Monday, August 30, 2010

Outlook Express 6 Options

Changing Your View

There are several default View settings used by Outlook Express that you might want to change.
1.Select View / Layout
2.From here you can select what options you want to see each time you start Outlook Express
3.You can also change the Preview Pane. Due to some of the newer viruses being spread via e-mail, I would recommend turning this off.

TCP/IP INVENTION ON JANUARY 1, 1983


TCP/IP, a milestone invention leading to the modern Internet
Internet protocol suite is the set of communications protocols that implement the protocol stack on which the Internet and most commercial networks run. It has also been referred to as the TCP/IP protocol suite, which is named after two of the most important protocols in it: the Transmission Control Protocol (TCP) and the Internet Protocol (IP), which were also the first two networking protocols defined. Today's IP networking represents a synthesis of two developments that began in the 1960s and 1970s, namely LANs ( Local Area Networks) and the Internet, both of which have revolutionized computing. 
The Internet Protocol suite—like many protocol suites—can be viewed as a set of layers. Each layer solves a set of problems involving the transmission of data, and provides a well-defined service to the upper layer protocols based on using services from some lower layers. Upper layers are logically closer to the user and deal with more abstract data, relying on lower layer protocols to translate data into forms that can eventually be physically transmitted. The TCP/IP reference model consists of four layers. 
History 
The Internet protocol suite came from work done by Defense Advanced Research Projects Agency (DARPA) in the early 1970s. After building the pioneering ARPANET in the late 1960s, DARPA started work on a number of other 
data transmission technologies. In 1972, Robert E. Kahn was hired at the DARPA Information Processing Technology Office, where he worked on both satellite packet networks and ground-based radio packet networks, and recognized the value of being able to communicate across them. In the spring of 1973, Vinton Cerf, the developer of the existing ARPANET Network Control Program (NCP) protocol, joined Kahn to work on open-architecture interconnection models with the goal of designing the next protocol for the ARPANET. 
By the summer of 1973, Kahn and Cerf had soon worked out a fundamental reformulation, where the differences between network protocols were hidden by using a common internetwork protocol, and instead of the network being responsible for reliability, as in the ARPANET, the hosts became responsible. (Cerf credits Hubert Zimmerman and Louis Pouzin [designer of the CYCLADES network] with important influences on this design.) 
With the role of the network reduced to the bare minimum, it became possible to join almost any networks together, no matter what their characteristics were, thereby solving Kahn's initial problem. One popular saying has it that TCP/IP, the eventual product of Cerf and Kahn's work, will run over "two tin cans and a string." There is even an implementation designed to run using homing pigeons Request for Comments 1149.

A computer called a 
router (a name changed from gateway to avoid confusion with other types of gateway) is provided with an interface to each network, and forwards packets back and forth between them. Requirements for routers are defined in (Request for Comments 1812). 
The idea was worked out in more detailed form by Cerf's networking research group at Stanford in the 1973–74 period, resulting in the first TCP specification (Request for Comments 675), (The early networking work at Xerox PARC, which produced the PARC Universal Packet protocol suite, much of which was contemporaneous, was also a significant technical influence; people moved between the two.) 
DARPA then contracted with BBN 
Technologies , Stanford University, and the University College London to develop operational versions of the protocol on different hardware platforms. Four versions were developed: TCP v1, TCP v2, a split into TCP v3 and IP v3 in the spring of 1978, and then stability with TCP/IP v4 — the standard protocol still in use on the Internet today. 
In 1975, a two-network TCP/IP communications test was performed between Stanford and University College London (UCL). In November, 1977, a three-network TCP/IP test was conducted between the U.S., UK, and Norway. Between 1978 and 1983, several other TCP/IP prototypes were developed at multiple research centres. A full switchover to TCP/IP on the ARPANET took place January 1, 1983. 
In March 1982, the US Department of Defense made TCP/IP the standard for all military computer networking. In 1985, the Internet Architecture Board held a three day workshop on TCP/IP for the computer industry, attended by 250 vendor representatives, helping popularize the protocol and leading to its increasing commercial use. 

On November 9, 2005 Kahn and Cerf were presented with the Presidential Medal of Freedom for their contribution to American culture.

