Unified Threat Management systems (UTM) – Single user UTMs vs Multi User UTM’s

In my last post, i blogged about UTM’s which got a fairly positive response over mail :) . Unified Threat Management systems (UTM) – Single user UTMs vs Multi User UTM’sUTMs can be simply expressed as Next generation Firewalls, have evolved specifically from conventional firewalls. The first firewalls were software firewalls which were itself evolved from software routers.

Later on as technology evolved, and hardware routers came into scene, hardware firewalls arrived which were nothing more than routers with packet filtering capabilities. Furthermore, the technology matured from basic packet filtering to a more complex control technology which included stateful packet inspection and finally to full application layer inspection devices (IEEE, 1997). Around the year 2000, VPN’s appeared and gained acceptance as the mainstream technology to connect networks securely, remotely. Firewalls followed closely by integrating VPN’s with Firewall which was the natural choice as enterprise solutions required both firewalls and VPNS.

Unified Threat Management systems (UTM) – Single user UTMs vs Multi User UTM’s

As the prices for bandwidth fell along with the cost of cryptographic hardware needed to encode and decode the traffic, the need for specialized hardware rose which may be used to accelerate the performance.

Unified Threat Management

In mid 2004, International Data Corporation (IDC) defined UTM platforms as to minimally include firewall, VPN, intrusion prevention and antivirus features. Touted as “Next Generation Firewalls”, we have two approaches to design the UTM’s since their inception.

  • Licensing and Integrating Approach (Multi vendor UTM)
  • In-house Development Approach (Single vendor UTM)

Unified Threat Management systems (UTM) – Single user UTMs vs Multi User UTM’s

The above figure illustrates the core architecture and development approach of developing UTMs

Licensing and Integrating Approach (Multi vendor UTM)

The first design approach tried to get the best of worlds by integrating specialized technologies from different security vendors. For e.g.:

Cyberoam UTM licenses Antivirus from Kaspersky, AntiSpam by Commtouch , both who specialize in Antivirus and AntiSpam technologies.

These UTM’s provided an integrated interface to manage all the integrated technologies in the easiest possible manner, while some others require specific management interfaces.




  • Combines the best of all worlds
  • Research and advancement dependent on different vendors, hindrance in optimization of individual applications
  • Less time required in development and deployment of a new UTM box
  • Again, the time is dependent on different security vendors
  • Single Management interface
  • The interface may not be adequate
  • Cost effective
  • If one of security vendor was compromised globally, the UTM was gone as the technology is outsourced


  • Cannot take full benefit of hardware acceleration resources due to multivendor technologies


  • Embedding of new technologies is difficult


In-house Development Approach (Single vendor UTM)

The second design approach is the more difficult out of two, which requires ground up development of a UTM device from scratch, and involves the provision of each security function natively. This was not flawless, each security function must pass a set of market guidelines and standards set by standalone security products effectively in order to be accepted. However, with time, the core functions provided by UTM platforms—firewall, intrusion prevention and antivirus—had matured since the onset of the UTM era, so building competent security functions was both possible and cost effective. Also, this approach had a better management interface as the platform incorporated all the technologies since inception.



  • Unified architecture from scratch
  • All the technologies may/may not be adequate as compared to their professional standalone counterparts
  • Research and advancement dependent on own pace, better optimization of applications
  • More time required in development and deployment of a new UTM box
  • Unified and Best management interface
  • High cost of development
  • In-house code fills security gaps and poses less threat of compromise.
  • Security through obscurity is not always a very good idea.
  • Can take full benefit of hardware acceleration resources, which leads to exponential performance gains

  • Embedding of new technologies is easier


In my next article I will be discussing more about UTMs. Please add your points so I can make it better.

Stay tuned.

