Friday, September 28, 2007

Things You Can Do To Get A Promotion

Very few people hire on with any company or organization with the intention of remaining indefinitely at the position for which they were hired. Just because you started as the grunt who had to fix the copy machines doesn’t mean you don’t someday want to be CIO. At most companies, this could entail half a lifetime of climbing the corporate ladder. Each step up that ladder is generally going to involve asking for and receiving a promotion. The thought of asking for advancement is usually pretty frightening, but these tips will you be more prepared.

Show them the numbers
When you make your pitch about what a great job you’ve been doing and your value to the company, it will help your case if you can show your employer or supervisor specific results. Prepare documentation showing how and how much your brilliant ideas have helped them. This can be especially useful in the common scenario in which the person you’re dealing with doesn’t have the power to grant you a promotion. If that person has to fight on your behalf with his or her boss, you had better provide the best ammunition you can.

Ask for more responsibilities
When asking for a promotion, it’s best to avoid that “P” word. If instead, you tell your boss you’re ready to take on more responsibilities, it will show that you’re prepared to tackle a larger or more complicated workload and aren’t just looking for a bigger office and fatter paycheck. It also gives your boss the option of gradually giving you the more important duties rather than just dumping you in a new position. Just make sure that if, after a few months, your tasks no longer resemble your job description, you bring that up and (with luck) get the new job title and paycheck.

Invent a new position
If you feel that your skills are best suited to a position that doesn’t exist at your current organization, and you think you can make a strong argument for a need for that position, by all means, do so. Even if they won’t (or can’t) make the new position happen, you will have earned points for creativity while at the same time making it clear you are looking to advance.

Bring up the topic in an informal setting
If you have the opportunity to meet with your boss outside the workplace, this can be a good way to make use of the occasion. Whether it’s at the bar for a drink after work, a big conference, or the company picnic, people will naturally be in a more receptive mood when they aren’t busy busy busy. But be careful in these settings. If you press too hard and your approach falls flat, you could be left in an awkward place for a couple hours with no easy means of escape. Phrase things lightly and back off if you don’t make any headway.

Schedule a private meeting
Obviously, the alternative approach to having the promotion talk is to ask during regular work hours. Since during this time your boss is generally going to be busy, it’s a bad idea to just ask for a couple of minutes of his or her time. If you try to talk about a promotion like that, you could get shot down without your boss even looking up. Instead, schedule an appointment so that a block of time is set aside specifically for listening to you. Also, if possible, try to avoid revealing the specific topic of the meeting beforehand. Don’t go too far with this; you don’t want to annoy your boss by making the purpose of the meeting too mysterious. It’s just a bit harder to articulate a reason to say no to you when you’re in the room.

Don’t be afraid to toot your own horn
Just make sure to play the right notes. It’s okay to brag a little — as long as it doesn’t sound like bragging. There is nothing wrong with reminding your boss of your accomplishments, since even if they were great, he or she might have forgotten about them. Mentioning that you’ve done this, this, and this, and that there are 15% fewer incidents in your department since you have started the job is great. Saying you’re the best system admin in the company is much less persuasive. Also, don’t forget that this is about you, so concentrate on all of your positive aspects and not on anybody else’s negative ones.

Don’t make threats or demands
Be careful not to make your request for promotion sound like a demand. Don’t threaten to leave if you don’t get what you want (especially if you don’t intend to follow through on it). If you have been offered a new job somewhere else, you shouldn’t throw it in anyone’s face or try to use that offer to leverage a better deal where you are now. Doing so can potentially damage your reputation with both places. Remember to stay calm. Even if you really are fed up with your current position, try not to show it.

Make friends in higher places
Before you actually ask about advancement, it’s a good idea to find somebody in the position you’re aiming for who is willing to take you under his or her wing. This offers four benefits:

  • Prior to making your pitch for promotion, it will give you the opportunity to see what’s in store and make sure that it’s what you want.
  • It will show your boss that you’ve taken the initiative to learn the ropes already.
  • It will give you a buddy on the inside — one who may have some influence in deciding whether you get the position.
  • After you get the promotion, it will give you a friendly ear you can go to for advice if things get hard.
Learn new skills
It should go without saying that any time you have the opportunity to learn something new, you should take it. In particular, when you’re seeking a promotion, you’ll impress your boss if you can show that you’ve learned new skills that go beyond your current position. You might consider earning additional industry certifications or maybe go back to school for a higher degree. Taking on these things while working full time can be quite taxing, but with the ever-increasing availability of night classes and self-study materials, it’s definitely possible.

Excel at your current position
Sometimes, actions speak louder than words. The best way to show that you deserve advancement is to simply shine where you are now. Go above and beyond the call of duty. Get to work early every day and stay a few minutes late. Try to come up with solutions to problems that haven’t been addressed yet. If your deadline is Friday, try to have everything done by Thursday.

Finally, remember to be a team player. Make sure that you aren’t irreplaceable. If you’re at the top among your peers, take the time to ensure that you aren’t the only one who can keep things running. This will show your superiors that you can be a proper leader, and it will help curtail the disastrous response to a request for promotion: “I’m sorry, but you’re doing such a great job, we just can’t afford to lose you where you are now.”

Read more!

10 Illigal Interview Questions

Although HR departments should be aware of questions that are illegal to ask prospective employees, some hiring managers aren’t so savvy. Many illegal questions are easy for just about anyone with elementary social graces to avoid, but others might surprise you. In general, you should not ask interviewees about their age, race, national origin, marital or parental status, or disabilities.

Note that this list offers only some very broad guidelines and is not exhaustive. Check with your company’s HR department to see if your state or locality, or even your company, has additional restrictions.

#1: Where were you born?
This question might seem like small talk as you get to know a person, but it could also be used to gather information illegally about the candidate’s national origin. Although it may seem more relevant, an interviewer should also avoid asking, “Are you a U.S. citizen?” You can ask whether a candidate is authorized to work in the specific country, but avoid asking about citizenship.

#2: What is your native language?
Again, the problem is that this question could be used to determine national origin. Question about whether the person knows a language if it is required for the job can be asked. For example, if job responsibilities include supporting Spanish-speaking customers, it’s fair to ask whether the candidate speaks Spanish.

#3: Are you married?
Here’s another question that would seem innocent in most settings, but definitely not in a job interview. Because you can’t discriminate on the basis of marital status, this question is off limits.

#4: Do you have children?
This might sound like small talk, too — an innocent question in most settings — but not in a job interview. It’s covered by a general prohibition about discrimination over parental status.

#5: Do you plan to get pregnant?
In the past, employers sometimes asked this question to weed out women who might take a maternity leave. It has always been rude coming from a casual acquaintance, and now it’s illegal as well.

#6: How old are you?
Some companies used to avoid hiring older workers for a variety of reasons, ranging from a fear of higher healthcare costs and absences to a social bias in favor of youth. But age discrimination is clearly illegal, and you should avoid this question. Don’t try to get the information by asking when the person graduated from college, either.

#7: Do you observe Yom Kippur?
You can’t discriminate on the basis of religion, so this question is illegal, as would be asking about Good Friday, Ramadan, or the Solstice. If you’re concerned about the candidate’s availability, you could ask whether he or she can work on holidays and weekends, but not about the observance of particular religious holidays.

#8: Do you have a disability or chronic illness?
This information is not supposed to be used as a factor in hiring, so the questions are illegal. If the job will require some specific physical tasks, such as installing cables in walls and ceilings, you can be asked whether you can perform those tasks with reasonable accommodation.

#9: Are you in the National Guard?
Although some managers may find it disruptive when employees leave for duty, it’s illegal to discriminate against someone because he or she belongs to the National Guard or a reserve unit.

#10: Do you smoke or use alcohol?
In general, you can’t discriminate on the basis of the use of a legal product when the employee is not on the premises and not on the job.

Read more!

Mac OS X Leopard

Just as Microsoft came up with Windows XP, so too did Apple's with Mac OS X version (known as Tiger).However, Mac OS X version 10.5 experienced delays in its announced release.

Featuring more than 300 updates and improvements, the new "Leopard" release packs several significant enhancements. In addition to including a new Time Machine automated backup utility, the updated operating system boasts Spotlight search capability across multiple systems, the Front Row and Photo Booth applications introduced with Tiger on Intel-powered systems, virtual desktop "Spaces" that enable users to maintain multiple desktop with specific applications running simultaneously, the addition of RSS, stationery and other new features to Mail, and much more. Here's a deeper look at some of the many new features and enhancements Apple is putting into Leopard.

