03-04-2010, 11:10 PM
Training Report On IT SECURITY ETHICAL HACKING
Submitted to: Submitted By:
Dr. Sanjeev Jain Mayank Banwari
Prof. & HOD 0103CS061058
(Department of CSE)
COURSE TITLE
Information Security & Ethical Hacking:
Why Information Security
After the boom in Networking and Software jobs, the past two years have seen a sharp rise in the field of Information Security. Information Security and Ethical hacking is the latest buzzword in the industry. In the past five years, the percentage of hacking crimes, data thefts, data losses, viruses and other cyber crimes have increased exponentially. NASSCOM predicts requirement of 1, 88,000 professionals by the year 2008. Currently the number of security professionals in India is around 22,000. The current demand for Information Security jobs continue to grow. With information security increasingly becoming a boardroom level concern, training and certification are becoming increasingly important for candidates and companies like. Need for Information Security in the Indian Market Security Compliance is must for all companies with IT backbone. The requirement is high with organizations in IT / ITES segment. Information workers lack of basic security knowledge. Information Security Industry is going through an exponential growth rate, current worldwide growth rate is billed at 21 %.
INDEX
1. Cover Page 1
2. Certificate 2
3. Institute Name 3
4. Course title 4
5. Index 5
6. Introduction to IT Security and E-Hacking. 6
7. What are virus,worms,Backdoor Trojans. 8
8. What is Firewall and Ports. 12
9. What is Registry 14
10. What is Group Policy Editor. 15
11. Proxy Servers 17
12. GFI LAN guard Scanner 19
13. Phishing 21
14. Email-Tracker 22
15. Net Tools 25
16. Cryptography 26
17. Art of Googling 27
18. Data Recovery 28
19. Virtualization 30
Introduction to IT Security & Ethical Hacking
Ethical hackers
Employed by companies to perform penetration tests
Penetration test
Legal attempt to break into a companyâ„¢s network to find its weakest link
Tester only reports findings, does not harm the company
Ethical hackers
Employed by companies to perform penetration tests
Penetration test
Legal attempt to break into a companyâ„¢s network to find its weakest link
Tester only reports findings, does not harm the company
What is a Hacker
Eric Raymond, compiler of The New Hacker's Dictionary, defines a hacker as a clever programmer. A "good hack" is a clever solution to a programming problem and "hacking" is the act of doing it. Raymond lists five possible characteristics that qualify one as a hacker, which we paraphrase here:
¢ A person who enjoys learning details of a programming language or system
¢ A person who enjoys actually doing the programming rather than just theorizing about it
¢ A person capable of appreciating someone else's hacking
¢ A person who picks up programming quickly
¢ A person who is an expert at a particular programming language or system, as in "Unix hacker"
Hacker classes
Black hats “ highly skilled, malicious, destructive crackers
White hats “ skills used for defensive security analysts
Gray hats “ offensively and defensively; will hack for different
reasons, depends on situation.
Hactivism “ hacking for social and political cause.
Ethical hackers “ determine what attackers can gain access to, what they will do with the information, and can they be detected.
Anatomy of an attack:
Gathering Data “ attacker gathers information; can include social engineering.
Scanning “ searches for open ports (port scan) probes target for vulnerabilities.
Gaining access “ attacker exploits vulnerabilities to get inside system; used for spoofing IP.
Maintaining access “ creates backdoor through use of Trojans; once attacker gains access makes sure he/she can get back in.
Covering tracks “ deletes files, hides files, and erases log files. So that attacker cannot be detected or penalized
Raymond deprecates the use of this term for someone who attempts to crack someone else's system or otherwise uses programming or expert knowledge to act maliciously. He prefers the term cracker for this meaning.
The term hacker is used in popular media to describe someone who attempts to break into computer systems. Typically, this kind of hacker would be a proficient programmer or engineer with sufficient technical knowledge to understand the weak points in a security system
A cracker is someone who breaks into someone else's computer system, often on a network; bypasses passwords or licenses in computer programs; or in other ways intentionally breaches computer security. A cracker can be doing this for profit, maliciously, for some altruistic purpose or cause, or because the challenge is there. Some breaking-and-entering has been done ostensibly to point out weaknesses in a site's security system.
A program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are manmade. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems.
Since 1987, when a virus infected ARPANET, a large network used by the Defense Department and many universities, many antivirus programs have become available. These programs periodically check your computer system for the best-known types of viruses.
Some people distinguish between general viruses and worms. A worm is a special type of virus that can replicate itself and use memory, but cannot attach itself to other programs.
What Is a Virus
A computer virus attaches itself to a program or file enabling it to spread from one computer to another, leaving infections as it travels. Like a human virus, a computer virus can range in severity: some may cause only mildly annoying effects while others can damage your hardware, software or files.
Almost all viruses are attached to an executable file, which means the virus may exist on your computer but it actually cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be spread without a human action, (such as running an infected program) to keep it going.
People continue the spread of a computer virus, mostly unknowingly, by sharing infecting files or sending e-mails with viruses as attachments in the e-mail.
What Is a Worm
A worm is similar to a virus by design and is considered to be a sub-class of a virus. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any human action. A worm takes advantage of file or information transport features on your system, which is what allows it to travel unaided
The biggest danger with a worm is its capability to replicate itself on your system, so rather than your computer sending out a single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating effect. One example would be for a worm to send a copy of itself to everyone listed in your e-mail address book. Then, the worm replicates and sends itself out to everyone listed in each of the receiver's address book, and the manifest continues on down the line.
Due to the copying nature of a worm and its capability to travel across networks the end result in most cases is that the worm consumes too much system memory
(or network bandwidth), causing Web servers, network servers and individual computers to stop responding. In recent worm attacks such as the much-talked-about Blaster Worm, the worm has been designed to tunnel into your system and allow malicious users to control your computer remotely
What Is a Trojan horse
A Trojan Horse is full of as much trickery as the mythological Trojan Horse it was named after. The Trojan Horse, at first glance will appear to be useful software but will actually do damage once installed or run on your computer. Those on the receiving end of a Trojan Horse are usually tricked into opening them because they appear to be receiving legitimate software or files from a legitimate source. When a Trojan is activated on your computer, the results can vary. Some Trojans are designed to be more annoying than malicious (like changing your desktop, adding silly active desktop icons) or they can cause serious damage by deleting files and destroying information on your system. Trojans are also known to create a backdoor on your computer that gives malicious users access to your system, possibly allowing confidential or personal information to be compromised. Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate.
What Are Blended Threats
Added into the mix, we also have what is called a blended threat. A blended threat is a more sophisticated attack that bundles some of the worst aspects of viruses, worms, Trojan horses and malicious code into one single threat. Blended threats can use server and Internet vulnerabilities to initiate, then transmit and also spread an attack. Characteristics of blended threats are that they cause harm to the infected system or network, they propagates using multiple methods, the attack can come from multiple points, and blended threats also exploit
vulnerabilities
To be considered a blended thread, the attack would normally serve to transport multiple attacks in one payload. For example it wouldn't just launch a DoS attack †it would also, for example, install a backdoor and maybe even damage a local system in one shot. Additionally, blended threats are designed to use multiple modes of transport. So, while a worm may travel and spread through e-mail, a single blended threat could use multiple routes including e-mail, IRC and file-sharing sharing networks.
Lastly, rather than a specific attack on predetermined .exe files, a blended thread could do multiple malicious acts, like modify your exe files, HTML files and registry keys at the same time †basically it can cause damage within several areas of your network at one time.
Blended threats are considered to be the worst risk to security since the inception of viruses, as most blended threats also require no human intervention to propagate.
Combating Viruses, Worms and Trojan Horses
The first step in protecting your computer from any malicious there is to ensure that your operating system (OS) is up-to-date. This is essential if you are running a Microsoft Windows OS. Secondly, you need to have anti-virus software installed on your system and ensure you download updates frequently to ensure your software has the latest fixes for new viruses, worms, and Trojan horses. Additionally, you want to make sure your anti-virus program has the capability to scan e-mail and files as they are downloaded from the Internet, and you also need to run full disk scans periodically. This will help prevent malicious programs from even reaching your computer. You should also install a firewall as well.
A firewall is a system that prevents unauthorized use and access to your computer. A firewall can be either hardware or software. Hardware firewalls
provide a strong degree of protection from most forms of attack coming from the outside world and can be purchased as a stand-alone product or in broadband routers. Unfortunately, when battling viruses, worms and Trojans, a hardware firewall may be less effective than a software firewall, as it could possibly ignore embedded worms in out going e-mails and see this as regular network traffic.
For individual home users, the most popular firewall choice is a software firewall. A good software firewall will protect your computer from outside attempts to control or gain access your computer, and usually provides additional protection against the most common Trojan programs or e-mail worms. The downside to software firewalls is that they will only protect the computer they are installed on, not a network.
It is important to remember that on its own a firewall is not going to rid you of your computer virus problems, but when used in conjunction with regular operating system updates and a good anti-virus scanning software, it will add some extra security and protection for your computer or network
Backdoor Trojans
Background Information
Examples of backdoor trojans are Netbus or Back Orifice. They allow other people to control your computer over the Internet. When you run a program that contains the Backdoor trojan, it will copy itself to the Windows or Windows\System directory and add itself to the system's registry. Trojans are usually claimed to be some sort of desirable program. For example, one popular trojan wrapper is a game called "Whack a Mole". Another is a game call "Pie Bill Gates". Once the program is in memory, it tries to hide itself on the task list. It doesn't show any icon or indication that it is running. It listens on a port until someone connects. The person who is controlling your computer uses a program that lets them record keystrokes, view files, move the mouse, open and close the CD-ROM, etc. Sometimes, the trojan is customized so that the person who planted it gets an e-mail when you run it.
