In my last post, i blogged about UTM’s which got a fairly positive response over mail :) . UTMs can be simply expressed as Next generation Firewalls, have evolved specifically from conventional firewalls. The first firewalls were software firewalls which were itself evolved from software routers.
Later on as technology evolved, and hardware routers came into scene, hardware firewalls arrived which were nothing more than routers with packet filtering capabilities. Furthermore, the technology matured from basic packet filtering to a more complex control technology which included stateful packet inspection and finally to full application layer inspection devices (IEEE, 1997). Around the year 2000, VPN’s appeared and gained acceptance as the mainstream technology to connect networks securely, remotely. Firewalls followed closely by integrating VPN’s with Firewall which was the natural choice as enterprise solutions required both firewalls and VPNS.
As the prices for bandwidth fell along with the cost of cryptographic hardware needed to encode and decode the traffic, the need for specialized hardware rose which may be used to accelerate the performance.
Unified Threat Management
In mid 2004, International Data Corporation (IDC) defined UTM platforms as to minimally include firewall, VPN, intrusion prevention and antivirus features. Touted as “Next Generation Firewalls”, we have two approaches to design the UTM’s since their inception.
- Licensing and Integrating Approach (Multi vendor UTM)
- In-house Development Approach (Single vendor UTM)
The above figure illustrates the core architecture and development approach of developing UTMs
Licensing and Integrating Approach (Multi vendor UTM)
The first design approach tried to get the best of worlds by integrating specialized technologies from different security vendors. For e.g.:
Cyberoam UTM licenses Antivirus from Kaspersky, AntiSpam by Commtouch , both who specialize in Antivirus and AntiSpam technologies.
These UTM’s provided an integrated interface to manage all the integrated technologies in the easiest possible manner, while some others require specific management interfaces.
| || |
| || |
| || |
| || |
In-house Development Approach (Single vendor UTM)
| || |
| || |
| || |
| || |
In my next article I will be discussing more about UTMs. Please add your points so I can make it better.
A brief history
Earlier, the enterprise security scenario was divided into traditional firewalls & targeted applications like Antivirus, Anti spam & Intrusion Detection Systems.
However in 2004 , a new trend emerged which combined multiple security features into one single hardware platforms thereby eliminating the need of machine to machine protection.
Since its inception, UTM’s are one of the fastest growing segment in the security appliance sector.
Why UTM ?
- UTM’s provide one stop solution for security needs of an organization.
- The integrated approach allows the administrator to worry about only one device, not the whole flurry of firewalls, antiviruses & IDS/IPS.
- Increase in blended attacks against organizations has led to older specialized protection devices/services obsolete.
- Cost effective , tell me one thing, which will be more costlier ? One decent firewall, site licenses of Antivirus, Anti spam, Anti phishing, IDS, IPS etc or a single UTM device with combined subscription costs ? The answer is the second one :)
- One stop reporting solution.
by Rishabh Dangwal · 2
Hi friends, I am free this weekend :) & i believe most of you will be too. So, why dont you catch up with me at Maipu Convergence India 2011 ? I have been invited at Maipu Convergence India 2011 this weekend at Delhi, Pragati Maidan on Saturday 25 Feb 2011. If you want to join me, just drop an email at firstname.lastname@example.org / comment on this post, I will forward the invite to you so you don't have any problems there. I will be accompanied by fellow blogger & senior Amarjit Singh & we can have a look at new Maipu’s offerings & have a chitchat on security.
Maipu is the China’s best network solution providers & have been serving the international market for last 18 years. At Convergence 2011, Maipu will be showcasing the “New World, New Choice” for the business.
See you there :)
While I was messing with Routers & virtualisation products, I came across FREESCO which is an open alternative to routing products offered by Cisco, 3-Com, Accend, Nortel etc. While all of these companies offer products that are well made, the overhead and overall costs can be expensive.FREESCO is open source, stable, inexpensive, easy to use, extremely versatile and flexible ... and best of all, its is FREE.
FREESCO is based on the Linux operating system. And incorporates many of the features of other Linux distributions into software that fits onto a single 1.44 meg floppy diskette. It is also possible to run it entirely from RAM, in which case no disk activity occurs after startup. FREESCO works on any IBM compatible PC (i386 compatible spec or higher) and can be optionally installed to a hard disk. In practice this means Intel 80486SX or better, with 12 MByte. Preferably more than 16 MByte to enable servers.With FREESCO, you can configure:
- a simple bridge with up to 10 Ethernet segments
- a router with up to 10 Ethernet segments
- a dialup line router
- a leased line router
- an Ethernet router
- a dial-in server with up to 10 modems (with multiport modems).
