IT technologies and concepts explorer and analyser in the web.

  • RSS
  • Delicious
  • Digg
  • Facebook
  • Twitter
  • Linkedin

New IT Concepts

Share Your Comments

  • Virtualization - The new technology evelution

    Virtualization, in computing, is the creation of a virtual (rather than actual) version of something, such as a hardware platform, operating system, a storage device or network resources.....

  • http://ittechnologies.blogspot.com/2011/04/common-security-vulnerabilities-in-e.html

    Security Vulnerabilities in E-Commerce Systemin

    Most of these attacks have utilized vulnerabilities that have been published in reusable third-party components utilized by websites, such as shopping cart software and poor design of such websites. Other factor is user awareness of security vulnerabilities.

  • VPN - Virtual Private Network

    VPN is a technology which is making secure private network through the public accessible network infrastructure. Virtual Private Network represent by the short name VPN. ...

  • Saas - Cloud Computing

    The cloud computing : is based on this three concepts. IaaS (Infrastructure as a service), PaaS (Platform as a Service) and SaaS (Software as a Service).

Posted by Priyan Fernando - - 0 comments

Virtualization offers huge benefits in flexibility, cost-effectiveness and eco-friendliness. However, some design choices need to be made towards deploying Active Directory Domain Controllers in virtual environments. Some of these choices are general choices, but some of them apply to Hyper-V enabled environments specifically.
When deploying an Active Directory environment, either for test or production purposes, either virtual or physical, be sure to deploy at least two Domain Controllers per Active Directory domain, whenever possible. When either Domain Controller fails you don't lose your Active Directory information and any applications, services and users depending on it can continue to operate, unless specifically pointed to.
   
[ Read More ]

Posted by Priyan Fernando - - 0 comments

Last month at the BUILD Conference we introduced Windows Server 8 and began discussing how it will help customers deliver the most dynamic, available, and cost-effective server platform for what we call "cloud optimized IT." I wanted to follow up on Bill Laing's blog post and dig into the advancements in our Hyper-V virtualization role, which provides a complete virtualization platform, increased scalability and performance, and connectivity to cloud services.
Using Windows Server 8 Hyper-V, organization can deliver fully isolated, multi-tenant clouds, enable high scale and low cost data centers and provide the most manageable, extensible and interoperable platform for cloud. Below are just a few examples of some new and enhanced features in the Windows Server 8 Developer Preview that support a complete virtualization platform and provide the best platform for the cloud.

[ Read More ]

Posted by Priyan Fernando - - 0 comments

SUMMARY 

A virtual hosting environment lets you run multiple guest operating systems on a single host computer at the same time. Host software virtualizes resources that include the following:

  • CPU
  • Memory
  • Disk
  • Network
  • Local devices
By virtualizing these resources on a physical computer, host software lets you use fewer computers to deploy operating systems for test, for development, and in production roles. However, certain restrictions apply to the deployment of Active Directory domain controllers that run in a virtual hosting environment. These restrictions do not apply to a domain controller that runs on a physical computer. 
[ Read More ]

Posted by Priyan Fernando - - 0 comments

Remote Client Copy from X to Y

1.  Create New Logical System Name
Tcode -  BD54

(This is cross client )

e.g. <sid>CLNTXXX (new client number)
2. Create a new client

Tcode -  SCC4










Fill in the fields with the relevant information for the new client e.g. client number XXX
3.  Offline – backup
To be on the safe side check if backup has been

performed before start of client copy.

4. Turn off archiving for Oracle
To avoid archive full errors during the client copy operation


5.  Login to the new client XXX with user sap* and password= pass
TR SCCL
Fill in all information needed e.g. Client Copy profile “SAP_ALL”
Check SAP Marked Place for more options
Check “Expert Settings”, e.g. locking of users, parallel processing etc. etc.
6.  Check the Status for Client Copy
TR SCC3

After the Client Copy


7. Turn on Archiving for Oracle
8. Perform backup
9. Lock the client for changes
TR SCC4 (only necessary if production)
10. Edit parameter Default Client (optional)
Correct the parameter for the Default client setting towards the new client




[ Read More ]

Posted by Priyan Fernando - - 0 comments


MINISAP is a full-fledged Basis SAP system without the SAP applications (FI, CO, MM, SD, etc.). It has every Basis function of a standard SAP-R/3 system (ABAP/4 Development Workbench, Data Transfer Workbench, Computer Center Management System - CCMS, etc.) and, therefore, is a very good means to get exposed and trained in ABAP/4 programming language.
It is also a very good personal productivity tool (i.e., it can be used to develop programs for customers without having to be on-site).
The minisap are for those who are new and want to get Basis exposure or want to learn ABAP programming at their home PC.

[ Read More ]

Posted by Priyan Fernando - - 0 comments

Firewalls.

The Internet has made large amounts of information available to the average computer user at home, in business and in education. For many people, having access to this information is no longer just an advantage, it is essential. Yet connecting a private network to the Internet can expose critical or confidential data to malicious attack from anywhere in the world. Users who connect their computers to the Internet must be aware of these dangers, their implications and how to protect their data and their critical systems. Firewalls can protect both individual computers and corporate networks from hostile intrusion from the Internet, but must be understood to be used correctly.
We are presenting this information in a Q&A (Questions and Answers) format that we hope will be useful. Our knowledge of this subject relates to firewalls in general use, and stems from our own NAT and proxy firewall technology. We welcome feedback and comments from any readers on the usefulness or content.
We are providing the best information available to us as at date of writing and intend to update it at frequent intervals as things change and/or more information becomes available. However we intend this Q&A as a guide only and recommend that users obtain specific information to determine applicability to their specific requirements. (This is another way of saying that we can't be held liable or responsible for the content.)


Questions

  • What is a firewall?
  • What does a firewall do?
  • What can't a firewall do?
  • Who needs a firewall?
  • How does a firewall work?
  • What are the OSI and TCP/IP Network models?
  • What different types of firewalls are there?
  • How do I implement a firewall?
  • Is a firewall sufficient to secure my network or do I need anything else?
  • What is IP spoofing?
  • Firewall related problems
  • Benefits of a firewall


1. What is a firewall?

A firewall protects networked computers from intentional hostile intrusion that could compromise confidentiality or result in data corruption or denial of service. It may be a hardware device (see Figure 1) or a software program (see Figure 2) running on a secure host computer. In either case, it must have at least two network interfaces, one for the network it is intended to protect, and one for the network it is exposed to.
A firewall sits at the junction point or gateway between the two networks, usually a private network and a public network such as the Internet. The earliest firewalls were simply routers. The term firewall comes from the fact that by segmenting a network into different physical subnetworks, they limited the damage that could spread from one subnet to another just like firedoors or firewalls.
Figure 1: Hardware Firewall.
Hardware firewall providing protection to a Local Network.
Hardware Firewall
Figure 2: Computer with Firewall Software.
Computer running firewall software to provide protection
Computer with Firewall Software

2. What does a firewall do?

A firewall examines all traffic routed between the two networks to see if it meets certain criteria. If it does, it is routed between the networks, otherwise it is stopped. A firewall filters both inbound and outbound traffic. It can also manage public access to private networked resources such as host applications. It can be used to log all attempts to enter the private network and trigger alarms when hostile or unauthorized entry is attempted. Firewalls can filter packets based on their source and destination addresses and port numbers. This is known as address filtering. Firewalls can also filter specific types of network traffic. This is also known as protocol filtering because the decision to forward or reject traffic is dependant upon the protocol used, for example HTTP, ftp or telnet. Firewalls can also filter traffic by packet attribute or state.