Removal
The trojan tries to make itself hard to remove. For Back Orifice, it uses a file with a name that shows usually shows up as " .EXE" Sometimes it uses a name like "MSGSRV32.DRV". Windows prevents deleting the trojan file while it is active. Some of the regular antivirus software can find these trojans and delete them while Windows is not running. The antivirus program should find at least one EXE or DRV file containing the trojan. If it finds a .DLL file, then it is just an add-on to the trojan that provides extra features. If you decide to use a single purpose trojan remover, then be cautious. Sometimes trojans are disguised as trojan removers. For example, SynTax Back Orifice Remover and BOSniffer are all Back Orifice. A program imitating Antigen named Trojan.Win32.Antigen claims to remove Back Orifice but is actually a program that steals passwords. There are legitimate Anti-Trojan programs, but make sure you get recommendations from people who have tried them and download them directly from the author's site. You can also remove it from the registry manually. Click Start, then Run, then type regedit in the text box, then click OK. Click HKEY_LOCAL_MACHINE, then Software, then Microsoft, then Windows, then CurrentVersion. Check under Run and RunServices for any suspicious-looking files. Some files are Normally under this part of the registry. They are Rundll32.exe, systray.exe, scanregw.exe, taskmon.exe, mstask.exe. There are also some other files that are legitimate parts of the registry.
Why is it called "Spyware"
While this may be a great concept, the downside is that the advertising companies also install additional tracking software on your system, which is continuously "calling home", using your Internet connection and reports statistical data to the "mothership". While according to the privacy policies of the companies, there will be no sensitive or identifying data collected from your system and you shall remain anonymous, it still remains the fact, that you have a "live" server sitting on your PC that is sending information about you and your surfing habits to a remote location.....
Are all Adware products "Spyware"
No, but the majority are. There are also products that do display advertising but do not install any tracking mechanism on your system. These products are not indexed in our database.
Is Spyware illegal
Even though the name may indicate so, Spyware is not an illegal type of software in any way. However there are certain issues that a privacy oriented user may object to and therefore prefer not to use the product. This usually involves the tracking and sending of data and statistics via a server installed on the user's PC and the use of your Internet connection in the background.
What's the hype about
While legitimate adware companies will disclose the nature of data that is collected and transmitted in their privacy statement (linked from our database), there is almost no way for the user to actually control what data is being sent. The fact is that the technology is in theory capable of sending much more than just banner statistics - and this is why many people feel uncomfortable with the idea. On the other hand millions of people are using advertising supported "spyware" products and could not care less about the privacy hype..., in fact some "Spyware" programs are among the most popular downloads on the Internet.
Real spyware
There are also many PC surveillance tools that allow a user to monitor all kinds of activity on a computer, ranging from keystroke capture, snapshots, email logging, chat logging and just about everything else. These tools are perfectly legal in mostplaces,but, just like an ordinary tape recorder, if they are abused, they can seriously violate your privacy.
FIREWALL
A firewall is a secure and trusted machine that sits between a private network and a public network.[1] The firewall machine is configured with a set of rules that determine which network traffic will be allowed to pass and which will be blocked or refused. In some large organizations, you may even find a firewall located inside their corporate network to segregate sensitive areas of the organization from other employees. Many cases of computer crime occur from within an organization, not just from outside.
Firewalls can be constructed in quite a variety of ways. The most sophisticated arrangement involves a number of separate machines and is known as a perimeter network. Two machines act as "filters" called chokes to allow only certain types of network traffic to pass, and between these chokes reside network servers such as a mail gateway or a World Wide Web proxy server. This configuration can be very safe and easily allows quite a great range of control over who can connect both from the inside to the outside, and from the outside to the inside. This sort of configuration might be used by large organizations.
Typically though, firewalls are single machines that serve all of these functions. These are a little less secure, because if there is some weakness in the firewall machine itself that allows people to gain access to it, the whole network security
has been breached. Nevertheless, these types of firewalls are cheaper and easier to manage than the more sophisticated arrangement just described. Figure 9-1 illustrates the two most common firewall configurations.
The Linux kernel provides a range of built-in features that allow it to function quite nicely as an IP firewall. The network implementation includes code to do IP filtering in a number of different ways, and provides a mechanism to quite accurately configure what sort of rules you'd like to put in place. The Linux firewall is flexible enough to make it very useful in either of the configurations
PORT
(1) An interface on a computer to which you can connect a device. Personal computers have various types of ports. Internally, there are several ports for connecting disk drives, display screens, and keyboards. Externally, personal computers have ports for connecting modems, printers, mice, and other peripheral devices.
Almost all personal computers come with a serial RS-232C port or RS-422 port for connecting a modem or mouse and a parallel port for connecting a printer. On PCs, the parallel port is a Centronics interface that uses a 25-pin connector. SCSI (Small Computer System Interface) ports support higher transmission speeds than do conventional ports and enable you to attach up to seven devices to the same port.
(2) In TCP/IP and UDP networks, an endpoint to a logical connection. The port number identifies what type of port it is. For example, port 80 is used for HTTP traffic. Also see Well-Known TCP Port Numbers in the Quick Reference section of Webopedia.
(3) To move a program from one type of computer to another. To port an application, you need to rewrite sections that are machine dependent, and then recompile the program on the new computer. Programs that can be ported easily are said to be portable.
REGISTARY
This is a database used by Microsoft Windows to store configuration information about the software installed on a computer. This information includes things like the desktop background, program settings, and file extension.
The windows registry consist of six part:
HKEY_User - contains the user information for each user of the system.
HKEY_Current_User - has all the preferences for the current user.
HKEY_Current_Configuration - stores settings for the display and printers.
HKEY_Classes_Root - includes file associations and OLE information.
HKEY_Local_Machine - has the settings for the hardware, operating system, and
Installed applications.
How to Hide Run (all users):
1) open regedit (start menu > run, and type in regedit)
2) go to: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies/Explorer
3) Right Click on the Right Pane Select New-> DWORD -> change the String to "NoRun"
4) Select Properties and Change the Value to 1
5) Logoff the Windows, Login again, Run is Hidden.
How to Hide Search (all users):
1) open regedit (start menu > run, and type in regedit)
2) go to: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies/Explorer
3) Right Click on the Right Pane Select New-> DWORD -> change the String to "NoFind"
4) Select Properties and Change the Value to 1
5) Logoff the Windows, Login again, Run is Hidden.
How to Hide Desktop (all users):
1) open regedit (start menu > run, and type in regedit)
2) go to: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies/Explorer
3) Right Click on the Right Pane Select New-> DWORD -> change the String to "NoDesktop"
4) Select Properties and Change the Value to 1
5) Logoff the Windows, Login again, Run is Hidden.
About the Group Policy Editor- How it works
Although the Group Policy Editor console (gpedit.msc) is mostly used by administrators of networks and domains, it also has uses for a stand-alone home computer. One application is to allow convenient and easy editing of the Registry so that a variety of tweaks or changes to the system can be made. These settings are known as policies and are stored in a special hidden folder %SystemRoot%\System32\GroupPolicy\ (For most home systems the environment variable %SystemRoot% is C:\Windows.) Policies that apply to the machine are stored in a sub-folder "Machine" and policies that apply to a user are stored in a sub-folder "User". In each case the settings are in a file named "Registry.pol". Thus the settings for the machine are in %SystemRoot%\System32\GroupPolicy\Machine\Registry.pol and in similar fashion user settings are in User\Registry.pol. Policies are used to write to a special key of the Registry and override any settings elsewhere in the Registry. Since only the administrator account can access the policy settings, limited account users can be prevented from making unwanted system changes.
Another useful application of the Group Policy Editor (GPE) is to provide for the automatic running of scripts or programs whenever the computer is started up or shut down or when a user logs on or off. This may be the application of most practical use to a typical home PC user.
Using the Group Policy Editor
Like many other management consoles, the GPE is not listed in Start-All Programs. To open it, go to Start-Run and enter "gpedit.msc" (without quotes). Figure 1 shows one view of the console. Note that there are entries for the
computer configuration and for the user configuration. Selecting either one then gives the entries shown in the right panel of the figure. Clicking plus signs in the left panel will expand the selections
Proxy Servers
A proxy server is a kind of buffer between your computer and the Internet resources you are accessing. They accumulate and save files that are most often requested by thousands of Internet users in a special database, called cache. Therefore, proxy servers are able to increase the speed of your connection to the Internet. The cache of a proxy server may already contain information you need by the time of your request, making it possible for the proxy to deliver it immediately. The overall increase in performance may be very high. Also, proxy servers can help in cases when some owners of the Internet resources impose some restrictions on users from certain countries or geographical regions. In addition to that, among proxy servers there are so called anonymous proxy servers that hide your IP address thereby saving you from vulnerabilities concerned with it.
Anonymous Proxy Servers
Anonymous proxy servers hide your IP address and thereby prevent unauthorized access to your computer through the Internet. They do not provide anyone with your IP address and effectively hide any information about you and your reading interests. Besides that, they donâ„¢t even let anyone know that you are surfing through a proxy server. Anonymous proxy servers can be used for all kinds of Web-services, such as Web-Mail (MSN Hot Mail, Yahoo mail), web-chat rooms, FTP archives, etc.
Why Should You Use Anonymous Proxy Servers
Any web resource you access can gather personal information about you through your unique IP address “ your ID in the Internet. They can monitor your reading interests, spy upon you and, according to some policies of the Internet resources, deny accessing any information you might need. You might become a target for many marketers and advertising agencies who, having information about your interests and knowing your IP address as well as your e-mail, will be able to send you regularly their spam and junk e-mails.A web site can automatically exploit security holes in your system using not-very-complex, ready-made, free hacking programs. Some of such programs may just hang your machine, making you reboot it, but other, more powerful ones, can get access to the content of your hard drive or RAM. Everything a web site may need for that is only your IP address and some information about your operating system. Using an anonymous proxy server you don't give anybody any chance to find out your IP address and any information about you and use them in their own interests.
The Solution
Using an anonymous proxy server you donâ„¢t give anybody chance to find out your IP address to use it in their own interests. We can offer you three ways to solve your IP problem:
1. Secure Tunnel - pay proxy server with plenty of features. Effective for personal use, when your Internet activities are not involved in web site development, mass form submitting, etc. The best solution for most of Internet users. Ultimate protection of privacy - nobody can find out where you are engaged in surfing. Blocks all methods of tracking. Provides an encrypted connection for all forms of web browsing, including http, news, mail, and the especially vulnerable IRC and ICQ. Comes with special totally preconfigured software.
