References :

https://arstechnica.com/security/2017/05/an-nsa-derived-ransomware-worm-is-shutting-down-computers-worldwide/

https://en.wikipedia.org/wiki/WannaCry_ransomware_attack

(click the thumb for full image)

(click the thumb for full image)

(click the thumb for full image)

(click the thumb for full image)

After getting the code value, give the following url, where client_id is App ID and redirect_uri is the URL defined as Canvas URL, client_secret is App Secret and code is the code got.

(click the thumb for full image)

(click the thumb for full image)

IPhone users love to brag about their phones. They line up around the block and stand in line for hours when a new one is released. Yet, for many users, Android is clearly the superior platform. Yes, its Achilles' heel is a big one: security. Android's openness and large market share mean that it's a juicy target for attackers.

Yet, Android's openness also provides serious benefits. It allows for more customisation; its apps are usually cheaper and various handset manufacturers are able to offer significantly different form factors, such as the smartphone-tablet hybrid, the Samsung Galaxy Note.
With a little tweaking, you can speed up and optimise Android in ways that will make iPhone users' heads spin. Here are 10 ways to make Android faster, more productive and more secure than iPhone:

Make your Android faster
1. Get a better browser
One of the major benefits of using the popular browser Opera Mini is that its cloud engine compresses data by as much as 90%. It features tabbed browsing, support for widgets and the ability to set advanced privacy features, such as the ability to automatically clear passwords, cookies and browsing history.
The advantage for Android users: the ability to use Opera Mobile instead of Opera Mini. Opera Mobile supports Flash and 3D graphics, has an HTML 5 engine and has a device-side web rendering engine for higher fidelity browsing. You can set up the rendering engine to work locally when on a Wi-Fi network and default to the cloud-based rendering engine when on a 3G or 4G network to minimize expensive data usage (if you're not on an all-you-can-eat data plan). It also allows you to access your camera from your browser. Expect cool new widgets to start using this feature soon.
2. Install an Android optimiser
Apps like Android Booster and Android Assistant give you the power to automatically kill apps that run in the background, gobbling up battery life and draining CPU. You can set a monthly data limit and monitor exactly how much data you've downloaded over 3G and 4G networks, and you can purge your cache, history, etc.
3. Conserve your battery
Nothing slows you down more than a dead battery. One advantage Android phones have over iPhones is that you can swap out your battery. But proper power management can save you from that trouble. Apps like JuiceDefender and Battery Stretch help you regulate your power use.
With more than 7 million downloads, JuiceDefender is the most popular of these apps. It offers three different profiles: "Balanced," "Aggressive" or "Extreme."
The Balanced setting is the default and requires no configuration on your part. If you bump it up to "Aggressive," the app will automatically disable data connections when the battery is low. If you're really worried about a dead battery, the "Extreme" setting disables data connections by default. You can turn them back on manually, and you are able to whitelist apps that you want to have connectivity.