3. What can't a firewall do?

A firewall cannot prevent individual users with modems from dialling into or out of the network, bypassing the firewall altogether. Employee misconduct or carelessness cannot be controlled by firewalls. Policies involving the use and misuse of passwords and user accounts must be strictly enforced. These are management issues that should be raised during the planning of any security policy but that cannot be solved with firewalls alone.
The arrest of the Phonemasters cracker ring brought these security issues to light. Although they were accused of breaking into information systems run by AT&T Corp., British Telecommunications Inc., GTE Corp., MCI WorldCom, Southwestern Bell, and Sprint Corp, the group did not use any high tech methods such as IP spoofing (see question 10). They used a combination of social engineering and dumpster diving. Social engineering involves skills not unlike those of a confidence trickster. People are tricked into revealing sensitive information. Dumpster diving or garbology, as the name suggests, is just plain old looking through company trash. Firewalls cannot be effective against either of these techniques.

4. Who needs a firewall?

Anyone who is responsible for a private network that is connected to a public network needs firewall protection. Furthermore, anyone who connects so much as a single computer to the Internet via modem should have personal firewall software. Many dial-up Internet users believe that anonymity will protect them. They feel that no malicious intruder would be motivated to break into their computer. Dial up users who have been victims of malicious attacks and who have lost entire days of work, perhaps having to reinstall their operating system, know that this is not true. Irresponsible pranksters can use automated robots to scan random IP addresses and attack whenever the opportunity presents itself.

5. How does a firewall work?

There are two access denial methodologies used by firewalls. A firewall may allow all traffic through unless it meets certain criteria, or it may deny all traffic unless it meets certain criteria (see figure 3). The type of criteria used to determine whether traffic should be allowed through varies from one type of firewall to another. Firewalls may be concerned with the type of traffic, or with source or destination addresses and ports. They may also use complex rule bases that analyse the application data to determine if the traffic should be allowed through. How a firewall determines what traffic to let through depends on which network layer it operates at. A discussion on network layers and architecture follows.
Figure 3: Basic Firewall Operation.
Basic Firewall Operation

6. What are the OSI and TCP/IP Network models?

To understand how firewalls work it helps to understand how the different layers of a network interact. Network architecture is designed around a seven layer model. Each layer has its own set of responsibilities, and handles them in a well-defined manner. This enables networks to mix and match network protocols and physical supports. In a given network, a single protocol can travel over more than one physical support (layer one) because the physical layer has been dissociated from the protocol layers (layers three to seven). Similarly, a single physical cable can carry more than one protocol. The TCP/IP model is older than the OSI industry standard model which is why it does not comply in every respect. The first four layers are so closely analogous to OSI layers however that interoperability is a day to day reality.
Firewalls operate at different layers to use different criteria to restrict traffic. The lowest layer at which a firewall can work is layer three. In the OSI model this is the network layer. In TCP/IP it is the Internet Protocol layer. This layer is concerned with routing packets to their destination. At this layer a firewall can determine whether a packet is from a trusted source, but cannot be concerned with what it contains or what other packets it is associated with. Firewalls that operate at the transport layer know a little more about a packet, and are able to grant or deny access depending on more sophisticated criteria. At the application level, firewalls know a great deal about what is going on and can be very selective in granting access.
Figure 4: The OSI and TCP/IP models
The OSI and TCP/IP models
It would appear then, that firewalls functioning at a higher level in the stack must be superior in every respect. This is not necessarily the case. The lower in the stack the packet is intercepted, the more secure the firewall. If the intruder cannot get past level three, it is impossible to gain control of the operating system.
Figure 5: Professional Firewalls Have Their Own IP Layer
Professional Firewalls Have Their Own IP Layer
Professional firewall products catch each network packet before the operating system does, thus, there is no direct path from the Internet to the operating system's TCP/IP stack. It is therefore very difficult for an intruder to gain control of the firewall host computer then "open the doors" from the inside.
Professional firewall products catch each network packet before the operating system does, thus, there is no direct path from the Internet to the operating system's TCP/IP stack. It is therefore very difficult for an intruder to gain control of the firewall host computer then "open the doors" from the inside.
According To Byte Magazine*, traditional firewall technology is susceptible to misconfiguration on non-hardened OSes. More recently, however, "...firewalls have moved down the protocol stack so far that the OS doesn't have to do much more than act as a bootstrap loader, file system and GUI". The author goes on to state that newer firewall code bypasses the operating system's IP layer altogether, never permitting "potentially hostile traffic to make its way up the protocol stack to applications running on the system".
*June 1998

7. What different types of firewalls are there?

Firewalls fall into four broad categories: packet filters, circuit level gateways, application level gateways and stateful multilayer inspection firewalls.
Packet filtering firewalls work at the network level of the OSI model, or the IP layer of TCP/IP. They are usually part of a router. A router is a device that receives packets from one network and forwards them to another network. In a packet filtering firewall each packet is compared to a set of criteria before it is forwarded. Depending on the packet and the criteria, the firewall can drop the packet, forward it or send a message to the originator. Rules can include source and destination IP address, source and destination port number and protocol used. The advantage of packet filtering firewalls is their low cost and low impact on network performance. Most routers support packet filtering. Even if other firewalls are used, implementing packet filtering at the router level affords an initial degree of security at a low network layer. This type of firewall only works at the network layer however and does not support sophisticated rule based models (see Figure 5). Network Address Translation (NAT) routers offer the advantages of packet filtering firewalls but can also hide the IP addresses of computers behind the firewall, and offer a level of circuit-based filtering.
Figure 6: Packet Filtering Firewall
Packet Filtering Firewall
Circuit level gateways work at the session layer of the OSI model, or the TCP layer of TCP/IP. They monitor TCP handshaking between packets to determine whether a requested session is legitimate. Information passed to remote computer through a circuit level gateway appears to have originated from the gateway. This is useful for hiding information about protected networks. Circuit level gateways are relatively inexpensive and have the advantage of hiding information about the private network they protect. On the other hand, they do not filter individual packets.
Figure 7: Circuit level Gateway
Circuit level Gateway
Application level gateways, also called proxies, are similar to circuit-level gateways except that they are application specific. They can filter packets at the application layer of the OSI model. Incoming or outgoing packets cannot access services for which there is no proxy. In plain terms, an application level gateway that is configured to be a web proxy will not allow any ftp, gopher, telnet or other traffic through. Because they examine packets at application layer, they can filter application specific commands such as http:post and get, etc. This cannot be accomplished with either packet filtering firewalls or circuit level neither of which know anything about the application level information. Application level gateways can also be used to log user activity and logins. They offer a high level of security, but have a significant impact on network performance. This is because of context switches that slow down network access dramatically. They are not transparent to end users and require manual configuration of each client computer. (See Figure 7)
Figure 8: Application level Gateway
Application level Gateway
Stateful multilayer inspection firewalls combine the aspects of the other three types of firewalls. They filter packets at the network layer, determine whether session packets are legitimate and evaluate contents of packets at the application layer. They allow direct connection between client and host, alleviating the problem caused by the lack of transparency of application level gateways. They rely on algorithms to recognize and process application layer data instead of running application specific proxies. Stateful multilayer inspection firewalls offer a high level of security, good performance and transparency to end users. They are expensive however, and due to their complexity are potentially less secure than simpler types of firewalls if not administered by highly competent personnel. (See Figure 8).
Figure 9: Stateful Multilayer Inspection Firewall
Stateful Multilayer Inspection Firewall

