Showing posts with label Network. Show all posts
Showing posts with label Network. Show all posts
Kenapa Modem Cepat Panas
Kesalahan Terbesar Pengguna Anti Virus
Pada bulan November 2010 yang lalu, para ahli keamanan IT dari Avira
telah melakukan survey keamanan konsumen untuk pengguna komputer
di seluruh dunia.
Dari hasil penelitian tersebut menunjukan bahwa lebih dari 60% responden
telah mencoba beberapa produk antivirus dalam waktu setahun. Selain itu,
sebanyak 25% pengguna mengaku menonaktifkan perlindungan
antivirus mereka. Hal ini dikarenakan mereka berpikir program itu akan
memperlambat komputer.
Ukuran sampel dari survei keamanan konsumen adalah 9,091 dengan
margin kesalahan antara 0,28% dan 1%. Pertanyaan-pertanyaan itu
diajukan kepada 100 juta lebih pengguna Avira di seluruh dunia,
yang berdasarkan survey internasional. Berikut adalah hasil dari survei
keamanan Avira pada bulan November:
Indonesia Security Incident Response Team On Internet Infrastructure
Mengenaskan. Begitulah nasib Indonesia Security Incident Response Team On Internet Infrastructure (ID-SIRTII). Lembaga pengawas internet yang namanya sudah mulai diakui dunia, malah diabaikan dan dibiarkan mati suri di negeri sendiri.
Kabar buruk ini jelas membuat banyak orang kesal, terlebih aktivis internet Heru Nugroho. Mantan Ketua Umum Asosiasi Penyelenggara Jasa Internet Indonesia (APJII) ini menyesalkan tragedi yang menimpa ID-SIRTII saat ini.
Kabar buruk ini jelas membuat banyak orang kesal, terlebih aktivis internet Heru Nugroho. Mantan Ketua Umum Asosiasi Penyelenggara Jasa Internet Indonesia (APJII) ini menyesalkan tragedi yang menimpa ID-SIRTII saat ini.
Wikileaks: Blogger Indonesia digarap demi kepentingan AS
Setelah ditunggu cukup lama, WikiLeaks akhirnya merilis dokumen dari Kedubes AS di Jakarta. Terungkap bahwa para blogger di Indonesia dimanfaatkan untuk kepentingan AS.
Hal ini terungkap dalam sebuah kawat pada 12 Februari 2010 silam dari Kedubes AS Jakarta, kepada pejabat Kemlu AS bernama Jared Cohen.mengungkap strategi AS untuk memanfaatkan social media di Indonesia untuk kepentingan AS.
Hal ini terungkap dalam sebuah kawat pada 12 Februari 2010 silam dari Kedubes AS Jakarta, kepada pejabat Kemlu AS bernama Jared Cohen.mengungkap strategi AS untuk memanfaatkan social media di Indonesia untuk kepentingan AS.
Chatting with eBuddy in Ponsel
eBuddy merupakan fasilitas gratis yang menyediakan layanan chatting. Banyak fitur yang bisa kita gunakan dari eBuddy seperti Yahoo, Facebook, dan Msn.
Sekarang saya akan menjelaskan cara penggunaan dari eBuddy agar anda dapat online dan mobile setiap saat dan darimanapun
Anda dapat mendownload applikasi eBuddy di www.ebbudy.com
Sekarang saya akan menjelaskan cara penggunaan dari eBuddy agar anda dapat online dan mobile setiap saat dan darimanapun
Anda dapat mendownload applikasi eBuddy di www.ebbudy.com
Aplikasi di Google TV
Teknologi anyar keluaran Google sesaat lagi bisa dinikmati para penikmat teknologi. Penggunaan sistem operasi Android pada televisi memungkinkan pemirsa menonton program televisi sambil berselancar di dunia maya.
Virtual Keyboard in Google
Google menanamkan teknologi baru pada mesin pencarian mereka, yaitu keyboard virtual yang memudahkan pengguna bahasa lain selain bahasa Inggris menginput keyword pencarian.