Make your Android more productive

4. Dig deeper into which apps hog data
If you constantly go over your data limits, an app like Android Assistant may not be enough. Sure, you will be alerted when you are nearing your limit, but what exactly is causing the problem?
Is it Facebook, podcasting software, the MLB Gameday app? Who knows?
Well, with Onavo you can find out. The main menu displays statistics on your data use over the prior month, and it fingers the apps hogging the most bandwidth. Many of these are obvious, such as any video or streaming app, but I was surprised to see how much data Google Calendar used with its constant synching, and after consulting with Onavo, I decided to synch less frequently
You'll also discover the apps that go online even when they haven't been launched. Don't be surprised to see that many games do this, so if you haven't played them in a while, you might want to get rid of them. Otherwise, those free Android games may end up costing you money if they push you over your data limit.
For international travelers, Onavo can help you avoid (or limit) costly data roaming charges.
And Onavo is actually an app that has more octane on iPhone, for which it will also compress data. (On Android, this feature is currently limited to Ice Cream Sandwich users.)
5. Tether your phone
So you've signed up for an expensive all-you-can-eat data plan, yet when you try to tether your laptop to your phone to use that 4G connection you paid a premium for, you are stymied. Carriers will try to charge you $20 or $30 a month for tethering privileges, meaning they're trying to charge you twice for network access that you've really already purchased.
For most people, this is more of a nuisance than anything. Wi-Fi is available everywhere, but if you are using your laptop for business, wouldn't it be smarter to stay on a 4G network rather than connecting to an open Wi-Fi one?
On iPhone, tethering is a no-go. On Android, tethering may technically violate your user license, but you can do it, and you no longer need to root your phone. Apps like Clockworkmod's Tether will have you up and running in a few minutes.
Tether isn't a free app, but at $4.99 (approximately £3.10), one stay in a hotel that still charges for Wi-Fi will make this app a no-brainer.
6. Pick your own keyboard
Siri has been getting all kinds of press lately, and, sure, it can be amusing to try to get Siri to say off-color things. Yet, when I'm using data on my phone, I prefer text-based input.
For years, one of the main reasons I've considered iPhone inferior is its hostility to apps like Swype. On Android, you have the ability to choose your own keyboard. (Well, iPhone users can jailbreak their phones to get Swype, but that fact reinforces my point.)
Many Android phones come with Swype pre-loaded, but it's not usually the default keyboard. Just press any text entry area for a few seconds and a menu will pop up. Select "Input method" and then choose "Swype." That's it.
I used to avoid texting like the plague because I hated entering data on my phone. That all changed with Swype, which lets you drag your finger across the screen from letter to letter. Its predictive engine figures out what word you are going for (it gets better the more you use it), and you just keep chugging along.
I can't Swype as fast as I type, but I'm a fast typist. Scroll around the Inter-webs a bit, and you'll find plenty of people claiming to achieve 40 or 50 words per minute with Swype. And now that Swype has been acquired by Nuance, you should have even more input options coming your way soon.

Make your phone more secure

7. Turn on screen lock, but don't use a pattern
The easiest screen unlocking method is to trace a pattern on your screen. It's easier and more convenient than entering a PIN or password. However, if you lose your phone or it is stolen, you better hope you just cleaned your screen.
The oil on your finger will leave a distinct pattern on your screen. Unless you wipe it down religiously after each unlocking, the pattern lock will only deter the stupidest criminals.
8. Install anti-virus software
Why have you not done this already? Malware writers are flocking to Android. We're seeing much of what happened in the desktop world being repeated with smartphones. Android is more open, has a larger market share and is a juicer target.
IPhone is a closed ecosystem and may eventually, like Mac, benefit from security through obscurity (though I doubt iPhone will ever shrink to Mac-like numbers). For iPhone users, this is good-news, bad-news scenario. Yes, Apple does more to lock down apps and prevent third-party software from exploiting key system resources, but you are trusting one company for your security. If Apple screws up, all iPhone users are in trouble. Exhibit A: the Path privacy fiasco.
Android, on the other hand, may be less secure due to its openness, but it's welcoming to third-party security tools. There's no excuse not to have anti-virus software on your phone. There are plenty of free options, such as Lookout, and with a simple download, you can significantly reduce your risks. Most of these antivirus apps also allow you to remotely lock and wipe your phone if it is lost or stolen, and some even allow you to set off an obnoxious alarm, which will either help you find the device if its tucked behind a couch cushion or convince a thief to toss it.
Of course, we'd like to see handset OEMs and the carriers bake antivirus into their various Android versions. It's a simple step that would benefit them, carriers especially, saving bandwidth, protecting against fraudulent charges and so on. We would also like to see carriers adopt network-based mobile malware scanning, such as the solution from Kindsight Security Labs.
9. Stay away from App Stores you do not know
Google has taken steps to tame the Wild West that was its Market. It now has a "Bouncer" that scans the Market for malware, and despite what Apple apologists may claim, Android was designed from the get-go to make malware less disruptive on phones than it is on PCs by sandboxing apps and forcing apps to ask for permissions (yes, the same permissions that everyone just ignores, but at least they tried).
The trouble is that Android users can download apps anywhere. Don't be lured into doing this. If you aren't using Android Market, make sure you are in a store you know and trust, such as Amazon. Most Android models come with the default setting that doesn't allow you to download apps from "unknown sources." If you've fallen for social-engineering attacks in the past, it's best to leave that box checked.

When you download an app, try to get into the practice of checking permissions. If a game wants to send out text messages, for instance, that should be a red flag.