8. How do I implement a firewall?

We suggest you approach the task of implementing a firewall by going through the following steps:
  1. Determine the access denial methodology to use.
    It is recommended you begin with the methodology that denies all access by default. In other words, start with a gateway that routes no traffic and is effectively a brick wall with no doors in it.
  2. Determine inbound access policy.
    If all of your Internet traffic originates on the LAN this may be quite simple. A straightforward NAT router will block all inbound traffic that is not in response to requests originating from within the LAN. As previously mentioned, the true IP addresses of hosts behind the firewall are never revealed to the outside world, making intrusion extremely difficult. Indeed, local host IP addresses in this type of configuration are usually non-public addresses, making it impossible to route traffic to them from the Internet. Packets coming in from the Internet in response to requests from local hosts are addressed to dynamically allocated port numbers on the public side of the NAT router. These change rapidly making it difficult or impossible for an intruder to make assumptions about which port numbers to use.

    If your requirements involve secure access to LAN based services from Internet based hosts, then you will need to determine the criteria to be used in deciding when a packet originating from the Internet may be allowed into the LAN. The stricter the criteria, the more secure your network will be. Ideally you will know which public IP addresses on the Internet may originate inbound traffic. By limiting inbound traffic to packets originating from these hosts, you decrease the likelihood of hostile intrusion. You may also want to limit inbound traffic to certain protocol sets such as ftp or http. All of these techniques can be achieved with packet filtering on a NAT router. If you cannot know the IP addresses that may originate inbound traffic, and you cannot use protocol filtering then you will need more a more complex rule based model and this will involve a stateful multilayer inspection firewall.
  3. Determine outbound access policy
    If your users only need access to the web, a proxy server may give a high level of security with access granted selectively to appropriate users. As mentioned, however, this type of firewall requires manual configuration of each web browser on each machine. Outbound protocol filtering can also be transparently achieved with packet filtering and no sacrifice in security. If you are using a NAT router with no inbound mapping of traffic originating from the Internet, then you may allow LAN users to freely access all services on the Internet with no security compromise. Naturally, the risk of employees behaving irresponsibly with email or with external hosts is a management issue and must be dealt with as such.
  4. Determine if dial-in or dial-out access is required.
    Dial-in requires a secure remote access PPP server that should be placed outside the firewall. If dial-out access is required by certain users, individual dial-out computers must be made secure in such a way that hostile access to the LAN through the dial-out connection becomes impossible. The surest way to do this is to physically isolate the computer from the LAN. Alternatively, personal firewall software may be used to isolate the LAN network interface from the remote access interface.
  5. Decide whether to buy a complete firewall product, have one implemented by a systems integrator or implement one yourself.
    Once the above questions have been answered, it may be decided whether to buy a complete firewall product or to configure one from multipurpose routing or proxy software. This decision will depend as much on the availability of in-house expertise as on the complexity of the need. A satisfactory firewall may be built with little expertise if the requirements are straightforward. However, complex requirements will not necessarily entail recourse to external resources if the system administrator has sufficient grasp of the elements. Indeed, as the complexity of the security model increases, so does the need for in-house expertise and autonomy.

9. Is a firewall sufficient to secure my network or do I need anything else?

The firewall is an integral part of any security program, but it is not a security program in and of itself. Security involves data integrity (has it been modified?), service or application integrity (is the service available, and is it performing to spec?), data confidentiality (has anyone seen it?) and authentication (are they really who they say they are?). Firewalls only address the issues of data integrity, confidentiality and authentication of data that is behind the firewall. Any data that transits outside the firewall is subject to factors out of the control of the firewall. It is therefore necessary for an organization to have a well planned and strictly implemented security program that includes but is not limited to firewall protection.

10. What is IP spoofing?

Many firewalls examine the source IP addresses of packets to determine if they are legitimate. A firewall may be instructed to allow traffic through if it comes from a specific trusted host. A malicious cracker would then try to gain entry by "spoofing" the source IP address of packets sent to the firewall. If the firewall thought that the packets originated from a trusted host, it may let them through unless other criteria failed to be met. Of course the cracker would need to know a good deal about the firewall's rule base to exploit this kind of weakness. This reinforces the principle that technology alone will not solve all security problems. Responsible management of information is essential. One of Courtney's laws sums it up: "There are management solutions to technical problems, but no technical solutions to management problems".
An effective measure against IP spoofing is the use of a Virtual Private Network (VPN) protocol such as IPSec. This methodology involves encryption of the data in the packet as well as the source address. The VPN software or firmware decrypts the packet and the source address and performs a checksum. If either the data or the source address have been tampered with, the packet will be dropped. Without access to the encryption keys, a potential intruder would be unable to penetrate the firewall.

11. Firewall related problems

Firewalls introduce problems of their own. Information security involves constraints, and users don't like this. It reminds them that Bad Things can and do happen. Firewalls restrict access to certain services. The vendors of information technology are constantly telling us "anything, anywhere, any time", and we believe them naively. Of course they forget to tell us we need to log in and out, to memorize our 27 different passwords, not to write them down on a sticky note on our computer screen and so on.
Firewalls can also constitute a traffic bottleneck. They concentrate security in one spot, aggravating the single point of failure phenomenon. The alternatives however are either no Internet access, or no security, neither of which are acceptable in most organizations.

12. Benefits of a firewall

Firewalls protect private local area networks from hostile intrusion from the Internet. Consequently, many LANs are now connected to the Internet where Internet connectivity would otherwise have been too great a risk.
Firewalls allow network administrators to offer access to specific types of Internet services to selected LAN users. This selectivity is an essential part of any information management program, and involves not only protecting private information assets, but also knowing who has access to what. Privileges can be granted according to job description and need rather than on an all-or-nothing basis.