2. ProxyWay Pro - multifunctional anonymous proxy surfing software which you can use together with a wide variety of web applications (web browsers, Instant Messengers, Internet Relay Chat (IRC), etc.) to ensure your anonymity. ProxyWay Pro provides an extended proxy management system that enables you to search for, check proxy (multithreaded proxies checking), analyze, validate proxy servers for speed, anonymity, type (HTTP/HTTPS/SOCKS), geographical location, create proxy chains. Allows update proxy list automatically using scheduler. ProxyWay Pro lets you clear history, block ads and popups, change User-Agent and Referrer fields, block harm code and much more. Also it can be used as a simple local proxy server.
3. Our own small proxy list is also a good place to start with if you are a noviceThere are MANY methods to change your IP address. Some methods will work for you but may not work for someone else and vice versa. If your IP is static, then you CANâ„¢T change your IP address without contacting your ISP. If you have a long lease time on your IP then you wonâ„¢t be able to change your IP without cloning your MAC address, which Iâ„¢ll explain later in this article.
The #1 Network Security Scanner and Vulnerability Management Solution (GIF LAN GURARD SCANNER)
GFI LANguard„¢ is the award-winning network and security scanner used by over 20,000 customers. GFI LANguard scans your network and ports to detect, assess and correct security vulnerabilities with minimal administrative effort. As an administrator, you have to deal separately with problems related to vulnerability issues, patch management and network auditing, at times using multiple products. However, with GFI LANguard these three cornerstones of vulnerability management are addressed in one package. We give you a complete picture of your network set-up and help you to maintain a secure network state faster and more effectively.
Freeware Version Available
To add further value, GFI has now released a freeware version of GFI LANguard, in line with our ˜We Care™ initiative to offer a helping hand in these hard economic times. Using the freeware version, companies can scan up to five IPs for free using the product™s full feature set “ with no restrictions whatsoever. Click here for more information.
Vulnerability Management
GFI LANguard performs network scans using vulnerability check databases based on OVAL and SANS Top 20, providing over 15,000 vulnerability assessments when your network, including any virtual environment, is scanned. GFI LANguard allows you to analyze the state of your network security and take action before it is compromised. The latest version detects machines that are vulnerable to infection by the Conficker worm as well as identifying machines that have been infected.
Patch Management
When a network scan is complete, GFI LANguardâ„¢s Patch Management gives you what you need to effectively deploy and manage patches on all machines across different Microsoft operating systems and products in 38 languages. Not only can you automatically download missing Microsoft security updates, but you can also automatically deploy the missing Microsoft patches or service-packs throughout your network at the end of scheduled scans.
Network Auditing
GFI LANguardâ„¢s Network Auditing tells you all you need to know about your network by retrieving hardware information on memory, processors, display adapters, storage devices, motherboard details, printers, and ports in use. Using baseline comparisons you can check whether any hardware was added or removed since the last scan. GFI LANguard will identify and report unauthorized software installations and provide alerts or even automatically uninstall unauthorized applications.
Why use GFI LANguard
¢ Powerful network, security and port scanner with network auditing capabilities
¢ Over 15,000 vulnerability assessments carried out across your network, including virtual environment
¢ Reduces the total cost of ownership by centralizing vulnerability scanning, Patch Management and Network Auditing
¢ Automated options help to retain a secure network state with minimal administrative effort
¢ Network-wide auditing functions provides a complete picture of network and port security set-up
¢ #1 Windows commercial security scanner and Best of TechEd 2007
PHISHING
Just like a lure might be dangled in front of a fish to trick it into thinking thereâ„¢s a real worm at the end of the hook, phishing is e-mail or instant messages that look like theyâ„¢re from a reputable company to get you to click a link. These messages can look like the real thing, right down to a spoofed e-mail address (faking someone elseâ„¢s e-mail address is known as spoofing). When unsuspecting users click the link, theyâ„¢re taken to an equally convincing (and equally fake) Web page or pop-up window thatâ„¢s been set up to imitate a legitimate business. The phishing site will ask for the userâ„¢s personal information, which the phisher then uses to buy things, apply for a new credit card, or otherwise steal a personâ„¢s identity.
What are the signs of phishing
Spotting the imposters can be tricky since phishers go to great lengths to look like the real thing:
Unsolicited requests for personal information. Most businesses arenâ„¢t going to ask you for your personal information out of the blueâ€especially not an organization such as your bank or credit card company, which should already have this information on file. If you do get a request for personal information, call the company first and make sure the request is legitimate.
Alarmist warnings. Phishers often attempt to get people to respond without thinking, and a message that conveys a sense of urgency, perhaps by saying that an account will be closed in 48 hours if you donâ„¢t take immediate action, may cause you to do just that.
Mistakes. The little things can often reveal the biggest clues. Phishers often slip up on the finer details and overlook typos, mistakes in grammar, and so on.
Addressed as Customer. If your bank, for example, regularly addresses you by name in its correspondence and you get an e-mail addressed to Dear Customer, this may be a phishing attempt.
The words verify your account. A legitimate business will not ask you to send passwords, logon names, Social Security numbers, or other personally identifiable information through e-mail. Be suspicious of a message that asks for personal information no matter how authentic it looks.
The phrase Click the page link below to gain access to your account. HTML-formatted messages can contain links or forms that you can fill out just as youâ„¢d fill out a form on a Web site. The links that you are urged to click may contain all or part of a real company's name, but the page link you see is actually taking you to a phony Web site.Trust your instincts. If an e-mail message looks suspicious, it probably is.Another common technique that phishers use is a Uniform Resource Locator (URL) that at first glance appears to be the name of a well-known company but is slightly altered by intentionally adding, omitting, or transposing letters. For example, the URL "microsoft.com" could appear instead as:
micosoft.com
verify-microsoft.com
MAIL TRACKER
Each email you receive comes with headers. The headers contain information about the routing of the email and the originating IP of the email. Not all emails you receive can be traced back to the originating point and depending on how you send emails etermines whether or not they can trace the email back to you. The headers don't contain any personal information. At most, you can get the originating IP and the computer name that sent the email. The originating IP can be looked up to determine from where the email was sent. .
eMailTrackerPro can trace email back to it's true geographical location. You can also use the spam filter in eMailTrackerPro to wipe out 90% of your daily spam in one go!
eMailTrackerPro is the only tool you will need to fight off SPAM. Not only can you track email you have received to find the location, and more importantly, the relevant ISP in order to report the SPAM but you can set up your eMail account with eMailTrackerPro to filter out the SPAM before it even gets to your machine.
How does eMailTrackerPro trace email
Using advanced header analysis and a world renown IP database eMailTrackerPro can pin point the real IP address of the sender and track it down to the town/city the email came from.
How can eMailTrackerPro filter my SPAM
eMailTrackerPro Advanced has a mail filtering feature. This is available to any user with a POP account (SSL is supported). Once set up eMailTrackerPro will trace your emails whilst they are still on your POP server, this alone can spot emails that have been misdirected and then mark them as SPAM. Pre defined filters are already set up to check your email against DNS Blacklists and foreign language filters to further wipe out SPAM.
You can cut your SPAM load by 90%
without having to do anything! (for this feature the advanced edition is needed)
Can I take further action against spammers
eMailTrackerPro has an abuse reporting feature which automatically generates a report to be sent to the ISP responsible for a particular SPAM email. We also provide the abuse address for it to be sent to. All of this in just a couple of clicks.
Step A: Sender creates and sends an email
The originating sender creates an email in their Mail User Agent (MUA) and clicks 'Send'. The MUA is the application the originating sender uses to compose and read email, such as Eudora, Outlook, etc.
Step B: Sender's MDA/MTA routes the email
The sender's MUA transfers the email to a Mail Delivery Agent (MDA). Frequently, the sender's MTA also handles the responsibilities of an MDA. Several of the most common MTAs do this, including sendmail and qmail (which Kavi uses).
The MDA/MTA accepts the email, then routes it to local mailboxes or forwards it if it isn't locally addressed.
In our diagram, an MDA forwards the email to an MTA and it enters the first of a series of "network clouds," labeled as a "Company Network" cloud.
Step C: Network Cloud
An email can encounter a network cloud within a large company or ISP, or the largest network cloud in existence: the Internet. The network cloud may encompass a multitude of mail servers, DNS servers, routers, lions, tigers, bears (wolves!) and other devices and services too numerous to mention. These are prone to be slow when processing an unusually heavy load, temporarily unable to receive an email when taken down for maintenance, and sometimes may not have identified themselves properly to the Internet through the Domain Name System (DNS) so that other MTAs in the network cloud are unable to deliver mail as addressed. These devices may be protected by firewalls, spam filters and malware detection software that may bounce or even delete an email. When an email is deleted by this kind of software, it tends to fail silently, so the sender is given no information about where or when the delivery failure occurred.
Email service providers and other companies that process a large volume of email often have their own, private network clouds. These organizations commonly have multiple mail servers, and route all email through a central gateway server (i.e., mail hub) that redistributes mail to whichever MTA is available. Email on these secondary MTAs must usually wait for the primary MTA (i.e., the designated host for that domain) to become available, at which time the secondary mail server will transfer its messages to the primary MTA.
Step D: Email Queue
The email in the diagram is addressed to someone at another company, so it enters an email queue with other outgoing email messages. If there is a high volume of mail in the queueâ€either because there are many messages or the messages are unusually large, or bothâ€the message will be delayed in the queue until the MTA processes the messages ahead of it.
Step E: MTA to MTA Transfer
When transferring an email, the sending MTA handles all aspects of mail delivery until the message has been either accepted or rejected by the receiving MTA.
As the email clears the queue, it enters the Internet network cloud, where it is routed along a host-to-host chain of servers. Each MTA in the Internet network cloud needs to "stop and ask directions" from the Domain Name System (DNS) in order to identify the next MTA in the delivery chain. The exact route depends
partly on server availability and mostly on which MTA can be found to accept email for the domain specified in the address. Most email takes a path that is dependent on server availability, so a pair of messages originating from the same host and addressed to the same receiving host could take different paths. These days, it's mostly spammers that specify any part of the path, deliberately routing their message through a series of relay servers in an attempt to obscure the true origin of the message.