10. Stay away from mobile payments
Mobile payments are starting to take off, especially in Europe and Asia, and consumers should be wary. The problem with mobile payments is that they are often simply added to your mobile phone bill, and if you find a suspicious charge, your liability will vary from carrier to carrier.

In contrast, if a hacker gets your credit card number and goes on a spending spree, your maximum liability for credit card fraud is £50. In other words, credit card fraud is not your problem, it's the bank's. Until you have that level of protection for mobile payments, it's probably smarter and safer to stick with the credit card.

Source : http://howto.techworld.com

Link : http://howto.techworld.com/operating-systems/3357784/how-to-make-your-android-more-productive-more-secure-and-faster-than-iphone/?intcmp=ros-md-hwt

Virtualization offers huge benefits in flexibility, cost-effectiveness and eco-friendliness. However, some design choices need to be made towards deploying Active Directory Domain Controllers in virtual environments. Some of these choices are general choices, but some of them apply to Hyper-V enabled environments specifically.

When deploying an Active Directory environment, either for test or production purposes, either virtual or physical, be sure to deploy at least two Domain Controllers per Active Directory domain, whenever possible. When either Domain Controller fails you don't lose your Active Directory information and any applications, services and users depending on it can continue to operate, unless specifically pointed to.

   

The Internet has made large amounts of information available to the average computer user at home, in business and in education. For many people, having access to this information is no longer just an advantage, it is essential. Yet connecting a private network to the Internet can expose critical or confidential data to malicious attack from anywhere in the world. Users who connect their computers to the Internet must be aware of these dangers, their implications and how to protect their data and their critical systems. Firewalls can protect both individual computers and corporate networks from hostile intrusion from the Internet, but must be understood to be used correctly.
We are presenting this information in a Q&A (Questions and Answers) format that we hope will be useful. Our knowledge of this subject relates to firewalls in general use, and stems from our own NAT and proxy firewall technology. We welcome feedback and comments from any readers on the usefulness or content.
We are providing the best information available to us as at date of writing and intend to update it at frequent intervals as things change and/or more information becomes available. However we intend this Q&A as a guide only and recommend that users obtain specific information to determine applicability to their specific requirements. (This is another way of saying that we can't be held liable or responsible for the content.)


Questions

• What is a firewall?
• What does a firewall do?
• What can't a firewall do?
• Who needs a firewall?
• How does a firewall work?
• What are the OSI and TCP/IP Network models?
• What different types of firewalls are there?
• How do I implement a firewall?
• Is a firewall sufficient to secure my network or do I need anything else?
• What is IP spoofing?
• Firewall related problems
• Benefits of a firewall

1. What is a firewall?

A firewall protects networked computers from intentional hostile intrusion that could compromise confidentiality or result in data corruption or denial of service. It may be a hardware device (see Figure 1) or a software program (see Figure 2) running on a secure host computer. In either case, it must have at least two network interfaces, one for the network it is intended to protect, and one for the network it is exposed to.
A firewall sits at the junction point or gateway between the two networks, usually a private network and a public network such as the Internet. The earliest firewalls were simply routers. The term firewall comes from the fact that by segmenting a network into different physical subnetworks, they limited the damage that could spread from one subnet to another just like firedoors or firewalls.
Figure 1: Hardware Firewall.
Hardware firewall providing protection to a Local Network.

Figure 2: Computer with Firewall Software.
Computer running firewall software to provide protection

2. What does a firewall do?

A firewall examines all traffic routed between the two networks to see if it meets certain criteria. If it does, it is routed between the networks, otherwise it is stopped. A firewall filters both inbound and outbound traffic. It can also manage public access to private networked resources such as host applications. It can be used to log all attempts to enter the private network and trigger alarms when hostile or unauthorized entry is attempted. Firewalls can filter packets based on their source and destination addresses and port numbers. This is known as address filtering. Firewalls can also filter specific types of network traffic. This is also known as protocol filtering because the decision to forward or reject traffic is dependant upon the protocol used, for example HTTP, ftp or telnet. Firewalls can also filter traffic by packet attribute or state.

