الاثنين، 24 نوفمبر 2008

Virgin's In-flight Wi-Fi Coming Monday

Virgin America's in-flight Wi-Fi service will launch on Monday for a beta test that is intended to last just one week before a planned commercial launch Dec. 1.

The fledgling domestic airline is making one of the most aggressive moves into in-flight broadband, though most U.S. carriers have announced at least trials or other tests. Virgin plans to have the system from Aircell deployed on all its planes by the middle of next year. On Saturday, it will unveil the service with a flourish, streaming part of the YouTube Live online video event from a plane flying over the San Francisco Bay Area. That plane will go on to serve as the beta test plane, and all passengers who take it will get free Wi-Fi during the test period.

Interest in Wi-Fi on commercial airliners is growing despite the closure of the highest-profile in-flight system, Connexion by Boeing, in 2006. The services, which in general won't allow VoIP (voice over Internet protocol) calls, could be a critical revenue source for ailing airlines as well as a convenience for passengers.

Virgin will charge US$9.95 for a flight of three hours or less and $12.95 for longer flights. Internet access won't be filtered for content or applications, except for the VoIP restriction, said Virgin spokeswoman Abby Lunardini. Aircell has said it has mechanisms to manage the shared bandwidth to prevent one user from taking it all.

Aircell, which is also working with several other carriers, will provide Internet access to planes via its own national network of 3G (third-generation) base stations on the ground. The connection from the plane to the Internet will be via EV-DO (Evolution-Data Optimized) Revision A technology. The base stations are being supplied by ZTE USA, a subsidiary of Chinese telecommunications giant ZTE. Qualcomm, the pioneer of EV-DO, supplied the onboard modems.

Virgin claims it will be the first airline in the U.S. to deploy in-flight broadband on all its planes. It has some advantages in this mission, since it has only 28 planes and all are new. Virgin America itself only started flights in August 2007. Virgin already uses Wi-Fi on its planes for wireless devices that let flight attendants take food and drink orders, Lunardini said. The broadband technology will be added to planes gradually over the following months, she said. There will be multiple aircrafts with the Wi-Fi service before the end of December.

Delta Air Lines said in August it would deploy the Aircell system on all the planes in its main fleet by summer 2009, which in the U.S. ends at about the end of August. American Airlines is offering a service on a limited-time trial, as is JetBlue.

The demand is there from passengers, especially business travelers, but whether more airlines commit to permanent commercial services will depend on price and performance, two longtime wireless analysts said on Thursday.

Key unanswered questions include how well the technical controls will work if someone tries to make VoIP calls or hog the Internet connection with movie downloads, and how the airlines will solve passengers' technical issues without an onboard IT staff, said Jack Gold, principal analyst at J. Gold Associates.

"Users are going to have problems. It just happens," Gold said.

Any new source of revenue will be attractive to the cash-strapped airlines, said Gartner analyst Ken Dulaney. The economics of in-flight broadband have improved since the days of Connexion, with lighter on-board systems helping airlines meet tight budgets for weight, he said. But as a discount airline, Virgin may have a harder time than some at selling the service, Dulaney said.

"We've gotten to this point with the airlines because people didn't want to pay for a meal or anything," Dulaney said.

Linksys Launches WAG160N Wireless Router

Linksys has announced the availability of the WAG160N, a Wireless-N ADSL2+ Gateway that integrates the functionalities of an ADSL2+ Modem, Router, 4-port Switch and a Wireless-N Access Point.

According to a press release, the WAG160N is the newest addition to the Wireless-N line-up and it features the same design as sported by the recent Ultra RangePlus family of Wireless-N routers (WRT160N and WRT310N). The new design features an internal antenna technology which integrates the antenna into the device body.

The WAG160N ships with the Linksys EasyLink Advisor (LELA) application, which provides consumers with a flash video-based guided installation for PC and Mac users. The WAG160N is based on draft 802.11n technology and the built-in Wireless-N Access Point enables users to connect wireless devices in the building without using cables. It also supports Multiple In, Multiple Out (MIMO) technology which is designed to increase the range and reduce 'dead spots' in the wireless coverage area. In addition, the WAG160N supports up to 256-bit industrial-strength encryption and 802.1x authentication and authorization.

The LinkSys WAG160N is available for a price of Rs. 7,925 (US$160).

Why IT Should Get in the Facilities Business

Picture in your mind the facilities management guy or gal in your building: Are you envisioning someone in a pair of overalls and a screwdriver tucked in the back pocket?

If so, who are you going to call when the rack density in the datacenter increases from 2 to 3 kilowatts per rack to 12 kW per rack thanks to IT technologies like virtualization and server consolidation?

If your facilities manager is the screwdriver-in-the-pocket type, don't be surprised when you're told, "You better shut some of these contraptions down!"

Due to the realities of rising energy costs and new energy management systems, the traditional facilities manager is morphing into a tech-savvier operations role, one that is pushing both IT managers and facilities managers into a more consultative relationship. In some cases, facilities management is becoming part of IT.