To find the recipient's IP address and mailbox, the MTA must drill down through the Domain Name System (DNS), which consists of a set of servers distributed across the Internet. Beginning with the root nameservers at the top-level domain (.tld), then domain nameservers that handle requests for domains within that .tld, and eventually to nameservers that know about the local domain.
DNS resolution and transfer process
There are 13 root servers serving the top-level domains (e.g., .org, .com, .edu, .gov, .net, etc.). These root servers refer requests for a given domain to the root name servers that handle requests for that tld. In practice, this step is seldom necessary.
The MTA can bypass this step because it has already knows which domain name servers handle requests for these .tlds. It asks the appropriate DNS server which Mail Exchange (MX) servers have knowledge of the subdomain or local host in the email address. The DNS server responds with an MX record: a prioritized list of MX servers for this domain.
An MX server is really an MTA wearing a different hat, just like a person who holds two jobs with different job titles (or three, if the MTA also handles the responsibilities of an MDA). To the DNS server, the server that accepts messages is an MX server. When is transferring messages, it is called an MTA.
The MTA contacts the MX servers on the MX record in order of priority until it finds the designated host for that address domain.
The sending MTA asks if the host accepts messages for the recipient's username at that domain (i.e., username[at]domain.tld) and transfers the message.
Step F: Firewalls, Spam and Virus Filters
The transfer process described in the last step is somewhat simplified. An email may be transferred to more than one MTA within a network cloud and is likely to be passed to at least one firewall before it reaches it's destination.
An email encountering a firewall may be tested by spam and virus filters before it is allowed to pass inside the firewall. These filters test to see if the message qualifies as spam or malware. If the message contains malware, the file is usually quarantined and the sender is notified. If the message is identified as spam, it will probably be deleted without notifying the sender.
Spam is difficult to detect because it can assume so many different forms, so spam filters test on a broad set of criteria and tend to misclassify a significant number of messages as spam, particularly messages from mailing lists. When an email from a list or other automated source seems to have vanished somewhere in the network cloud, the culprit is usually a spam filter at the receiver's ISP or company.
NET TOOLS
Net Tools is cutting-edge security and network monitoring software for the Internet and Local Area Networks, providing clients with the ability and confidence to meet the challenges of tomorrow's technology. Keeping pace with the industry trends, we offer professional tools that support the latest standards, protocols, software, and hardware for both wired and wireless networks. The main goal is the creation of high quality software. Net Tools is a very strong combination of network scanning, security, file, system, and administrator tools useful in diagnosing networks and monitoring your PC and
computer's network connections for system administrators. Next to the essential core tools it includes a lot of extra valuable features. Itâ„¢s a Swiss Army knife for everyone interested in a set of powerful network tools for everyday use. This all-in-one toolkit includes also a lot of handy file and system utilities next to the huge amount of network tools. The menus are fully configurable, so in this way you wonâ„¢t get lost in the extremely large amount of essential tools. All the additional features will make this application a must have for all system administrators. There are numerous constructive and valuable applications included in Net Tools that can be used for a great amount of purposes. The latest version of Net Tools is hybrid; it means that itâ„¢s capable of working together with applications that are made and designed for Net Tools, so in this way more flexibility and user-friendliness is obtained. This software is designed for the Microsoft Windows OS (Windows 98, NT, 2000, 2003, XP, Vista). Itâ„¢s entirely compatible and has thoroughly been tested on Windows XP. With the 175+ tools it is a great collection of useful tools for network users. The size of Net Tools 5.0.70 is approximately 25 Mb.
CRYPTOGRAPHY
Public-key cryptography is a cryptographic approach, employed by many cryptographic algorithms and cryptosystems, whose distinguishing characteristic is the use of asymmetric key algorithms instead of or in addition to symmetric key algorithms. Using the techniques of public key-private key cryptography, many methods of protecting communications or authenticating messages formerly unknown have become practical. They do not require a secure initial exchange of one or more secret keys as is required when using symmetric key algorithms. It can also be used to create digital signatures.
Public key cryptography is a fundamental and widely used technology around the world, and is the approach which underlies such Internet standards as Transport Layer Security (TLS) (successor to SSL), PGP and GPG.
The distinguishing technique used in public key-private key cryptography is use of asymmetric key algorithms because the key used to encrypt a message is not the same as the key used to decrypt it. Each user has a pair of cryptographic keys †a public key and a private key. The private key is kept secret, whilst the public key may be widely distributed. Messages are encrypted with the recipient's public key and can only be decrypted with the corresponding private key. The keys are related mathematically, but the private key cannot be feasibly (ie, in actual or projected practice) derived from the public key. It was the discovery of such algorithms which revolutionized the practice of cryptography beginning in the middle 1970s.
In contrast, Symmetric-key algorithms, variations of which have been used for some thousands of years, use a single secret key shared by sender and receiver (which must also be kept private, thus accounting for the ambiguity of the common terminology) for both encryption and decryption. To use a symmetric encryption scheme, the sender and receiver must securely share a key in advance.
Because symmetric key algorithms are nearly always much less computationally intensive, it is common to exchange a key using a key-exchange algorithm and transmit data using that key and a symmetric key algorithm. PGP, and the SSL/TLS family of schemes do this, for instance, and are called hybrid cryptosystems in consequence
ART OF GOOGLING
Here's a quick list of some of our most popular tools to help refine and improve your search. For additional help with Google Web Search or any other Google product.
OPERATOR EXAMPLE FINDS PAGES CONTAINING...
Vacation hawaii the words vacation and Hawaii .
Maui OR Hawaii either the word Maui or the word Hawaii
"To each his own" the exact phrase to each his own
virus “computer the word virus but NOT the word computer
+sock Only the word sock, and not the plural or any tenses or synonyms
~auto loan loan info for both the word auto and its synonyms: truck, car, etc.
define:computer definitions of the word computer from around the Web.
red * blue the words red and blue separated by one or more words.
I'm Feeling Lucky Takes you directly to first web page returned for your query.
CALCULATOR OPERATORS MEANING TYPE INTO SEARCH BOX
+ addition 45 + 39
- subtraction 45 “ 39
* multiplication 45 * 39
/ division 45 / 39
% of percentage of 45% of 39
^ raise to a power 2^5
(2 to the 5th power)
ADVANCED OPERATORS MEANING WHAT TO TYPE INTO SEARCH BOX (& DESCRIPTION OF RESULTS)
site: Search only one website admission site
tanford.edu
(Search Stanford Univ. site for admissions info.)
[#]¦[#] Search within a
range of numbers DVD player $100..150
(Search for DVD players between $100 and $150)
link: linked pages linktanford.edu
(Find pages that page link to the Stanford University website.)
info: Info about a page infotanford.edu
(Find information about the Stanford University website.)
related: Related pages relatedtanford.edu
(Find websites related to the Stanford University website.)
DATA RECOVERY
Data recovery is the retrieval of inaccessible or contaminated data from media that has been damaged in some way. Data recovery is being increasingly used and is an important process nowadays.
There has been a lot of progress in increasing the memory capacity of data storage devices. Therefore data loss from any one incident also tends to be very high. The relevance of lost data can vary greatly. Maybe you have had the experience of storing a homework assignment on a floppy disk only to have it missing on the day the assignment in due.
Consider the fact that a large amount of businesses nowadays have vital organizational related data stored on machines. Also hospitals store data on patients on computers. Large amounts of websites nowadays use databases technology to enhance their websites and make them more dynamic. Php and MySql use has been on the rise on the Internet. Database failure is not uncommon and so it is not a fail proof method of storing information.
Companies have high reliance on computer technology to write and store data relevant to their business operations. Thus the data being stored can have a great deal of impact on personal lives and operations of companies.
There can be several causes of data loss.
Data loss can occur from unexpected incidences including national tragedies such as floods and earthquakes.
Often power failure can cause loss of data from hard drives. Sudden power surges can also cause a lot of damage to a computerâ„¢s hard drive.
Accidentally deleting a file or formatting a hard drive or floppy disk is a common reason for data loss.
If you have accidentally lost any important documents there are several steps you can take. Remember that if you have accidentally erased a file, it may not have vanished from your computer. It may have left an imprint in a different format on the computerâ„¢s hard drive or other storage devices. Recovering the data involves locating it and transforming it into human readable form.
Not all data may be recoverable.
You can either hire professional service to help you solve your problem or attempt a recovery on your own.
You can carry out data recovery operations on your own computer if you know what you are doing. There is data recovery software widely available that can assist you in the process.
Data recovery can become complicated if you overwrite on the storage device that has the lost data. Therefore if you do not know what you are doing, it is advisable to contact a professional service firm.
Data recovery professionals are experts in recovering data from all sorts of media and from a variety of damages done. There are many specialists out there who have years of experience in the IT field. The kind of data recovery operation to use will depend a great deal on the storage device and other variables such as the amount of damage done or the operation system used such as Macintosh, Windows or Linux.
There are some cases where it may be impossible to recover any data. However do not fret as the odds lie in your favor since a high percentage of data recovery operations are successful.
Preventing data loss
Of course the best way is to prevent data loss in the first place.
Data backup allows for restoring data if data loss occurs. Even ordinary pc users can set up their computer to carry out regularly scheduled backup operations. In the event of a hard drive crash or an unwise change in settings by an uninformed user, the restore tool can be used to retrieve deleted data or to restore the computerâ„¢s settings from an earlier time.
For the back up process to be useful it should involve several reliable backup systems and performing drills to make sure the data is being stored correctly. Additional protection methods from data loss include making sure that the hard drive is protected from damages from the external environment. This includes protection from sunlight and temperature extremes.
Also plugging in your pc into a surge protector rather than an ordinary outlet can give your computer a protection layer from electricity fluctuations. Keep your virus protection up to date. Also remember to keep your backup data separate from your computer.
Nevertheless a lot of companies will go through a disaster and experience data loss. The best thing to do is not to panic and also not to ignore the situation. The quicker you rectify the situation the better. Counting on data loss will help you be prepared for any such event
VIRTUALIZATION
What is Virtualization
Virtualization allows multiple operating system instances to run concurrently on a single computer; it is a means of separating hardware from a single operating system. Each guest OS is managed by a Virtual Machine Monitor (VMM), also known as a hypervisor. Because the virtualization system sits between the guest and the hardware, it can control the guestsâ„¢ use of CPU, memory, and storage, even allowing a guest OS to migrate from one machine to another.