Unified Threat Management Explained - An Introduction

Hi folks, as you know I am currently at Delhi, at Tulip Telecom, I got my hands on exotic network Unified Threat Management Explainedtechnologies which I  would like to share out with you. I am working along Amarjit Singh & the rules of the game are simple, he will create a security scenario while I will try to break it. Considering I am a bit novice in network technologies, it has been a highly learning experience with some really great hands on tech demos & real life scenarios. I will be explaining about Unified Threat Management (UTM) today which you can think of an all in one solution to an organizations security needs. Unified Threat Management devices are relatively new in the security appliance scenario & are in the phase of continuous evolution. UTM has attracted industry leaders like Juniper, Fortinet, Cisco, IBM, Intel, Cyberoam & there are a lot of UTM products to choose from. I am however working on the Cyberoam one & will be continuing my tests on it.
Unified Threat Management & me :)
A brief history
Earlier, the enterprise security scenario was divided into traditional firewalls & targeted applications like Antivirus, Anti spam & Intrusion Detection Systems.
Earlier...without UTM
However in 2004 , a new trend emerged which combined multiple security features into one single hardware platforms thereby eliminating the need of machine to machine protection.
Nowdays..with UTM
Since its inception, UTM’s are one of the fastest growing segment in the security appliance sector.
Why UTM ?
  1. UTM’s provide one stop solution for security needs of an organization.
  2. The integrated approach allows the administrator to worry about only one device, not the whole flurry of firewalls, antiviruses & IDS/IPS.
  3. Increase in blended attacks against organizations has led to older specialized protection devices/services obsolete.
  4. Cost effective , tell me one thing, which will be more costlier ? One decent firewall, site licenses of Antivirus, Anti spam, Anti phishing, IDS, IPS etc or a single UTM device with combined subscription costs ? The answer is the second one :)
  5. One stop reporting solution.
I guess that was all for now , in my next post, I will be explaining about the architecture of UTM’s & elaborate upon the technology.

Catch me this Saturday at Delhi – Maipu Convergence India 2011

Hi friends, I am free this weekend :) & i believe most of you will be too. So, why dont you catch up with me at Catch me this Saturday at Delhi – Maipu Convergence India 2011Maipu Convergence India 2011 ?  I have been invited at Maipu Convergence India 2011 this weekend at Delhi, Pragati Maidan on Saturday 25 Feb 2011. If you want to join me, just drop an email at admin@theprohack.com / comment on this post, I will forward the invite to you so you don't have any problems there. I will be accompanied by fellow blogger & senior Amarjit Singh & we can have a look at new Maipu’s offerings & have a chitchat on security.

About Maipu

Maipu is the China’s best network solution providers & have been serving the international market for last 18 years. At Convergence 2011, Maipu will be showcasing the “New World, New Choice” for the business.


See you there :)

FREESCO – An Open Source Router

While I was messing with Routers & virtualisation products, I came across FREESCO which is an open alternative to  FREESCO – An Open Source Routing product routing products offered by Cisco, 3-Com, Accend, Nortel etc. While all of these companies offer products that are well made, the overhead and overall costs can be expensive.FREESCO is open source, stable, inexpensive, easy to use, extremely versatile and flexible ... and best of all, its is FREE.

FREESCO is based on the Linux operating system. And incorporates many of the features of other Linux distributions into software that fits onto a single 1.44 meg floppy diskette. It is also possible to run it entirely from RAM, in which case no disk activity occurs after startup. FREESCO works on any IBM compatible PC (i386 compatible spec or higher) and can be optionally installed to a hard disk. In practice this means Intel 80486SX or better, with 12 MByte. Preferably more than 16 MByte to enable servers.With FREESCO, you can configure:

  • a simple bridge with up to 10 Ethernet segments
  • a router with up to 10 Ethernet segments
  • a dialup line router
  • a leased line router
  • an Ethernet router
  • a dial-in server with up to 10 modems (with multiport modems).
  • a time server
  • a dhcp server
  • a http server
  • a ftp server
  • a dns server
  • a ssh server
  • a print server (requires TCP/IP printing client software)

FREESCO also incorporates firewalling and NAT, which are resident within the Linux kernel, to help protect you and your network. All of these features can be used in conjunction with each other or individually.


More recent versions of Linux software (e.g. Apache 2) are often not available for FREESCO because they are not compatible with FREESCO's kernel. Also, newer hardware (such as Gigabit Ethernet cards) may not be usable under FREESCO due to an absence of their drivers for the 2.0.x Linux kernel. FREESCO does not at present support load-balancing.Also, FREESCO does not support USB.