3. What can't a firewall do?

A firewall cannot prevent individual users with modems from dialling into or out of the network, bypassing the firewall altogether. Employee misconduct or carelessness cannot be controlled by firewalls. Policies involving the use and misuse of passwords and user accounts must be strictly enforced. These are management issues that should be raised during the planning of any security policy but that cannot be solved with firewalls alone.
The arrest of the Phonemasters cracker ring brought these security issues to light. Although they were accused of breaking into information systems run by AT&T Corp., British Telecommunications Inc., GTE Corp., MCI WorldCom, Southwestern Bell, and Sprint Corp, the group did not use any high tech methods such as IP spoofing (see question 10). They used a combination of social engineering and dumpster diving. Social engineering involves skills not unlike those of a confidence trickster. People are tricked into revealing sensitive information. Dumpster diving or garbology, as the name suggests, is just plain old looking through company trash. Firewalls cannot be effective against either of these techniques.

4. Who needs a firewall?

Anyone who is responsible for a private network that is connected to a public network needs firewall protection. Furthermore, anyone who connects so much as a single computer to the Internet via modem should have personal firewall software. Many dial-up Internet users believe that anonymity will protect them. They feel that no malicious intruder would be motivated to break into their computer. Dial up users who have been victims of malicious attacks and who have lost entire days of work, perhaps having to reinstall their operating system, know that this is not true. Irresponsible pranksters can use automated robots to scan random IP addresses and attack whenever the opportunity presents itself.

5. How does a firewall work?

There are two access denial methodologies used by firewalls. A firewall may allow all traffic through unless it meets certain criteria, or it may deny all traffic unless it meets certain criteria (see figure 3). The type of criteria used to determine whether traffic should be allowed through varies from one type of firewall to another. Firewalls may be concerned with the type of traffic, or with source or destination addresses and ports. They may also use complex rule bases that analyse the application data to determine if the traffic should be allowed through. How a firewall determines what traffic to let through depends on which network layer it operates at. A discussion on network layers and architecture follows.
Figure 3: Basic Firewall Operation.

6. What are the OSI and TCP/IP Network models?

To understand how firewalls work it helps to understand how the different layers of a network interact. Network architecture is designed around a seven layer model. Each layer has its own set of responsibilities, and handles them in a well-defined manner. This enables networks to mix and match network protocols and physical supports. In a given network, a single protocol can travel over more than one physical support (layer one) because the physical layer has been dissociated from the protocol layers (layers three to seven). Similarly, a single physical cable can carry more than one protocol. The TCP/IP model is older than the OSI industry standard model which is why it does not comply in every respect. The first four layers are so closely analogous to OSI layers however that interoperability is a day to day reality.
Firewalls operate at different layers to use different criteria to restrict traffic. The lowest layer at which a firewall can work is layer three. In the OSI model this is the network layer. In TCP/IP it is the Internet Protocol layer. This layer is concerned with routing packets to their destination. At this layer a firewall can determine whether a packet is from a trusted source, but cannot be concerned with what it contains or what other packets it is associated with. Firewalls that operate at the transport layer know a little more about a packet, and are able to grant or deny access depending on more sophisticated criteria. At the application level, firewalls know a great deal about what is going on and can be very selective in granting access.
Figure 4: The OSI and TCP/IP models

It would appear then, that firewalls functioning at a higher level in the stack must be superior in every respect. This is not necessarily the case. The lower in the stack the packet is intercepted, the more secure the firewall. If the intruder cannot get past level three, it is impossible to gain control of the operating system.
Figure 5: Professional Firewalls Have Their Own IP Layer

Professional firewall products catch each network packet before the operating system does, thus, there is no direct path from the Internet to the operating system's TCP/IP stack. It is therefore very difficult for an intruder to gain control of the firewall host computer then "open the doors" from the inside.
Professional firewall products catch each network packet before the operating system does, thus, there is no direct path from the Internet to the operating system's TCP/IP stack. It is therefore very difficult for an intruder to gain control of the firewall host computer then "open the doors" from the inside.
According To Byte Magazine*, traditional firewall technology is susceptible to misconfiguration on non-hardened OSes. More recently, however, "...firewalls have moved down the protocol stack so far that the OS doesn't have to do much more than act as a bootstrap loader, file system and GUI". The author goes on to state that newer firewall code bypasses the operating system's IP layer altogether, never permitting "potentially hostile traffic to make its way up the protocol stack to applications running on the system".
*June 1998