Sunday, August 29, 2010

DNS devolution

What is the scope of the advisory? 
This advisory provides 
notification that updates are available that help define an 
organizational boundary for systems that are domain joined but do not 
have a DNS suffix list configured. 
What is a top-level domain (TLD)? 
The 
top-level domain (TLD) is the last part of an Internet domain name. 
These are the letters that follow the final dot of any domain name. For 
example, in the domain name wpad.western.corp.contoso.co.us, the TLD is 
".us". TLDs can be primarily split into two types: country code and 
generic. Country code TLDs are two letter abbreviations for each 
country. In this example .us is for United States. Generic TLDs are the 
more traditionally recognizable three (or greater) letter abbreviations 
such as .com, .net, .org, etc. For a full list of all available TLDs, 
refer to the following list at IANA.What is a Primary DNS Suffix (PDS)? 
This 
is the domain name appended to the right of a computer's single label 
host name. A fully qualified domain name (FQDN) can be defined as 
.. By default, the primary 
DNS suffix portion of a computer's FQDN is the same as the name of the 
Active Directory domain to which the computer is joined. However, a 
computer's PDS may be different than the DNS domain to which it is 
joined when configured via the Properties dialog box from My Computer.What is a second-level domain (SLD)? 
A 
second-level domain (SLD) is a domain located directly "below" or to 
the left of the TLD. In the previous example, 
wpad.western.corp.contoso.co.us, the SLD is ".co". The most common 
registration of SLDs is under country code TLDs. The United States 
primarily uses the SLD for US state registration such as ".co.us" for 
the state of Colorado for example. Non-US SLDs often reuse common TLD 
names such as ".com.sg".What does the DNS devolution feature do? 
Devolution 
is a Windows DNS client feature. Devolution is the process by which 
Windows DNS clients resolve DNS queries for single-label unqualified 
hostnames. Queries are constructed by appending PDS to the hostname. 
The query is retried by systematically removing the left-most label in 
the PDS until the hostname + remaining PDS resolves or only two labels 
remain in the stripped PDS. For example, Windows clients looking for 
"Single-label" in the western.corp.contoso.co.us domain will 
progressively query Single-label.western.corp.contoso.co.us, 
Single-label.corp.contoso.co.us, Single-label.contoso.co.us, and then 
Single-label.co.us until it finds a system that resolves. This process 
is referred to as devolution. 