GNS 3 Tutorial – Basic Router password Configuration

Hi folks..I have started my first steps into Cisco, & would be sharing my small experiments in it. untitledActually , this time I am  covering the basics using GNS3 which is a powerful open source network simulator to simulate a simple topology of 2 routers with their basic configuration & commands. I assume you have worked with GNS3 or atleast know how to load IOS & make a simple topology..

So, firstly download GNS3 & install it. Get IOS images from and load them (if you are really not sure of this step, mail me, I will expand the basics more)

The topology I created is this -

GNS 3 Tutorial – Basic Router password Configuration

2 routers connected via gigabit . What we will be doing is -

  1. Set router password.
  2. Set telnet password
  3. Set Console Password
  4. Encrypt All passwords.
  5. Set Ip Address of routers.

Anyways, I start by right clicking on R2 router.

Connected to Dynamips VM "R2" (ID 7, type c7200) - Console port

To get into privilege mode, type this command.


To configure router, type this command ..

R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.

To set router password & encrypt all passwords type these commands

R2(config)#enable secret router2
R2(config)#service pass
R2(config)#service password-encryption

Now to set console & its password type these commands

R2(config)#line console 0
R2(config-line)#password console

Now to set telnet (vty/virtual terminal) & its password type these commands

R2(config)#line vty 0 4
R2(config-line)#password telnet

Once done, you can now configure the interface by typing these commands

R2(config)#int g1/0
R2(config-if)#ip address
R2(config-if)#no shut
*Feb 19 19:56:42.035: %LINK-3-UPDOWN: Interface GigabitEthernet1/0, changed state to up
*Feb 19 19:56:42.035: %ENTITY_ALARM-6-INFO: CLEAR INFO Gi1/0 Physical Port Administrative State Down
*Feb 19 19:56:43.035: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0, changed state to up
*Feb 19 19:56:47.723: %SYS-5-CONFIG_I: Configured from console by console

Once done, you can see the configuration by typing -

R2#show running-config
Building configuration...

Current configuration : 932 bytes
upgrade fpd auto
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname R2
enable secret 5 $1$trNZ$uNTgBIA1QG43/4YEB29lf/
no aaa new-model
ip cef
no ip domain lookup
multilink bundle-name authenticated
log config
interface FastEthernet0/0
no ip address
duplex half
interface GigabitEthernet1/0
ip address
negotiation auto
no ip http server
no ip http secure-server
logging alarm informational
line con 0
exec-timeout 0 0
password 7 070C2E425D061500
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password 7 06120A2D424B1D

webvpn cef


If done properly, it will look like more or less the same I have pasted above. Also, as you can see, all the passwords are encrypted. In the similar way you can configure Router 1. Make a note os passwords, I have kept quite simple passwords just to demonstrate the configuration. Please keep secure passwords , read my article on how to create secure passwords.

I hope you enjoyed this simple guide, till next time.

Bypass squid ? Any ideas ?

Bypass squid ? Any ideas ?

Hi folks..
I am in a fix nowadays, I m inside a secure network which is protected by squid on port 8080 & blocks all the generic ports by default like ftp one. Since I have created a program which uses ftp (a covert program actually) it wont work on the scenario when you are behind an Intranet protected by squid nat-ted by routers (Maipu/cisco plus I am dead sure the firewall is a stateful one) .
Any ideas ? Also, I cant use a static IP program / VPN tunnels as they wont work. Cant launch a mass scale cdp based attack on the network as its an official one. Any ideas on fooling squid ?

Comments are welcome, details will be provided on program & network on request

Plus, don't expect me to reverse engineer the source code & create a custom exploit, don't have much time, don't have that patience. I might do as well, only if I am convinced that there is no other way. In the mean time, I am here for your valuable suggestions & ideas.