7. What different types of firewalls are there?

Firewalls fall into four broad categories: packet filters, circuit level gateways, application level gateways and stateful multilayer inspection firewalls.
Packet filtering firewalls work at the network level of the OSI model, or the IP layer of TCP/IP. They are usually part of a router. A router is a device that receives packets from one network and forwards them to another network. In a packet filtering firewall each packet is compared to a set of criteria before it is forwarded. Depending on the packet and the criteria, the firewall can drop the packet, forward it or send a message to the originator. Rules can include source and destination IP address, source and destination port number and protocol used. The advantage of packet filtering firewalls is their low cost and low impact on network performance. Most routers support packet filtering. Even if other firewalls are used, implementing packet filtering at the router level affords an initial degree of security at a low network layer. This type of firewall only works at the network layer however and does not support sophisticated rule based models (see Figure 5). Network Address Translation (NAT) routers offer the advantages of packet filtering firewalls but can also hide the IP addresses of computers behind the firewall, and offer a level of circuit-based filtering.
Figure 6: Packet Filtering Firewall

Circuit level gateways work at the session layer of the OSI model, or the TCP layer of TCP/IP. They monitor TCP handshaking between packets to determine whether a requested session is legitimate. Information passed to remote computer through a circuit level gateway appears to have originated from the gateway. This is useful for hiding information about protected networks. Circuit level gateways are relatively inexpensive and have the advantage of hiding information about the private network they protect. On the other hand, they do not filter individual packets.
Figure 7: Circuit level Gateway

Application level gateways, also called proxies, are similar to circuit-level gateways except that they are application specific. They can filter packets at the application layer of the OSI model. Incoming or outgoing packets cannot access services for which there is no proxy. In plain terms, an application level gateway that is configured to be a web proxy will not allow any ftp, gopher, telnet or other traffic through. Because they examine packets at application layer, they can filter application specific commands such as http:post and get, etc. This cannot be accomplished with either packet filtering firewalls or circuit level neither of which know anything about the application level information. Application level gateways can also be used to log user activity and logins. They offer a high level of security, but have a significant impact on network performance. This is because of context switches that slow down network access dramatically. They are not transparent to end users and require manual configuration of each client computer. (See Figure 7)
Figure 8: Application level Gateway

Stateful multilayer inspection firewalls combine the aspects of the other three types of firewalls. They filter packets at the network layer, determine whether session packets are legitimate and evaluate contents of packets at the application layer. They allow direct connection between client and host, alleviating the problem caused by the lack of transparency of application level gateways. They rely on algorithms to recognize and process application layer data instead of running application specific proxies. Stateful multilayer inspection firewalls offer a high level of security, good performance and transparency to end users. They are expensive however, and due to their complexity are potentially less secure than simpler types of firewalls if not administered by highly competent personnel. (See Figure 8).
Figure 9: Stateful Multilayer Inspection Firewall

8. How do I implement a firewall?

We suggest you approach the task of implementing a firewall by going through the following steps:

1. Determine the access denial methodology to use.
   It is recommended you begin with the methodology that denies all access by default. In other words, start with a gateway that routes no traffic and is effectively a brick wall with no doors in it.
2. Determine inbound access policy.
   If all of your Internet traffic originates on the LAN this may be quite simple. A straightforward NAT router will block all inbound traffic that is not in response to requests originating from within the LAN. As previously mentioned, the true IP addresses of hosts behind the firewall are never revealed to the outside world, making intrusion extremely difficult. Indeed, local host IP addresses in this type of configuration are usually non-public addresses, making it impossible to route traffic to them from the Internet. Packets coming in from the Internet in response to requests from local hosts are addressed to dynamically allocated port numbers on the public side of the NAT router. These change rapidly making it difficult or impossible for an intruder to make assumptions about which port numbers to use.
   