[ Read More ]

Posted by Priyan Fernando - - 0 comments

IPS - intrusion Prevention Systems
IDS - intrusion Detection System.



Layered security is the key to protecting any size network, and for most companies, that means deploying both intrusion detection systems (IDS) and intrusion prevention systems (IPS). When it comes to IPS and IDS, it’s not a question of which technology to add to your security infrastructure – both are required for maximum protection against malicious traffic. In fact, vendors are increasingly combining the two technologies into a single box.
At its most basic, an IDS device is passive, watching packets of data traverse the network from a monitoring port, comparing the traffic to configured rules, and setting off an alarm if it detects anything suspicious. An IDS can detect several types of malicious traffic that would slip by a typical firewall, including network attacks against services, data-driven attacks on applications, host-based attacks like unauthorized logins, and malware like viruses, Trojan horses, and worms. Most IDS products use several methods to detect threats, usually signature-based detection, anomaly-based detection, and stateful protocol analysis.




The IDS engine records the incidents that are logged by the IDS sensors in a database and generates the alerts it sends to the network administrator. Because IDS gives deep visibility into network activity, it can also be used to help pinpoint problems with an organization’s security policy, document existing threats, and discourage users from violating an organization’s security policy.

The primary complaint with IDS is the number of false positives the technology is prone to spitting out – some legitimate traffic is inevitable tagged as bad. The trick is tuning the device to maximize its accuracy in recognizing true threats while minimizing the number of false positives; these devices should be regularly tuned as new threats are discovered and the network structure is altered. As the technology has matured in the last several years, it has gotten better at weeding out false positives. However, completely eliminating them while still maintaining strict controls is next to impossible – even for IPS, which some consider the next step in the evolution of IDS.

The IPS Advantage

At its most basic, an IPS has all the features of a good IDS, but can also stop malicious traffic from invading the enterprise. Unlike an IDS, an IPS sits inline with traffic flows on a network, actively shutting down attempted attacks as they’re sent over the wire. It can stop the attack by terminating the network connection or user session originating the attack, by blocking access to the target from the user account, IP address, or other attribute associated with that attacker, or by blocking all access to the targeted host, service, or application.

In addition, an IPS can respond to a detected threat in two other ways. It can reconfigure other security controls, such as a firewall or router, to block an attack. Some IPS devices can even apply patches if the host has particular vulnerabilities. In addition, some IPS can remove the malicious contents of an attack to mitigate the packets, perhaps deleting an infected attachment from an email before forwarding the email to the user.

Twice the Protection

Because IDS and IPS devices sit in different spots on the network, they can – and should – be used concurrently. An IPS product installed at the perimeter of the network will help stop zero day attacks, such as worms and viruses, in their tracks – even the newest threats can be blocked with rigorous tuning. An IDS product installed inside the firewall will monitor internal activity, guarding against the ever-present insider threat, and lend greater visibility into security events, past and present.

Choosing a product that offers both technologies can be the most cost-effective and efficient approach. “With one device that does IDS and IPS, you can enable IDS on part of the network and enable IPS on a different part. It’s almost a virtual device,” says Sanjay Beri, senior director of product management at Juniper Networks, a network infrastructure vendor based in Sunnyvale, Calif.
[ Read More ]

Posted by Priyan Fernando - - 0 comments

What is APN?
APN stands for Access Point Name and it is a gateway or protocol that allows people to gain access to the web by using the services of mobile phone networks. These networks may be 2G, 3G, or GPRS among others. But before someone can get access to the internet, the proper settings must be configured.



Access Point Name (APN) acts like an identification number for a cellular phone to have a data session with a particular network. But one must know what type of APN is needed as there are various different types. Each of the different types of APN has unique properties, so care must be taken on which one to choose to have a successfulinternet connection. In using mobile phones, one may be prompted of different APN options. Different APNs for “internet” and “WAP” options may be available. Both of these have different setups and functions, so the user must choose which service to avail. If the wrong option is taken, one might be prompted that no network service is available.
APN’s structure has two parts. The first part is called the network identifier. This part simply identifies which network is connected to the GGSN or Gateway GPRS Support Node. This network identifier is a required part of APNs. The next part is called the operator identifier and is not required in the APN structure. This part is able to locate the GGSN on


Through APN, a particular user can communicate with a specific IP PDN or packet data network. APNs also allow the identification of a particular service wanted by the user. Services that can be identified may be in the form of multimedia messaging (MMS) or wireless application protocol (WAP) services.
Access Point Names (APN) is written through a series of labels with periods or dots acting as separators, just like the DNS convention.
[ Read More ]

Posted by Priyan Fernando - - 0 comments

Multi-Protocol Label Switching (MPLS) provides a mechanism for forwarding packets for any network protocol. It was originally developed in the late 1990s to provide faster packet forwarding for IP routers (see RFC 3031). Since then its capabilities have expanded massively, for example to support service creation (VPNs), traffic engineering, network convergence, and increased resiliency.
MPLS is now the de-facto standard for many carrier and service provider networks and its deployment scenarios continue to grow.
Traditional IP networks are connectionless: when a packet is received, the router determines the next hop using the destination IP address on the packet alongside information from its own forwarding table. The router's forwarding tables contain information on the network topology, obtained via an IP routing protocol, such as OSPF, IS-IS, BGP, RIP or static configuration, which keeps that information synchronized with changes in the network.
MPLS similarly uses IP addresses, either IPv4 or IPv6, to identify end points and intermediate switches and routers. This makes MPLS networks IP-compatible and easily integrated with traditional IP networks. However, unlike traditional IP, MPLS flows are connection-oriented and packets are routed along pre-configured Label Switched Paths (LSPs).
The evident power of the basic MPLS concepts led the industry to define generalized extensions to MPLS, or Generalized MPLS (GMPLS). This work extended the MPLS concept of a label to include implicit values defined by the medium that is being provisioned, for example a wavelength for a DWDM system or a timeslot for a SONET/SDH device. So with GMPLS, there is no need for a switch to "read" the label in each packet header. The label is an inherent part of the switch fabric and the switching operations depend on wavelength, or timeslot etc. This permits the benefits of MPLS to be shared by many different types of switching platform.


How Does MPLS Work?