Scan files online using 40+ antivirus software at Virustotal

6Ever wanted to scan a suspicious looking file using multiple antivirus software ? This happened to me recently, as I stated in my last post that I upgraded my  sadsd Ubuntu linux to Lucid Lynx and installed Oracle Virtual Box over it. I later installed Windows XP as a virtual operating system and thought it might be better if I would install an antivirus program on it. However, as I moved my antivirus program and some other files from my USB drive, I had a gut feeling that things are just not right. So..a bit of googling landed me at Virustotal.com which allows to scan a file using multiple antivirus software, and it does what it says perfectly :)
Virustotal main website - theprohack.com
The site is extremely easy to use, I uploaded a file over it and it took less than a minute to generate results.
I uploaded a file over it and it took less than a minute to generate results - theprohack.com
The file was found positively ID’ed by it and one antivirus triggered a positive result from a scan of 41 antivirus.
one antivirus triggered a positive result from a scan of 41 antivirus. - theprohack.com
  1. Extremely fast scanning
  2. Scanning using 40+ antivirus
  3. complete detail about the file is provided
  1. Cant scan my whole PC :(
  2. Can only scan one file at a time
  3. 20 MB file limit (that means I cant scan heavy executables like that of Adobe Photoshop and Burnout Paradise)

Overall, it saved my day and is worth having a look at it . You can visit it here

Like This post ?  You can buy me a Beer :)


Project 64 – The best Nintendo 64 emulator

Project64 is a Nintendo 64 emulator which at first seemed to have popped up out of nowhere.Project64 is a Nintendo 64 Project 64 – The best Nintendo 64 emulator - More emulator articles @ PROHACKemulator for the Windows platform that was first released in 2001. It employs a plug-in system to allow other developers to implement their own software.It is a great, free Nintendo 64 emulator which can emulate a lot of the commercial n64 roms out there. Emulator meaning that Project64 creates an environment on your PC under which real N64 software can run and be played in much the same way as it would be on the original hardware system. Yep,that means you can play Nintendo 64 games on your PC at the comfort of your home. Of course you have to obtain the rom images of games,either dump them yourself,or remember,google is your best friend [;)] .
Project 64 is a very good emulator, probably the best Nintendo 64 emulator available, plays nearly every N64 game, every game I've tried has worked with a few errors.There are a couple of games with some emulation glitches, but this does not makes them unplayable.The Project 64 emulator promises to replicate directly the graphics that you would obtain when running an actual N64 with a television.
Download Project 64 – The best Nintendo 64 emulator
The emulator also comes with a built in cheat editor , which can help increase the longevity of games (obviously by cheating :P ,also it includes inbuilt cheats for many games.. how cool is that ?).Project64 is the closest thing you’ll get to the N64 without actually buying the console itself and it performs better than other Nintendo emulators.
Project64 is currently still under constant development and the last official release was on 1 April 2005 . Since then we are eagerly waiting for a new release.
You can download the version 1.6 from Project 64 Site  or by clicking here .


Resolve “Setup did not any hard disks drive” error while installing XP over a laptop

Resolve “Setup did not any hard disks drive” error while installing XP over a laptop
One of the most popular topics among our readers is installing Windows XP on your new laptop that comes with Windows 7 / vista computer - sometimes for compatibility reasons, but also because a lot of people just don't like 7 very much.
The problem that people keep running into left and right is getting to the point where XP starts to install and getting the message "Setup did not find any hard disk drives installed in your computer". This error happens because your new computer has a storage controller that isn't supported natively in XP, usually an SATA (Serial ATA) controller.
“Setup did not any hard disks drive”
If you don't have a floppy drive in your computer (who does anymore), then you'll need to use a process called slip-streaming to integrate the storage drivers into your XP installation CD.
It should go without saying that this is an advanced topic, so proceed with caution.
Creating a Custom XP Install
We'll use a software called nLite to create a new XP install cd, so you'll first need to download and install it. Once it starts up, you'll be prompted for your Windows installation, so you'll want to click the Browse button.
Resolve “Setup did not any hard disks drive” error while installing XP over Vista
First you'll be prompted for the "Windows installation", which really means your XP install CD. Find it and select the root of the installation, and then click OK to go to the next dialog.
Resolve “Setup did not any hard disks drive” error while installing XP over Vista
Next you'll be prompted on where you want to save the temporary files used during the slip-streaming process. I chose to create a new directory and called it XPISO, but you can put it wherever you'd like. I just recommend to use a new directory.
Resolve “Setup did not any hard disks drive” error while installing XP over Vista