Submitted to: Submitted By:
Dr. Sanjeev Jain Mayank Banwari
Prof. & HOD 0103CS061058
(Department of CSE)
COURSE TITLE
Information Security & Ethical Hacking:
Why Information Security
After the boom in Networking and Software jobs, the past two years have seen a sharp rise in the field of Information Security. Information Security and Ethical hacking is the latest buzzword in the industry. In the past five years, the percentage of hacking crimes, data thefts, data losses, viruses and other cyber crimes have increased exponentially. NASSCOM predicts requirement of 1, 88,000 professionals by the year 2008. Currently the number of security professionals in India is around 22,000. The current demand for Information Security jobs continue to grow. With information security increasingly becoming a boardroom level concern, training and certification are becoming increasingly important for candidates and companies like. Need for Information Security in the Indian Market Security Compliance is must for all companies with IT backbone. The requirement is high with organizations in IT / ITES segment. Information workers lack of basic security knowledge. Information Security Industry is going through an exponential growth rate, current worldwide growth rate is billed at 21 %.
INDEX
1. Cover Page 1
2. Certificate 2
3. Institute Name 3
4. Course title 4
5. Index 5
6. Introduction to IT Security and E-Hacking. 6
7. What are virus,worms,Backdoor Trojans. 8
8. What is Firewall and Ports. 12
9. What is Registry 14
10. What is Group Policy Editor. 15
11. Proxy Servers 17
12. GFI LAN guard Scanner 19
13. Phishing 21
14. Email-Tracker 22
15. Net Tools 25
16. Cryptography 26
17. Art of Googling 27
18. Data Recovery 28
19. Virtualization 30
Introduction to IT Security & Ethical Hacking
Ethical hackers
Employed by companies to perform penetration tests
Penetration test
Legal attempt to break into a companyâ„¢s network to find its weakest link
Tester only reports findings, does not harm the company
Ethical hackers
Employed by companies to perform penetration tests
Penetration test
Legal attempt to break into a companyâ„¢s network to find its weakest link
Tester only reports findings, does not harm the company
What is a Hacker
Eric Raymond, compiler of The New Hacker's Dictionary, defines a hacker as a clever programmer. A "good hack" is a clever solution to a programming problem and "hacking" is the act of doing it. Raymond lists five possible characteristics that qualify one as a hacker, which we paraphrase here:
¢ A person who enjoys learning details of a programming language or system
¢ A person who enjoys actually doing the programming rather than just theorizing about it
¢ A person capable of appreciating someone else's hacking
¢ A person who picks up programming quickly
¢ A person who is an expert at a particular programming language or system, as in "Unix hacker"
Hacker classes
Black hats “ highly skilled, malicious, destructive crackers
White hats “ skills used for defensive security analysts
Gray hats “ offensively and defensively; will hack for different
reasons, depends on situation.
Hactivism “ hacking for social and political cause.
Ethical hackers “ determine what attackers can gain access to, what they will do with the information, and can they be detected.
Anatomy of an attack:
Gathering Data “ attacker gathers information; can include social engineering.
Scanning “ searches for open ports (port scan) probes target for vulnerabilities.
Gaining access “ attacker exploits vulnerabilities to get inside system; used for spoofing IP.
Maintaining access “ creates backdoor through use of Trojans; once attacker gains access makes sure he/she can get back in.
Covering tracks “ deletes files, hides files, and erases log files. So that attacker cannot be detected or penalized
Raymond deprecates the use of this term for someone who attempts to crack someone else's system or otherwise uses programming or expert knowledge to act maliciously. He prefers the term cracker for this meaning.
The term hacker is used in popular media to describe someone who attempts to break into computer systems. Typically, this kind of hacker would be a proficient programmer or engineer with sufficient technical knowledge to understand the weak points in a security system
A cracker is someone who breaks into someone else's computer system, often on a network; bypasses passwords or licenses in computer programs; or in other ways intentionally breaches computer security. A cracker can be doing this for profit, maliciously, for some altruistic purpose or cause, or because the challenge is there. Some breaking-and-entering has been done ostensibly to point out weaknesses in a site's security system.
A program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are manmade. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems.
Since 1987, when a virus infected ARPANET, a large network used by the Defense Department and many universities, many antivirus programs have become available. These programs periodically check your computer system for the best-known types of viruses.
Some people distinguish between general viruses and worms. A worm is a special type of virus that can replicate itself and use memory, but cannot attach itself to other programs.
What Is a Virus
A computer virus attaches itself to a program or file enabling it to spread from one computer to another, leaving infections as it travels. Like a human virus, a computer virus can range in severity: some may cause only mildly annoying effects while others can damage your hardware, software or files.
Almost all viruses are attached to an executable file, which means the virus may exist on your computer but it actually cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be spread without a human action, (such as running an infected program) to keep it going.
People continue the spread of a computer virus, mostly unknowingly, by sharing infecting files or sending e-mails with viruses as attachments in the e-mail.
What Is a Worm
A worm is similar to a virus by design and is considered to be a sub-class of a virus. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any human action. A worm takes advantage of file or information transport features on your system, which is what allows it to travel unaided
The biggest danger with a worm is its capability to replicate itself on your system, so rather than your computer sending out a single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating effect. One example would be for a worm to send a copy of itself to everyone listed in your e-mail address book. Then, the worm replicates and sends itself out to everyone listed in each of the receiver's address book, and the manifest continues on down the line.
Due to the copying nature of a worm and its capability to travel across networks the end result in most cases is that the worm consumes too much system memory
(or network bandwidth), causing Web servers, network servers and individual computers to stop responding. In recent worm attacks such as the much-talked-about Blaster Worm, the worm has been designed to tunnel into your system and allow malicious users to control your computer remotely
What Is a Trojan horse
A Trojan Horse is full of as much trickery as the mythological Trojan Horse it was named after. The Trojan Horse, at first glance will appear to be useful software but will actually do damage once installed or run on your computer. Those on the receiving end of a Trojan Horse are usually tricked into opening them because they appear to be receiving legitimate software or files from a legitimate source. When a Trojan is activated on your computer, the results can vary. Some Trojans are designed to be more annoying than malicious (like changing your desktop, adding silly active desktop icons) or they can cause serious damage by deleting files and destroying information on your system. Trojans are also known to create a backdoor on your computer that gives malicious users access to your system, possibly allowing confidential or personal information to be compromised. Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate.
What Are Blended Threats
Added into the mix, we also have what is called a blended threat. A blended threat is a more sophisticated attack that bundles some of the worst aspects of viruses, worms, Trojan horses and malicious code into one single threat. Blended threats can use server and Internet vulnerabilities to initiate, then transmit and also spread an attack. Characteristics of blended threats are that they cause harm to the infected system or network, they propagates using multiple methods, the attack can come from multiple points, and blended threats also exploit
vulnerabilities
To be considered a blended thread, the attack would normally serve to transport multiple attacks in one payload. For example it wouldn't just launch a DoS attack †it would also, for example, install a backdoor and maybe even damage a local system in one shot. Additionally, blended threats are designed to use multiple modes of transport. So, while a worm may travel and spread through e-mail, a single blended threat could use multiple routes including e-mail, IRC and file-sharing sharing networks.
Lastly, rather than a specific attack on predetermined .exe files, a blended thread could do multiple malicious acts, like modify your exe files, HTML files and registry keys at the same time †basically it can cause damage within several areas of your network at one time.
Blended threats are considered to be the worst risk to security since the inception of viruses, as most blended threats also require no human intervention to propagate.
Combating Viruses, Worms and Trojan Horses
The first step in protecting your computer from any malicious there is to ensure that your operating system (OS) is up-to-date. This is essential if you are running a Microsoft Windows OS. Secondly, you need to have anti-virus software installed on your system and ensure you download updates frequently to ensure your software has the latest fixes for new viruses, worms, and Trojan horses. Additionally, you want to make sure your anti-virus program has the capability to scan e-mail and files as they are downloaded from the Internet, and you also need to run full disk scans periodically. This will help prevent malicious programs from even reaching your computer. You should also install a firewall as well.
A firewall is a system that prevents unauthorized use and access to your computer. A firewall can be either hardware or software. Hardware firewalls
provide a strong degree of protection from most forms of attack coming from the outside world and can be purchased as a stand-alone product or in broadband routers. Unfortunately, when battling viruses, worms and Trojans, a hardware firewall may be less effective than a software firewall, as it could possibly ignore embedded worms in out going e-mails and see this as regular network traffic.
For individual home users, the most popular firewall choice is a software firewall. A good software firewall will protect your computer from outside attempts to control or gain access your computer, and usually provides additional protection against the most common Trojan programs or e-mail worms. The downside to software firewalls is that they will only protect the computer they are installed on, not a network.
It is important to remember that on its own a firewall is not going to rid you of your computer virus problems, but when used in conjunction with regular operating system updates and a good anti-virus scanning software, it will add some extra security and protection for your computer or network
Backdoor Trojans
Background Information
Examples of backdoor trojans are Netbus or Back Orifice. They allow other people to control your computer over the Internet. When you run a program that contains the Backdoor trojan, it will copy itself to the Windows or Windows\System directory and add itself to the system's registry. Trojans are usually claimed to be some sort of desirable program. For example, one popular trojan wrapper is a game called "Whack a Mole". Another is a game call "Pie Bill Gates". Once the program is in memory, it tries to hide itself on the task list. It doesn't show any icon or indication that it is running. It listens on a port until someone connects. The person who is controlling your computer uses a program that lets them record keystrokes, view files, move the mouse, open and close the CD-ROM, etc. Sometimes, the trojan is customized so that the person who planted it gets an e-mail when you run it.