   If your requirements involve secure access to LAN based services from Internet based hosts, then you will need to determine the criteria to be used in deciding when a packet originating from the Internet may be allowed into the LAN. The stricter the criteria, the more secure your network will be. Ideally you will know which public IP addresses on the Internet may originate inbound traffic. By limiting inbound traffic to packets originating from these hosts, you decrease the likelihood of hostile intrusion. You may also want to limit inbound traffic to certain protocol sets such as ftp or http. All of these techniques can be achieved with packet filtering on a NAT router. If you cannot know the IP addresses that may originate inbound traffic, and you cannot use protocol filtering then you will need more a more complex rule based model and this will involve a stateful multilayer inspection firewall.
3. Determine outbound access policy
   If your users only need access to the web, a proxy server may give a high level of security with access granted selectively to appropriate users. As mentioned, however, this type of firewall requires manual configuration of each web browser on each machine. Outbound protocol filtering can also be transparently achieved with packet filtering and no sacrifice in security. If you are using a NAT router with no inbound mapping of traffic originating from the Internet, then you may allow LAN users to freely access all services on the Internet with no security compromise. Naturally, the risk of employees behaving irresponsibly with email or with external hosts is a management issue and must be dealt with as such.
4. Determine if dial-in or dial-out access is required.
   Dial-in requires a secure remote access PPP server that should be placed outside the firewall. If dial-out access is required by certain users, individual dial-out computers must be made secure in such a way that hostile access to the LAN through the dial-out connection becomes impossible. The surest way to do this is to physically isolate the computer from the LAN. Alternatively, personal firewall software may be used to isolate the LAN network interface from the remote access interface.
5. Decide whether to buy a complete firewall product, have one implemented by a systems integrator or implement one yourself.
   Once the above questions have been answered, it may be decided whether to buy a complete firewall product or to configure one from multipurpose routing or proxy software. This decision will depend as much on the availability of in-house expertise as on the complexity of the need. A satisfactory firewall may be built with little expertise if the requirements are straightforward. However, complex requirements will not necessarily entail recourse to external resources if the system administrator has sufficient grasp of the elements. Indeed, as the complexity of the security model increases, so does the need for in-house expertise and autonomy.

9. Is a firewall sufficient to secure my network or do I need anything else?

The firewall is an integral part of any security program, but it is not a security program in and of itself. Security involves data integrity (has it been modified?), service or application integrity (is the service available, and is it performing to spec?), data confidentiality (has anyone seen it?) and authentication (are they really who they say they are?). Firewalls only address the issues of data integrity, confidentiality and authentication of data that is behind the firewall. Any data that transits outside the firewall is subject to factors out of the control of the firewall. It is therefore necessary for an organization to have a well planned and strictly implemented security program that includes but is not limited to firewall protection.

10. What is IP spoofing?

Many firewalls examine the source IP addresses of packets to determine if they are legitimate. A firewall may be instructed to allow traffic through if it comes from a specific trusted host. A malicious cracker would then try to gain entry by "spoofing" the source IP address of packets sent to the firewall. If the firewall thought that the packets originated from a trusted host, it may let them through unless other criteria failed to be met. Of course the cracker would need to know a good deal about the firewall's rule base to exploit this kind of weakness. This reinforces the principle that technology alone will not solve all security problems. Responsible management of information is essential. One of Courtney's laws sums it up: "There are management solutions to technical problems, but no technical solutions to management problems".
An effective measure against IP spoofing is the use of a Virtual Private Network (VPN) protocol such as IPSec. This methodology involves encryption of the data in the packet as well as the source address. The VPN software or firmware decrypts the packet and the source address and performs a checksum. If either the data or the source address have been tampered with, the packet will be dropped. Without access to the encryption keys, a potential intruder would be unable to penetrate the firewall.

11. Firewall related problems

Firewalls introduce problems of their own. Information security involves constraints, and users don't like this. It reminds them that Bad Things can and do happen. Firewalls restrict access to certain services. The vendors of information technology are constantly telling us "anything, anywhere, any time", and we believe them naively. Of course they forget to tell us we need to log in and out, to memorize our 27 different passwords, not to write them down on a sticky note on our computer screen and so on.
Firewalls can also constitute a traffic bottleneck. They concentrate security in one spot, aggravating the single point of failure phenomenon. The alternatives however are either no Internet access, or no security, neither of which are acceptable in most organizations.

12. Benefits of a firewall

Firewalls protect private local area networks from hostile intrusion from the Internet. Consequently, many LANs are now connected to the Internet where Internet connectivity would otherwise have been too great a risk.
Firewalls allow network administrators to offer access to specific types of Internet services to selected LAN users. This selectivity is an essential part of any information management program, and involves not only protecting private information assets, but also knowing who has access to what. Privileges can be granted according to job description and need rather than on an all-or-nothing basis.