Lite will copy all the necessary files off the XP installation and into the temporary folder. When it's done, you'll see all the information on which version it is.
Resolve “Setup did not any hard disks drive” error while installing XP over Vista Resolve “Setup did not any hard disks drive” error while installing XP over Vista
Hit the next button until you come to this screen, where you can select what options you want. Select "Drivers" and then "Bootable ISO".
Resolve “Setup did not any hard disks drive” error while installing XP over Vista
Hit the next button until you get to the screen for selecting drivers. If you click the Insert button, you can choose between adding a single driver or adding a folder of drivers. Since we'll just be loading a single driver, you can choose that option, but you might want to first read the section below about finding drivers for XP.
Resolve “Setup did not any hard disks drive” error while installing XP over Vista Resolve “Setup did not any hard disks drive” error while installing XP over Vista
Browse to the directory where you extracted the driver files, and then select Open. Note that it doesn't really matter which of the *.inf files you choose, because it will select all files in the folder anyway.
Resolve “Setup did not any hard disks drive” error while installing XP over Vista
nLite will prompt you to select your driver. If you don't know which exact one it is, you can either use Device Manager in Vista to find the exact model, or you can just select all of them. Just be careful not to select a 64-bit driver if you are using 32-bit, or the wrong OS version.
Resolve “Setup did not any hard disks drive” error while installing XP over Vista

I would recommend including both Storage and Network drivers, as those are the most common drivers that are missing in XP.
Resolve “Setup did not any hard disks drive” error while installing XP over Vista
Once you proceed to the next screen, now we can finally finish the process. You can choose to directly burn the cd here, or you can select Create Image to create an ISO file that you can burn to a CD using whatever burning tool you have.
Note: If you chose to create an ISO, make sure to use the "Make ISO" button before you click Next.
Resolve “Setup did not any hard disks drive” error while installing XP over VistaResolve “Setup did not any hard disks drive” error while installing XP over Vista

At this point you can burn the ISO image to a CD, and then start your XP installation process.
Finding Drivers for XP
The best place to search for drivers for your hardware is at the manufacturer's support website. The only problem is that almost every manufacturer seems to distribute their drivers in floppy disk image form, even though the computer they are for doesn't have a floppy drive. Guess nobody has alerted them to get with the program.
We can still extract the drivers using an application called WinImage. Let's run through a quick example… Here you can see the Intel SATA controller driver for my HP computer.
Resolve “Setup did not any hard disks drive” error while installing XP over Vista
I downloaded and ran the executable, which extracted a file called f6flpy32.exe into a temporary directory. Don't bother trying to run this one, because it'll just prompt you for a floppy drive.
Resolve “Setup did not any hard disks drive” error while installing XP over Vista
So how to get the drivers out of this file? There are a few options that you can try, depending on how the manufacturer packed the files.
  • You can use Winimage to extract them, which is a shareware software, but you can use it during the trial period for free.
  • You can try and use WinRar to extract the file. In many instances this will extract a *.flp file, which you can mount in a VMware virtual machine or potentially with some ISO mounting software.
  • Some drivers will allow you to automatically extract into a directory. You'll have to try it and see what happens.
  • Other methods? If you've got other ideas, leave them in the comments and I'll add them to this list.
Here's the list of files that Winimage can handle, which is quite a lot.
Resolve “Setup did not any hard disks drive” error while installing XP over Vista
Start WinImage and then open the file, and you should see the contents. Just extract them to a folder, preferably with a useful name so you can remember it later.
Resolve “Setup did not any hard disks drive” error while installing XP over Vista
Happy Installation…

Required Downloads

Copyright 2008 How to geek – source .All rights reserved .

5 Wrong ways to check empty strings

5 Wrong ways to check empty strings
It is one of the common mistake that people compare a string with “” or String.Empty in VB.Net or C# to find its empty. Here are few examples.
// C# Wrong Ways
  1. if ( s == “” )
  2. if ( s == string.Empty )
  3. if ( s.Equals(”") )
  4. if ( s.Equals ( String.Empty)
  5. if ( string.Equals(s,”")
  6. if ( string.Equals ( s,String.Empty ))
So what’s the correct way to do it ? Check for length too.
// [ C# ] Correct Way
if ( s.Length == 0 )

Reverse Engineering & Basics of Assembly – Part 2

Last time I covered registers in my Reverse Engineering series & I will be continuing with Flags this time.Reverse Engineering & Basics of Assembly – Part 2If you are  reading this article as a starter / for the first time & have missed the last one, I highly recommend you to read the previous one to get an idea of what is going on. Even you have read the last one; I would recommend one fresh read to continue as reversing needs dedication & clarity of thinking. The series is newbie friendly; you just need to follow it carefully. Ah well...Coming back to the topic...