Removal
The trojan tries to make itself hard to remove. For Back Orifice, it uses a file with a name that shows usually shows up as " .EXE" Sometimes it uses a name like "MSGSRV32.DRV". Windows prevents deleting the trojan file while it is active. Some of the regular antivirus software can find these trojans and delete them while Windows is not running. The antivirus program should find at least one EXE or DRV file containing the trojan. If it finds a .DLL file, then it is just an add-on to the trojan that provides extra features. If you decide to use a single purpose trojan remover, then be cautious. Sometimes trojans are disguised as trojan removers. For example, SynTax Back Orifice Remover and BOSniffer are all Back Orifice. A program imitating Antigen named Trojan.Win32.Antigen claims to remove Back Orifice but is actually a program that steals passwords. There are legitimate Anti-Trojan programs, but make sure you get recommendations from people who have tried them and download them directly from the author's site. You can also remove it from the registry manually. Click Start, then Run, then type regedit in the text box, then click OK. Click HKEY_LOCAL_MACHINE, then Software, then Microsoft, then Windows, then CurrentVersion. Check under Run and RunServices for any suspicious-looking files. Some files are Normally under this part of the registry. They are Rundll32.exe, systray.exe, scanregw.exe, taskmon.exe, mstask.exe. There are also some other files that are legitimate parts of the registry.
Why is it called "Spyware"
While this may be a great concept, the downside is that the advertising companies also install additional tracking software on your system, which is continuously "calling home", using your Internet connection and reports statistical data to the "mothership". While according to the privacy policies of the companies, there will be no sensitive or identifying data collected from your system and you shall remain anonymous, it still remains the fact, that you have a "live" server sitting on your PC that is sending information about you and your surfing habits to a remote location.....
Are all Adware products "Spyware"
No, but the majority are. There are also products that do display advertising but do not install any tracking mechanism on your system. These products are not indexed in our database.
Is Spyware illegal
Even though the name may indicate so, Spyware is not an illegal type of software in any way. However there are certain issues that a privacy oriented user may object to and therefore prefer not to use the product. This usually involves the tracking and sending of data and statistics via a server installed on the user's PC and the use of your Internet connection in the background.
What's the hype about
While legitimate adware companies will disclose the nature of data that is collected and transmitted in their privacy statement (linked from our database), there is almost no way for the user to actually control what data is being sent. The fact is that the technology is in theory capable of sending much more than just banner statistics - and this is why many people feel uncomfortable with the idea. On the other hand millions of people are using advertising supported "spyware" products and could not care less about the privacy hype..., in fact some "Spyware" programs are among the most popular downloads on the Internet.
Real spyware
There are also many PC surveillance tools that allow a user to monitor all kinds of activity on a computer, ranging from keystroke capture, snapshots, email logging, chat logging and just about everything else. These tools are perfectly legal in mostplaces,but, just like an ordinary tape recorder, if they are abused, they can seriously violate your privacy.
FIREWALL
A firewall is a secure and trusted machine that sits between a private network and a public network.[1] The firewall machine is configured with a set of rules that determine which network traffic will be allowed to pass and which will be blocked or refused. In some large organizations, you may even find a firewall located inside their corporate network to segregate sensitive areas of the organization from other employees. Many cases of computer crime occur from within an organization, not just from outside.
Firewalls can be constructed in quite a variety of ways. The most sophisticated arrangement involves a number of separate machines and is known as a perimeter network. Two machines act as "filters" called chokes to allow only certain types of network traffic to pass, and between these chokes reside network servers such as a mail gateway or a World Wide Web proxy server. This configuration can be very safe and easily allows quite a great range of control over who can connect both from the inside to the outside, and from the outside to the inside. This sort of configuration might be used by large organizations.
Typically though, firewalls are single machines that serve all of these functions. These are a little less secure, because if there is some weakness in the firewall machine itself that allows people to gain access to it, the whole network security
has been breached. Nevertheless, these types of firewalls are cheaper and easier to manage than the more sophisticated arrangement just described. Figure 9-1 illustrates the two most common firewall configurations.
The Linux kernel provides a range of built-in features that allow it to function quite nicely as an IP firewall. The network implementation includes code to do IP filtering in a number of different ways, and provides a mechanism to quite accurately configure what sort of rules you'd like to put in place. The Linux firewall is flexible enough to make it very useful in either of the configurations
PORT
(1) An interface on a computer to which you can connect a device. Personal computers have various types of ports. Internally, there are several ports for connecting disk drives, display screens, and keyboards. Externally, personal computers have ports for connecting modems, printers, mice, and other peripheral devices.
Almost all personal computers come with a serial RS-232C port or RS-422 port for connecting a modem or mouse and a parallel port for connecting a printer. On PCs, the parallel port is a Centronics interface that uses a 25-pin connector. SCSI (Small Computer System Interface) ports support higher transmission speeds than do conventional ports and enable you to attach up to seven devices to the same port.
(2) In TCP/IP and UDP networks, an endpoint to a logical connection. The port number identifies what type of port it is. For example, port 80 is used for HTTP traffic. Also see Well-Known TCP Port Numbers in the Quick Reference section of Webopedia.
(3) To move a program from one type of computer to another. To port an application, you need to rewrite sections that are machine dependent, and then recompile the program on the new computer. Programs that can be ported easily are said to be portable.
REGISTARY
This is a database used by Microsoft Windows to store configuration information about the software installed on a computer. This information includes things like the desktop background, program settings, and file extension.
The windows registry consist of six part:
HKEY_User - contains the user information for each user of the system.
HKEY_Current_User - has all the preferences for the current user.
HKEY_Current_Configuration - stores settings for the display and printers.
HKEY_Classes_Root - includes file associations and OLE information.
HKEY_Local_Machine - has the settings for the hardware, operating system, and
Installed applications.
How to Hide Run (all users):
1) open regedit (start menu > run, and type in regedit)
2) go to: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies/Explorer
3) Right Click on the Right Pane Select New-> DWORD -> change the String to "NoRun"
4) Select Properties and Change the Value to 1
5) Logoff the Windows, Login again, Run is Hidden.
How to Hide Search (all users):
1) open regedit (start menu > run, and type in regedit)
2) go to: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies/Explorer
3) Right Click on the Right Pane Select New-> DWORD -> change the String to "NoFind"
4) Select Properties and Change the Value to 1
5) Logoff the Windows, Login again, Run is Hidden.
How to Hide Desktop (all users):
1) open regedit (start menu > run, and type in regedit)
2) go to: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies/Explorer
3) Right Click on the Right Pane Select New-> DWORD -> change the String to "NoDesktop"
4) Select Properties and Change the Value to 1
5) Logoff the Windows, Login again, Run is Hidden.
About the Group Policy Editor- How it works
Although the Group Policy Editor console (gpedit.msc) is mostly used by administrators of networks and domains, it also has uses for a stand-alone home computer. One application is to allow convenient and easy editing of the Registry so that a variety of tweaks or changes to the system can be made. These settings are known as policies and are stored in a special hidden folder %SystemRoot%\System32\GroupPolicy\ (For most home systems the environment variable %SystemRoot% is C:\Windows.) Policies that apply to the machine are stored in a sub-folder "Machine" and policies that apply to a user are stored in a sub-folder "User". In each case the settings are in a file named "Registry.pol". Thus the settings for the machine are in %SystemRoot%\System32\GroupPolicy\Machine\Registry.pol and in similar fashion user settings are in User\Registry.pol. Policies are used to write to a special key of the Registry and override any settings elsewhere in the Registry. Since only the administrator account can access the policy settings, limited account users can be prevented from making unwanted system changes.
Another useful application of the Group Policy Editor (GPE) is to provide for the automatic running of scripts or programs whenever the computer is started up or shut down or when a user logs on or off. This may be the application of most practical use to a typical home PC user.
Using the Group Policy Editor
Like many other management consoles, the GPE is not listed in Start-All Programs. To open it, go to Start-Run and enter "gpedit.msc" (without quotes). Figure 1 shows one view of the console. Note that there are entries for the
computer configuration and for the user configuration. Selecting either one then gives the entries shown in the right panel of the figure. Clicking plus signs in the left panel will expand the selections
Proxy Servers
A proxy server is a kind of buffer between your computer and the Internet resources you are accessing. They accumulate and save files that are most often requested by thousands of Internet users in a special database, called cache. Therefore, proxy servers are able to increase the speed of your connection to the Internet. The cache of a proxy server may already contain information you need by the time of your request, making it possible for the proxy to deliver it immediately. The overall increase in performance may be very high. Also, proxy servers can help in cases when some owners of the Internet resources impose some restrictions on users from certain countries or geographical regions. In addition to that, among proxy servers there are so called anonymous proxy servers that hide your IP address thereby saving you from vulnerabilities concerned with it.
Anonymous Proxy Servers
Anonymous proxy servers hide your IP address and thereby prevent unauthorized access to your computer through the Internet. They do not provide anyone with your IP address and effectively hide any information about you and your reading interests. Besides that, they donâ„¢t even let anyone know that you are surfing through a proxy server. Anonymous proxy servers can be used for all kinds of Web-services, such as Web-Mail (MSN Hot Mail, Yahoo mail), web-chat rooms, FTP archives, etc.
Why Should You Use Anonymous Proxy Servers
Any web resource you access can gather personal information about you through your unique IP address “ your ID in the Internet. They can monitor your reading interests, spy upon you and, according to some policies of the Internet resources, deny accessing any information you might need. You might become a target for many marketers and advertising agencies who, having information about your interests and knowing your IP address as well as your e-mail, will be able to send you regularly their spam and junk e-mails.A web site can automatically exploit security holes in your system using not-very-complex, ready-made, free hacking programs. Some of such programs may just hang your machine, making you reboot it, but other, more powerful ones, can get access to the content of your hard drive or RAM. Everything a web site may need for that is only your IP address and some information about your operating system. Using an anonymous proxy server you don't give anybody any chance to find out your IP address and any information about you and use them in their own interests.
The Solution
Using an anonymous proxy server you donâ„¢t give anybody chance to find out your IP address to use it in their own interests. We can offer you three ways to solve your IP problem:
1. Secure Tunnel - pay proxy server with plenty of features. Effective for personal use, when your Internet activities are not involved in web site development, mass form submitting, etc. The best solution for most of Internet users. Ultimate protection of privacy - nobody can find out where you are engaged in surfing. Blocks all methods of tracking. Provides an encrypted connection for all forms of web browsing, including http, news, mail, and the especially vulnerable IRC and ICQ. Comes with special totally preconfigured software.