Layered security is the key to protecting any size network, and for most companies, that means deploying both intrusion detection systems (IDS) and intrusion prevention systems (IPS). When it comes to IPS and IDS, it’s not a question of which technology to add to your security infrastructure – both are required for maximum protection against malicious traffic. In fact, vendors are increasingly combining the two technologies into a single box.
At its most basic, an IDS device is passive, watching packets of data traverse the network from a monitoring port, comparing the traffic to configured rules, and setting off an alarm if it detects anything suspicious. An IDS can detect several types of malicious traffic that would slip by a typical firewall, including network attacks against services, data-driven attacks on applications, host-based attacks like unauthorized logins, and malware like viruses, Trojan horses, and worms. Most IDS products use several methods to detect threats, usually signature-based detection, anomaly-based detection, and stateful protocol analysis.




The IDS engine records the incidents that are logged by the IDS sensors in a database and generates the alerts it sends to the network administrator. Because IDS gives deep visibility into network activity, it can also be used to help pinpoint problems with an organization’s security policy, document existing threats, and discourage users from violating an organization’s security policy.

The primary complaint with IDS is the number of false positives the technology is prone to spitting out – some legitimate traffic is inevitable tagged as bad. The trick is tuning the device to maximize its accuracy in recognizing true threats while minimizing the number of false positives; these devices should be regularly tuned as new threats are discovered and the network structure is altered. As the technology has matured in the last several years, it has gotten better at weeding out false positives. However, completely eliminating them while still maintaining strict controls is next to impossible – even for IPS, which some consider the next step in the evolution of IDS.

The IPS Advantage

At its most basic, an IPS has all the features of a good IDS, but can also stop malicious traffic from invading the enterprise. Unlike an IDS, an IPS sits inline with traffic flows on a network, actively shutting down attempted attacks as they’re sent over the wire. It can stop the attack by terminating the network connection or user session originating the attack, by blocking access to the target from the user account, IP address, or other attribute associated with that attacker, or by blocking all access to the targeted host, service, or application.

In addition, an IPS can respond to a detected threat in two other ways. It can reconfigure other security controls, such as a firewall or router, to block an attack. Some IPS devices can even apply patches if the host has particular vulnerabilities. In addition, some IPS can remove the malicious contents of an attack to mitigate the packets, perhaps deleting an infected attachment from an email before forwarding the email to the user.

Twice the Protection

Because IDS and IPS devices sit in different spots on the network, they can – and should – be used concurrently. An IPS product installed at the perimeter of the network will help stop zero day attacks, such as worms and viruses, in their tracks – even the newest threats can be blocked with rigorous tuning. An IDS product installed inside the firewall will monitor internal activity, guarding against the ever-present insider threat, and lend greater visibility into security events, past and present.

Choosing a product that offers both technologies can be the most cost-effective and efficient approach. “With one device that does IDS and IPS, you can enable IDS on part of the network and enable IPS on a different part. It’s almost a virtual device,” says Sanjay Beri, senior director of product management at Juniper Networks, a network infrastructure vendor based in Sunnyvale, Calif.

What is APN?
APN stands for Access Point Name and it is a gateway or protocol that allows people to gain access to the web by using the services of mobile phone networks. These networks may be 2G, 3G, or GPRS among others. But before someone can get access to the internet, the proper settings must be configured.

Access Point Name (APN) acts like an identification number for a cellular phone to have a data session with a particular network. But one must know what type of APN is needed as there are various different types. Each of the different types of APN has unique properties, so care must be taken on which one to choose to have a successfulinternet connection. In using mobile phones, one may be prompted of different APN options. Different APNs for “internet” and “WAP” options may be available. Both of these have different setups and functions, so the user must choose which service to avail. If the wrong option is taken, one might be prompted that no network service is available.

APN’s structure has two parts. The first part is called the network identifier. This part simply identifies which network is connected to the GGSN or Gateway GPRS Support Node. This network identifier is a required part of APNs. The next part is called the operator identifier and is not required in the APN structure. This part is able to locate the GGSN on

Through APN, a particular user can communicate with a specific IP PDN or packet data network. APNs also allow the identification of a particular service wanted by the user. Services that can be identified may be in the form of multimedia messaging (MMS) or wireless application protocol (WAP) services.

Access Point Names (APN) is written through a series of labels with periods or dots acting as separators, just like the DNS convention.