Friday, June 29, 2012

Four Basic Steps for a Safer Computer

With the advance designs in malware, phishing scams, and unintentional software security flaws, it is extremely important to maintain strong vigilance. The major factor of this is the vast expansion of users that are now on the Internet. More money can be made by these malicious users than ever before. Fortunately, with several basic steps and pieces of key knowledge, you can safely traverse through the largest network in the world, the internet.

1) Solid Anti-Malware Software

It seems to be common sense these days, but anti-malware software is a necessity on any personal computer. A good software actively scans all network communication including the following:

  • Web & Scripts
    • Protects against viral images and scripts designed to execute malicious code utilizing security holes in browser and operating system software.
  • Mail
    • Protects against malicious E-mails, scripts, and viral images.
    • Some track, and detect potential Phishing scams as well.
    • Works only for POP3, or IMAP email. (Loaded in an external mail program.
      • Gmail, Yahoo, and Live mail would be covered using the Web & Scripts application.
  • Peer 2 Peer
    • Protects against communications using peer to peer connections.
  • Instant Messenger
    • While it is much less frequent than in previous years, exploits could be executed by using instant messenger programs such as Yahoo Messenger, ICQ, Microsoft Live, and AOL Instant Messenger (AIM).
  • Resident Execution Scanners
    • Detects active programs for malware activity
  • Network
    • Determines traffic on the local network that reaches your computer.
    • Often infected computers will attempt to spread the malware throughout the entire network.

As well, look for software that provides malware database updates at least four times a week. This information is not publically available, yet once you begin using the software it will become self evident. Maintaining the program version up to date, and the database are the most important aspects of utilizing anti-malware software. Without any updates, it becomes useless.

Great examples of anti-malware software are Avast Anti-virus, and AVG.

2) Keep Windows and Internet Software Updated

Security flaws are consistently evolving due to malicious individuals finding new ways to move beyond existing security. As a result, Microsoft consistently updates their operating system and critical software such as Internet Explorer (IE) often. Unless there is an absolute critical security alert, Microsoft will push security and bug fixes live to the public on Tuesdays. An entire team is devoted to detecting and repairing security loopholes to attempt to maintain data integrity of their millions of customers. If one does not perform routine software updates, they will never gain from the benefits of these security updates.

All software that access the internet should be always the current version. This includes, but is not limited to:

  • Internet Browsers
    • Internet Explorer
    • Firefox
    • Chrome
    • Safari
    • Opera
  • Flash, Shockwave & Silverlight
    • Flash & Shockwave have been strongly targeted for maliciously injected code over the past year.
  • Email Clients
    • Outlook
    • Eudora
  • Peer to Peer Clients
    • These clients are notorious for spreading viral information. Please use for legal reasons, and at your own peril.
  • Online Games
    • Such as Online Poker, or other free software.
      • Prior to installing, ensure you thoroughly malware scan to ensure file integrity.

3) Do Not Open Unknown Links or E-mails

This falls along the same lines that your parent’s have taught you from very young, don’t talk to strangers. If you are unsure of the link or Email, do not click on it. Often, malicious individuals will create mass Emails, false webpages, or both to attempt to gain access to your computer, or personal information. With good anti-malware protection you can often avoid these instances, the software is not 100% fool proof. It is often a good idea to hover your mouse over a web link, and look at the status bar to ensure the link is the same. As an example,

bad_link

Click to Enlarge

4) Ensure Site is Legitimate

While it seems like common sense, there are many sites that attempt to duplicate popular websites to gather your information. Once you enter your personal data, it is often swept away into a database and sold to a large quantity of identity thieves.  For this reason, it is extremely important to ensure the site you are on is real. A general rule of thumb, if there is doubt, don’t fill it out.

A major sign of a valid website are Secure Socket Layer (SSL) certificates. This is typically only common on bank sites, but even social media sites such as Facebook and Twitter have joined the SSL movement. SSL is a method of sending data securely over an encrypted path, commonly at 128 bits. Valid SSL certificates are maintained by a third party company to ensure the sanctity of the SSL connection. Since there are only a few trusted SSL Certificate Authorities on the internet web browsers accept, it is extremely difficulty to create a false valid certificate. The following will display how a valid and invalid certificate will appear:

good_cert

Click to Enlarge

You will notice that the browsers change the color of their bar to either green, or blue. This depends upon the browser and the level of security. Currently, Twitter has a higher level of secured certificate than Facebook.