- a time server
- a dhcp server
- a http server
- a ftp server
- a dns server
- a ssh server
- a print server (requires TCP/IP printing client software)
FREESCO also incorporates firewalling and NAT, which are resident within the Linux kernel, to help protect you and your network. All of these features can be used in conjunction with each other or individually.
More recent versions of Linux software (e.g. Apache 2) are often not available for FREESCO because they are not compatible with FREESCO's kernel. Also, newer hardware (such as Gigabit Ethernet cards) may not be usable under FREESCO due to an absence of their drivers for the 2.0.x Linux kernel. FREESCO does not at present support load-balancing.Also, FREESCO does not support USB.
by Rishabh Dangwal · 2
Hi folks..I have started my first steps into Cisco, & would be sharing my small experiments in it. Actually , this time I am covering the basics using GNS3 which is a powerful open source network simulator to simulate a simple topology of 2 routers with their basic configuration & commands. I assume you have worked with GNS3 or atleast know how to load IOS & make a simple topology..
So, firstly download GNS3 & install it. Get IOS images from and load them (if you are really not sure of this step, mail me, I will expand the basics more)
The topology I created is this -
2 routers connected via gigabit . What we will be doing is -
- Set router password.
- Set telnet password
- Set Console Password
- Encrypt All passwords.
- Set Ip Address of routers.
Anyways, I start by right clicking on R2 router.
Connected to Dynamips VM "R2" (ID 7, type c7200) - Console port
To get into privilege mode, type this command.
To configure router, type this command ..
Enter configuration commands, one per line. End with CNTL/Z.
To set router password & encrypt all passwords type these commands
R2(config)#enable secret router2
Now to set console & its password type these commands
R2(config)#line console 0
Now to set telnet (vty/virtual terminal) & its password type these commands
R2(config)#line vty 0 4
Once done, you can now configure the interface by typing these commands
R2(config-if)#desc ROUTER LAN 2 GIGABIT INTERFACE
R2(config-if)#ip address 192.168.1.20 255.255.255.0
*Feb 19 19:56:42.035: %LINK-3-UPDOWN: Interface GigabitEthernet1/0, changed state to up
*Feb 19 19:56:42.035: %ENTITY_ALARM-6-INFO: CLEAR INFO Gi1/0 Physical Port Administrative State Down
*Feb 19 19:56:43.035: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0, changed state to up
*Feb 19 19:56:47.723: %SYS-5-CONFIG_I: Configured from console by console
Once done, you can see the configuration by typing -
Current configuration : 932 bytes
upgrade fpd auto
service timestamps debug datetime msec
service timestamps log datetime msec
enable secret 5 $1$trNZ$uNTgBIA1QG43/4YEB29lf/
no aaa new-model
no ip domain lookup
multilink bundle-name authenticated
no ip address
description ROUTER LAN 2 GIGABIT INTERFACE
ip address 192.168.1.20 255.255.255.0
no ip http server
no ip http secure-server
logging alarm informational
line con 0
exec-timeout 0 0
password 7 070C2E425D061500
line aux 0
line vty 0 4
password 7 06120A2D424B1D
If done properly, it will look like more or less the same I have pasted above. Also, as you can see, all the passwords are encrypted. In the similar way you can configure Router 1. Make a note os passwords, I have kept quite simple passwords just to demonstrate the configuration. Please keep secure passwords , read my article on how to create secure passwords.
I hope you enjoyed this simple guide, till next time.
I am in a fix nowadays, I m inside a secure network which is protected by squid on port 8080 & blocks all the generic ports by default like ftp one. Since I have created a program which uses ftp (a covert program actually) it wont work on the scenario when you are behind an Intranet protected by squid nat-ted by routers (Maipu/cisco plus I am dead sure the firewall is a stateful one) .
Any ideas ? Also, I cant use a static IP program / VPN tunnels as they wont work. Cant launch a mass scale cdp based attack on the network as its an official one. Any ideas on fooling squid ?