At a recent Datacenter Users' Group meeting sponsored by Emerson Network Power, 62 percent of the 230 industry experts from Fortune 1000 companies said that collaboration between IT and facilities management has increased over the last 12 months.

Matt Kightlinger, director of solutions at Emerson, believes that driving this convergence is the need for energy efficiency to lead to lower costs. "It is forcing IT and [facilities management] to increase efficiencies from an operations perspective," he says.

But there's been a historic disconnect between IT and facilities, with each making decisions in isolation. "IT buys on performance from IT vendors, so they never get the actual [energy] bill at the end of the month," says David Cappuccio, a Gartner analyst. But the high cost of energy is pushing the two groups together. When the CFO asks IT and facilities about the IT energy budget, each side says the other department is responsible, and that's not an acceptable answer. "Suddenly, both sides are realizing that to create a more efficient infrastructure based on energy, they need to cooperate," he says.

The Shift Starts in the Datacenter

The hot spot for this shift into tech is definitely the datacenter. That is where the business logic for combining IT and facilities management really comes on strong.

Typically, "facilities management" means taking care of the building systems, comfort systems, and power. But facilities management also takes care of the critical energy infrastructure that goes into the datacenter. And that means IT is at least heavily involved with facilities and, in some cases, applies IT techniques itself to managing the energy infrastructure.

The popularity of energy-saving virtualization technology is one reason IT is getting involved in energy infrastructure management. Here's why: The use of virtualization reduces the number of servers needed, decreasing overall energy consumption, but there's now more energy used per server and greater risk to the enterprise if any server fails, since several virtual servers will shut off when the physical server goes.

Suddenly IT finds itself more concerned with increased energy monitoring and cooling at the rack level -- having sufficient juice and cooling in the rack room is not good enough, says Gartner's Cappuccio. That rack-level focus is not an area in which facilities management is experienced.

Server chips from AMD and Intel can trigger automatic alerts when they detect too much heat and even throttle back the chip speed to reduce heat emissions. However, a simple solution like throttling back may not be the answer if those racks are running mission-critical applications during peak business hours. This goes way beyond the room- and building-oriented energy and cooling focus of traditional facilities management, instead requiring systems akin to network management, in which IT has experience.

When the facilities and IT networks are part of a single entity, the unified system will know when peak demand is expected and be able to react better. For example, the policies in such a system could turn on more servers or draw from on-demand resources to better distribute the load, rather than curb performance.

Another area where IT has the experience required for the new energy environment is in asset tracking, says Emerson's Kightlinger. It's not enough to track physical assets, he says; businesses need to also track the power consumption and usage patterns to figure out appropriate load balancing -- the kind of work typically handled through monitoring software IT has long experience with, all managed through a database. "IT managers run that [database]," he says.

But the systems IT has used for monitoring -- such as CA Unicenter, Hewlett-Packard OpenView, and IBM Tivoli -- haven't been designed to understand the implications of energy usage or of business implications of changes, says James White, a product manager at Managed Objects. However, that's beginning to change as "business service management" features -- specifically, ones related to facilities management -- come into the traditional monitoring tools from CA, HP, IBM, and Managed Objects.

The Intertwining of IT and Facilities Outside the Datacenter

The focus of cooperation and even convergence between facilities and IT in the datacenter is driven by ensuring business efficiency and continuity. But outside the datacenter, there's a simpler motivation: cost savings.

Traditionally, HVAC systems are overengineered, so there's redundancy and future capacity built in. That translates to extra ducts and greater cooling or heating capacity than needed -- a reasonable approach because it's been cheaper to allow such waste in return for not requiring major, expensive rework when your demands grew over time. But with ever-increasing energy costs, that approach no longer works well.

Today, IT has the ability to analyze data on energy usage, work patterns, and other facilities domains to reduce the need for such overengineering, thus lowering costs, says Tom Debin, CEO of Equity Through Energy, a building automation supplier. For example, analysis can tell you how many kilowatts are being used per square foot in a building, helping planners decide whether or not to close or renovate the facility.

Or take the case of something as simple as a water heating system in a restaurant. The designer will design for maximum flow on the maximum day with 100 percent use and then put a fudge factor of 25 percent after he gets it printed out and goes to the plumber. The plumber thinks, "I don't want to be called for a repair later, so I will buy the next model up," adding another 25 percent. So by the time it gets to the job site and the customer has a say, you may have a water heater that costs more in both material and energy costs than is justifiable by the actual demand. "Bigger isn't better," says Debin.

The benefits of analysis-based energy management include lower costs for energy, decreased equipment maintenance costs, a reduced carbon footprint, consistency across the real estate portfolio, and increased effectiveness and decreased cost of the extended enterprise, says Dan Sharplin, CEO at Site Controls, a building automation supplier.

"Intelligent" building automation systems that control power usage based on actual consumption and building designs that are less overengineered both bring challenges when deployed, says James Jones, product manager at Infor, an enterprise asset management vendor.

First, managing these systems requires the pervasive use of sensors that are networked together. It is IT that must manage the network and the data it generates. "IT takes responsibility for information systems that get installed at the site," says Jones. "While the guy you want to fix the boiler needs to be a journeyman technician, a lot of times what you are dealing with or alerted about is a condition coming from an information system. So does IT own that?" Whether or not IT owns it, "IT needs to be able to run with it even if someone else installs it," he adds.