A matter of FLAGS

A flag is a true/false, on/off or open/closed indicator or in layman terms, it’s a Boolean variable. Consider it as a traffic light signal where green means ‘OK’ to go & red means ‘STOP’. A flag is a single bit field that indicates the status of something, stores a binary value with an assigned meaning. On a modern 32 bit wintel CPU, the flag register is 32bit large. And to tell the truth :P there are 32 different flags & you need to know about each of them. Just kidding...In reversing, you will mostly mess with only 3 Flags
  • Z-Flag,
  • O-Flag
  • C-Flag.
These flags will be telling you how the code is executing, the jumps, loops & stuff.

The Z-Flag/ Zero Flag:
The Zero Flag is your best buddy in cracking & is most commonly used in reversing. It can be either set (1) or cleared (0) by several opcodes when the last instruction that was performed has 0 as net result. Take it as an example, you compare 2 values -
ABC = 1010 & XYZ=1010
If the comparison was success & the values are matched & we get 1 as result (lets suppose), then if Z flag was initially having value of 0, it will be set to 1. Converse is also true.

The O-Flag/Overflow Flag:
Contrary to Z flag, Overflow flag is quite less used in cracking. It is set to 1 when the last operation has cleared the most significant bit or has changed the highest bit of the register that gets the result of an operation. For example let’s suppose:
EAX holds the value 6FFFFF & we increase EAX by 1 & we get 700000, which will set the O-Flag as the operation has changed the highest bit of EAX
The C-Flag/Carry Flag:
The flag which you will use the least, the C-Flag (Carry flag) is set, if we add a value to a register, so that it gets bigger than FFFFFFFF or if you subtract a value, so that the register value gets smaller than 0.

Now you know your way around flags, we will be continuing with Memory basics, segments, stack & instructions in the coming issue.

Like this post ? "Join AlertPay"

(This is a series in which I will be describing what I learnt from tuts by lena51,orc,icezillion. True credits goes to them only.)

Bing copies Google results - Google caught Bing red handed

In an amazing post by Danny Sullivan , which details how Bing watches what people search on Google, Bing copies Google resultscopies it & uses  the information to improve its own results. Of course Microsoft denies it.. but what was novel was the spy hunt by Google to caught Bing red handed. It all started with “tarosorraphy”  which is a medical term for a rare surgical procedure on eyes, which was Googled in the summer of 2010 & was quirky enough to get Google’s attention. They corrected it , but what was peculiar was that Bing displayed the first correct result of Google without even a correction of spelling. As the official Google blog states -
Google returned the correct spelling—tarsorrhaphy—along with results for the corrected query. At that time, Bing had no results for the misspelling. Later in the summer, Bing started returning our first result to their users without offering the spell correction (see screenshots below). This was very strange. How could they return our first result to their users without the correct spelling? Had they known the correct spelling, they could have returned several more relevant results for the corrected query.

The cycle continued with Bing displaying all types of unusual queries from Google. The Google started a hypothetical experiment to catch Bing in the act. This involved Google to insert 100 synthetic queries with random results in the Google search engine & then testing whether they appear in the Bing results or not. For example – “delhipublicschool40 chdjob” they inserted a credit union website link.
Then they issued fresh laptops with IE8 installed with toolbar & searched for them. And voila, the results started to appear in Bing, which confirms the suspicion that -
  • Internet Explorer 8, which can send data to Microsoft via its Suggested Sites feature
  • The Bing Toolbar, which can send data via Microsoft’s Customer Experience Improvement Program

which as Google states is a cheap imitation & encourages to use Google as a primary search provider.
Those results from Google are then more likely to show up on Bing. Put another way, some Bing results increasingly look like an incomplete, stale version of Google results—a cheap imitation.
Also, they expect to have a fair competition.. with Microsoft..
So to all the users out there looking for the most authentic, relevant search results, we encourage you to come directly to Google. And to those who have asked what we want out of all this, the answer is simple: we'd like for this practice to stop.

Like this post ? "Join AlertPay"