Comments are welcome, details will be provided on program & network on request
Plus, don't expect me to reverse engineer the source code & create a custom exploit, don't have much time, don't have that patience. I might do as well, only if I am convinced that there is no other way. In the mean time, I am here for your valuable suggestions & ideas.
The site is extremely easy to use, I uploaded a file over it and it took less than a minute to generate results.
The file was found positively ID’ed by it and one antivirus triggered a positive result from a scan of 41 antivirus.
- Extremely fast scanning
- Scanning using 40+ antivirus
- complete detail about the file is provided
- Cant scan my whole PC :(
- Can only scan one file at a time
- 20 MB file limit (that means I cant scan heavy executables like that of Adobe Photoshop and Burnout Paradise)
Overall, it saved my day and is worth having a look at it . You can visit it here
Like This post ? You can buy me a Beer :)
Posted by XERO. ALL RIGHTS RESERVED.
Project 64 is a very good emulator, probably the best Nintendo 64 emulator available, plays nearly every N64 game, every game I've tried has worked with a few errors.There are a couple of games with some emulation glitches, but this does not makes them unplayable.The Project 64 emulator promises to replicate directly the graphics that you would obtain when running an actual N64 with a television.
The emulator also comes with a built in cheat editor , which can help increase the longevity of games (obviously by cheating :P ,also it includes inbuilt cheats for many games.. how cool is that ?).Project64 is the closest thing you’ll get to the N64 without actually buying the console itself and it performs better than other Nintendo emulators.
Project64 is currently still under constant development and the last official release was on 1 April 2005 . Since then we are eagerly waiting for a new release.
You can download the version 1.6 from Project 64 Site or by clicking here .
Posted by XERO . ALL RIGHTS RESERVED .
The problem that people keep running into left and right is getting to the point where XP starts to install and getting the message "Setup did not find any hard disk drives installed in your computer". This error happens because your new computer has a storage controller that isn't supported natively in XP, usually an SATA (Serial ATA) controller.
If you don't have a floppy drive in your computer (who does anymore), then you'll need to use a process called slip-streaming to integrate the storage drivers into your XP installation CD.
It should go without saying that this is an advanced topic, so proceed with caution.
Creating a Custom XP Install
We'll use a software called nLite to create a new XP install cd, so you'll first need to download and install it. Once it starts up, you'll be prompted for your Windows installation, so you'll want to click the Browse button.
First you'll be prompted for the "Windows installation", which really means your XP install CD. Find it and select the root of the installation, and then click OK to go to the next dialog.
Next you'll be prompted on where you want to save the temporary files used during the slip-streaming process. I chose to create a new directory and called it XPISO, but you can put it wherever you'd like. I just recommend to use a new directory.
Lite will copy all the necessary files off the XP installation and into the temporary folder. When it's done, you'll see all the information on which version it is.
Hit the next button until you come to this screen, where you can select what options you want. Select "Drivers" and then "Bootable ISO".
Hit the next button until you get to the screen for selecting drivers. If you click the Insert button, you can choose between adding a single driver or adding a folder of drivers. Since we'll just be loading a single driver, you can choose that option, but you might want to first read the section below about finding drivers for XP.
Browse to the directory where you extracted the driver files, and then select Open. Note that it doesn't really matter which of the *.inf files you choose, because it will select all files in the folder anyway.
nLite will prompt you to select your driver. If you don't know which exact one it is, you can either use Device Manager in Vista to find the exact model, or you can just select all of them. Just be careful not to select a 64-bit driver if you are using 32-bit, or the wrong OS version.
I would recommend including both Storage and Network drivers, as those are the most common drivers that are missing in XP.
Once you proceed to the next screen, now we can finally finish the process. You can choose to directly burn the cd here, or you can select Create Image to create an ISO file that you can burn to a CD using whatever burning tool you have.
Note: If you chose to create an ISO, make sure to use the "Make ISO" button before you click Next.
At this point you can burn the ISO image to a CD, and then start your XP installation process.
Finding Drivers for XP
The best place to search for drivers for your hardware is at the manufacturer's support website. The only problem is that almost every manufacturer seems to distribute their drivers in floppy disk image form, even though the computer they are for doesn't have a floppy drive. Guess nobody has alerted them to get with the program.
We can still extract the drivers using an application called WinImage. Let's run through a quick example… Here you can see the Intel SATA controller driver for my HP computer.
I downloaded and ran the executable, which extracted a file called f6flpy32.exe into a temporary directory. Don't bother trying to run this one, because it'll just prompt you for a floppy drive.