Second, IT needs to be able to understand and intelligently act on the data that the building automation systems generate. IT's role doesn't stop at ensuring the system is running as planned, but extends to helping identify new, better ways to reduce waste and increase efficiency. "The key is having the data available to the extended enterprise in an actionable format," says Site Control's Sharplin.

Update Windows

-> Go to http://windowsupdate.microsoft.com
--> Download ALL updates available
---> Reboot when asked to administrator account again
----> Return to this site to download more and more and more patches
-----> Continue to download/install patches, rebooting and returning to this page until you have downloaded ALL patches and cannot download any more patches.
-> Remember to come back to see new patches hopefully every week but atleast once a month! We have set automatic Windowsupdate, but I STILL insist that you recheck for ANY new updates every once and while. Just to be sure. Updating your Windows, Windows Media Player, Internet Explorer, Outlook Express etc. is REALLY THAT IMPORTANT!


Secure file and folder permissions

-> My Computer
--> Right click on your mouse to C:\
---> Properties
----> General
-----> Disable: Allow indexing service to index this disk for fast file searching
----> Security
-----> Add
------> Type: Authenticated Users
-------> Press enter
-----> Select: Authenticated Users
------> Allow: Read & Execute, List folder content, Read
-----> Advanced
------> Unselect: Inherent from parent permission entries...
-------> Copy
------> Remove all other users except: Administrator, System and Authenticated Users
-------> Select: Replace permissions entries...
--------> OK
---------> Yes

--> Go to C:\documents and settings\
---> Right click on your mouse to Administrator folder
----> Properties
-----> Security
------> Advanced
-------> Unselect: Inherent from parent permission entries...
--------> Copy
---------> Remove: Authenticated Users
----------> Select: Replace permission entries...
-----------> OK
------------> Yes
---> Right click on your mouse to, one at the time, all other user folders (like "mom", "userX", etc.)
----> Properties
-----> Security
------> Advanced
-------> Unselect: Inherent parent permission entries
--------> Copy
--------> Remove: Authenticated users
---------> Add that users name (like "mom", "userX", etc.) who's folders these are. This will prevent all other users except admins from getting into their folders.
----------> Allow: Full Control
---------> Select: Replace permission entries...
----------> OK
-----------> Yes
--> Go to C:\windows (or if your Windows is installed onto some other directory, then go there)
---> Select "temp" folder
----> Properties
-----> Security
------> Select: Authenticated Users
-------> Allow: Full Control
--> You can also set permissions like this in other partitions and folders. Please be adviced, that if you store something like games in somewhere, users who need to play those games need to have, usually, full control on those folders so that they can save games etc. Same goes if you store other files in those partitions, like music, documents etc. that other people want to not only access, but also save and edit. Then you should give "Authenticated Users" full permissions on those folders. The main thing is, that your personal folders (C:\documents and settings\userX\) are safe from other peoples tampering and so are important system folders (C:\windows\).

-> To encrypt (EFS) the content of directories and prevent all other users (including administrators) from reading the content of files inside (only in XP pro version) the directory (notice: they can still see the file names and alter folder settings)
-> Only use this for YOUR personal directories (like to folders where you keep personal documents etc.), do not use on system, program, etc. directories!
--> Right click on your mouse to the directory you wish to encrypt
---> Properties
----> General
-----> Advanced
------> Enable: Encrypt the contents to secure data (notice: If you are logged in as administrator, this will encrypt the data for administrator account only. To encrypt data for your USER account, please secure you WindowsXP installation, login as user and then start encrypting your folders)


Adjust event viewer settings

-> Control Panel
--> Performance and maintenance
---> Administrative tools
----> Event viewer
-----> Right click: Application
------> Properties
-------> Maximum log size: 10048
-------> Select: OVerwrite events as needed
-----> Right click: Security
------> Properties
-------> Maximum log size: 10048
--------> Select: Overwrite events as needed
-----> Right click: System
------> Properties
-------> Maximum log size: 10048
--------> Select: Overwrite events as needed