Q: What, exactly, is DNS name devolution? Are there any security risks linked to this DNS feature? Has anything changed in Windows 7 and Windows Server 2008 R2 to better protect my Windows platforms against these security risks?
A: DNS name devolution is a built-in feature of the Windows DNS Client. Users of Active Directory (AD)-joined computers can use DNS name devolution to connect to resources using an unqualified name, such as mailserver1, instead of using a Fully Qualified Domain Name (FQDN), such as mailserver1.emea.mydomain.net. Thanks to name devolution, the DNS client will automatically append portions of the AD-joined computer's primary DNS domain suffix (for example, "emea.mydomain.net") to the unqualified name during the DNS name resolution process.
For example, when a user on a computer that's a member of the emea.mydomain.net domain uses the resource name mailserver1, the DNS client will automatically try to resolve the mailserver1.emea.mydomain.net and mailserver1.mydomain.net FQDNs.
An important parameter in the DNS name devolution process is the devolution level. It refers to the number of labels in the primary DNS domain suffix at which the devolution process stops. Labels are the parts of a DNS name that are separated by dots. In the above example, emea, mydomain, and net are the three labels of the emea.mydomain.net domain suffix.
In Windows versions prior to Windows 7 and Windows Server 2008 R2, the DNS name devolution level is always two. This means that if you type mailserver1 and the primary domain suffix is france.emea.dc.net, the DNS client will first try to resolve mailserver1.france.emea.dc.net, then mailserver1.emea.dc.net, then finally mailserver1.dc.net. At this point devolution will stop, because only two labels—dc and net—are left.
The default devolution level of two creates a security risk. It may cause domain-joined computers to connect to a malicious computer on the Internet that's outside of the control of an organization's AD domain. Let me illustrate this with an example.
A domain-joined computer's primary domain suffix is mycompany.fl.us (mycompany is located in Florida, hence the extension fl.us) and tries to connect to mailserver1. In this example, the DNS client will try to resolve mailserver1.mycompany.fl.us and mailserver1.fl.us. The last name in this list, mailserver1.fl.us, is outside of the control of my company. If a malicious person has registered mailserver1.fl.us in the DNS, the name resolution will succeed, the domain-joined computer will try to connect to it, and the malicious user could spoof an internal server.
In Windows 7 and Server 2008 R2, Microsoft changed the default DNS devolution behavior such that it cannot cause an internal client to connect to an external computer. Microsoft also provides an update for older Windows platforms to bring the new DNS devolution logic to these older platforms. Microsoft offers more information on this fix.
The DNS devolution logic has changed as follows:
  • If the number of labels in the AD forest root domain's DNS name is one or a machine's primary DNS suffix doesn't end with the forest root domain's DNS name, DNS devolution is automatically disabled. For example, if a computer is a member of the mycompany.com domain and the forest root domain name is mycompany.fl.us, devolution is disabled (mycompany.com does not end with mycompany.fl.us).
  • If a machine's primary DNS suffix ends with the forest root domain's DNS name, the devolution level is automatically set to the number of labels in the forest root domain. For example, if the computer is a member of the research.mycompany.fl.us domain and the forest root domain name is mycompany.fl.us, the devolution level is set to three (which matches the number of labels in mycompany.fl.us).
You can enable name devolution from the DNS tab in the advanced properties of the TCP/IPv4 and TCP/IPv6 protocols of a Windows box's network interfaces. When you click Append primary and connection specific DNS suffixes and select Append parent suffixes of the primary DNS suffix, name devolution is enabled, as shown here.
You can also centrally configure name devolution with the following Group Policy settings, which are located in the Computer Configuration\Administrative Templates\Network\DNS Client GPO container:
  • Primary DNS Suffix Devolution: This Group Policy Object (GPO) setting controls the HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\UseDomainNameDevolution registry value.
  • Primary DNS Suffix Devolution Level:  This GPO setting controls the HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DomainNameDevolutionLevel registry value.

How to connect Laptop to more than one IP network

Query:
How to create dual hardware profile in windows xp pro.
Or
How to assign two different class ip addresses to single Ethernet card.
I have two branch offices with two different ip class. Some of users are roaming (with laptop) and they use to visit both the branch offices frequently. Presently they are manually changing ip address (along with DNS IP) respected with branch ip. Can anyone suggest to get rid of this manually changing process??
The solution which I am looking for is the user can select profile (no windows user profile) and accordingly automatically ip can change.
without use of DHCP.

Solution:
Mobile Net Switch This program enables you to use your computer on more than one network with the click of a button. All changes are made instantly, and no reboot is required. The program lets you automatically select the correct drive mappings, printer settings, IP addressing. It's the ultimate tool for laptop users on different networks. This version adds support for manually specified DNS and WINS servers when using DHCP. Features: Mobile Net Switch is a network switch utility, also called a netswitcher or multinetwork manager and enables you to create multiple network profiles. The program has been designed to allow you to switch between several network profiles instantly, without needing to restart your computer. It also incorporates a professional yet easy to use interface and even allows you to enable none-admin users to configure network settings without technical knowledge. A (network) profile can be created for each location. With the click of a button the following settings can be
> modified instantly: IP Addressing (IP Address, Subnet mask, WINS, DNS, Default gateway), Internet Explorer and Firefox Proxy Server settings, Drive mappings, Internet Connection Firewall / Windows Firewall, ISA Server Firewall client 2000 and ISA Server Firewall client 2004, DNS Suffix, NetBIOS over TCP/IP, Internet Explorer Start Page, MAC Address, Dialup and VPN connection, Dialing rules, Default Printer, Mapi (Outlook) Profile, Time Zone, Outgoing SMTP mail server, Hosts file content, LMHosts file content, Sound volume, Sound mute, Wallpaper, Display Resolution, Numlock state, Restarting network cards, Enabling and disabling modems and more.
Read more about it