Example of bad certificate in Chrome:

image

Click to Enlarge

Example of bad certificate in Internet Explorer

image

Click to Enlarge

Example of a bad certificate in Firefox

image

Click to Enlarge

Chrome, and Internet Explorer are very direct in displaying an invalid certificate. Currently, Firefox does allow the page to load with only a small blue symbol prior to the address bar.

A secondary way to ensure validity of a website is to check the registrar of domains. Essentially, when a domain name, (Example: Google.com) is purchased, there is public record of who purchased it. For this, you need to go to a valid registrar, and type in the address. The following is an example of Google.com’s Who Is registrar:

image

Click to Enlarge

A Who Is forum is available at Network Solutions.

While no method is one hundred percent fool proof, these methods should assist you in maintaining a clean, and secure computer. As with all things in life, allow your common sense and gut instinct lead as you journey through cyberspace.

Thursday, June 28, 2012

Microsoft Windows 8 for $15? It is true! Ok, partially

       Microsoft is currently offering an offer for individuals who have purchase a Windows 7 (any edition except starter) computer between June 2, 2012 and January 31, 2013 the chance to purchase a full copy of Windows 8 Professional for $15.00.
       There are several nice aspects of this deal in compared to previous releases. This release, the offer is completely executed by Microsoft. Therefore, you do not have to work with the computer manufacturer to get your copy. Secondly, this is a direct download, but a media copy of the operating system can be purchased for a minimal additional cost. If you do purchase a Windows 7, please be sure to grab your receipt and go to the Microsoft Windows Upgrade Offer.
       An additional nice feature is that you do not have to install Windows 8 on the computer that you purchased between June 2, 2012. If you don’t wish to use Windows 8 but wish to gift it to someone you know, you can. Once the operating system has been downloaded, it is then attached to the serial number of the computer installed on. Fortunately, any computer that is Windows 7 certified will be able to run Windows 8.  Lastly, you do receive 90 days of Microsoft Technical support with this upgrade offer.
      If you are holding off to purchase a new computer waiting for Windows 8 to come out, there really is not any reason to do so now.

Monday, June 25, 2012

Networking 101 – Network Topologies

Networking is an essential tool that is utilized in society today. Everywhere you look, networks are prevailing in our technology. Common devices that use networks are cell and landline telephones, pagers, computers, registers, security cameras, and cable/satellite television. Without this technology, our world would be a much different place. For this reason, I am going to spend some time discussing different aspects of networking in the next several posts.

The purpose of a network is to allow many users to access one common resource simultaneously. Currently, are you on the most popular network available, the Internet. Terms such as DSL, Cable Modems, Routers, and Wi-Fi are common in daily life, yet much more exists to interconnect computer resources.

Network Topology

A network topology is the physical and logical way of how the network operates. Four primary topologies exist within modern networking protocols, each with their own negatives and benefits.

Bus Topology

Bus topology networks are one of the oldest true network topology that still operates today. This simplistic method of interconnecting computers using a single cable. The terminology for this coaxial cable is a trunk, or backbone.  Utilizing this method, it requires all computers, or hosts, on the network to view every piece of data sent over the network.

This form of network topology has a major benefit to others in only one factor, cost. Since it only requires once piece of network media, or cable, the implementation costs are fairly inexpensive. On the opposite spectrum, a bus topology requires that all hosts are functioning for the entire network. As a result, the network can fail from a single point of failure. In addition, due to the nature of each host required to listen to the network traffic, each host that is added to the network creates further performance degradation.

To make this work, a coaxial cable connects to each computer using a T-connector. Due to the “daisy chaining” of the computers on the network, it is required that the ends have a terminator. Without the terminator at both ends of the bus cable, the network will believe a section of the network is not functioning, and effectively not work. The following is a crude topological map of a bus network.

Bus Topology

During standard bus topology communication, the host that is attempting to send the data will listen for a short period of time, then send data out on the network. For example, host A wishes to send data to host E. Host A will send the data, and hosts B, C, D, and E will all receive the data. Inside the data packet, it will specify the recipient, therefore, host B, C, and D will dismiss this data as non-relevant data and not store it. Host E will receive the data and store it locally for further use.

If two hosts were to listen, determine it is safe to send data, and send it simultaneously, an event known as network collision would occur. When this occurs, all hosts on the network disregard all data on the network, and wait a random period of time prior to sending data once again. By utilizing a random period of time generated by the network card, it almost always prevents a second network collision from happening.