Secure settings

-> Control panel
--> Performance and maintenance
---> Administrative tools
----> Local security policy
-----> Account policies
------> Password policy
------> Enforce password history - 0 passwords remembered
------> Maximum password age - 360 days
------> Minimum password age - 0 days
------> Minimum password lenght - 14 characters
------> Password must meet complexity requirements - Enabled
------> Store passwords using reversible encryption for all users in the domain - Disable
-----> Account lockout policy
------> Account lockout threshold - 3 invalid logon attempts.
------> Account lockout duration - 15 minutes
------> Reset account lockout counter after - 15 minutes
-----> Local policies
------> Audit policy
-------> Audit account logon events - Success, failure
-------> Audit account management - Success, failure
-------> Audit logon events - Success, failure
-------> Audit Object access - Success, failure
-------> Audit policy change - Success, failure
-------> Audit system events - Success, failure
------> User rights assignment
-------> Access this computer from the network -
-------> Act as part of the operating system -
-------> Add workstations to domain -
-------> Adjust memory quotas for a process - LOCAL SERVICE,NETWORK SERVICE,Administrators
-------> Allow logon through Terminal Services -
-------> Back up files and directories - Administrators
-------> Bypass traverse checking - Authenticated Users,Administrators
-------> Change the system time - Administrators
-------> Create a pagefile - Administrators
-------> Create a token object -
-------> Create permanent shared objects -
-------> Debug programs - Administrators
-------> Deny access to this computer from the network - Everyone
-------> Deny logon as a batch job -
-------> Deny logon as a service -
-------> Deny logon locally -
-------> Deny logon through Terminal Services - Everyone
-------> Enable computer and user accounts to be trusted for delegation -
-------> Force shutdown from a remote system -
-------> Generate security audits - LOCAL SERVICE,NETWORK SERVICE
-------> Increase scheduling priority - Administrators
-------> Load and unload device drivers - Administrators
-------> Lock pages in memory - LOCAL SERVICE, Authenticated Users,Administrators
-------> Log on as a batch job -
-------> Log on as a service -
-------> Log on locally - Authenticated Users, Administrators
-------> Manage auditing and security log - Administrators
-------> Modify firmware environment values - Administrators
-------> Perform volume maintenance tasks - Administrators
-------> Profile single process -
-------> Profile system performance -
-------> Remove computer from docking station - Authenticated Users,Administrators
-------> Replace a process level token - LOCAL SERVICE
-------> Restore files and directories - Administrators
-------> Shut down the system - Authenticated Users, Administrators
-------> Synchronize directory service data -
-------> Take ownership of files or other objects - Administrators
------> Security options
-------> Accounts: Administrator account status - Enabled
-------> Accounts: Guest account status - Disabled
-------> Accounts: Limit local account use of blank passwords to console logon only - Enabled
-------> Accounts: Rename administrator account - (TYPE SOME NAME HERE AND USE IT WHEN YOU LOGIN AS ADMINISTRATOR IN THE FUTURE)
-------> Accounts: Rename guest account - Guest
-------> Audit: Audit the access of global system objects - Disabled
-------> Audit: Audit the use of Backup and Restore privilege - Disabled
-------> Audit: Shut down system immediately if unable to log security audits - Disabled
-------> Devices: Allow undock without having to log on - Disabled
-------> Devices: Allowed to format and eject removable media - Administrators
-------> Devices: Prevent users from installing printer drivers - Enabled
-------> Devices: Restrict CD-ROM access to locally logged-on user only - Enabled
-------> Devices: Restrict floppy access to locally logged-on user only - Enabled
-------> Devices: Unsigned driver installation behavior - DO not allow installation
-------> Domain controller: Allow server operators to schedule tasks - Disabled
-------> Domain controller: LDAP server signing requirements - Not defined
-------> Domain controller: Refuse machine account password changes - Enabled
-------> Domain member: Digitally encrypt or sign secure channel data (always) - Enabled
-------> Domain member: Digitally encrypt secure channel data (when possible) - Enabled
-------> Domain member: Digitally sign secure channel data (when possible) - Enabled
-------> Domain member: Disable machine account password changes - Enabled
-------> Domain member: Maximum machine account password age - 1
-------> Domain member: Require strong (Windows 2000 or later) session key - Enabled
-------> Interactive logon: Do not display last user name - Enabled
-------> Interactive logon: Do not require CTRL+ALT+DEL - Disabled
-------> Interactive logon: Message text for users attempting to log on -
-------> Interactive logon: Message title for users attempting to log on -
-------> Interactive logon: Number of previous logons to cache (in case domain controller is not vailable) - 0 logons
-------> Interactive logon: Prompt user to change password before expiration - 14 days
-------> Interactive logon: Require Domain Controller authentication to unlock workstation - Enabled
-------> Interactive logon: Smart card removal behavior - Lock Workstation
-------> Microsoft network client: Digitally sign communications (always) - Enabled
-------> Microsoft network client: Digitally sign communications (if server agrees) - Enabled
-------> Microsoft network client: Send unencrypted password to third-party SMB servers - Disabled
-------> Microsoft network server: Amount of idle time required before suspending session - 1
-------> Microsoft network server: Digitally sign communications (always) - Enabled
-------> Microsoft network server: Digitally sign communications (if client agrees) - Enabled
-------> Microsoft network server: Disconnect clients when logon hours expire - Enabled
-------> Network access: Allow anonymous SID/Name translation - Disabled
-------> Network access: Do not allow anonymous enumeration of SAM accounts - Enabled
-------> Network access: Do not allow anonymous enumeration of SAM accounts and shares - Enabled
-------> Network access: Do not allow storage of credentials or .NET Passports for network authentication - Enabled
-------> Network access: Let Everyone permissions apply to anonymous users - Disabled
-------> Network access: Named Pipes that can be accessed anonymously -
-------> Network access: Remotely accessible registry paths -
-------> Network access: Shares that can be accessed anonymously -
-------> Network access: Sharing and security model for local accounts - Classic local users authenticate as themselves
-------> Network security: Do not store LAN Manager hash value on next password change - Enabled
-------> Network security: Force logoff when logon hours expire - Disabled
-------> Network security: LAN Manager authentication level - Send NTLMv2 response only\refuse LM & NTLM
-------> Network security: LDAP client signing requirements - Require signing
-------> Network security: Minimum session security for NTLM SSP based (including secure RPC) clients - Require message integrity,Require message confidentiality,Require NTLMv2 session security,Require 128-bit encryption
-------> Network security: Minimum session security for NTLM SSP based (including secure RPC) servers - Require message integrity,Require message confidentiality,Require NTLMv2 session security,Require 128-bit encryption
-------> Recovery console: Allow automatic administrative logon - Disabled
-------> Recovery console: Allow floppy copy and access to all drives and all folders - Disabled
-------> Shutdown: Allow system to be shut down without having to log on - Disabled
-------> Shutdown: Clear virtual memory pagefile - Enabled
-------> System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing - Enabled
-------> System objects: Default owner for objects created by members of the Administrators group - Object creator
-------> System objects: Require case insensitivity for non-Windows subsystems - Enabled
-------> System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) - Enabled