Saturday, August 28, 2010

What is DHCP Snooping

When DHCP servers are allocating IP addresses to the clients on the LAN, DHCP snooping can be configured on LAN switches to harden the security on the LAN to only allow clients with specific IP/MAC addresses to have access to the network. 
DHCP snooping is a series of layer 2 techniques. It works with information from a DHCP server to: 
        * Track the physical location of hosts. 
        * Ensure that hosts only use the IP addresses assigned to them. 
        * Ensure that only authorized DHCP servers are accessible. 
In short, DHCP snooping ensures IP integrity on a Layer 2 switched domain. 
With DHCP snooping, only a whitelist of IP addresses may access the network. The whitelist is configured at 
the switch port level, and the DHCP server manages the access control. 
Only specific IP addresses with specific MAC addresses on specific ports may access the IP network. 
DHCP snooping also stops attackers from adding their own DHCP 
servers to the network. An attacker-controlled DHCP server could wreak 
havoc in the network or even control it. 
Web Ref:
Understanding and Configuring DHCP Snooping
Configuring DHCP Snooping

Thursday, August 26, 2010

Solaris Commands

Starting, Stopping and Rebooting


Boot solaris from ok prompt boot
Boot Solaris and reconfigure from ok prompt boot –r
Boot Solaris from CD / Install Solaris boot cdrom
Boot Solaris from network boot net
Install Solaris from network boot net - install
Shutdown machine to OK prompt init 0
Shutdown and power off machine init 5
How to interrupt bootup STOP key and A key together or send from terminal emulator BREAK signal
Boot solaris in single user & system maintenance mode init s or S
Shutdown with grace time shutdown -y -g5 -i6
Rebooting to Default Runlevel init 6
If system has 2 Solaris OS say 8/9 to boot in OS us eeprom


Installing and Managing software

Display list of all installed packages pkginfo
Display patches installed showrev –p
Install a package in file fcaw.pkg pkgadd –d fcaw.pkg
Check the install of package JNIfcaw pkgchk JNIfcaw
Display version / info etc of package abc pkginfo –l abc
Remove a package JNIfcaw pkgrm JNIfcaw
Find what package a file called x is in grep x /var/sadm/install/contents

Saturday, August 21, 2010

Nessus : Premier UNIX vulnerability assessment tool

Nessus was a popular free and open source vulnerability scanner until they closed the source code in 2005 and removed the free “registered feed” version in 2008. A limited “Home Feed” is still available, though it is only licensed for home network use. Some people avoid paying by violating the “Home Feed” license, or by avoiding feeds entirely and using just the plugins included with each release. But for most users, the cost has increased from free to $1200/year. Despite this, Nessus is still the best UNIX vulnerability scanner available and among the best to run on Windows. Nessus is constantly updated, with more than 20,000 plugins. Key features include remote and local (authenticated) security checks, a client/server architecture with a GTK graphical interface, and an embedded scripting language for writing your own plugins or understanding the existing ones.





What is hacking?

The terminology, hacking, was initially used to refer to the process of finding solutions to rather technical issues or problems. These days, hacking is used to refer to the process whereby intruders maliciously attempt to compromise the security of corporate networks to destroy, interpret or steal confidential data; or to prevent an organization from operating.
Different terminology is used to refer to criminal hacking:

  • Cracking

  • Cybercrime

  • Cyberespionage

  • Phreaking
To access a network system, the intruder (hacker) performs a number of activities:

  • Footprinting: This is basically the initial step in hacking a corporate network. Here the intruder attempts to gain as much information on the targeted network by using sources which the public can access. The  aim of footprinting is to create a map of the network to determine what operating systems, applications and address ranges are being utilized, and to identify any accessible open ports.
    The methods used to footprint a network are listed here:

    • Access information publicly available on the company Web site to gain any useful information.

    • Try to find any anonymous File Transfer Protocol (FTP) sites and intranet sites which are not secured.

    • Gather information on the domain name of the company and the  IP address block being used.

    • Test for hosts in the  IP address block of the network. Tools such as Ping or Flping are typically used.

    • Using tools such as Nslookup, the intruder attempts to perform Domain Name System (DNS) zone transfers.

    • A tool such as Nmap is used to find out what the operating systems are which are being used.