2. ProxyWay Pro - multifunctional anonymous proxy surfing software which you can use together with a wide variety of web applications (web browsers, Instant Messengers, Internet Relay Chat (IRC), etc.) to ensure your anonymity. ProxyWay Pro provides an extended proxy management system that enables you to search for, check proxy (multithreaded proxies checking), analyze, validate proxy servers for speed, anonymity, type (HTTP/HTTPS/SOCKS), geographical location, create proxy chains. Allows update proxy list automatically using scheduler. ProxyWay Pro lets you clear history, block ads and popups, change User-Agent and Referrer fields, block harm code and much more. Also it can be used as a simple local proxy server.
3. Our own small proxy list is also a good place to start with if you are a noviceThere are MANY methods to change your IP address. Some methods will work for you but may not work for someone else and vice versa. If your IP is static, then you CANâ„¢T change your IP address without contacting your ISP. If you have a long lease time on your IP then you wonâ„¢t be able to change your IP without cloning your MAC address, which Iâ„¢ll explain later in this article.
The #1 Network Security Scanner and Vulnerability Management Solution (GIF LAN GURARD SCANNER)
GFI LANguard„¢ is the award-winning network and security scanner used by over 20,000 customers. GFI LANguard scans your network and ports to detect, assess and correct security vulnerabilities with minimal administrative effort. As an administrator, you have to deal separately with problems related to vulnerability issues, patch management and network auditing, at times using multiple products. However, with GFI LANguard these three cornerstones of vulnerability management are addressed in one package. We give you a complete picture of your network set-up and help you to maintain a secure network state faster and more effectively.
Freeware Version Available
To add further value, GFI has now released a freeware version of GFI LANguard, in line with our ˜We Care™ initiative to offer a helping hand in these hard economic times. Using the freeware version, companies can scan up to five IPs for free using the product™s full feature set “ with no restrictions whatsoever. Click here for more information.
Vulnerability Management
GFI LANguard performs network scans using vulnerability check databases based on OVAL and SANS Top 20, providing over 15,000 vulnerability assessments when your network, including any virtual environment, is scanned. GFI LANguard allows you to analyze the state of your network security and take action before it is compromised. The latest version detects machines that are vulnerable to infection by the Conficker worm as well as identifying machines that have been infected.
Patch Management
When a network scan is complete, GFI LANguardâ„¢s Patch Management gives you what you need to effectively deploy and manage patches on all machines across different Microsoft operating systems and products in 38 languages. Not only can you automatically download missing Microsoft security updates, but you can also automatically deploy the missing Microsoft patches or service-packs throughout your network at the end of scheduled scans.
Network Auditing
GFI LANguardâ„¢s Network Auditing tells you all you need to know about your network by retrieving hardware information on memory, processors, display adapters, storage devices, motherboard details, printers, and ports in use. Using baseline comparisons you can check whether any hardware was added or removed since the last scan. GFI LANguard will identify and report unauthorized software installations and provide alerts or even automatically uninstall unauthorized applications.
Why use GFI LANguard
¢ Powerful network, security and port scanner with network auditing capabilities
¢ Over 15,000 vulnerability assessments carried out across your network, including virtual environment
¢ Reduces the total cost of ownership by centralizing vulnerability scanning, Patch Management and Network Auditing
¢ Automated options help to retain a secure network state with minimal administrative effort
¢ Network-wide auditing functions provides a complete picture of network and port security set-up
¢ #1 Windows commercial security scanner and Best of TechEd 2007
PHISHING
Just like a lure might be dangled in front of a fish to trick it into thinking thereâ„¢s a real worm at the end of the hook, phishing is e-mail or instant messages that look like theyâ„¢re from a reputable company to get you to click a link. These messages can look like the real thing, right down to a spoofed e-mail address (faking someone elseâ„¢s e-mail address is known as spoofing). When unsuspecting users click the link, theyâ„¢re taken to an equally convincing (and equally fake) Web page or pop-up window thatâ„¢s been set up to imitate a legitimate business. The phishing site will ask for the userâ„¢s personal information, which the phisher then uses to buy things, apply for a new credit card, or otherwise steal a personâ„¢s identity.
What are the signs of phishing
Spotting the imposters can be tricky since phishers go to great lengths to look like the real thing:
Unsolicited requests for personal information. Most businesses arenâ„¢t going to ask you for your personal information out of the blueâ€especially not an organization such as your bank or credit card company, which should already have this information on file. If you do get a request for personal information, call the company first and make sure the request is legitimate.
Alarmist warnings. Phishers often attempt to get people to respond without thinking, and a message that conveys a sense of urgency, perhaps by saying that an account will be closed in 48 hours if you donâ„¢t take immediate action, may cause you to do just that.
Mistakes. The little things can often reveal the biggest clues. Phishers often slip up on the finer details and overlook typos, mistakes in grammar, and so on.
Addressed as Customer. If your bank, for example, regularly addresses you by name in its correspondence and you get an e-mail addressed to Dear Customer, this may be a phishing attempt.
The words verify your account. A legitimate business will not ask you to send passwords, logon names, Social Security numbers, or other personally identifiable information through e-mail. Be suspicious of a message that asks for personal information no matter how authentic it looks.
The phrase Click the page link below to gain access to your account. HTML-formatted messages can contain links or forms that you can fill out just as youâ„¢d fill out a form on a Web site. The links that you are urged to click may contain all or part of a real company's name, but the page link you see is actually taking you to a phony Web site.Trust your instincts. If an e-mail message looks suspicious, it probably is.Another common technique that phishers use is a Uniform Resource Locator (URL) that at first glance appears to be the name of a well-known company but is slightly altered by intentionally adding, omitting, or transposing letters. For example, the URL "microsoft.com" could appear instead as:
micosoft.com
verify-microsoft.com
MAIL TRACKER
Each email you receive comes with headers. The headers contain information about the routing of the email and the originating IP of the email. Not all emails you receive can be traced back to the originating point and depending on how you send emails etermines whether or not they can trace the email back to you. The headers don't contain any personal information. At most, you can get the originating IP and the computer name that sent the email. The originating IP can be looked up to determine from where the email was sent. .
eMailTrackerPro can trace email back to it's true geographical location. You can also use the spam filter in eMailTrackerPro to wipe out 90% of your daily spam in one go!
eMailTrackerPro is the only tool you will need to fight off SPAM. Not only can you track email you have received to find the location, and more importantly, the relevant ISP in order to report the SPAM but you can set up your eMail account with eMailTrackerPro to filter out the SPAM before it even gets to your machine.
How does eMailTrackerPro trace email
Using advanced header analysis and a world renown IP database eMailTrackerPro can pin point the real IP address of the sender and track it down to the town/city the email came from.
How can eMailTrackerPro filter my SPAM
eMailTrackerPro Advanced has a mail filtering feature. This is available to any user with a POP account (SSL is supported). Once set up eMailTrackerPro will trace your emails whilst they are still on your POP server, this alone can spot emails that have been misdirected and then mark them as SPAM. Pre defined filters are already set up to check your email against DNS Blacklists and foreign language filters to further wipe out SPAM.
You can cut your SPAM load by 90%
without having to do anything! (for this feature the advanced edition is needed)
Can I take further action against spammers
eMailTrackerPro has an abuse reporting feature which automatically generates a report to be sent to the ISP responsible for a particular SPAM email. We also provide the abuse address for it to be sent to. All of this in just a couple of clicks.
Step A: Sender creates and sends an email
The originating sender creates an email in their Mail User Agent (MUA) and clicks 'Send'. The MUA is the application the originating sender uses to compose and read email, such as Eudora, Outlook, etc.
Step B: Sender's MDA/MTA routes the email
The sender's MUA transfers the email to a Mail Delivery Agent (MDA). Frequently, the sender's MTA also handles the responsibilities of an MDA. Several of the most common MTAs do this, including sendmail and qmail (which Kavi uses).
The MDA/MTA accepts the email, then routes it to local mailboxes or forwards it if it isn't locally addressed.
In our diagram, an MDA forwards the email to an MTA and it enters the first of a series of "network clouds," labeled as a "Company Network" cloud.
Step C: Network Cloud
An email can encounter a network cloud within a large company or ISP, or the largest network cloud in existence: the Internet. The network cloud may encompass a multitude of mail servers, DNS servers, routers, lions, tigers, bears (wolves!) and other devices and services too numerous to mention. These are prone to be slow when processing an unusually heavy load, temporarily unable to receive an email when taken down for maintenance, and sometimes may not have identified themselves properly to the Internet through the Domain Name System (DNS) so that other MTAs in the network cloud are unable to deliver mail as addressed. These devices may be protected by firewalls, spam filters and malware detection software that may bounce or even delete an email. When an email is deleted by this kind of software, it tends to fail silently, so the sender is given no information about where or when the delivery failure occurred.
Email service providers and other companies that process a large volume of email often have their own, private network clouds. These organizations commonly have multiple mail servers, and route all email through a central gateway server (i.e., mail hub) that redistributes mail to whichever MTA is available. Email on these secondary MTAs must usually wait for the primary MTA (i.e., the designated host for that domain) to become available, at which time the secondary mail server will transfer its messages to the primary MTA.
Step D: Email Queue
The email in the diagram is addressed to someone at another company, so it enters an email queue with other outgoing email messages. If there is a high volume of mail in the queueâ€either because there are many messages or the messages are unusually large, or bothâ€the message will be delayed in the queue until the MTA processes the messages ahead of it.
Step E: MTA to MTA Transfer
When transferring an email, the sending MTA handles all aspects of mail delivery until the message has been either accepted or rejected by the receiving MTA.
As the email clears the queue, it enters the Internet network cloud, where it is routed along a host-to-host chain of servers. Each MTA in the Internet network cloud needs to "stop and ask directions" from the Domain Name System (DNS) in order to identify the next MTA in the delivery chain. The exact route depends
partly on server availability and mostly on which MTA can be found to accept email for the domain specified in the address. Most email takes a path that is dependent on server availability, so a pair of messages originating from the same host and addressed to the same receiving host could take different paths. These days, it's mostly spammers that specify any part of the path, deliberately routing their message through a series of relay servers in an attempt to obscure the true origin of the message.
To find the recipient's IP address and mailbox, the MTA must drill down through the Domain Name System (DNS), which consists of a set of servers distributed across the Internet. Beginning with the root nameservers at the top-level domain (.tld), then domain nameservers that handle requests for domains within that .tld, and eventually to nameservers that know about the local domain.
