read network packets as they pass between the legitimate hosts, or disable on host and pose as on of the original parties in the session.

A man-in-the-middle attack is a data-theft technique in which the attacker interposes a device between two legitimate hosts to gain access to their data transmissions. The intruder device deceives both the sender and receiver by responding to the transmissions in both directions. Unlike spoofing and hijacking, the attacker can actively manipulate the communication, rather than listening passively, and can gain access to a variety of data, including user names, password, network configurations, and the contents of network packets.

The oh so popular Denial of Service (DoS) attack is an attack that is mounted for the purpose of disabling systems that provide network services, rather than to steal data or inflict damage. The targets of the attack can be network servers or network routers. The DoS attack prevents the system from responding to legitimate requests, thus impeding network functions. The DoS attack is usually mounted through one of three methods: flooding a network with data to consume all available bandwidth, sending data designed to exploit known flaws in a network application, or sending multiple service requests to a target system to consume its resources.

And even better, the Distributed Denial of Service (DDoS) attack is a type of DoS attack that uses multiple computers on a disparate networks to launch the attack from many simultaneous sources. The attacker introduces software called a zombie or drone that directs the computers to launch the attack.

The infamous virus is a self-propagating software program. Many viruses are able to move from one computer to another and create copies of themselves. A virus can carry payload code that enables the virus to perform additional tasks, which can be either benign or destructive. Many viruses have a malicious playload, and virus threats are among the most serious on networks today.

A social engineering attack is a non-technical attack in which the attacker attempts to obtain information directly from network users by employing deception and trickery. The attacker tries to use legitimate-sounding means, for lack of better words, to persuade a user to provide passwords, sensitive data, or even money. The attack can come through email or over the phone, and is often a precursor to another type of attack. Social engineering attacks prey upon the users least like to recognize them and most likely to suffer directly from their effects.

By balancing the potential security threat with the cost of implementing and maintaining a secure network, one needs to ensure the proper level of data protection and guards against lost of network functionality. To protect data on your network, follow these guidelines:

Deploy intruder-detection and virus-protection software to monitor for unauthorized software activity, such as the presence of viruses, password-cracking software, or trojan horses.
Limit physical access to the network to prevent the introduction of hardware based sniffers or unauthorized hosts.
Require the use of strong, complex user passwords. Change password on a regular basis. Don't write them down!
Employ strong authentication and encryption measures on a data stored on network servers.
To guard against IP spoofing, use more than one form of authentication between devices.
Encrypt data during network transmission so that it cannot be read by sniffers.
Conceal network address information with various technologies, including firewalls, Internet proxies, and address translation, to protect against spoofing and hijacking.
Train users to recognize and deter social engineering attacks.

Data Addressing and Delivery (Packets)

2009-07-15T13:48:00.001-04:00

A packet, also called a datagram, is a unit of data sent across the network. In general, all packets contain three parts: a header, the data itself, plus a trailer or footer. In the simplest case, a sender transmits one packet and then waits for an acknowledgement from the recipient, an "ACK" signal. If the recipient is busy, the sender sits idle until it receives the ACK, after which it sends the next packet. Throughput could be increased if data could be sent in larger packages, with the recipient sending fewer acknowledgements. The contents of a packet depend on the network protocol in use.

The packet component header is made up of a preamble, and destination and source addresses, the header describes the source and target of the packet. Followed by the data that is being transmitted. Lastly, the trailer or footer witch is an error detection code (EDC).

An Ethernet packet's header beings with an 8-byte preamble. The preamble is a standardized pattern of bits that the receiving node uses to synchronize timing so that it can properly read the rest of the packet.

Following the preamble, the header contains the destination node's 6-byte MAC address. Following that is the sending node's 6-byte MAC address. These addresses help nodes and other networking devices deliver the packet to its destination and provide the necessary information for replies.

The header may contain other data, such as bytes identifying the type of data contained in the packet.

An Ethernet packet's footer contains the results of a mathematical operation performed on the data. The sending node computes an error checking value for the data to be sent. The receiving node performs the same calculation and compares its error checking value with the one sent with the data. If its results match those contained in the packet's footer, then the packet is assumed to have arrived undamaged.

Data Addressing and Delivery

2009-07-14T16:17:00.002-04:00

Very basic concepts on networking. One of my students asked, "How does a computer communicat with another computer?" One of the first things that must happen to ensure that a network request arrives at its intended destination is data addressing. Getting data packaged for delivery so it can be routed to its correct destination is the root of networking. In this post (and others to come), we'll examine how data is packaged and addressed so that it can be accurately delivered to its intended destination.

When users make network requests, they expect that the requests arrive at their destination so they can be processed. If the data is being packaged or addressed incorrectly for your network, users will experience symptoms of network communication problems. If you understand how data is packaged by the client and then addressed to travel to its destination on your network, you can use this information to identify causes of network communication problems.

MAC address, also called a physical address, is a unique, hardware-level address assigned to every networking device by its manufacturer. MAC addressees are six bytes long. THe first three bytes uniquely identify the manufacturer and are referred to as Organizationally Unique Identifier (OUI). The remaining three bytes identify the device itself and are known as the Universal LAN MAC address. Example: 00-00-86-47-F6-65

Depending on your operating system and version, you can use the following techniques to determine the MAC address of the network adapter in your computer.

Windows 9x / Choose Start, Run, type winipcfg, enter.

Windows NT, Windows 2000, 2003, XP / Start, Run, type cmd, type ipconfig /all in the command prompt that opens, enter.

Linux / open command prompt, type ipconfig -a, enter

Novell NetWare / console prompt, config, enter

Cisco IOS / enter sh int interface_name

A network address is a protocol-specific identifier assigned to a node. A network address typically includes two parts: one that identifies the network and another that identifies the node. A network address is typically a number and is mapped to the MAC address by software running on the nodes.

Example: IP Address 192.168.1.100

Subnet Mask 255.255.255.0

The subnet mask separates the network from node. Therefor, in this example, the first 3 parts (sparted by the dots) in the IP number is the network, the last part is the node.

A network name is a word or phrase assigned to a node to help users and technicians more easily recognize the device. A naming service, enabled by software running on one or more nodes, maps a network name to a network address or MAC address.

Naming services map network names to network addresses. There are many naming services in use, a few of which are listed in the following:

DNS (Domain Name Service) / The naming service used on the Internet and many TCP/IP based networks.
NetBIOS / A simple, broadcast-based naming service.
WINS (Windows Internet Naming Service) / An older type of naming service used on Windows-based networks.

More to come -- Packets.

Looking for a domain redirect?

2009-07-10T16:11:00.000-04:00

Get a free URL redirection at www.freedomain.co.nr!

.CO.NR Free Domain Name project was developed to provide free domain names or free subdomain of .CO.NR domain name to those who wish to get a free domain name, free subdomain or free short URL, that looks like a real paid domain.

Do you have a long website address, that is difficult to remember? Do you want your website to look professional without obtaining a paid domain name? Do you often change your web hosting providers, so that you have to change your web site address as well?

There is a solution. Sign up at www.freedomain.co.nr now.