    • Tools such as Tracert are used to find routers and to collect subnet information.

  • Port scanning: Port scanning or simply scanning, is the process whereby which intruders collect information on the network services on a target network. Here, the intruder attempts to find open ports on the target system.
    The different scanning methods used by network attackers are:

    • Vanilla scan/SYNC scan: TCP SYN packets are sent to the ports of each address in an attempt to connect to all ports. Port numbers 0 - 65,535 are utilized.

    • Strobe scan: Here, the attacker attempts to connect to a specific range of ports which are typically open on Windows based hosts or  UNIX / Linux based hosts.

    • Sweep: A large set of IP addresses are scanned in an attempt to detect a system that has one open port.

    • Passive scan: Here, all network traffic entering or leaving the network is captured and traffic is then analyzed to determine what the open ports are on the hosts within the network.

    • User Datagram Protocol (UDP) scan: Empty UDP packets are sent to the different ports of a set of addresses to determine how the operating responds. Closed UDP ports respond with the Port Unreachable message when any empty UDP packets are received. Other operating systems respond with the Internet Control Message Protocol (ICMP) error  packet.

    • FTP bounce: To hide the location of the attacker, the scan is initiated from an intermediary File Transfer Protocol (FTP) server.

    • FIN scan: TCP FIN packets that specify that the sender wants to close a TCP session are sent to each port for a range of IP addresses.

  • Enumeration: The unauthorized intruder uses a number of methods to collect information on applications and hosts on the network, and on the user accounts utilized on the network. Enumeration is particularly successful in networks that contain unprotected network resources and services:

    • Network services that are running but which are not being utilized.

    • Default user accounts which have no passwords specified.

    • Guest accounts which are active.

  • Acquiring access: Access attacks are performed when an attacker exploits a security weakness so that he/she can obtain access to a system or the network. Trojan horses and password hacking programs are typically used to obtain system access. When access is obtained, the intruder is able to modify or delete data; and add, modify or remove network resources.
    The different types of access attacks are listed here:

    • Unauthorized system access entails the practice of exploiting the vulnerabilities of operating systems, or executing a script or a hacking program to obtain access to a system.

    • Unauthorized privilege escalation is a frequent type of attack. Privilege escalation occurs when an intruder attempts to obtain a high level of access like administrative privileges to gain control of the network system.

    • Unauthorized data manipulation involves interpreting, altering and deleting confidential data.

  • Privilege escalation: When an attacker initially gains access to the network, low level accounts are typically used. Privilege escalation occurs when an attacker escalates his/her privileges to obtain a higher level of access, like administrative privileges, in order to gain control of the network system.
    The privilege escalation methods used by attackers are listed here:

    • The attacker searches the registry keys for password information.

    • The attacker can search documents for information on administrative privileges.

    • The attacker can execute a  password cracking tool on targeted user accounts.

    • The attacker can use a Trojan in an attempt to obtain the credentials of a user account that has administrative privileges.

  • Install backdoors: A hacker can also implement a mechanism such as some form of access granting code with the intent of using it at some future stage. Backdoors are typically installed by attackers so that they can easily access the system at some later date. After a system is compromised, you can remove any installed backdoors by reinstalling the system from a  backup which is secure.

  • Removing evidence of activities: Attackers typically attempt to remove all evidence of their activities.

Understanding Network Attacks

network attack can be defined as any method, process or means used to maliciously attempt to compromise the security of the network.
There are a number of reasons why an individual(s) would want to attack corporate networks. The individuals performing network attacks are commonly referred to as network attackers or hackers or crackers.
A few different types of malicious activitiesperformed by network attackers and hackers are summarized here:

  • Illegally using user accounts and privileges.

  • Stealing hardware.

  • Stealing software.

  • Running code to damage systems.

  • Running code to damage and corrupt data.

  • Modifying stored data.

  • Stealing data.

  • Using data for financial gain or for industrial espionage

  • Performing actions that prevent legitimate authorized users from accessing network services and resources.

  • Performing actions to deplete network resources and bandwidth.
A few reasons why network attackers attempt to attack corporate networks are listed here:

  • Individuals seeking fame or some sort of recognition. Script kiddies usually seek some form of fame when they attempt to crash Web sites and other public targets on the Internet. A script kiddie could also be looking for some form of acceptance or recognition from the hacker community or from black hat hackers.