Ring Topology

The next evolution of the network topologies is the ring topology. Much like the bus network, this form utilizes a single data cable throughout the entire network. The major difference is that the network media loops into itself rather than terminating. A token ring is the most popular version of a ring topology network

A continuation of sharing characteristics with the bus topology, the benefit exists in the low installation cost. Negatives are displayed by the single point of failure, and slowing of the network with each added host. Each computer is connected utilizing T-connectors until a complete loop has been completed.

The following is a rough topological map of a ring topology:

Ring Topology

The procedure of sending data packets is different than that of the bus topology. Rather than the entire network listening at one point in time, it is received by one host at a time. With this method, it is possible to have several data packets on the network simultaneously since the communications occur only between the two hosts in tandem within the ring.

As an example, host B wishes to send data to host E. To initiate the communication, host B will wait to ensure there is no traffic on the network. Once it is clear, it will send the data packet to host C. Since the packet is addressed to host E, and not C, it will send the data packet along the ring to host D. Host D will recognize the address is not for it, and continue the ring by sending the data to host E. When arriving at host E, it will accept the data and store it locally. In this example, host A would not know that there had been a communication occurring on the network.

Star Topology

The star topology is a very common topology utilized in networks today, especially in home networking. This method utilizes a central hub or switch to interconnect computers together.  Two forms of network media are prevalent with star topology, Cat5E and wireless media (Wi-Fi).

A major benefit to this topology is that it is extremely easy to troubleshoot in the event of network media, or host failure. In addition, unlike the previous two topologies if the host or network media does fail, it does cause a critical failure of the network. Only that host’s resources will be unavailable. A slight disadvantage of this method is a higher cost of implementation than the previous two since additional media and hardware is required.

The following is a basic diagram of the star topology:

image
Utilizing a basic setup with a hub, this network will operate similar to the bus topology. Briefly, hubs operate as a repeater only broadcasting data received to all ports except that of the sender. An Example utilizing a Hub is if host A is required to access a resource on computer C. As with all communications, host A will listen to ensure network traffic is not occurring. When clear, it will send a packet addressed to computer C. The hub will receive the packet, and redistribute it to hosts, B, C, D, and E. All of the computers will read the address of the packet and will discard the information except for host C, which will store the data locally.

If the star topology was being utilized by a switch, it would operate more efficiently. A switch directs packets by the address of the recipient. Utilizing the same example as with the hub, host A would listen for an available network, then send the packet destined for host C. The switch will receive the packet, read the address and forward it to host C. Hosts B, D, and E will not know about the existence of the data packet. Since switches can store data internally for a temporary period of time, theoretically, different hosts can send data simultaneously, and the switch will direct the data in order it was received to the appropriate host.

(More will be discussed about switches, hubs, routers, and bridges in a later document.)

Mesh Topology

A true mesh is the most redundant topology since computers are connected to each other directly. This becomes a major disadvantage since a vast number of network media would be required to connect each host to each other. As an example, in a network with 10 hosts, each host would require 9 runs of network media. Therefore, one 10 host network would require 99 lengths network media (9 cables per host X 10 hosts). Obviously, this is a major disadvantage that often overweighs the positive of complete redundancy.

Other disadvantages to these networks are they are difficult to manage and troubleshoot. A major example of a mesh network is the internet backbone that provides internet service providers with access to the internet.

In most cases, mesh networks are implemented as a partial mesh, with only two or three network media running from each computers. This still produces a high level of redundancy, while drastically reducing the costs utilizing only 20 – 30 media cables. To qualify as a true mesh, it requires at least three host computers.

The following is a representation of a full mesh network:

Full Mesh Topology

This topology utilizes a direct method of sending data. The host will recognize which network media the recipient resides upon and sends it. If that network media fails, it will send it along the next working piece of network media for that host to forward to the recipient.

Conclusion

Unless in a home environment, most networks are a hybrid of two or more of these types of network. Each has their own strengths and weaknesses. The major factor to decide which topology to utilize often comes down to reliability verses cost.

Thursday, June 21, 2012

Fujitsu Laboratories, NICT and Kyushu University Crack 923 Bit Cryptography

     On June 18th, 2012 the world record of cracked cryptology shown that even extremely difficulty and long encryption can be cracked. This effort took the team twenty one computers (252 total cores) working on the encryption for 148.2 days straight. Prior to this, scientists thought that this form of encryption would take thousands of years to defeat. To place this feat into more common terms, with the encryption utilized, there was 253  or 9,007,199,254,740,992 possibilities. So what was the solution of the key? 1752799584850668137730207306198131424550967300.