MPLS works by tagging the traffic, in this example packets, with an identifier (a label) to distinguish the LSPs. When a packet is received, the router uses this label (and sometimes also the link over which it was received) to identify the LSP. It then looks up the LSP in its own forwarding table to determine the best link over which to forward the packet, and the label to use on this next hop.
A different label is used for each hop, and it is chosen by the router or switch performing the forwarding operation. This allows the use of very fast and simple forwarding engines, which are often implemented in hardware.
Ingress routers at the edge of the MPLS network classify each packet potentially using a range of attributes, not just the packet's destination address, to determine which LSP to use. Inside the network, the MPLS routers use only the LSP labels to forward the packet to the egress router.
Router A uses the destination IP address on each packet to select the LSP, determining the initial label and hop for each packet, then router B uses these labels to determine the next hops and labels.  Lastly the egress routers strip off the final label and route the packet out of the network.
The diagram above shows a simple example of forwarding IP packets using MPLS, where the forwarding is based only on packet destination IP address. LSR (Label Switched Router) A uses the destination IP address on each packet to select the LSP, which determines the next hop and initial label for each packet (21 and 17). When LSR B receives the packets, it uses these labels to identify the LSPs, from which it determines the next hops (LSRs D and C) and labels (47 and 11). The egress routers (LSRs D and C) strip off the final label and route the packet out of the network.
The above is only one use of MPLS. Since MPLS uses only the label to forward packets, it is protocol-independent, hence the term "Multi-Protocol" in MPLS. It can be used to carry any content (not only packets) over any link technology (using different label encoding for each layer 2 link type).


How Does GMPLS Work?

GMPLS is conceptually similar to MPLS, but instead of using an explicit label to distinguish an LSP at each LSR, some physical property of the received data stream is used to deduce which LSP it belongs to. The most commonly used schemes are
  • using the timeslot to identify the LSP, on a Time Division Multiplexed (TDM) link
  • using the wavelength to identify the LSP, on a Wavelength Division Multiplexed (WDM) link
  • using the fiber or port on which a packet is received.
LSPs are therefore implicitly labeled in a GMPLS network.
GMPLS can be used to establish LSPs for circuit traffic (in addition to packet traffic). Using the TDM and WDM examples above, the LSP traffic is switched based on a continuous, constant property of the data stream – the data stream is not switched one packet at a time. This allows for a very efficient implementation in the data plane with zero per-packet lookups, making GMPLS a highly suitable protocol to run in high bandwidth networks.
Other than this, the forwarding operation of the LSRs in a GMPLS network is similar to the MPLS example discussed above. At each LSR, the implicit label on received data determines the outgoing interface and the implicit label with which to transmit onwards data.


MPLS and GMPLS Protocols

MPLS defines only the forwarding mechanism; it uses other protocols to establish the LSPs. Two separate protocols are needed to perform this task: a routing protocol and a signaling protocol. These are described below.
It is also possible to establish MPLS LSPs with static provisioning. This involves configuring each network element along the LSP route with the appropriate ingress / transit / egress information. Static provisioning has not been very widely deployed to date, but it can have a role in the access network. It is also likely to be one of the operating modes for MPLS Transport Profile (MPLS-TP).

MPLS and GMPLS Routing Protocols

The routing protocol distributes network topology information through the network so that the route of an LSP can be calculated automatically. An interior gateway protocol, such as OSPF or IS-IS, is normally used, as MPLS networks typically cover a single administrative domain.
However, these routing protocols only distribute network topology. When traffic engineering is required to establish LSPs with guaranteed QoS characteristics and backup LSPs that avoid any single point of failure, the traffic engineering (TE) extensions to these protocols are used. These extensions distribute QoS and Shared Risk Link Group (SRLG) information on each link in the network. This information enables the route calculator to determine routes through the network with guaranteed QoS parameters, and backup LSPs that traverse different links and/or network elements from the primary path.
Various mechanisms to extend this traffic engineering to inter-area and inter-carrier routing have been proposed, but none is yet universally accepted. Our White Paper on "Inter-Area Routing, Path Selection and Traffic Engineering" provides a detailed discussion of this topic.

MPLS and GMPLS Signaling Protocols

The signaling protocol informs the switches along the route which labels and links to use for each LSP. This information is used to program the switching fabric. For MPLS, one of three main signaling protocols is used, depending on the application.
  • LDP is used for
    • MPLS transport where traffic engineering is not required
    • certain MPLS services, for example pseudowires
  • RSVP-TE is used for
    • MPLS transport where traffic engineering is required
    • all GMPLS transport
  • BGP is used (as a signaling protocol) for certain MPLS services, for example BGP/MPLS Layer 3 VPNs.
[ Read More ]

Posted by Priyan Fernando - - 0 comments

HibernationEnabling or Disabling the “Hibernate” option in Windows 7 or Vista is not as simple as it used to be in Windows XP. For Windows 7 a different approach has to be followed to accomplish the same job. In this post you will find how to enable or disable the Hibernate option in Windows 7.
Hibernation is a power saving option which was designed primarily for laptops. Unlike “sleep mode” which puts the open documents and files into the memory, hibernation puts all the open files and documents on to the hard disk and shuts down the computer without drawing even a small amount of power. Thus hibernation becomes an excellent way to save power and resume Windows back to the state where it was left off. If you really want to use this feature on Windows 7 then you need to enable this option. This can be done as follows.
1. Open the Command Prompt with “Administrator rights”. To do so, type cmd in Start menu and then hit Ctrl+Shift+Enter.
2. Now type the following command in the command prompt and hit Enter.
powercfg /hibernate on
3. Type exit and hit Enter to close the Command Prompt. Now you should see the “Hibernate” option in the Start menu. If not then perform the following steps.
A. Type Power Options in the Start menu and hit Enter.
B. In the left pane, open the link labeled “Change when the computer sleeps” and then open the link “Change advanced power settings”.
Now a small window will pop-up as shown below:
Enable Hibernation
C. Now expand the Sleep tree and turn off Allow Hybrid Sleep as shown in the above screenshot.
D. Now you should see the Hibernate option in the Start menu.
[ Read More ]

Posted by Priyan Fernando - - 0 comments


Most of you are familiar with the telnet command. It is one of the well known Windows IP Utilities. In fact the telnet command is most important for sending a fake email which i have discussed in my previous post. If you are using Windows XP the telnet command is available by default.But if you use Windows Vista the telnet command is disabled by default.
So when you try to use the telnet command in Windows Vista you get the following error message.
‘telnet’ is not recognized as an internal or external command,operable program or batch file.
 
You get this error in Vista because unlike XP, Vista does not support telnet command by default. So, for this you have to manually enable/turn on the telnet feature in Vista.
Here’s the step by step procedure to enable telnet feature (telnet command) in Windows Vista.
 
1. Goto the Control Panel.
2. Click on the sub heading Uninstall a program under the main heading Programs.
NOTE: IF you are in the Classic View click on Programs and Features.