Boot Camp
Apple's dual-boot utility, which enables running Windows installations on the same systems hosting Mac OS X, debuted as optional downloads when Intel-powered Macs arrived. The application will now ship with OS X by default.

Desktop enhancements
The new Apple desktop is designed to "showcase" user's photos and graphics as desktop backgrounds. A newly redesigned Dock features greater transparency, so as to not distract from user's desktop images, which enjoy a cleaner desktop.


Finder tweaks
Mac's Finder, equivalent to Windows Explorer or My Computer, is treated to a new iTunes-like interface designed to simplify data access. Whereas the Cover Flow view in iTunes displays the cover image of an album (with the album's musical contents beneath), the new Finder will present preview views of files within the same space that iTunes displays cover images. As a result, users can now flip through file preview images when seeking specific documents, spreadsheets, presentations, and other files. Figure A shows what the new Finder looks like in Leopard.

Leopard introduces a refined Finder view (shown in the large active window), new Stacks (the collection of icons emanating from the Dock), an enhanced Desktop, a more translucent, less obtrusive Dock, and other changes.

Front Row
Apple's Front Row, which debuted with Intel-powered Macs in 2006, becomes standard fare with the Leopard release. The Front Row feature enables remotely navigating common options, including accessing music, movies, photos, and more.

iCal
iCal, the Mac's default calendar tool, receives several updates with Leopard's release. Boasting a new interface that focuses on a clean and uncluttered look just like the new Mac desktop, a new iTunes-like sidebar assists Mac users in navigating calendar items. Sharing files with attendees is as simple as dragging-and-dropping files into respective events. When e-mail invitations are forwarded to attendees, any added files are included as attachments. Keep in mind that this functionality is similar to that found in Microsoft Office, whereas iCal is the default calendar tool included with Mac OS X and doesn't require an additional license.

Also new in iCal is support for group calendaring, in which meetings can be scheduled for multiple users, resources (such as meeting rooms) and even equipment (such as LCD projectors) can be booked directly from within iCal. Based on the CalDAV standard, an iCal Server is required to power the group calendaring functionality. With an iCal Server in place, however, users can also browse other staff's schedules to review available free time necessary for scheduling new meetings.


iChat improvements
Users that rely upon iChat to power instant messaging sessions will find Photo Booth integration within Mac OS X version 10.5. Users can apply Photo Booth effects to chat sessions, or they can present entire Keynote presentations within the instant messaging application. iChat sessions can also be recorded (including capturing both audio and video) and saved for later review.

Mail tweaks
Apple's standard Mail application receives upgrades as well. In Mac OS X 10.5, the default e-mail client supports numerous stationery templates. The mail client also adds support for virtual sticky notes (which can be accessed from any Internet-connected Mac or PC).

In the past, Apple's Mail application provided e-mail functionality. With the new Leopard release, however, To-Do functionality is added. Users can simply highlight wording within e-mail messages describing tasks they need to perform (such as Prepare quarterly report), right-click the highlighted text, and create a To-Do item. Since the To-Dos are stored within e-mail, users can access those tasks from any Internet-connect Mac or PC as well.

Mail also benefits from RSS support. By subscribing to RSS feeds within Mail, Leopard users will know whenever a new article, blog post or other entry is published. Further, using Mail, users can create Smart Mailboxes to better help organize RSS feeds. And since Mail shares RSS feed coordination responsibilities with Apple's built-in Safari Web browser, users are assured reading lists will remain synchronized.

Quick Look
Apple's new Quick Look feature enables viewing a file's contents before opening the file. Similar to the Flip 3D feature in Windows Vista that permits users to view the contents of multiple open Windows, Quick Look permits Mac users to view the contents of files (including documents, spreadsheets, presentations, PDFs, and even videos) without having to open each file. Thus, these short "sneak peek" glimpses make it much easier for users to find specific files they seek more quickly on a Mac hard disk.

Parental Controls
Typically a consumer feature, Leopard provides expanded parental controls for Mac users. New content filters help Leopard protect children from inappropriate Web content, while bedtime and usage limits can be easily configured to police the amount of time children spend on the computer. Further, Leopard-powered systems can now log the Web sites children visit, the contents of chat sessions, and even the applications run.

Photo Booth
Largely a consumer-focused feature, Apple's Photo Booth adds stock photography to help dress up Photo Booth sessions. In addition to creating user photos, which might be linked as an iChat buddy image, Photo Booth also supports creating and sharing video snippets. While Photo Booth's audio and video quality isn't professional grade, the feature provides users with a simple method of quickly and easily creating basic audio and video files.

Safari 3.0
Apple's Web browser, Safari, receives an upgrade in Leopard: Safari 3.0 is loaded by default within the next Mac OS X release. Providing improved performance, additional security controls (such as a private browsing feature that disables caching of personal data, among other information), inline PDF support, and more, the browser provides Mac users with a more reliable and consistent Web browsing experience.

Stacks
Apple's new Stacks feature is among new Desktop enhancements designed to add to the Mac's stunning visual appearance. As the Desktop often serves as the location in which documents, spreadsheets, programs, and other files are stored, it quickly becomes cluttered. Apple's designers worked to help consolidate such files and clean the Mac's desktop appearance in the process.

The result is Stacks, which enables users to collect similar objects in "stacks," or folders that live on the Mac's Dock. When a new item arrives (such as an e-mail or document) within a Stack, the Mac signals the user the file is present. To view the item, users need only click the relevant stack icon and a graceful animated arc displays the contents of that stack.

Spaces
Recognizing that users manage different kinds of data, from office-related work to editing personal e-mail messages, Apple designers have included support for separate desktops on Mac OS X version 10.5. By dragging active windows into separate Spaces, Mac users can segregate applications and programs by topic.

For example, an employee working from home might wish to create a work-related Space in which their VPN connection is active and work-related applications are up and running. A second Space might be dedicated to sending personal e-mail and surfing the Web, while yet a third Space could be devoted to music or entertainment-related activities (such as viewing a DVD movie).

Navigating between Spaces is simple. Leopard places placeholder icons on the Dock for each Space.

Spotlight enhancement
In addition to refining Spotlight performance and the interactive menu users leverage to perform desktop searches, Apple developers tweaked Spotlight to support searching multiple systems in Mac OS X version 10.5. Using a new sidebar, results will be categorized in Leopard.

Time Machine
Time Machine is among one of the most important upgrades Leopard features. The new backup application simplifies data protection. Whenever a compatible backup device is found (such as a simple external USB drive), by stating one wishes to use Time Machine, Mac OS X version 10.5 automatically configures backup operations.

Unlike Windows, which requires users to specify which files, folders, and drives should be backed up, when the backups should occur, what type of back operation should be run (Normal vs. Differential vs. Incremental), Leopard simply backs everything up. Everything from programs and applications to accounts, system preferences, and other data is backed up automatically.

Further, Time Machine provides a feature similar toWindows Restore, enabling users to return to specific system configurations as they existed on a specific date. However, unlike Windows, Leopard enables returning an entire system to a specific date, recovering a copy of a single file from a specific date or restoring a folder or folders to a specific date. Using Time Machine, Mac users can also encrypt backups and specify storage limit settings to help manage the amount of disk space dedicated to backups.

Universal Access improvements
Leopard includes bolstered accessibility features, too. Besides adding a new voice that speaks more naturally at a faster pace, support has been added for Braille displays and note-taking devices. Further, voice-over commands can now be associated with numeric keypad keys using NumPad Commander.

Apple's VoiceOver feature now accentuates "hot spots" by monitoring for active windows and notifying users (via sound clues) whenever notifications or alerts are displayed on screen. VoiceOver also assists visually impaired users in navigating applications and onscreen menus.

Other accessibility improvements include expanded closed-captioning support within QuickTime, more applications (including iChat) that "speak" on screen text and VoiceOver support for .Mac online Internet and e-mail accounts

Read more!

Thursday, September 27, 2007

IBM's CoScripter - Automate the browser-based tasks

IBM’s CoScripter, developed at the Almaden Research Center, helps automate repetitive tasks from the Web browser, much like what batch files do for the computer.