Secure Outlook Express

-> Start Outlook Express
--> Tools
---> Options
----> Read
-----> Enable: Read all messages in plaintex
----> Send
-----> Mail sending format
------> Select: Plain text
----> Security
-----> Disable: Do not allow attachments to be saved or opened that could potentially be a virus (if you dont disable this one, your ability to receive attachments is almost zero. Your email virus protection should rely on the fact that you do NOT open files that you receive as email attachments if you are not ABSOLUTELY sure they are safe to be run.)
----> Maintenance
-----> Enable: Purget deleted messages when leaving IMAP folders

WiMax' Troubles With In-building Wireless a Boon to MobileAccess

Even as WiMax promises faster average network speeds than other wireless networks, one company is banking on making money off one of WiMax's downsides -- a difficulty in penetrating the walls of large buildings.

Cathy Zatloukal, CEO of MobileAccess Networks in Vienna, Va., said WiMax wireless transmissions will have just as many, if not more, problems as other cellular signals in passing through walls and specially coated windows in large buildings, such as hospitals, hotels and factories.

That's good for MobileAccess, which has been filtering and amplifying cellular signals since 1998 for thousands of customers who need better indoor wireless connections, Zatloukal said.

In an interview at her booth at WiMax World here this week, Zatloukal said her company has already heard from businesses that would like to use WiMax for outdoor high-speed transmissions between building sites and want to know how they can boost signals indoors. MobileAccess, a partner of Sprint Nextel Corp., has worked with the wireless carrier to connect its amplification and filtering gear to Sprint's cellular base stations inside of buildings.

Inside a building, probably in the basement, MobileAccess would connect a controller box to a WiMax base station, sending data from there over a fiber optic cable to various switches throughout the building. In each switching closet, often located on every floor, the fiber would connect to a MobileAccess hub, where the WiMax signal would be carried over coaxial cable to special antennas in the ceilings.

A prime candidate for WiMax uses inside a business is for video surveillance used to secure parking lots, hallways and rooms. High-quality video surveillance may require 4Mbit/sec. uplink transmission speeds, which WiMax can support, Zatloukal said. But once inside, that wireless signal could be degraded as it passes through concrete walls or the metal coating on windows used to reflect away sunlight in hot climates. With the amplification that MobileAccess provides, the surveillance data over WiMax could make its way to a security command center and could be forwarded to a security guard in another part of the facility, she said.

Machine-to-machine commands over wireless will also be a prime candidate for WiMax, as builders seek ways to control heating and cooling and other systems.

"We see a growing market," Zatloukal said, noting that ABI Research Inc. has estimated that in-building amplification of wireless could be a US$15 billion market in five years. ABI said MobileAccess competes with ADC Telecommunications Inc. in Minneapolis, InnerWireless Inc. in Richardson, Tex., and CommScope Inc., in Hickory, N.C.

How to Avoid Phishing Scams

If you received an E-mail message from your bank saying that your checking account was overdrawn because of a check that you didn’t write, what would you do? Before you answer, it’s important to realize that you may not really be overdrawn and that there is a good chance that someone is trying to scam you. In this article, I will explain exactly how this type of scam works and how to avoid being a victim.

Imagine that tomorrow morning, you get up out of bed and check your E-mail. There is a message from your bank indicating that you are overdrawn on your checking account because a check that you wrote for $2457.83 bounced. You don’t remember writing a check for this amount. What do you do?

Hopefully, you answered that you would call the bank rather than logging onto the bank’s Web site to check out the problem for yourself. The situation that I just described is known as a Phishing (pronounced fishing) scam. Here’s how it works.

The person who is initiating the scam sends an E-mail to millions of people. The E-mail message is designed to appear to come from a bank, Internet Service Provider, online auction company, or from anyone else that you could potentially have regular business dealings with. The From header on the message is spoofed, and the message is designed to look as official as possible. The message’s sole purpose is to gather information.