  • Possible motives for structured external threats include:

    • Greed

    • Industrial espionage

    • Politics

    • Terrorism

    • Racism

    • Criminal payoffs

  • Displeased employees might seek to damage the organization's data, reliability, or financial standing.

  • There are though some network attackers that simply enjoy the challenge of trying to compromise the security systems of highly secured networks. These types of attackers simply see their actions as a means by which existing security vulnerabilities can be exposed.
Network attacks can be classified into the following four types of attacks:

  • Internal threats

  • External threats

    • Unstructured threats

    • Structured threats
Threats to the network can be initiated from a number of different sources, hence the reason why network attacks are classified as either external network attacks/threats, or internal network attacks/threats:

  • External threats: External threats or network attacks are carried out by individuals with no assistance from internal employees or contractors. These attacks are typically performed by a malicious experienced individual, a group of experienced individuals, an experienced malicious organization, or by inexperienced attackers (script kiddies). External threats are usually performed by using a predefined plan and the technologies (tools) or techniques of the attacker(s). One of the main characteristics of external threats is that it usually involves scanning and gathering information. You can therefore detect an external attack by scrutinizing existing firewall logs. You can also install an Intrusion Detection System to quickly identify external threats.
    External threats can be further categorized into either structured threats or unstructured threats:

    • Structured external threats: These threats originate from a malicious individual, a group of malicious individual(s) or from a malicious organization. Structured threats are usually initiated from network attackers that have a premeditated thought on the actual damages and losses which they want to cause. Possible motives for structured external threats include greed, politics, terrorism, racism and criminal payoffs. These attackers are highly skilled on network design, the methods on avoiding security measures, Intrusion Detection Systems (IDSs), access procedures, and hacking tools. They have the necessary skills to develop new network attack techniques and the ability to modify existing hacking tools for their exploitations. In certain cases, the attacker could be assisted by an internal authorized individual.

    • Unstructured external threats: These threats originate from an inexperienced attacker, typically from a script kiddie. A script kiddie is the terminology used to refer to an inexperienced attacker who uses cracking tools or scripted tools readily available on the Internet, to perform a network attack. Script kiddies are usually inadequately skilled to create the threats on their own. Script kiddies can be considered as being bored individuals seeking some form of fame by attempting to crash Web sites and other public targets on the Internet.
    External attacks can also occur either remotely or locally:

    • Remote external attacks: These attacks are usually aimed at the services which an organization offers to the public. The various forms which remote external attacks can take are listed here:

      • Remote attacks aimed at the services available for internal users. This remote attack usually occurs when there is no firewall solution implemented to protect these internal services.

      • Remote attacks aimed at locating modems to access the corporate network.

      • Denial-of-service ( DoS) attacks to place an exceptional processing load on servers in an attempt to prevent authorized user requests from being serviced.

      • War-dialing of the corporate private branch exchange (PBX).

      • Attempts to brute force password authenticated systems.

    • Local external attacks: These attacks typically originate from situations where computing facilities are shared, and access to the system can be obtained.

  • Internal threats: Internal attacks originate from dissatisfied or unhappy inside employees or contractors. Internal attackers have some form of access to the system and usually try to hide their attack as a normal process. For instance, internal disgruntled employees have local access to some resources on the internal network already. They could also have some administrative rights on the network. One of the best means to protect against internal attacks is to implement an Intrusion Detection System, and to configure it to scan for both external and internal attacks. All forms of attacks should be logged and the logs should be reviewed and followed up.
With respect to network attacks, the core components which should be included when you design network security are:

  • Network attack prevention.

  • Network attack detection.

  • Network attack isolation.

  • Network attack recovery.

Search & Buy Amazon Products at discounted rate!!

Newsletter

Subscribe to AtoZ-networking Newsletter

Do you want to receive Linux FAQs, Microsoft FAQ, Solaris FAQ, detailed Networking tutorials and tips published at atoz-networking? Enter your email address below, and we will deliver our Linux posts straight to your email box, for free. Delivery powered by Google Feedburner.

Sign-up for the newsletter