3. Now in the left panel under the Tasks select the option Turn Windows features on or off.
4. Now a new window opens. In the new window select the following
Telnet Client
Telnet Server (optional)
5. After selecting click on OK.
Now wait for few minutes till the telnet feature is installed. Once the telnet feature is installed you can goto the command prompt and use the telnet command. System restart is not required.
[ Read More ]

Posted by Priyan Fernando - - 0 comments

Most of us are very curious to know a method to send anonymous emails to our friends for fun. But the question is, is it possible to send anonymous emails in spite of the advanced spam filtering technology adopted by email service provides like Gmail, Yahoo etc? The answer is YES, it is still possible to bypass their spam filters and send anonymous emails to your friends. For example, you can send an email to your friend with the following sender details.
From: Bill Gates <billg@microsoft.com>
The art of sending this kind emails is known as Email Spoofing. In my previous post on How to Send Fake Email I insisted on using your own SMTP server to send anonymous emails. This method used to work successfully in the past, but today it has a very low success rate since Gmail and Yahoo(all major email service providers) blocks the emails that are sent directly from a PC. In this post I have come up with a new way to send anonymous emails (spoofed emails) that has 100% success rate. If you have to successfully send an anonymous email or spoofed email, you should send it using a relay server.
What is a Relay Server?
In simple words, a relay server is an SMTP Server that is trusted by Google or Yahoo as an authorised sender of the email. So, when you send an email using a relay server, the email service providers like Yahoo and Gmail blindly accept the emails and deliver it to the inbox of the recipient. If the SMTP server is not authorised, Google and Yahoo will reject all the emails sent from this SMTP server. This is the reason for which using our own SMTP server to send emails fail.
So What’s Next?
Now all we have to do is, find a trusted SMTP server to Send Spoofed Emails. Usually all the emails that are sent from web hosting providers are trusted and authorised. So, you have to find a free web hosting provider that allows you to send emails. But, most of the free Web Hosts disable the Mail feature and do not allow the users to send emails. This is done just to avoid spamming. However all the paid hosting plans allow you to send any number of emails. Once you find a hosting service that allows to send emails from their servers, it’s just a cakewalk to send anonymous emails. All we have to do is just modify the email headers to insert the spoofed From address field into it.
I have created a PHP script that allows you to send emails from any name and email address of your choice. Here is a step-by-step procedure to setup your own Anonymous Email Sender Script
1. Goto X10 Hosting  and register a new account.
2. Download my Anonymous Email Sender Script (sendmail.rar).
3. Login to your FreeWebHostingArea Account and click on File Manager.
4. Upload the sendmail.php, pngimg.php and bg1.PNG files to the server.
5. Set permissions for sendmail.php, pngimg.php and bg1.PNG to 777.
6. Now type the following URL
http://yoursite.x10hosting.com/sendmail.php
NOTE: yoursite must be substituted by the name of the subdomain that you have chosen during the registration process.
7. Use the script to send Anonymous Emails. Enjoy!!!
Tell me whether it worked or not. Please pass your comments…

WARNING: ALL THE INFORMATION PROVIDED IN THIS POST ARE FOR EDUCATIONAL PURPOSES ONLY. I AM NOT RESPONSIBLE FOR ANY MISUSE.
[ Read More ]

Posted by Priyan Fernando - - 0 comments

Most of you may be curious to know about how to make a Trojan or Virus on your own. Here is an answer for your curiosity. In this post I’ll show you how to make a simple Trojan on your own using C programming language. This Trojan when executed will eat up the hard disk space on the root drive (The drive on which Windows is installed, usually C: Drive) of the computer on which it is run. Also this Trojan works pretty quickly and is capable of eating up approximately 1 GB of hard disk space for every minute it is run. So, I’ll call this as Space Eater Trojan. Since this Trojan is written using a high level programming language it is often undetected by antivirus. The source code for this Trojan is available for download at the end of this post. Let’s see how this Trojan works…
Before I move to explain the features of this Trojan you need to know what exactly is a Trojan horse and how it works. As most of us think a Trojan or a Trojan horse is not a virus. In simple words a Trojan horse is a program that appears to perform a desirable function but in fact performs undisclosed malicious functions that allow unauthorized access to the host machine or create a damage to the computer.
Now lets move to the working of our Trojan
The Trojan horse which I have made appears itself as an antivirus program that scans the computer and removes the threats. But in reality it does nothing but occupy the hard disk space on the root drive by just filling it up with a huge junk file. The rate at which it fills up the hard disk space it too high. As a result the the disk gets filled up to 100% with in minutes of running this Trojan. Once the disk space is full, the Trojan reports that the scan is complete. The victim will not be able to clean up the hard disk space using any cleanup program. This is because the Trojan intelligently creates a huge file in the Windows\System32 folder with the .dll extension. Since the junk file has the .dll extention it is often ignored by disk cleanup softwares. So for the victim, there is now way to recover the hard disk space unless reformatting his drive.
How to Make a Trojan

The algorithm of the Trojan is as follows
1. Search for the root drive
2. Navigate to WindowsSystem32 on the root drive
3. Create the file named “spceshot.dll
4. Start dumping the junk data onto the above file and keep increasing it’s size until the drive is full
5. Once the drive is full, stop the process.
You can download the Trojan source code HERE. Please note that I have not included the executabe for security reasons. You need to compile it to obtain the executable.

How to compile, test and remove the damage?

Compilation:
For step-by-step compilation guide, refer my post How to compile C Programs.
Testing:
To test the Trojan,  just run the SpaceEater.exe file on your computer. It’ll generate a warning message at the beginning. Once you accept it, the Trojan runs and eats up hard disk space.
NOTE: To remove the warning message you’ve to edit the source code and then re-compile it.
How to remove the Damage and free up the space?
To remove the damage and free up the space, just type the following in the “run” dialog box.
%systemroot%\system32

Now search for the file “spceshot.dll“. Just delete it and you’re done. No need to re-format the hard disk.
 NOTE: You can also change the ICON of the virus to make it look like a legitimate program. This method is described in the post: How to Change the ICON of an EXE file ?
Please pass your comments and tell me your opinion. I am just waiting for your comments…
[ Read More ]

Posted by Priyan Fernando - - 0 comments

This hack will show you how to reset Windows administrator password (for Win 2000, XP, Vista and Win 7) at times when you forget it or when you want to gain access to a computer for which you do not know the password.
Most of us have experienced a situation where in we need to gain access to a computer which is password protected or at times we may forget the administrator password without which it becomes impossible to login to the computer. So here is an excellent hack using which you can reset the password or make the password empty (remove the password) so that you can gain administrator access to the computer. You can do this with a small tool called  Offline NT Password & Registry Editor. This utility works offline, that means you need to shut down your computer and boot off your using a floppy disk, CD or USB device (such as pen drive). The tool has the following features.
  • You do not need to know the old password to set a new one
  • Will detect and offer to unlock locked or disabled out user accounts!
  • There is also a registry editor and other registry utilities that works under linux/unix, and can be used for other things than password editing.
 

How it works?

 
Most Windows operating systems stores the login passwords and other encrypted passwords in a file called sam (Security Accounts Manager). This file can be usually found in \windows\system32\config. This file is a part of Windows registry and remains inaccessible as long as the OS is active. Hence it is necessary that you need to boot off your computer and access this sam file via boot. This tool intelligently gains access to this file and will reset/remove the password associated with administrator or any other account.
The download link for both CD and floppy drives along with the complete instructions is given below
Offline NT Password & Reg Editor Download
It is recommended that you download the CD version of the tool since floppy drive is outdated and doesn’t exist in today’s computer. Once you download you’ll get a bootable image which you need to burn it onto your CD. Now boot your computer from this CD and follow the screen instructions to reset the password.
 