Let’s go back to my earlier example in which a message allegedly came from your bank indicating that your account is overdrawn because of a check that you didn’t write. The vast majority of the people who receive the message don’t even use the bank that the message claims to be from. In this case though, the message just happens to appear to be from the bank that you use. Because the message appears to be related to a serious matter involving your bank, the person initiating the scam now has your attention.

Typically, such a message will urge you to take action and will provide a link to the bank’s Web site and / or the banks’ phone number. Although the phone number may or may not actually be the bank’s phone number, the Web site URL is never legitimate even if it appears to be legitimate.

Sometimes a person involved in a Phishing scheme will put the bank’s actual phone number in the E-mail in hopes of making the message seem more authentic. Other times though, they will put another number and have someone just waiting for calls from panicked bank customers. This person will typically ask the person who is calling for an account number, a PIN number, and any other information that might be useful, such as a social security number or birth date. The phony bank employee will then pretend to solve the problem while you are on the phone. In actuality though, the problem is just beginning. You weren’t actually overdrawn on your checking account, and now you have given your account information directly to a thief who can use it to clean out your bank account or to launch other identity theft scams.

So what about that official looking URL on the E-mail message? Sure, it probably looks like the bank’s official Web site, but try hovering your mouse over the URL. When you hover your mouse over the URL, you will see the hyper link appear. If the URL is legitimate, the hyperlink should match the URL displayed in the message EXACTLY. Typically, the person who created the message will replace the URL with an IP address, or they will use a domain name that is spelled very similarly to the bank’s domain name. To show you what I am talking about, have a look at Figure A. Figure A contains a very simple Web page that I have created. This page appears to have a link to mybank.com, but if you look at the bottom of Internet Explorer, you will see that the link is actually being directed to http://147.100.100.100. If such a link had been E-mailed to me, the hyperlink would appear in a small pop up rather than at the bottom of the window.

Figure A: This Web page appears to be directed to mybank.com, but is actually pointed at some other Web site instead.

Obviously, the idea behind a Phishing scam is to panic you into clicking on the link contained in the E-mail message and then getting you to enter your bank account number and password. Therefore, you might be wondering how someone could enter their account information into a Web site that does not belong to their bank?

Truthfully, it is very easy to scam someone into entering information into a false Web site. To see how easy it is, try this little experiment. Go to your bank’s Web site and then select the Source command from Internet Explorer’s View menu. This will show you the source code to your bank’s Web site, as shown in Figure B.

Figure B: This is the source code for Bank of America’s Web site.

Actually, you aren’t really looking at the source code. Remember that HTML stands for Hyper Text Mark Up Language. The information that you are seeing is simply the HTML instructions used to display the bank’s home page. Financial institutions typically use a server side scripting language such as ASP to control what visitors to the site actually see.

None of that really matters though because the hacker doesn’t need to recreate the bank’s entire Web site. They only need to recreate the first screen, and the bank has provided them with the HTML code to do it!

The person performing the Phishing scam would simply make a few minor modifications to the code and then upload it to their own Web site. Typically, the modifications would involve the login prompts. Remember that the victim of the scam can’t really log into the fake bank Web site, because the person who created the site has no way of validating the bank customer’s credentials. Instead, the person conducting the scam simply re-engineers the bank’s HTML code so that when the customer enters their account number and password, the account number and password is added to a database. What typically happens next is that the victim is then redirected to the bank’s real home page. Of course they are not logged in when they get there. The victim assumes that they typed the password incorrectly and enters it again. This time they are logged in because they are on the bank’s real Web site. The victim has no idea that they have just given their account number and password to a scam artist.

How Not To Be A Victim

So far, I have given you detailed instructions for how to pull off a Phishing scam. I am not however giving you this information so that you can go rip people off. Instead, I am showing you how a Phishing scam works so that you can avoid being ripped off. Of course, understanding how the scam works is only half of the battle. You still need to know how to spot the scam and avoid being victimized by it.

The best advice that I can give you is that if you ever get an E-mail message from your bank, your ISP, PayPal, EBay, Amazon, etc., read the note over several times. Odds are that the note will appear legitimate, but you need to look for something fishy (no pun intended). For example, does the note have misspellings or bad grammar? Is this the first message that you have ever gotten from the company? Does the company even have your E-mail address on file? If you have any suspicions at all about the message, then the message is probably illegitimate.

The best thing that you can do is to call the company that allegedly sent you the message. Never use the phone number included in the message though. Instead, take the time to look the phone number up in the phone book. It’s better to spend a few extra minutes looking up a number that you already have in front of you than to be a victim of a scam.

Obviously, you should never click on a link within a suspicious message. If you really must visit the Web site that the message claims to be from, enter the site’s address into your browser manually.

Other precautionary steps that you can take are to review your bank statements and credit card statements regularly to make sure that no one is stealing from you or making purchases in your name.

Finally, if you do receive an E-mail message that proves to be a Phishing scam, you should report the message to the company that the message claims to be from. Doing so makes the company aware of the scam so that they can report it to the proper authorities and help keep other people from being ripped off.