A quote from the article at InternetNews:

In one example, IBM said the task of preparing for a meeting — sending out notices to attendees, reserving a room, reserving equipment, catering food — can be automated by creating a script with CoScripter. The CoScripter authoring tool captures all of the steps a person takes in any Web-based applications launched in the task.

The CoScripter automates the tasks that are performed in a Web browser. It is one great tool to pass on Workplace skills (O’Reilley Radar) and can make many repetitive tasks much simpler. The tool doesn’t have an automated technique for handling areas where user action on input is required,but it’s a great way to share Web events.

CoScripter supports the sharing of scripts among users, and so there’s a threat that some scripts may lead to sites that are malicious. Hence, it is required that users exercise caution (InformationWeek) by carefully reading the scripts for suspicious URLs.

Here’s a video tutorial to the script tool and the link for the CoScripter download.

Read more!

Friday, September 21, 2007

An Introduction to Network Monitoring

Ignorance is not bliss, especially when it comes to knowing what's happening on your network. Learn the basics of network monitoring systems, and what these applications and hardware appliances can do

What is network monitoring?

A network monitoring system monitors an internal network for problems. It can find and help resolve snail-paced webpage downloads, lost-in-space e-mail, questionable user activity and file delivery caused by overloaded, crashed servers, dicey network connections or other devices.

Network monitoring systems (NMSs) are much different from intrusion detection systems (IDSs) or intrusion prevention systems (IPSs). These other systems detect break-ins and prevent scurrilous activity from unauthorized users. An NMS lets you know how well the network is running during the course of ordinary operations; its focus isn't on security per se.

Network monitoring can be achieved using various software or a combination of plug-and-play hardware and software appliance solutions. Virtually any kind of network can be monitored. It doesn't matter whether it's wireless or wired, a corporate LAN, VPN or service provider WAN. You can monitor devices on different operating systems with a multitude of functions, ranging from BlackBerrys and cell phones, to servers, routers and switches. These systems can help you identify specific activities and performance metrics, producing results that enable a business to address various and sundry needs, including meeting compliance requirements, stomping out internal security threats and providing more operational visibility.

Why is monitoring the network important?

The reasons to insist on network monitoring can be summarized on a high level into maintaining the network's current health, ensuring availability and improving performance. An NMS also can help you build a database of critical information that you can use to plan for future growth.

The best argument for attempting to predict your network's growth is your existing infrastructure's history, and the problems that resulted from decisions made with too little data.

In addition, if you have a service-level agreement (SLA) in place, monitoring is a must-have. An NMS can ensure that target device, service and application performance level contractual obligations are being met.

What kinds of things can network monitoring systems see?

The usual areas examined are bandwidth usage, application performance and server performance.

Traditional network monitoring starts with the basics at the network's core. It checks and reports WAN link bandwidth numbers, latency or response time from your switches, routers and servers, and server CPU utilization numbers. For example, a server running at 100 percent utilization should raise more than just an eyebrow.

Network monitoring can help you manage users too. Tools with automatic discovery offer the ability to monitor devices as they're added, removed or undergo configuration changes. Some tools can group devices dynamically (on a parameter such as an IP address) or by service, type and location; these are extremely helpful when managing a large network.

What kinds of network monitoring systems are available?

If you're a lab rat, plenty of Command Line Interface (CLI) tools are available. One example is the venerable Ping, a reliable tool for operating on the "KISS" theory.

Obviously, there are learning curve issues associated with CLI tools. For those less geek-minded, an abundance of Web-based GUI solutions including detailed reporting and graphical chart features are available. These tools can be easier to set up and use. Many come with pre-scripted configurations. Plus, the charts they produce are very handy when putting together executive presentations for network investment pitches.

Open-source tools, always an IT geek favorite, abound for network monitoring. They're generally innovative, irreverent but stylish and, best of all, mostly free or cheap. Additionally, open-source monitoring tools are interoperable with almost every other tool or platform. The data from these open-source tools is almost always dumped into XML; even major vendors tend to drink from the XML cup at one stage or another.

What do they cost?

Network monitoring solutions can be totally free or they can be extremely expensive. Most open-source tools are free, as are tools that may have been bundled with infrastructure purchases. Appliances, software-only solutions and services range from $50 on into five figures.

With service vendors, you're likely to be able to choose from a buffet-style menu of monitoring services; these may tally up to a savings over device purchases depending on network priorities. There are other trade-offs. Purchasing services may give you the advantage of rubbing elbows with the latest monitoring technologies; in contrast, purchasing appliances can provide more control.

One thing's a certainty when it comes to network monitoring. The cost of not using these technologies can be greater than you think, if you're not getting the performance and availability you're paying for and if you're not willing to spend sufficiently to ensure that your network is healthy and secure. What's it really worth? It could be worth your job.

Read more!

Thursday, September 20, 2007

Things you should have already done to secure your laptop

There are a lot of reasons to make sure that your laptop stays secure -- both from a physical perspective as well as a software/data perspective. From the physical side, laptop theft isn't generally considered a positive event -- at least from the victim's perspective. From the data side of the equation, however, losing the wrong laptop can cost your company much more than the cost of laptop. Imagine the public relations fallout if your company loses a laptop containing private information about all of your customers.

1. Encrypt the hard drive
Scenario: You're in the airport and you lose your laptop or it's stolen. Said laptop contains your entire customer database along with personal information about each of them. Voila! Instant public relations incident -- except it is not the kind of PR that you want. Protect yourself from this kind of problem by encrypting your laptop's hard drive.
If you're using Windows Vista, consider using Vista's BitLocker drive encryption software. If you're using Windows XP or another operating system, there are a number of third party full-disk encryption products available on the market.
Although you can use EFS (Encrypting File System) to achieve a similar goal, full disk encryption provides better protection as everything on your disk gets protected and you don't have to worry about saving files to a particular location.

2. Install tracking software
Protecting data is extremely important but if your laptop is lost or stolen, you probably want it back. To this end, install software on your computer that tracks its location should it ever be lost or stolen. Most laptop theft recovery software installs to an undetectable location on the laptop and the software cannot be erased from the system.
Each time the computer connects to the Internet, it reports in with the software manufacturer. In the event that the computer is reported to the recovery software company as stolen or missing, the company tracks down the physical location of the laptop and then notifies the authorities. In many cases, the hardware is actually recovered. However, even if the laptop is recovered, you can't be sure that the thief didn't compromise your data.
Some tracking software includes the ability to remotely delete information from the laptop as well. This feature can be a lifesaver if a laptop with sensitive information is stolen. With this capability, you'll be able to delete potentially sensitive information before it falls into the wrong hands.

3. Install antivirus and antispyware software
The two pronged antivirus/antispyware software blaster will do far more to protect your assets than a single application that handles only virus-busting. These days, spyware is probably a worse problem for many organizations then viruses were in their heyday. Many spyware infestations install keylogging software and other kinds of monitoring software designed to gain access to private information. Laptops can be especially vulnerable to spyware since they often spend time outside the organization’s protective firewalls.

4. Tie down the machine with a lock (hardware or software)
Even those employees that are issued laptops don't always carry them every place they go. As such, there are times when laptops are sitting in employees offices, in hotel rooms, at home, etc. There are numerous documented cases of laptops containing sensitive information being stolen from homes, airports, hotels, and even people's offices. If you're traveling or using a laptop at home, consider taking a security cable and lock (such as a Kensington lock/cable combination) with you that you can wrap around a table leg. Although a solution like this will not completely prevent laptop theft, most thieves go after easy targets. Any roadblock you can put up will deter would-be thieves.

5. Install a software firewall
A software firewall goes a long way toward protecting a system. Such software keeps unwanted traffic away from your computer. However, not every system necessarily needs a software firewall. If you need to pick target systems on which a software firewall will be used, seriously consider laptops in your plans.
As I mentioned before, laptop computers often spend time outside your company firewall, meaning that they lose the important protection of those devices. Especially if you're out in the wild using an unsecured wireless network, a firewall will help to keep your computer from being subject to attack.

6. Stay current with updates
Even though they come frequently and can be a hard to keep up with sometimes, staying current on all of your installed software is critical. A number of patches are designed to correct bugs that result in vulnerabilities that can be exploited. Implement an automated system such as WSUS or, at the very least, configure your laptop for automatic updates so that patches are applied as they become available.