So how to get the drivers out of this file? There are a few options that you can try, depending on how the manufacturer packed the files.
- You can use Winimage to extract them, which is a shareware software, but you can use it during the trial period for free.
- You can try and use WinRar to extract the file. In many instances this will extract a *.flp file, which you can mount in a VMware virtual machine or potentially with some ISO mounting software.
- Some drivers will allow you to automatically extract into a directory. You'll have to try it and see what happens.
- Other methods? If you've got other ideas, leave them in the comments and I'll add them to this list.
Start WinImage and then open the file, and you should see the contents. Just extract them to a folder, preferably with a useful name so you can remember it later.
Copyright 2008 How to geek – source .All rights reserved .
// C# Wrong WaysSo what’s the correct way to do it ? Check for length too.
- if ( s == “” )
- if ( s == string.Empty )
- if ( s.Equals(”") )
- if ( s.Equals ( String.Empty)
- if ( string.Equals(s,”")
- if ( string.Equals ( s,String.Empty ))
// [ C# ] Correct Way
if ( s.Length == 0 )
A matter of FLAGS
A flag is a true/false, on/off or open/closed indicator or in layman terms, it’s a Boolean variable. Consider it as a traffic light signal where green means ‘OK’ to go & red means ‘STOP’. A flag is a single bit field that indicates the status of something, stores a binary value with an assigned meaning. On a modern 32 bit wintel CPU, the flag register is 32bit large. And to tell the truth :P there are 32 different flags & you need to know about each of them. Just kidding...In reversing, you will mostly mess with only 3 Flags
The Z-Flag/ Zero Flag:
The Zero Flag is your best buddy in cracking & is most commonly used in reversing. It can be either set (1) or cleared (0) by several opcodes when the last instruction that was performed has 0 as net result. Take it as an example, you compare 2 values -
ABC = 1010 & XYZ=1010If the comparison was success & the values are matched & we get 1 as result (lets suppose), then if Z flag was initially having value of 0, it will be set to 1. Converse is also true.
The O-Flag/Overflow Flag:
Contrary to Z flag, Overflow flag is quite less used in cracking. It is set to 1 when the last operation has cleared the most significant bit or has changed the highest bit of the register that gets the result of an operation. For example let’s suppose:
EAX holds the value 6FFFFF & we increase EAX by 1 & we get 700000, which will set the O-Flag as the operation has changed the highest bit of EAXThe C-Flag/Carry Flag:
The flag which you will use the least, the C-Flag (Carry flag) is set, if we add a value to a register, so that it gets bigger than FFFFFFFF or if you subtract a value, so that the register value gets smaller than 0.
Now you know your way around flags, we will be continuing with Memory basics, segments, stack & instructions in the coming issue.
Like this post ? "Join AlertPay"
(This is a series in which I will be describing what I learnt from tuts by lena51,orc,icezillion. True credits goes to them only.)
Google returned the correct spelling—tarsorrhaphy—along with results for the corrected query. At that time, Bing had no results for the misspelling. Later in the summer, Bing started returning our first result to their users without offering the spell correction (see screenshots below). This was very strange. How could they return our first result to their users without the correct spelling? Had they known the correct spelling, they could have returned several more relevant results for the corrected query.
The cycle continued with Bing displaying all types of unusual queries from Google. The Google started a hypothetical experiment to catch Bing in the act. This involved Google to insert 100 synthetic queries with random results in the Google search engine & then testing whether they appear in the Bing results or not. For example – “delhipublicschool40 chdjob” they inserted a credit union website link.
Then they issued fresh laptops with IE8 installed with toolbar & searched for them. And voila, the results started to appear in Bing, which confirms the suspicion that -
- Internet Explorer 8, which can send data to Microsoft via its Suggested Sites feature
- The Bing Toolbar, which can send data via Microsoft’s Customer Experience Improvement Program
which as Google states is a cheap imitation & encourages to use Google as a primary search provider.
Those results from Google are then more likely to show up on Bing. Put another way, some Bing results increasingly look like an incomplete, stale version of Google results—a cheap imitation.Also, they expect to have a fair competition.. with Microsoft..
So to all the users out there looking for the most authentic, relevant search results, we encourage you to come directly to Google. And to those who have asked what we want out of all this, the answer is simple: we'd like for this practice to stop.