DNS resolution and transfer process
There are 13 root servers serving the top-level domains (e.g., .org, .com, .edu, .gov, .net, etc.). These root servers refer requests for a given domain to the root name servers that handle requests for that tld. In practice, this step is seldom necessary.
The MTA can bypass this step because it has already knows which domain name servers handle requests for these .tlds. It asks the appropriate DNS server which Mail Exchange (MX) servers have knowledge of the subdomain or local host in the email address. The DNS server responds with an MX record: a prioritized list of MX servers for this domain.
An MX server is really an MTA wearing a different hat, just like a person who holds two jobs with different job titles (or three, if the MTA also handles the responsibilities of an MDA). To the DNS server, the server that accepts messages is an MX server. When is transferring messages, it is called an MTA.
The MTA contacts the MX servers on the MX record in order of priority until it finds the designated host for that address domain.
The sending MTA asks if the host accepts messages for the recipient's username at that domain (i.e., username[at]domain.tld) and transfers the message.
Step F: Firewalls, Spam and Virus Filters
The transfer process described in the last step is somewhat simplified. An email may be transferred to more than one MTA within a network cloud and is likely to be passed to at least one firewall before it reaches it's destination.
An email encountering a firewall may be tested by spam and virus filters before it is allowed to pass inside the firewall. These filters test to see if the message qualifies as spam or malware. If the message contains malware, the file is usually quarantined and the sender is notified. If the message is identified as spam, it will probably be deleted without notifying the sender.
Spam is difficult to detect because it can assume so many different forms, so spam filters test on a broad set of criteria and tend to misclassify a significant number of messages as spam, particularly messages from mailing lists. When an email from a list or other automated source seems to have vanished somewhere in the network cloud, the culprit is usually a spam filter at the receiver's ISP or company.
NET TOOLS
Net Tools is cutting-edge security and network monitoring software for the Internet and Local Area Networks, providing clients with the ability and confidence to meet the challenges of tomorrow's technology. Keeping pace with the industry trends, we offer professional tools that support the latest standards, protocols, software, and hardware for both wired and wireless networks. The main goal is the creation of high quality software. Net Tools is a very strong combination of network scanning, security, file, system, and administrator tools useful in diagnosing networks and monitoring your PC and
computer's network connections for system administrators. Next to the essential core tools it includes a lot of extra valuable features. Itâ„¢s a Swiss Army knife for everyone interested in a set of powerful network tools for everyday use. This all-in-one toolkit includes also a lot of handy file and system utilities next to the huge amount of network tools. The menus are fully configurable, so in this way you wonâ„¢t get lost in the extremely large amount of essential tools. All the additional features will make this application a must have for all system administrators. There are numerous constructive and valuable applications included in Net Tools that can be used for a great amount of purposes. The latest version of Net Tools is hybrid; it means that itâ„¢s capable of working together with applications that are made and designed for Net Tools, so in this way more flexibility and user-friendliness is obtained. This software is designed for the Microsoft Windows OS (Windows 98, NT, 2000, 2003, XP, Vista). Itâ„¢s entirely compatible and has thoroughly been tested on Windows XP. With the 175+ tools it is a great collection of useful tools for network users. The size of Net Tools 5.0.70 is approximately 25 Mb.
CRYPTOGRAPHY
Public-key cryptography is a cryptographic approach, employed by many cryptographic algorithms and cryptosystems, whose distinguishing characteristic is the use of asymmetric key algorithms instead of or in addition to symmetric key algorithms. Using the techniques of public key-private key cryptography, many methods of protecting communications or authenticating messages formerly unknown have become practical. They do not require a secure initial exchange of one or more secret keys as is required when using symmetric key algorithms. It can also be used to create digital signatures.
Public key cryptography is a fundamental and widely used technology around the world, and is the approach which underlies such Internet standards as Transport Layer Security (TLS) (successor to SSL), PGP and GPG.
The distinguishing technique used in public key-private key cryptography is use of asymmetric key algorithms because the key used to encrypt a message is not the same as the key used to decrypt it. Each user has a pair of cryptographic keys †a public key and a private key. The private key is kept secret, whilst the public key may be widely distributed. Messages are encrypted with the recipient's public key and can only be decrypted with the corresponding private key. The keys are related mathematically, but the private key cannot be feasibly (ie, in actual or projected practice) derived from the public key. It was the discovery of such algorithms which revolutionized the practice of cryptography beginning in the middle 1970s.
In contrast, Symmetric-key algorithms, variations of which have been used for some thousands of years, use a single secret key shared by sender and receiver (which must also be kept private, thus accounting for the ambiguity of the common terminology) for both encryption and decryption. To use a symmetric encryption scheme, the sender and receiver must securely share a key in advance.
Because symmetric key algorithms are nearly always much less computationally intensive, it is common to exchange a key using a key-exchange algorithm and transmit data using that key and a symmetric key algorithm. PGP, and the SSL/TLS family of schemes do this, for instance, and are called hybrid cryptosystems in consequence
ART OF GOOGLING
Here's a quick list of some of our most popular tools to help refine and improve your search. For additional help with Google Web Search or any other Google product.
OPERATOR EXAMPLE FINDS PAGES CONTAINING...
Vacation hawaii the words vacation and Hawaii .
Maui OR Hawaii either the word Maui or the word Hawaii
"To each his own" the exact phrase to each his own
virus “computer the word virus but NOT the word computer
+sock Only the word sock, and not the plural or any tenses or synonyms
~auto loan loan info for both the word auto and its synonyms: truck, car, etc.
define:computer definitions of the word computer from around the Web.
red * blue the words red and blue separated by one or more words.
I'm Feeling Lucky Takes you directly to first web page returned for your query.
CALCULATOR OPERATORS MEANING TYPE INTO SEARCH BOX
+ addition 45 + 39
- subtraction 45 “ 39
* multiplication 45 * 39
/ division 45 / 39
% of percentage of 45% of 39
^ raise to a power 2^5
(2 to the 5th power)
ADVANCED OPERATORS MEANING WHAT TO TYPE INTO SEARCH BOX (& DESCRIPTION OF RESULTS)
site: Search only one website admission site
tanford.edu(Search Stanford Univ. site for admissions info.)
[#]¦[#] Search within a
range of numbers DVD player $100..150
(Search for DVD players between $100 and $150)
link: linked pages link
tanford.edu(Find pages that page link to the Stanford University website.)
info: Info about a page info
tanford.edu(Find information about the Stanford University website.)
related: Related pages related
tanford.edu(Find websites related to the Stanford University website.)
DATA RECOVERY
Data recovery is the retrieval of inaccessible or contaminated data from media that has been damaged in some way. Data recovery is being increasingly used and is an important process nowadays.
There has been a lot of progress in increasing the memory capacity of data storage devices. Therefore data loss from any one incident also tends to be very high. The relevance of lost data can vary greatly. Maybe you have had the experience of storing a homework assignment on a floppy disk only to have it missing on the day the assignment in due.
Consider the fact that a large amount of businesses nowadays have vital organizational related data stored on machines. Also hospitals store data on patients on computers. Large amounts of websites nowadays use databases technology to enhance their websites and make them more dynamic. Php and MySql use has been on the rise on the Internet. Database failure is not uncommon and so it is not a fail proof method of storing information.
Companies have high reliance on computer technology to write and store data relevant to their business operations. Thus the data being stored can have a great deal of impact on personal lives and operations of companies.
There can be several causes of data loss.
Data loss can occur from unexpected incidences including national tragedies such as floods and earthquakes.
Often power failure can cause loss of data from hard drives. Sudden power surges can also cause a lot of damage to a computerâ„¢s hard drive.
Accidentally deleting a file or formatting a hard drive or floppy disk is a common reason for data loss.
If you have accidentally lost any important documents there are several steps you can take. Remember that if you have accidentally erased a file, it may not have vanished from your computer. It may have left an imprint in a different format on the computerâ„¢s hard drive or other storage devices. Recovering the data involves locating it and transforming it into human readable form.
Not all data may be recoverable.
You can either hire professional service to help you solve your problem or attempt a recovery on your own.
You can carry out data recovery operations on your own computer if you know what you are doing. There is data recovery software widely available that can assist you in the process.
Data recovery can become complicated if you overwrite on the storage device that has the lost data. Therefore if you do not know what you are doing, it is advisable to contact a professional service firm.
Data recovery professionals are experts in recovering data from all sorts of media and from a variety of damages done. There are many specialists out there who have years of experience in the IT field. The kind of data recovery operation to use will depend a great deal on the storage device and other variables such as the amount of damage done or the operation system used such as Macintosh, Windows or Linux.
There are some cases where it may be impossible to recover any data. However do not fret as the odds lie in your favor since a high percentage of data recovery operations are successful.
Preventing data loss
Of course the best way is to prevent data loss in the first place.
Data backup allows for restoring data if data loss occurs. Even ordinary pc users can set up their computer to carry out regularly scheduled backup operations. In the event of a hard drive crash or an unwise change in settings by an uninformed user, the restore tool can be used to retrieve deleted data or to restore the computerâ„¢s settings from an earlier time.
For the back up process to be useful it should involve several reliable backup systems and performing drills to make sure the data is being stored correctly. Additional protection methods from data loss include making sure that the hard drive is protected from damages from the external environment. This includes protection from sunlight and temperature extremes.
Also plugging in your pc into a surge protector rather than an ordinary outlet can give your computer a protection layer from electricity fluctuations. Keep your virus protection up to date. Also remember to keep your backup data separate from your computer.
Nevertheless a lot of companies will go through a disaster and experience data loss. The best thing to do is not to panic and also not to ignore the situation. The quicker you rectify the situation the better. Counting on data loss will help you be prepared for any such event
VIRTUALIZATION
What is Virtualization
Virtualization allows multiple operating system instances to run concurrently on a single computer; it is a means of separating hardware from a single operating system. Each guest OS is managed by a Virtual Machine Monitor (VMM), also known as a hypervisor. Because the virtualization system sits between the guest and the hardware, it can control the guestsâ„¢ use of CPU, memory, and storage, even allowing a guest OS to migrate from one machine to another.