7. Use a strong password
Passwords remain the most common way to secure resources, including laptop computers. Again, since laptops are often in the wild, it becomes even more important to use a strong password to lessen the risk that a local account is compromised. Make sure that all local accounts are appropriately secured, including the local Administrator account.

8. Use wireless networks carefully
Wireless networks are everywhere. In most of these cases, even though you often have to sign up to use the connection, the wireless service is insecure meaning that anyone within range of your laptop can pick up everything you see, do and type. Obviously, this is not good.
If you're working from one of these locations and find it necessary to work on something sensitive, try to connect to your organization's VPN service and do your work via that connection instead. With the right kind of VPN in place, traffic between your laptop and your organization's network will be encrypted. If information security is a critical concern, only use wireless networks that are secured with WPA or WPA2. This isn't a perfect solution, but is much better than using only WEP.

9. Disable Windows services you don't need
Every service that runs on your laptop increases the attack surface of your computer, especially services that listen on particular ports. To help further protect a roving laptop, disable any services that you don't need to do your job.

10. Make sure your laptop is insured
This one is easy: When all else fails and your laptop is stolen, you will probably need to replace it.

Read more!

Email Hacking... How it works, Tools, How to prevent

Multiple different mail servers are used in today’s enterprises. Each different mail server has its own set of known vulnerabilities, giving resourceful hackers ample opportunity to search for weaknesses. Once these weaknesses are identified, a single hacker can take down an entire rack of mail servers in the blink of an eye.

So... How do they work?

IMAP & POP vulnerabilities
Hackers have found a number of issues in both IMAP & POP servers that are exploited. Items such as dictionary attacks can expose sensitive e-mail which is stored on an IMAP or POP server. There are countless tools available for performing these attacks and the graphical nature of many of these tools make it simple for even a novice to perform these attacks. Additionally, weak passwords are common vulnerabilities in these protocols. Many organizations do not have adequate controls for password strength, thus end users will use passwords which can easily be broken. Lastly, there may be concerns about defects or bugs in various IMAP and POP services which can leave them susceptible to other types of exploits such as buffer overflows.

Denial-of-Service (DoS) attacks

  • Ping of death – Sends an invalid fragment, which starts before the end of packet, but extends past the end of the packet.
  • Syn flood – Sends TCP SYN packet (which starts connections) very rapidly, leaving the attacked machine waiting to complete a huge number of connections, and causing it to run out of resources and start dropping legitimate connections.
  • Loop – Sends a forged SYN packet with identical source/destination address/port so that the system goes into an infinite loop trying to complete the TCP connection.
System configuration holes

Weaknesses in enterprise system configuration can be classified as follows:
  • Default configurations – Most systems are shipped to customers with default, easy-to-use configurations. Unfortunatel, “easy-to-use” can mean “easy-to-break-into” as well. Almost any UNIX or WinNT machine shipped can be exploited rather easily.
  • Empty/default root passwords – A surprising number of machines are configured with empty or default root/administrator passwords. One of the first things an intruder will do on a network is to scan all machines for empty passwords.
  • Hole creation – Virtually all programs can be configured to run in a non-secure mode which can leave unnecessary holes on the system. Additionally, sometimes administrators will inadvertently open a hole on a machine. Most administration guides will suggest that administrators turn off everything that doesn’t absolutely need to run on a machine in order to avoid accidental holes. Unfortunately this is easier said than done, since many administrators aren’t familiar with disabling many common services.
Exploiting software issues
Software bugs can be exploited in the server daemons, the client applications, the operating system, and the network stack. Software bugs can be classified in the following manner:
  • Buffer overflows – Almost all the security holes you read about in the press are due to this problem. A typical example is a programmer who will set aside a specific number of characters to hold a login username. Hackers will look for these types of vulnerabilities, often sending longer strings than specified, including code that will be executed by the server. Hackers find these bugs in several ways. First, the source code for a lot of services is available on the net. Hackers routinely look through this code searching for programs that have buffer limitations. Hackers will also examine every place the program accepts input and try to overflow it with random data. If the program crashes, there is a good chance that carefully constructed input will allow the hacker to break into the system.
  • Unexpected combinations – programs usually are constructed using many layers of code, including the underlying operating system as the bottom-most layer. Intruders can often send input that is meaningless to one layer, but meaningful to another when constructed properly.
  • Unhandled input – Most programs are written to handle valid input. Most programmers do not consider what happens when somebody enters input that doesn’t match the specification
Self-propagation: the new mission of attacks
Hackers are becoming increasingly sophisticated and are no longer content with simply gaining access to networks to cause mischief and disrupt service. Whereas hackers first spread viruses through individual networks simply because they could, we now are seeing more and more attacks that involve the use of Trojans designed to spread a virus to as many computers as possible, with the intent of taking control of these machines for nefarious purposes.
  • Trojans - Trojans enter the victim’s computer undetected, usually disguised as a legitimate e-mail attachment. Once the Trojan is opened by the unsuspecting recipient, the attacker is granted unrestricted access to the data stored on the computer. Trojans can either be hidden programs running on a computer, or hidden within a legitimate program, meaning a program that the user trusts will have functions they are not aware of.
  • Spreading viruses via Trojans - Hybrid attacks that combine the use of Trojans and traditional viruses have become increasingly popular. An example of this is the notorious Nimba virus that used multiple methods to spread itself and managed to get past anti-virus software by using a behavior not typically associated with viruses. Nimda exploited a flaw in the MIME header and managed to infect 8.3 million computers worldwide.
The increased sophistication of attacks is evidenced by viruses containing their own SMTP engines (MyDoom, Bagle.G, NetSky). By using its own SMTP engine, a virus can avoid the use of MAPI, which allows it to isolate itself from any e-mail client configuration issues and integrated virus scanner(s) that may be present.

The hacker’s toolkit
  • Crack/NTcrack/L0pht Crack - Crack network passwords using dictionaries or brute force. These packages also contain utilities for dumping passwords out of databases and sniffing them off the wire.
  • Expolit packs - A set of one or more programs that know how to exploit holes on systems (usually designed to be used once the targeted user is logged on).
  • NAT - Based on the SAMBA code, NAT is useful for discovering NetBIOS/SMB information from Windows and SAMBA servers.
  • Netcat - Characterized as a TCP/IP “Swiss Army Knife,” netcat allows intruders to script protocol interactions, especially text-based protocols.
  • Ping Sweepers - For pinging large numbers of machines to determine which ones are active.
  • Remote Security Auditors - Programs such as SATAN that look for a number of well known holes in machines all across the network.
  • Scanners - Programs like SATAN, ISS or CyberCop Scanner that probe the system for vulnerabilities. These tools check for a huge number of vulnerabilities and are generally automated, giving the hacker the highest return for minimal effort.
  • Sniffing utilities - For watching raw network traffic, such as Gobbler, tcpdump, or even a Network Associates Sniffer© Network Analyzer.
  • TCP and UDP port scanners - For scanning/strobing/probing which TCP ports are available. TCP port scanners can also run in a number of stealth modes to evade loggers.
  • War dialers - Look for dial-in ports by dialing multiple phone numbers.
Protect your enterprise
As businesses place increasing reliance on e-mail systems, they must address the growing security concerns from both e-mail borne attacks and attacks against vulnerable e-mail systems. When enterprise e-mail systems are left exposed by insecure devices, hackers can enter the organization and compromise the company’s corporate backbone, rendering investments in information technology security useless. The implications from a security breach can impact the company’s reputation, intellectual property and ability to comply with government regulations. The only way for organizations to fortify their e-mail systems is to use a comprehensive e-mail security gateway to lock down the e-mail systems. This approach includes:
  1. Locking down the e-mail system at the perimeter – Perimeter control for the e-mail systems starts with deploying an e-mail gateway. The e-mail gateway should be purpose-built with a hardened operating system, and intrusion detection capabilities to prevent the gateway from being compromised.
  2. Securing access from outside systems – The e-mail security gateway must be responsible for handling traffic from all external systems, and must ensure that traffic passed through is legitimate. By securing access from outside, applications like Web mail are prevented from being used to gain access to internal systems.
  3. Real-time monitoring of e-mail traffic – Real-time monitoring of e-mail traffic is critical to preventing hackers from utilizing e-mail to gain access to internal systems. Detection of attacks and exploits in e-mail, such as malformed MIME, requires continuous monitoring of all e-mail.
An e-mail security gateway should provide the following benefits:

Simplify administrator work
Rather than having multiple appliances from different vendors provide piecemeal protection for different areas of your e-mail network, the e-mail security solution that protects your enterprise should be capable of protecting the entire e-mail system on its own. Comprehensive security must be purpose-built into the e-mail security appliance, not added as an afterthought.