Instant Messaging risks

Instant Messaging risks

Instant Messaging
(IM) as a business tool can be quite effective, but any tool can be abused, especially if unmanaged. The best way to manage any communication is to ensure that communication is directed through a central point, like a gateway. Vendors have worked this out and have built clients that are gateway aware and that function as both internal and external IM solutions.

Recently there have been many Instant Messaging vulnerabilities. Antivirus vendors are realising that worms, viruses and other malware can spread through IM and are building new defences that reduce the risk.

Links transferred by the use of IM are an additional risk, the use of application firewalls on the corporate LAN can reduce the risk, but a bigger problem is presented when users take their corporate machines offsite. On unprotected networks application layer firewalls are absent at the perimeter meaning that communication is less secure, for this reason the endpoint requires a host based firewall solution that has scanning capability.

In some organisations where the policy is not to allow Instant Messaging communications, some users have found a way around the firewall technical control by using HTTPS based websites. These websites effectively bypass the scanning and grant access to these users. The problem is that some of these websites capture the data and credentials for spying deliberately.

Because IM does not yet consider authentication mechanisms like two factor authentication, impersonation and unauthorised access is a strong possibility.

Some worms spread using links that are sent to your entire contact list like (W32.Aplore.A@mm), it then installs browser plug-in and then the fun begins. Certain worms patch files and when these systems files are executed. a unique trojanware is downloaded. Backdoors and encrypted tunnels to internet based servers are all common.

Some worms are so volatile and aggressive that in seven seconds Symantec reported that over 500,000 machines were infected and Zombified.

Threats like man in the middle, password theft, information disclosure, data leakage and many more similar threats are all possible and create a significant risk to any business and or individual.


Are there any benefit?

  • Low communication costs.
  • Instant response.
  • Quicker turn around.
  • Instant file sharing.
  • Collaborative approach.

Is there a balance?

With an enforceable security policy and adequate technical controls it is possible to achieve balance. The implementation of application layer firewalls with fifth generation scanning capabilities will better secure your network. Corporate IM servers that scan and manage connections outbound acting like a proxy can provide for greater management and control over the wave clients being used. A strong security policy that can be enforced and implemented by use of network and endpoint technical controls is a must. User education and awareness is key and a consistent and structured approach will ensure a happy medium.



السبت، 22 نوفمبر 2008

Logon Type Codes windows xp, 2003

The logon/logoff category of the Windows security log gives you the ability to monitor all attempts to access the local computer. In this article I'll examine each logon type in greater detail and show you how some other fields in Logon/Logoff events can be helpful for understanding the nature of a given logon attempt.

Event IDs 528 and 540 signify a successful logon, event ID 538 a logoff and all the other events in this category identify different reasons for a logon failure like 680. However, just knowing about a successful or failed logon attempt doesn't fill in the whole picture. Because of all the services Windows offers, there are many different ways you can logon to a computer such as interactively at the computer's local keyboard and screen, over the network through a drive mapping or through terminal services (aka remote desktop) or through IIS. Thankfully, logon/logoff events specify the Logon Type code which reveals the type of logon that prompted the event.

Logon Type 2 – Interactive

This is what occurs to you first when you think of logons, that is, a logon at the console of a computer. You'll see type 2 logons when a user attempts to log on at the local keyboard and screen whether with a domain account or a local account from the computer's local SAM. To tell the difference between an attempt to logon with a local or domain account look for the domain or computer name preceding the user name in the event's description. Don't forget that logon's through an KVM over IP component or a server's proprietary "lights-out" remote KVM feature are still interactive logons from the standpoint of Windows and will be logged as such.

Logon Type 3 – Network

Windows logs logon type 3 in most cases when you access a computer from elsewhere on the network. One of the most common sources of logon events with logon type 3 is connections to shared folders or printers. But other over-the-network logons are classed as logon type 3 as well such as most logons to IIS. (The exception is basic authentication which is explained in Logon Type 8 below.)

Logon Type 4 – Batch

When Windows executes a scheduled task, the Scheduled Task service first creates a new logon session for the task so that it can run under the authority of the user account specified when the task was created. When this logon attempt occurs, Windows logs it as logon type 4. Other job scheduling systems, depending on their design, may also generate logon events with logon type 4 when starting jobs. Logon type 4 events are usually just innocent scheduled tasks startups but a malicious user could try to subvert security by trying to guess the password of an account through scheduled tasks. Such attempts would generate a logon failure event where logon type is 4. But logon failures associated with scheduled tasks can also result from an administrator entering the wrong password for the account at the time of task creation or from the password of an account being changed without modifying the scheduled task to use the new password.

Logon Type 5 – Service

Similar to Scheduled Tasks, each service is configured to run as a specified user account. When a service starts, Windows first creates a logon session for the specified user account which results in a Logon/Logoff event with logon type 5. Failed logon events with logon type 5 usually indicate the password of an account has been changed without updating the service but there's always the possibility of malicious users at work too. However this is less likely because creating a new service or editing an existing service by default requires membership in Administrators or Server Operators and such a user, if malicious, will likely already have enough authority to perpetrate his desired goal.