    A major factor in the decrease of actual verses theorized time is the ingenuity of the team. According to Fujitsu, they “a technique optimizing parameter setting that uses computer algebra, a two dimensional search algorithm extended from the linear search, and by using our efficient programing techniques to calculate a solution of an equation from a huge number of data, as well as the parallel programming technology that maximizes computer power.” Another factor is the vast increase in processing power and memory technologies.

   What does this mean for the future of information security? Several benefits come out of this discovery. The immediate effect is the discovery of the actual level of security in current cryptography protocols. More importantly, this provides extremely valuable analytical data to build the next generation of encryption.

Courtesy of NICT

      Currently, the primarily discussed next generation of public key encryption by these three organizations is pairing-based. Theorized this encryption technique based on the ability of discrete logarithm problem (DLP) to interact with each other. Looking at the general DLP equation, a = gd utilizing a public and private key could obtain extremely high bit-rate encryption. Utilizing this technology, three distinct possibilities are being looked at are identify-based encryption, keyword searchable encryption, and functional encryption. 

     While the security technologies are constantly evolving and becoming better, events such as these remind us that evolution is a necessity. Fortunately, researchers are working on complex mathematical equations and techniques to keep our data relatively safe for years to come.

Wednesday, June 20, 2012

Free Windows Server 2012 eBook by Microsoft


     Microsoft released today an eBook based upon the release candidate of Windows Server 2012. Part sales, but mostly informative introduction to the new 2012 edition of the server family this guide details the technicalities involved with the release including the heavily expanded cloud integration within the platform. To download this book to review for yourself, it can be located here.

Windows 7 Series: Parental Controls using Windows Live Essentials

            The purity and safety of our children while they are using the Internet is a great concern for all parents. Fortunately, there are tools available built into Windows 7. Utilizing the Windows 7 parental controls you can set access levels for Internet pages and games they can play. In an administrative account, you can audit the children’s activity online to see what they were accessing. In addition, you can control the hours that the child’s account can be logged in, helping with the dreaded “ log off” time.

            In order to utilize the parental controls, a standard permissions user account would have to be created for the child. If you are unsure how complete this, visit our Windows 7 Series: Creating a Standard User Account Guide. As well, to gain the advanced feature such as web content filtering, you must install the Microsoft Live Essentials application. You can download it directly from the Microsoft Live Essentials site by clicking here.

Click the Start Menu then select Control Panel.
Click image to Enlarge

Select the Set up parental controls for any user option
Click image to Enlarge

This action may bring a User Access Control window to appear. Select Yes. Once this has been completed, a Parental Control Window will appear. Select the desired account. In my case, I will select the Children account.
Click image to Enlarge

If you have selected to download the Microsoft Live Essentials, this will the Windows Live Family Safety application. After you log in, place a check box next to the user account you wish to monitor, and select Next.
Click image to Enlarge

Select the Select a Family Safety Member drop down box, and choose Add user_name then select Save.
Click image to Enlarge

After a few minutes of processing, a window will appear which will advise you if the group has been created successfully. Close this window out, and return to the Parental Control Window that was left open. Select the appropriate user account. this will launch an Internet Explorer window to the Family Safety Configuration Homepage. 
Click image to Enlarge

Depending upon your needs, you can edit towards your requirements. The following screen shots display the various settings that you can modify within the Parental Control Configuration.

Click image to Enlarge

In this option, you select the hours the account can be utilized using the blue to fill the dates and times. For example in my account, it can be used seven days a week from 9 A.M.  - 6 P.M. Windows 7 only supports one hour time ranges.
Click image to Enlarge

Click image to Enlarge

Click image to Enlarge

Click image to Enlarge

Click image to Enlarge

Click image to Enlarge


Tuesday, June 19, 2012

Windows 7 Series: Creating a Standard User Account


            Occasionally there will be an instance where you would like someone to use your computer, yet not have the ability to change settings or install programs. While you can enable the guest account, no information such as bookmarks is saved after the user logs out. The other alternative is to create a standard user account. This can be completed easily, and in just minutes!

To get started,  go to the Start Menu then select Control Panel 


Select Add or remove user accounts

This action may bring a User Access Control window to appear. Select Yes. Once this has been completed, a Manage Accounts window will appear. Select Created a new account.
Click to Enlarge

Type in your chosen user name, ensure the Standard user option is selected, then select Create.
Click to Enlarge


    In just a few easy steps, you have created a standard account for others to use! It is heavily recommended to create a password for your account if you have concern about unauthorized access to the administrative account.