Easy integration
Integrating an intrusion detection/prevention system can be complicated, depending on your requirements. However, these systems must not complicate a network, and they should not require the administrator to spend additional time managing them.

Easy configuration
Many intrusion detection systems are difficult to navigate and configure. A purpose-built e-mail security system containing intrusion detection and prevention should be easy to configure and manage, with settings based on established best practices based on your particular type of business.

Read more!

Wednesday, September 19, 2007

100 Genuine ways to make money online - Review

Making money online is a dream for many, but the simple fact is that it’s often just as tough as making money offline. Due to requests, we’ve put together a list of the most popular money making methods today, many of them focused on blogging and peer production.

A word of caution: for the sake of completeness, we’ve included a small number of sites that have been criticized for their ethics. If it sounds too good to be true, it generally is. Commenters are welcome to share their experiences of the various sites.

Get Paid To Write


    squidooshot.PNG

Weblogs, Inc. - Apply to blog for one of their ninety plus blogs or submit your own topic idea. They will pay you per post that you write and you must meet their minimum post requirements.

PayPerPost - Get paid as much as $500 or more a month writing articles and reviews of their sponsors on your blog.

Blogsvertise - Their advertisers pay you to mention and talk about their websites, products and services in your own blog.

Review Me - After your blog has been accepted in their network, they will pay you $20 to $200 per post that you write.

Smorty - Earn $6 to $100 dollars per post you write on your blog. Amount paid for each post depends on the overall popularity and page rank of your blog.

SponsoredReviews - Write reviews for their advertisers’ products and services on your own blog. They charge a 35% transaction fee for their services.

LoudLaunch - Blog about the advertisers campaign releases that meet your interests. They pay once a month.

Blogitive - Get paid weekly via PayPal for posting stories that interest you.

BloggerWave - Select the advertiser opportunities that best suit your blog and write reviews on their products and services.

InBlogAds - Write about websites, products, services and companies on your blog and get paid for it.

BlogToProfit - Make $250 dollars or more by writing new posts on your blog.

Creative Weblogging - Write 7 to 10 posts per week for their network and they will pay you $225 per month.

WordFirm - Make money publishing books as a freelance writer from home.

451 Press - Write for a blog within their network and receive forty percent of all generated revenue.

Digital Journal - Network of bloggers that get paid to report on newsworthy articles through their blogs.

BlogBurner - Sign up for a free blog and get paid for writing new posts. Your commissions are generated through Adsense clicks.

Squidoo - Earn money by writing your new blog, or choose to donate your earnings to charity.

About.com - Become a paid guide writing articles for About.com. Compensation depends on the growth of your page views.

DayTipper - Earn $3 for every short tip you write and get published.

Helium - Earn a share of their advertising revenue by writing articles in their channels.

Dewitts Media - Get paid to write your own blog. This site requires you have a minimum page rank of 3 to sign up.

BOTW Media - Make money writing a blog for their blogging network.

CreamAid - Get paid to submit blog posts in their directory.

BlogFeast - Generate revenue from pre-installed Google Adsense ads when you blog in their network.

Mashable - Mashable hires freelancers and new staff, offering one of the largest platforms for tech bloggers.

Advertising Programs

    ypnshot.PNG

Google Adsense - Most popular pay-per-click advertising provider. Make anywhere from $0.01 to $5.00 plus per click on site relevant ads.

Text-Link-Ads - Approve or deny the advertiser links that appear on your site. They pay you 50% of the sale price for each text link sold on your website.

BlogAds - The average blogger makes anywhere from $50 to $5000 dollars a month selling blog ads. To participate in this program you will need to get sponsored by someone in their network.

LinkWorth - Here you will find eleven different options to fit your advertising needs. Choose from text based advertisements, sponsored ads and paid blog reviews to name a few.

CrispAds - Access to over six thousand advertisers in their pay-per-click program. You choose the advertisers that suit you best.

Chitika - Offers six types of advertising to fit your needs.

AzoogleAds - Delivers targeted advertisers to their network of publishers to bring you the most profitable solutions.

Vibrant Media - Offers in-text contextual based advertisements.

MediaFed - Place advertisements in your blog’s RSS feed to generate additional revenue.

Qumana - Embeds ads directly into your posts. Ads are generated from keywords that you select. Not particularly popular with readers.

PeakClick - Austria based pay-per-click provider. Provides automatic insertion of site targeted ads.

DoubleClick - Offers a full suite of products for publishers that enable you to forecast, sell inventory, serve ads and analyze campaigns online and through other digital channels.

Tribal Fusion - They offer reliable payments, free ad-serving technology, a dedicated account manager and up-to-date, real-time reporting, with a 55% payout. Must go through an approval process.

AdBrite - Approve or reject any ads purchased for your sites. Also gives you the ability to sell ads direct with “Your Ad Here” links.

ThankYouPages - Shows ads based on demographics and relevancy. Majority of traffic must originate from U.S.

Clicksor - Inline text link advertising, underlines words directly in your posts making them clickable advertisements. Once more, we’d say that inline ads are not popular with regular blog readers.

TargetPoint - Contextually and search targeted pay-per-click ads.

IndustryBrains - Place relevant contextual text listings and graphical ads on your site.

BloggingAds - Post one-time ads on your site. Pays via PayPal.

BulletAds - Performance based online advertising network.

AdsMarket - Match your traffic to handpicked advertisers with top-converting products and services.

ROIRocket - Targeted campaigns specific to your marketing needs.

AdKnowledge - Offers complete outsourcing of your advertising management. Runs ads in websites, email and search engine inventory.

Yes Advertising - Payouts for running ads from their sponsors. Also offers a referral program that pays 20% of the referred webmasters earnings.

RevenuePilot - Offers pay-for-performance and pay-per-click advertising for your sites.

SearchFeed - Integrates paid advertisements into your site’s search feature.

Bidvertiser - Display text ads on your site and advertisers bid for placement.

Pheedo - Monetize your RSS feeds with this program.

ValueClick media - Generate revenue by displaying ads through banners, pop-unders and rich media. Be warned that pop-unders are unpopular these days.

OneMonkey - Another text based advertising program.

Yahoo Publisher Network - Use the internet giant, Yahoo, to display targeted ads on your site.

Q Ads - Monetize your site by placing ads anywhere you can add a picture.

Affiliate Networks and Programs

    cafepressshot.PNG

Amazon Associates - Link to Amazon’s products and services and earn up to 10% of the sale price. Converts well for product-focused sites.

ClickBank - Over 10,000 products to promote with commissions as high as 75%.

Commission Junction - Promote the advertiser’s products and services in exchange for a commission on leads or sales.

LinkShare - Pay-for-performance affiliate marketing network. Gives you the ability to use individual product links on your site and generate revenue from sales.

Affiliate Fuel - Serves as a middle man to bring publishers and advertisers together to promote products and services.

LinkConnector - Affiliate marketing network that offers a zero tolerance fraud policy to keep you safe while conducting business.

LeadPile - Affiliate network that allows you to generate and sell trade leads to the highest bidder.

Forex-Affiliate - Affiliate program that allows you to earn commissions from trading Forex (currency exchange) online.

incentAclick - CPA (cost-per-action) affiliate program that guarantees the fastest ROI in the industry.

AdPlosion - Earn revenue by selling leads, clicks and products from their advertisers. Also runs an incentive points program in addition to your commissions.

AffiliateFuture - Another affiliate program that pays you for generating leads, sales and clicks.

ClixGalore - Affiliate network consisting of 7500+ advertisers for you to choose from.

ThinkAction - Affiliate network that claims to have the top payouts and the possibility of earning over $100,000 dollars per month.

RocketProfit - Affiliate network, pays via check after your commissions reach $25 dollars.

CafePress - Earn affiliate commissions by selling your personally branded merchandise.