Logon Type 7 – Unlock

Hopefully the workstations on your network automatically start a password protected screen saver when a user leaves their computer so that unattended workstations are protected from malicious use. When a user returns to their workstation and unlocks the console, Windows treats this as a logon and logs the appropriate Logon/Logoff event but in this case the logon type will be 7 – identifying the event as a workstation unlock attempt. Failed logons with logon type 7 indicate either a user entering the wrong password or a malicious user trying to unlock the computer by guessing the password.

Logon Type 8 – NetworkCleartext

This logon type indicates a network logon like logon type 3 but where the password was sent over the network in the clear text. Windows server doesn't allow connection to shared file or printers with clear text authentication. The only situation I'm aware of are logons from within an ASP script using the ADVAPI or when a user logs on to IIS using IIS's basic authentication mode. In both cases the logon process in the event's description will list advapi. Basic authentication is only dangerous if it isn't wrapped inside an SSL session (i.e. https). As far as logons generated by an ASP, script remember that embedding passwords in source code is a bad practice for maintenance purposes as well as the risk that someone malicious will view the source code and thereby gain the password.

Logon Type 9 – NewCredentials

If you use the RunAs command to start a program under a different user account and specify the /netonly switch, Windows records a logon/logoff event with logon type 9. When you start a program with RunAs using /netonly, the program executes on your local computer as the user you are currently logged on as but for any connections to other computers on the network, Windows connects you to those computers using the account specified on the RunAs command. Without /netonly Windows runs the program on the local computer and on the network as the specified user and records the logon event with logon type 2.

Logon Type 10 – RemoteInteractive

When you access a computer through Terminal Services, Remote Desktop or Remote Assistance windows logs the logon attempt with logon type 10 which makes it easy to distinguish true console logons from a remote desktop session. Note however that prior to XP, Windows 2000 doesn't use logon type 10 and terminal services logons are reported as logon type 2.

Logon Type 11 – CachedInteractive

Windows supports a feature called Cached Logons which facilitate mobile users. When you are not connected to the your organization's network and attempt to logon to your laptop with a domain account there's no domain controller available to the laptop with which to verify your identity. To solve this problem, Windows caches a hash of the credentials of the last 10 interactive domain logons. Later when no domain controller is available, Windows uses these hashes to verify your identity when you attempt to logon with a domain account.

Conclusion

I hope this discussion of logon types and their meanings helps you as you keep watch on your Windows network and try to piece together the different ways users are accessing your computers. Paying attention to logon type is important because different logon types can affect how you interpret logon events from a security perspective. For instance a failed network logon on a server might now be surprising since users must access servers over the network all the time. But a failed network logon attempt in a workstation security log is different. Why is anyone trying to access someone else's workstation from over the network? As you can see, it pays to understand the security log

الأحد، 2 نوفمبر 2008

How to log PHP Errors with .htaccess 2

Below is the development edition, this setup is ideal for sites that are not yet published to the public. This setup is ideal as it will catch & display errors in real time.

.htaccess file: Development Edition

***********************
# PHP error handling for production servers
php_flag display_startup_errors on
php_flag display_errors on
php_flag html_errors on
php_flag log_errors on
php_flag ignore_repeated_errors off
php_flag ignore_repeated_source off
php_flag report_memleaks on
php_flag track_errors on
php_value docref_root 0
php_value docref_ext 0
php_value error_log /home/path/public_html/domain/PHP_errors.log
php_value error_reporting 999999999
php_value log_errors_max_len 0
<Files /home/path/public_html/domain/PHP_errors.log>
Order allow,deny
Deny from all
Satisfy All
</Files>

*****************************

السبت، 1 نوفمبر 2008

How to log PHP Errors with .htaccess file

There is two scripts with appropriate comments to help you easily customize your PHP error log file.

There is a production edition which silences all errors and then there is a development edition which shows all errors in real time as thy occur in addition to the log file.
Below is a production edition which is ideal for a site that is active, live, etc. This edition will make sure that no errors are ever displayed on the live site but instead written to a specified log file.
.htaccess file: Production Edition
*****************
# disable display of startup errors
php_flag display_startup_errors off
# disable display of all other errors
php_flag display_errors off
# disable html markup of errors
php_flag html_errors off
# enable logging of errors
php_flag log_errors on
# disable ignoring of repeat errors
php_flag ignore_repeated_errors off
# disable ignoring of unique source errors
php_flag ignore_repeated_source off
# enable logging of php memory leaks
php_flag report_memleaks on
# preserve most recent error via php_errormsg
php_flag track_errors on
# disable formatting of error reference links
php_value docref_root 0
# disable formatting of error reference links
php_value docref_ext 0
# specify path to php error log
php_value error_log /home/path/public_html/domain/PHP_errors.log
# specify recording of all php errors
php_value error_reporting 999999999
# disable max error string length
php_value log_errors_max_len 0
# protect error log by preventing public access
<Files /home/path/public_html/domain/PHP_errors.log>
Order allow,deny
Deny from all
Satisfy All
</Files>

*************