Another simple way to reset non-administrator account passwords

 
Here is another simple way through which you can reset the password of any non-administrator accounts. The only requirement for this is that you need to have administrator privileges. Here is a step-by-step instruction to accomplish this task.
1. Open the command prompt (Start->Run->type cmd->Enter)
2. Now type net user and hit Enter
3. Now the system will show you a list of user accounts on the computer. Say for example you need to reset the password of the account by name John, then do as follows
4. Type net user John * and hit Enter. Now the system will ask you to enter the new password for the account. That’s it. Now you’ve successfully reset the password for John without knowing his old password.
So in this way you can reset the password of any Windows account at times when you forget it so that you need not re-install your OS for any reason. I hope this helps.
[ Read More ]

Posted by Priyan Fernando - - 0 comments

Almost every user on the Internet sends/receives hundreds of emails per day. However only a handful of them know what is BCC and what are the advantages of using BCC while sending an email. If you are one such Internet user who is unaware of BCC then this is the post that you should definitely read!
 

What is BCC?

 
BCC stands Blind Carbon Copy. It refers to the practice of sending an email to multiple recipients without disclosing the individual emails addresses. While sending the same email/message to multiple recipients, it is a common practice for most users to separate the email addresses by using comma or semi-colon and insert all those addresses in the To: filed. When emails are sent in this way, each receiver is able to see the complete list of recipient email addresses to which the same message if being sent to. Unlike To:, the BCC: option allows you to hide the recipients in email messages. In other words, when emails are sent using BCC:,  the receiver will not be able to see the list of recipient email addresses. Thus using BCC is a smart way to protect the privacy of the recipients.
 

Why should you use BCC?

 
Here are the reasons for using BCC:
Privacy – BCC provides an easy and simple option for protecting the privacy of your recipients. Under many circumstances it is necessary for us send an email without letting the recipients know who else is receiving the same message. Also it is highly recommended that you use the BCC: while forwarding a joke or a funny email to a list of your friends.  If you are sending email on behalf of a business or organization, it may be especially important to keep lists of clients, members, or associates confidential. So don’t forget to use BCC: in instances wherever privacy matters.
Respect for you recipients- While forwarding email messages, people often do not bother to remove the list of previous recipients.  As a result, messages that are repeatedly sent to many recipients may contain long lists of email addresses.  This makes it easy for the spammers to collect and target those emails for spamming.
In order to avoid the risk of spammers, it is necessary that you encourage people/friends to use BCC: while forwarding any message to you. This prevents your email address from appearing in other people’s inboxes thereby keeping yourself less exposed to spammers. You may also refer How to Protect an Email Account from SPAM for more information on spamming.
 

How to BCC an email message?

 
Most email clients provide the BCC: option under a few lines below the To: field. All you have to do is just enter the list of recipients in the BCC: field instead of entering in the To: field. You may enter only your own email address in the To: field. Once you do this just hit the Send button.
The moral is that you should use BCC: while sending bulk messages so as to protect the privacy of your recipients.
[ Read More ]

Posted by Priyan Fernando - - 0 comments

Win 7 Customized Logon Screen

How would you like to change the logon screen background in Windows 7 so as to give your Windows a customized look and feel? With a small tweak it is possible to customize the Windows 7 logon screen and set your own picture/wallpaper as the background. Changing logon screen background in Windows 7 is as simple as changing your desktop wallpaper. Well here is a step by step instruction to customize the logon screen background.
 
1. The image you need to set as the background should be a .jpg file and it’s size should not exceed 245KB.

2. The image resolution can be anything of your choice. However I prefer 1440 x 900 or 1024 x 768. You can use any of the photo editing software such as Photoshop to compress and set the resolution for your image. Once you’re done, save this image as backgroundDefault.jpg.

3. You will need to copy this image to
C:\Windows\system32\oobe\info\backgrounds
You will need to create that path if it does not already exist on your computer.


4. Now open the Registry Editor (Start -> Run -> Type regedit) and navigate to the following key
HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\
LogonUI\Background
If Background does not exist rightclick LogonUI, select New and then Key, and then name it Background. Now locate OEMBackground (listed on the right side). If it does not exist, right-click Background and select New and then DWORD and name it OEMBackground.

5. Double-click on OEMBackground and set the Value Data to 1.


6. Now log-off to see the new logon screen background. If you would like to revert back to the default 


background, just set the Value Data back to 0.
I hope you like this trick. Just try out and give your feedback!
[ Read More ]

Posted by Priyan Fernando - - 0 comments


Windows Product Activation or WPA is a license validation procedure introduced by Microsoft Corporation in all versions of it’s Windows operating system. WPA was first introduced in Windows XP and continues to exist in Windows Server 2003, Windows Vista, Windows Server 2008 and Windows 7 as well. WPA enforces each end user to activate their copy of Windows so as to prevent unauthorized usage beyond the specific period of time until it is verified as genuine by Microsoft. How WPA really works was a closely guarded secret until GmbH analyzed WPA using a copy of Windows XP RC1 and published a paper on their findings.
In this post you will find answers to some of the most frequently asked questions about Windows Product Activation..
Windows Product Activation

Why activation?

Microsoft’s intention behind the activation is to limit the usage of it’s Windows operating system to only one machine for which the retail license is issued. Any other computer which runs on the same license must be disallowed from using the software. Thus WPA demands for activation of the product within 30 days of it’s installation so as to ensure that it is genuine.

What does “Genuine Windows” means?

The copy of Windows is said to be genuine only if the product key used during the installation is genuine. It means that a given product key (retail license) must be used to install Windows only on one computer for which the license was purchased. Thus if the same key is used for the installation on another computer, then it is said to be a pirated copy.

Exactly what information is transmitted during the activation?

When you activate your copy of Windows you are transmitting an Installation ID code to the Microsoft either by phone or Internet depending on the method you choose to activate. Based on this, the Microsoft’s licensing system can determine whether or not the installed OS is genuine. If it is said to be genuine, then the system will receive the Activation ID which completes the activation process. If the activation is done via telephone then the Activation ID needs to be entered manually to complete the activation process.

What information does the Installation ID contain?

This Installation ID is a 50-digit number which is derived from the following two data.
1. Product ID – It is actually derived from the 25-digit product key (the alphanumeric value that is printed on the sticker over the Windows CD/DVD case) that is entered during the installation of the operating system. The Product ID is used to uniquely identify your copy of Windows.
2. Hardware ID – This value is derived based on the hardware configuration of your computer.
The WPA system checks the following 10 categories of the computer hardware to derive the Hardware ID:
  • Display Adapter
  • SCSI Adapter
  • IDE Adapter (effectively the motherboard)
  • Network Adapter (NIC) and its MAC Address
  • RAM Amount Range (i.e., 0-64mb, 64-128mb, etc.)
  • Processor Type
  • Processor Serial Number
  • Hard Drive Device
  • Hard Drive Volume Serial Number (VSN)
  • CD-ROM / CD-RW / DVD-ROM
Thus the Installation ID which is a combination of Product ID and Hardware ID is finally derived and sent to Microsoft during the activation process.