Avangate - Make money selling popular computer software titles through your site.

Paid Social Media Programs

    dadanetshot.PNG

Dada.net - Social site with a revenue sharing program that pays you for referring friends and driving traffic.

Jyve - Pays you to provide answers, advice and peer support to people in need of some help.

Cruxy - Specializes in social video, but serves as a venue to sell your digital media.

BitWine - Get paid to give advice and answer questions for people, on subjects of your interests and choice.

Ether - Make money answering questions for your peers over the phone. You set your rates and call availability.

UpBlogger - Social network site that pays you based on the amount of visits you receive to your uploaded content.

JustAnswer - Help others solve their problems and earn money for your knowledge.

MetaCafe - Upload your videos and earn money based on the number of views you receive.

ChaCha - Get paid to offer support to members of their community.

AssociatedContent - Earn money by uploading your videos, text, audio and images to their site. Earnings are determined by the exposure you receive from your content.

myLot - Pays you for posting, commenting and using their social network.

KnowBrainers - Another site that pays you to get involved with the community and answer questions. Optionally you can answer questions through the RSS feeds on your own blog.

Everything Else That Pays

    mturkshot.PNG

Google User Research - Google Pays you money to participate in their user research studies online.

Microsoft Research Panel - Get paid from Microsoft for providing feedback on their products.

Amazon Mechanical Turk - Amazon pays you to complete simple tasks that their computers can’t understand. Payments are a matter of cents.

eJury - Earn $5 to $10 dollars per verdict rendered as a mock juror for practice trials.

WorkingSOL - This company pays you to handle technical support for many large companies. You can work from home on the computer or by phone and decide what times you are available.

Appingo - Always looking for experienced copy editors and proof readers. Must submit a resume.

IntelliShop - Pays you to shop at stores in your area and write a review of your experience.

Mahalo Greenhouse - They pay $10 to $15 dollars per site you submit to their directory.

Focus Pointe Global - Get paid to join their focus groups and voice your opinion. Available to teens and adults.

Agloco - Sign up, download their toolbar and get paid to surf the internet. This site has been criticized as a “pyramid scheme”, although the founders deny the allegation.

Arise - Make money providing phone, web and email support and sales for 40 plus companies in their network.

CraZoo - Earn money for starting new threads and posting in online forums.

Tutor.com - Get paid to tutor people online.

ForumBoosting.com - Make money posting in forums across the internet.

Share-A-Pic - Earn money by uploading and sharing your pictures on their website.

Opuzz Voice - Earn money by doing voice overs for their clients online.

SlashMySearch - Get paid to search the internet with their search engin

Read more!

Friday, September 14, 2007

How to create Win XP SP2 Live CD

We are going to create a windows XP Live CD

For this, wee are going to use Bart's PE Builder. The CD build this way would be able to

  • Read and Write NTFS drives
  • Get network access and copy files off hosted machines
  • Remove malware
  • Manipulate the local users and registry
Things Required:

Now lets get going....

Now first of all we have to copy all the files to a local drive, for the sake of example lets say we copy the windows entire CD in c:\winxp-xp2-CD

OK, go ahead and install the Bart's PE Builder. Its really simple just keep on clicking next all the way and you would be done. (Unless you want to change the install directory)

Launch the application, you will have to accept the agreement to continue...

After accepting the agreement, it will ask you if it should search for the installation files... you can always do that, or you can choose "No" and manually feed it later, now the screen that will come up is this



In the Source field, just put the path of the folder where we copied the Win XP files

Also choose "Create ISO Image" radio button.

If you want, you can click on plugins and choose which plugins you want to enable, you have to decide it before the build if you are going to burn it on a disc.

After thats done, just click on build and the software will create the ISO image in the specified folder.

OK, now we have a desired ISO image.

Again we can either burn it on a CD and your computer can boot from the CD and reach the desktop, the C drive will be visible so you can easily remove / any file from C drive as the computer has booted from the disc.

Or you can use any software (recommended) such as VMware Player, its a free program that can run your ISO image.
Its also recommended for the people to first "dry run" the ISO on a VMware player so that you can be sure that you have all the things going

For additional fuctionalities being added you have to download and copy the plugins on to the PE Builder directory. There are litrally thousands of plugins available Here

Read more!

How to create Linux LiveCD

There are two ways to do it, actually you can either go ahead and create a customized Linux LiveCD yourself from scratch. For that there is an artical on IBM's website - Artical

This actually a more geeky method, a bit complicated for newbies, on the other hand there is another option... an easy one

There are some nice guys out there who have hosted their custom built LiveCDs

You can just download their ISO image file and burn that on the CD or run it through VMware player

You can get hundreds of free IOS linux LiveCD images and tools here

Read more!

Guide to Live CD

Live CD is a generic term for an operating system distribution that is executed upon boot, without installation on a hard drive. Typically, it is stored on a bootable medium, such as a CD-ROM (Live CD), DVD (Live DVD), Floppy (Live floppy), USB flash drive (Live USB), among others

A LiveCD does not alter the current operating system or files unless the user specifically requests it. The system returns to its previous state when the LiveCD is ejected and the computer is rebooted. It does this by placing the files that typically would be stored on a hard drive into temporary memory, such as a ram disk. In fact, a hard drive is not needed at all. However, this does cut down on the RAM available to applications, reducing performance somewhat. Certain LiveCDs run a GUI in as little as 32Mb RAM.

A LiveCD may be used to "demo" or "test drive" a particular operating system for those users who are unfamiliar with it. Experienced users of the operating system may also use a LiveCD to determine whether and to what extent a particular operating system version is compatible with their current hardware configuration and peripherals.

File system

A Read-only file system, such as on a CD-ROM has the drawback of being unable to save any current working data. For this reason, a read-only file system is often merged with a temporary writable file system in the form of a ramdisk. Often the default Linux directories "/home" (containing users' personal files and configuration files) and "/var" (containing variable data) are kept in ramdisk, because the system updates them frequently.

Hardware detection

LiveDistros have to be able to detect a wide variety of hardware (including network cards, graphic cards etc.). This is easily achieved nowadays by udev or hotplug, which is a common part of all distributions

Emulation

There are number of emulators on the market that can be used to try a LiveCD without the need to install it on a medium or burn it to a CD or boot it on the computer. The most widely supported emulator is VMware. (Click here for more info)
VirtualBox is only a virtualization box, not an emulator which is far speedier than emulation and a good alternative. Some emulators are distributed as free software under the GPL license. Others, such as VMware, are distributed under for-fee proprietary licenses. An emulator that has turned from commercial to freeware is Microsoft Virtual PC.

Learn how to create a Linux Live CD

Read more!

Tuesday, September 11, 2007

A complete Guide to Virtualization


What is Virtualization?


Virtualization is a proven software technology that is rapidly transforming the IT landscape and fundamentally changing the way that people compute.

Today’s powerful x86 computer hardware was originally designed to run only a single operating system and a single application, but virtualization breaks that bond, making it possible to run multiple operating systems and multiple applications on the same computer at the same time, increasing the utilization and flexibility of hardware.

Virtualization is a technology that can benefit anyone who uses a computer, from IT professionals and Mac enthusiasts to commercial businesses and government organizations. Join the millions of people around the world who use virtualization to save time, money and energy while achieving more with the computer hardware they already own.

How Does Virtualization Work?

In essence, virtualization lets you transform hardware into software. Use software such as VMware Server to transform or “virtualize” the hardware resources of an x86-based computer—including the CPU, RAM, hard disk and network controller—to create a fully functional virtual machine that can run its own operating system and applications just like a “real” computer.

Multiple virtual machines share hardware resources without interfering with each other so that you can safely run several operating systems and applications at the same time on a single computer.

The VMware Approach to Virtualization

The VMware approach to virtualization inserts a thin layer of software directly on the computer hardware or on a host operating system. This software layer creates virtual machines and contains a virtual machine monitor or “hypervisor” that allocates hardware resources dynamically and transparently so that multiple operating systems can run concurrently on a single physical computer without even knowing it.

However, virtualizing a single physical computer is just the beginning. VMware offers a robust virtualization platform that can scale across hundreds of interconnected physical computers and storage devices to form an entire virtual infrastructure.

Discover the Value of Virtualization

Virtualization is a technology that can benefit anyone who uses a computer. Millions of people and thousands of organizations around the world—including all of the Fortune 100—use VMware virtualization solutions to reduce IT costs while increasing the efficiency, utilization and flexibility of their existing computer hardware. Read below to discover how virtualization can benefit your organization.

Top 5 Reasons to Adopt Virtualization Software

  1. Server Consolidation and Infrastructure Optimization: Virtualization makes it possible to achieve significantly higher resource utilization by pooling common infrastructure resources and breaking the legacy “one application to one server” model.
  2. Physical Infrastructure Cost Reduction: With virtualization, you can reduce the number of servers and related IT hardware in the data center. This leads to reductions in real estate, power and cooling requirements, resulting in significantly lower IT costs.
  3. Improved Operational Flexibility & Responsiveness: Virtualization offers a new way of managing IT infrastructure and can help IT administrators spend less time on repetitive tasks such as provisioning, configuration, monitoring and maintenance.
  4. Increased Application Availability & Improved Business Continuity: Eliminate planned downtime and recover quickly from unplanned outages with the ability to securely backup and migrate entire virtual environments with no interruption in service.
  5. Improved Desktop Manageability & Security: Deploy, manage and monitor secure desktop environments that end users can access locally or remotely, with or without a network connection, on almost any standard desktop, laptop or tablet PC.
What is a Virtual Machine?

A virtual machine is a tightly isolated software container that can run its own operating systems and applications as if it were a physical computer. A virtual machine behaves exactly like a physical computer and contains it own virtual (ie, software-based) CPU, RAM hard disk and network interface card (NIC).

An operating system can’t tell the difference between a virtual machine and a physical machine, nor can applications or other computers on a network. Even the virtual machine thinks it is a “real” computer. Nevertheless, a virtual machine is composed entirely of software and contains no hardware components whatsoever. As a result, virtual machines offer a number of distinct advantages over physical hardware.


Benefits

  • Compatibility: Just like a physical computer, a virtual machine hosts its own guest operating system and applications, and has all the components found in a physical computer (motherboard, VGA card, network card controller, etc). As a result, virtual machines are completely compatible with all standard x86 operating systems, applications and device drivers, so you can use a virtual machine to run all the same software that you would run on a physical x86 computer.
  • Isolation: While virtual machines can share the physical resources of a single computer, they remain completely isolated from each other as if they were separate physical machines. If, for example, there are four virtual machines on a single physical server and one of the virtual machines crashes, the other three virtual machines remain available. Isolation is an important reason why the availability and security of applications running in a virtual environment is far superior to applications running in a traditional, non-virtualized system.
  • Encapsulation: A virtual machine is essentially a software container that bundles or “encapsulates” a complete set of virtual hardware resources, as well as an operating system and all its applications, inside a software package. Encapsulation makes virtual machines incredibly portable and easy to manage. For example, you can move and copy a virtual machine from one location to another just like any other software file, or save a virtual machine on any standard data storage medium, from a pocket-sized USB flash memory card to an enterprise storage area networks (SANs).
  • Hardware Independence: Virtual machines are completely independent from their underlying physical hardware. For example, you can configure a virtual machine with virtual components (eg, CPU, network card, SCSI controller) that are completely different the physical components that are present on the underlying hardware. Virtual machines on the same physical server can even run different kinds of operating systems (Windows, Linux, etc). When coupled with the properties of encapsulation and compatibility, hardware independence gives you the freedom to move a virtual machine from one type of x86 computer to another without making any changes to the device drivers, operating system, or applications. Hardware independence also means that you can run a heterogeneous mixture of operating systems and applications on a single physical computer.

What is a Virtual Infrastructure?

In essence, a virtual infrastructure is a dynamic mapping of physical resources to business needs. While a virtual machine represents the physical resources of a single computer, a virtual infrastructure represents the physical resources of the entire IT environment, aggregating x86 computers and their attached network and storage into a unified pool of IT resources.

Structurally, a virtual infrastructure consists of the following components:

  • Single-node hypervisors to enable full virtualization of each x86 computer.
  • A set of virtualization-based distributed system infrastructure services such as resource management to optimize available resources among virtual machines.
  • Automation solutions that provide special capabilities to optimize a particular IT process such as provisioning or disster recovery.

Read more!

Monday, September 10, 2007

Honeypots - Complete Reference

A honeypot is a trap set to detect or deflect attempts at unauthorized use of information systems. Generally it consists of a computer, data or a network site that appears to be part of a network but which is actually isolated and protected, and which seems to contain information that would be of value to attackers.

Honeypots are a new technology for the network security industry whose value,unlike most security tools designed to defend and protect a computer network, lies in being probed, attacked, or compromised

When a group of suspected Pakistani hackers broke into a U.S.-based computer system in June, they thought they had found a vulnerable network to use as an anonymous launching pad to attack Web sites across India. But what they had done was walk right into a trap known as a honeypot -- a specially equipped system deployed by security professionals to lure hackers and track their every move. For a month, every keystroke they made, every tool they used, and every word of their online chat sessions was recorded and studied. The honeypot administrators learned how the hackers chose their targets, what level of expertise they had, what their favorite kinds of attacks were, and how they went about trying to cover their tracks so that they could nest [avoid detection] on compromised systems...

Honeypots may be used for the following purposes:

  • Prevention: Even though a honeypot's value, as defined above, lies in being compromised, a honeypot may contribute to the prevention of unauthorized network access by enticing attackers to spend time and resources attacking honeypots as opposed to attacking production systems.
  • Detection: Most organization's networks are so routinely overwhelmed with production activity that it can be extremely difficult to detect when the system is attacked. Since honeypots have no production activity, all connections to and from the honeypot are suspect by nature.

  • Reaction: Production activity that occurred prior to and after an attack on a compromised system often makes it difficult for the response team to determine what happened. Another problem that prevents incident response teams from gathering data is that many organizations' compromised systems frequently cannot be taken off line even after they have been compromised. Honeypots add value by reducing or eliminating both problems.

  • Research: One of the greatest challenges the security community faces is in gathering information about the enemy. Honeypots can be an added research tool by giving a platform to study the threat. Using honeypots for research is an advanced application more suited for the scientific community and academia than for corporations.

How They Work

Once again, honeypots are a resource without any production value. Therefore, any activity on a honeypot would be unauthorized, suspicious and most likely malicious.

A honeypot may be visualized as an additional computer on a network. The "computer" (honeypot) may be set up to simulate various network vulnerabilities. When a hacker scans a network for vulnerable systems they find and attack the honeypot, alerting the systems' manager of the probe and, depending on the type of honeypot, capturing data relating to the type of attack, including downloaded tools, worms, BoTs and/or viruses, for further study.


Types of Honeypots

Honeypots may be broken down into two general categories: production honeypots and research honeypots. The decision to deploy one over the other is based on the purpose of deployment, as two different purposes are served, and come with two different risk levels.

  • Production Honeypots: Production honeypots have a direct positive effect on security by protecting a network. They do this by preventing, detecting, and responding to attacks. (See: "What is a Honeypot?" page 9 of this paper) They are easier to build and deploy because they require less functionality. Because of their relative simplicity and the fact they emulate services, they are less risky and difficult to use than research honeypots. Conversely, they do not gather as much information about attackers and attacks.
  • Research Honeypots: Research honeypots, as the name implies, are used to gather information about attacks. They have a more indirect positive effect on security by allowing for the study of hacker tools and trends such as downloaded software, worms, or viruses. Information retrieved from research honeypots may also be used to learn about the hackers themselves by capturing on-line conversations amongst hackers made from the honeypots.
On the down side, research honeypots are riskier to deploy than production honeypots. In order to gather as much information as possible from hackers, the honeypot administrator must give them something with which to interact. Therefore, research honeypots are full-blown operating systems and applications that require more time and effort to administer.


The Honeypot Security Role

Honeypots have been around for approximately ten years, but only recently have they begun to receive more interest from the security community to be used as decoys that may be probed, attacked, and compromised. Once a honeypot is attacked, security administrators have an opportunity to watch the hacker move around the system. Not only can he/she monitor the hacker's movements, he/she may also see the tools the hacker uses to gain entry and the type of information the hacker is attempting to acquire.