How is the Installation ID validated?

The Installation ID needs to be validated to confirm the authenticity of the installed copy of Windows. So after the Installation ID is received by Microsoft, it is decoded back so as to obtain the actual product key and the hardware details of the computer involved in the activation process.
The Microsoft’s system will now look to see if this is the first time the product key is being used for the activation. This happens when the user is trying to activate his Windows for the first time after purchase. If this is the case then the Installation ID is validated and the corresponding Activation ID is issued which completes the activation process.
However Microsoft system will now associate this product key with the hardware ID of the computer and stores this information on their servers. In simple words, during the first use of the product key, it is paired together with the Hardware ID and this information is stored up on the Microsoft servers.

What if a computer running a pirated copy of Windows attempts to activate?

The activation fails whenever the copy of Windows installed is not said to be genuine. This usually happens when the product key used for the installation is said to have been used earlier on a different computer. This is determined during the activation process as follows:
During the validation of the Installation ID, the Microsoft’s system checks to see if the same product key was used in any of the previous activation processes. If yes then it looks to see the Hardware ID associated with it. The computer running a pirated copy of Windows will obviously have a different hardware configuration and hence the Hardware ID will mismatch. In this case the activation process will fail.
Thus for a successful activation, either of the following two cases must be satisfied:
  1. The product key must have been used for the first time. ie: The product key should not have been used for earlier activations on any other computer.
  2. If the product key is said to have been used earlier, then the Hardware ID should match. This happens only if the same computer for which the license was genuinely purchased is attempting for subsequent activation.

What about formatting the hard disk?

Each time the hard disk is reformatted and Windows is re-installed, it needs to be re-activated. However the activation process will be completed smoothly since the same computer is attempting for subsequent activation. In this case both the product key and the Hardware ID will match and hence the activation becomes successful.

What if I upgrade or make changes to my hardware?

In the above mentioned 10 categories of hardware, at least 7 should be the same. Thus you are allowed to make changes to not more than 3 categories of hardware. If you make too many changes then your activation will fail. In this case, it is necessary to contact the customer service representative via phone and explain about your problem. If he is convinced he may re-issue a new product key for your computer using which you can re-activate your Windows.

Some things WPA does not do

  • WPA does not send any personal information at all about you to Microsoft. There is still an option to register the product with Microsoft, but that is separate and entirely voluntary.
  • If you prefer to activate via phone, you are not required to give any personal information to Microsoft.
  • WPA does not provide a means for Microsoft to turn off your machine or damage your data/hardware. (Nor do they even have access to your data). This is a common myth that many people have about Microsoft products.
  • WPA is not a “lease” system requiring more payments after two years or any other period. You may use the product as licensed in perpetuity.
I have tried my best to uncover the secret behind the WPA. For further details and more technical information you can read the actual paper by Fully Licensed GmbH at http://www.licenturion.com/xp/fully-licensed-wpa.txt. I hope you like this post. Pass your comments.
[ Read More ]

Posted by Priyan Fernando - - 0 comments

How antivirus works

Due to ever increasing threat from virus and other malicious programs, almost every computer today comes with a pre-installed antivirus software on it. In fact, an antivirus has become one of the most essential software package for every computer. Even though every one of us have an antivirus software installed on our computers, only a few really bother to understand how it actually works! Well if you are one among those few who would really bother to understand how an antivirus works, then this article is for you.
 

How Antivirus Works

 
An antivirus software typically uses a variety of strategies in detecting and removing viruses, worms and other malware programs. The following are the two most widely employed identification methods:
 

1. Signature-based dectection (Dictionary approach)

 
This is the most commonly employed method which involves searching for known patterns of virus within a given file. Every antivirus software will have a dictionary of sample malware codes called signatures in it’s database. Whenever a file is examined, the antivirus refers to the dictionary of sample codes present within it’s database and compares the same with the current file. If the piece of code within the file matches with the one in it’s dictionary then it is flagged and proper action is taken immediately so as to stop the virus from further replicating. The antivirus may choose to repair the file, quarantine or delete it permanently based on it’s potential risk. 
As new viruses and malwares are created and released every day, this method of detection cannot defend against new malwares unless their samples are collected and signatures are released by the antivirus software company. Some companies may also encourage the users to upload new viruses or variants, so that the virus can be analyzed and the signature can be added to the dictionary.
Signature based detection can be very effective, but requires frequent updates of the virus signature dictionary. Hence the users must update their antivirus software on a regular basis so as to defend against new threats that are released daily.
 

2. Heuristic-based detection (Suspicious behaviour approach)

 
Heuristic-based detection involves identifying suspicious behaviour from any given program which might indicate a potential risk. This approach is used by some of the sophisticated antivirus softwares to identify new malware and variants of known malware. Unlike the signature based approach, here the antivirus doesn’t attempt to identify known viruses, but instead monitors the behavior of all programs.
For example, malicious behaviours like a program trying to write data to an executable program is flagged and the user is alerted about this action. This method of detection gives an additional level of security from unidentified threats.
File emulation: This is another type of heuristic-based approach where a given program is executed in a virtual environment and the actions performed by it are logged. Based on the actions logged, the antivirus software can determine if the program is malicious or not and carry out necessary actions in order to clean the infection.
Most commercial antivirus softwares use a combination of both signature-based and heuristic-based approaches to combat malware.
 

Issues of concern

 
Zero-day threats: A zero-day (zero-hour ) threat or attack is where a malware tries to exploit computer application vulnerabilities that are yet unidentified by the antivirus software companies. These attacks are used to cause damage to the computer even before they are identified. Since patches are not yet released for these kind of new threats, they can easily manage to bypass the antivirus software and carry out malicious actions. However most of the threats are identified after a day or two of it’s release, but damage caused by them before identification is quite inevitable.
Daily Updates: Since new viruses and threats are released everyday, it is most essential to update the antivirus software so as to keep the virus definitions up-to-date. Most softwares will have an auto-update feature so that the virus definitions are updated whenever the computer is connected to the Internet.
Effectiveness: Even though an antivirus software can catch almost every malware, it is still not 100% foolproof against all kinds of threats. As explained earlier, a zero-day threat can easily bypass the protective shield of the antivirus software. Also virus authors have tried to stay a step ahead by writing “oligomorphic“, “polymorphic” and, more recently, “metamorphic” virus codes, which will encrypt parts of themselves or otherwise modify themselves as a method of disguise, so as to not match virus signatures in the dictionary.
Thus user education is as important as antivirus software; users must be trained to practice safe surfing habits such as downloading files only from trusted websites and not blindly executing a program that is unknown or obtained from an untrusted source. I hope this article will help you understand the working of an antivirus software.
[ Read More ]