"The beauty of a honeypot lies in its simplicity. It is a device intended to be compromised, not to provide production services. This means there is little or no production traffic going to or from the device. Any time a connection is sent to the honeypot, this is most likely a probe, scan, or even attack. Any time a connection is initiated from the honeypot, this most likely means the honeypot was compromised. As there is little production traffic going to or from the honeypot, all honeypot traffic is suspect by nature. Now, this is not always the case. Mistakes do happen, such as an incorrect DNS entry or someone from accounting inputting the wrong IP address. But in general, most honeypot traffic represents unauthorized activity."

Advantages

The primary advantage of honeypots is their simplicity. Basically, because they have no production value, any activity on a honeypot is unauthorized and potentially malicious. It is from this simple concept the following additional advantages may be derived.

  • Data Value: One challenge network security specialists face is an inability to focus on malicious or unauthorized activity taking place on production computers amongst the sheer volume of activity processed each day. Since any activity on a honeypot is suspect (most likely a scan, probe, or attack), a honeypot reduces the "noise" by collecting only small data sets of high-value information.
  • Tools, Tactics and Viruses: Honeypots may be designed to capture anything downloaded to them. Therefore, they are useful in tracking hacker activity and tactics, but they may also capture programs downloaded by hackers, including the tools used to gain control or access to other's computers and data. Honeypots have also been used to capture and study entire viruses, leading to the development of anti-virus tools.
  • Simplicity: One of the greatest advantages of honeypots, as stated above, is their simplicity. Most honeypots only need to be connected to a network. The user may then just sit back and wait for signal that the honeypot has been attacked. Though research honeypots may be more complex, all honeypots work on the same basic premise: if there is an activity, check it out.

Disadvantages

Like any other technology, honeypots also have weaknesses. Even with the advantages listed previously, honeypots do not replace existing security technology.

  • Limited View: Honeypots can only track and capture activity that directly interacts with them. Honeypots will not capture attacks against other systems unless the attacker or threat also interacts with the honeypots. Therefore, if an attacker breaks into a network and attacks any other system, the honeypot will be unaware of the activity.
  • Fingerprinting: Another disadvantage of honeypots is the ability of a tracker to identify its use. Fingerprinting is when an attacker can identify the true identity of a honeypot because it has certain expected characteristics or behaviors. This threat is even greater for research honeypots. Once an attacker identifies the system as one designed to gather information, he/she may continue to interact with it in a way that will lead the security community to make incorrect conclusions based on the data collected.
  • Risk: A honeypot, once attacked, may be used to attack or gain entry to other systems. This risk varies with the type of honeypot being compromised. A production honeypot may be of limited use to a hacker as a platform to stage further attacks. On the other hand, a research honeypot, depending on its implementation, may give the hacker this ability.


Low Interaction Honeypots

A low interaction honeypot is one that is easy to install, configure, deploy, and maintain. Because the attacker can do less than he might with other higher interaction honeypots, it is less risky to implement. Low interaction honeypots do not allow the attacker access to an operating system from which he/she might attack other systems, which also significantly reduces risk. Low interaction honeypots are normally production honeypots, as they are used to protect an organization.

Since low interaction honeypots restrict an attacker's activity, they are limited in the amount of information they can give about an attacker. The information received from this type of honeypot is normally restricted to the following:

  • The time and date of attack
  • Source IP address and source port of the attack
  • Destination IP address and destination port of the attack

An example of a low interaction honeypot is BackOfficer Friendly. BackOfficer Friendly emulates a limited number of services. By limiting the number of services, the attacker is restricted to how much he/she can interact with the honeypot. BackOfficer Friendly will be discussed in greater detail in the next section. Figure 5-1 depicts an installation of BOF detecting an unauthorized connection. The honeypot allows an attacker to connect to a port and attempt to execute a restricted number of commands, after which the attacker is disconnected.

Medium Interaction Honeypots

Medium interaction honeypots offer attackers more ability to interact than do low interaction honeypots, but less than those considered high interaction. They are usually more time-consuming to install and configure as they normally involve a high level of development and customization from an organization. As attackers have an increased ability to interact with this type of honeypot, more caution must be used to ensure that the attacker does not have access to other systems.

An example of a medium interaction honeypot would be the use of the jail. This functionality allows an administrator to partition an operating system environment, creating a virtual operating system within a real operating system. The virtual operating system can be controlled by the real operating system, but gives the appearance and feel of a true operating system. The goal is for an attacker to attack and gain access to the jailed environment, and then the attacker's activities can be heavily monitored or controlled from the real or master operating system.

A medium interaction honeypot is more complicated to deploy and comes with a higher risk, increasing the chance that something may go wrong. Therefore, there is an increased maintenance cost (time) to deploying and maintaining this level of technology. However, with greater risk comes greater reward; medium interaction honeypots may be configured to allow the administrator to gather specific the types of attack information data.

High Interaction Honeypots

High interaction honeypots are most often research honeypots. They are used, at a great amount of risk, to gather large amounts of information about attackers. The goal of a high interaction honeypot is to give the attacker access to a real operating system where nothing is emulated or restricted. High interaction honeypots give users the opportunity to capture the tools, monitor the activity, and even learn how hackers communicate with one another.

Since this type of honeypot allows the attacker to interact with a real operating system there is the possibility that an attacker might use the honeypot to attack other computers. In order to ensure that this does not take place, high interaction honeypots need to be placed within a controlled environment that restricts the ability of a hacker to launch attacks from within. One of the difficulties in maintaining this type of architecture is to not allow the attacker to realize that he/she is being monitored in a controlled environment.

Because of the amount of risk involved and the complexity in their implementation, high-interaction honeypots may be extremely difficult to configure, install, and maintain. Nonetheless, they are the best resource for studying the blackhat community as well as for capturing worms and viruses in the wild for analysis.

Lets take a look on some of the popular honeypots

BackOfficer Friendly (BOF) -
BackOfficer Friendly is a low interaction honeypot supported by NFR Security Inc. that can run on almost any Windows-based platform to include Windows 95 and Windows 98. It was designed to identify attacks from Back Orifice. Back Orifice is a remote control penetration application originally produced and distributed by the Cult of the Dead Cow. Much like a computer virus, it is distributed as an embedded program within downloadable shareware utilities and executable greeting card programs. When the user opens the downloaded file Back Orifice installs itself on the user's machine and allows the attacker complete control of the computer through the Internet connection.

Specter - Specter is a commercial honeypot supported by NetSec, a network security company based in Switzerland. Like BOF, Specter is a low interaction honeypot that offers no operating system for the attacker to access. Yet, Specter offers far more functionality, including the ability to monitor more services and to more realistically emulate the applications. Additionally, the system may be configured to emulate vulnerabilities, making it more attractive to hackers, and to even deliver bogus information to a hacker during an attack.

Honeyd - Honeyd is a prepackaged OpenSource honeypot designed for the UNIX platform by Neils Provos. OpenSource means that the solution is free and the user has access to the source code, which enables customization. It is a low interaction honeypot; therefore, there is no operating system to interact with and it is designed primarily to detect attacks or unauthorized activity. Since it is an OpenSource solution and highly customizable, the user may configure it to listen on any port he/she wants and to adjust the level of emulation to meet his/her specifications.
One of the most interesting concepts introduced by Honeyd is that it does not detect attacks against its own IP address. Instead, it assumes the identity of IP addresses that do not have a valid system. It does this by monitoring all of the unused IP addresses in a network. When an attacker attempts to connect to one of these unused IP addresses Honeyed assumes the identity of the intended target and replies to the attacker.

Decoy Server - Decoy Server, previously called ManTrap, is a high interaction honeypot sold by Symantec. Decoy Server is unique in that it provides a complete operating system in which the attackers may interact, which then captures their every action.
Decoy Server creates a jailed environment in which attackers have access to virtual cages as opposed to limited operating systems. The cages are controlled environments from which the attacker is unable to escape. Decoy Server is also able to create up to four of these cages on a single system.

Honeynets - A Honeynet is a high interaction honeypot designed primarily for research. Rather than its value being in detecting or deceiving attackers, its value is in its ability to gain information on threats.
One of the unique features of a honeynet is that, rather than emulating a single system like BOF and Specter or multiple systems like Honeyd and Decoy Server, it is actually a network of standard production systems. The systems are put behind some type of access control device and monitored for activity

Read more!