Ide menghadirkan keyboard virtual yang terintegrasi dengan layanan bahasa ini berawal dari masukan para pengguna Google, dimana para pengguna bahasa lain selain bahasa Inggris, misalnya bahasa Arab, kerap kesulitan dalam menggunakan mesin pencarian. Pasalnya, huruf yang digunakan berbeda dengan yang tertera pada keyboard.
Ide menghadirkan keyboard virtual yang terintegrasi dengan layanan bahasa ini berawal dari masukan para pengguna Google, dimana para pengguna bahasa lain selain bahasa Inggris, misalnya bahasa Arab, kerap kesulitan dalam menggunakan mesin pencarian. Pasalnya, huruf yang digunakan berbeda dengan yang tertera pada keyboard.
Facebook sets up Google-war with vast expansion through Open Graph
Facebook has announced plans to spread its influence more widely across the internet by weaving its service into all websites.
Mark Zuckerberg, chief executive of the social networking site which has 400 million regular users worldwide, has set his sights on beating Google.
Mr Zuckerberg described how users would be guided around the web by their connections and interests rather than a search engine.
“The web is at a really important turning point now,” Mr Zuckerberg said at a conference for web and software developers in San Francisco. “Most things aren’t social and they don’t use your real identity. This is really starting to change.”
Mr Zuckerberg called the new software platform, Open Graph, “the most transformative thing we’ve ever done for the web”.
The chief tool will be the “Like” icon. Users will be able to click on the button next to an article to share it on their Facebook profiles without leaving the other website.
The plans could backfire however if it fails to assuage privacy fears over the new service.
Greg Sterling, an internet analyst who also writes for searchengineland.com, said: “How many people are really going to want all this information about them shared? That’s the big unanswered question here.”
Mr Zuckerberg said that users would have complete control over what information is private.
Mark Zuckerberg, chief executive of the social networking site which has 400 million regular users worldwide, has set his sights on beating Google.
Mr Zuckerberg described how users would be guided around the web by their connections and interests rather than a search engine.
“The web is at a really important turning point now,” Mr Zuckerberg said at a conference for web and software developers in San Francisco. “Most things aren’t social and they don’t use your real identity. This is really starting to change.”
Mr Zuckerberg called the new software platform, Open Graph, “the most transformative thing we’ve ever done for the web”.
The chief tool will be the “Like” icon. Users will be able to click on the button next to an article to share it on their Facebook profiles without leaving the other website.
The plans could backfire however if it fails to assuage privacy fears over the new service.
Greg Sterling, an internet analyst who also writes for searchengineland.com, said: “How many people are really going to want all this information about them shared? That’s the big unanswered question here.”
Mr Zuckerberg said that users would have complete control over what information is private.
Menangkis Serbuan Email Sampah
Spam alias email sampah memang sulit diredam, apalagi jika email yang kita gunakan tidak menggunakan filter penyaring spam. Niscaya, gelontoran iklan yang dibawa pesan yang tak diinginkan tersebut bakal mensesaki inbox kita.
Berikut beberapa jurus yang bisa dilakukan untuk menangkis serbuan email yang direkomendasikan Symantec:
Berikut beberapa jurus yang bisa dilakukan untuk menangkis serbuan email yang direkomendasikan Symantec:
Kelemahan yang Kerap Tidak Disadari Admin Jaringan
Ancaman pembobolan ke dalam sistem jaringan tak hanya bersumber dari para peretas, orang dalam alias staf perusahaan itu sendiri pun bisa melakukannya.
Tentu saja hal ini membutuhkan suatu kesigapan dari seorang admin untuk menjaga sistem keamanan jaringan perusahaan agar tidak dijebol.
Tentu saja hal ini membutuhkan suatu kesigapan dari seorang admin untuk menjaga sistem keamanan jaringan perusahaan agar tidak dijebol.
Google unveils 'replay' search feature
It's already easy to find relevant Twitter updates in Google real-time search results. Now, thanks to a new Google feature, you can see what people were tweeting about a topic last week or last month.
Google on Wednesday introduced a “replay” feature that allows users to search tweets posted at any given point in time - down to the minute.
Let’s say you're curious to see what people were tweeting about Kathryn Bigelow the night of the Academy Awards on March 7. After you type her name into Google's search field, select “Show Options” on the results page and then click “Updates.”
A timeline will appear above the results, allowing you to zero in on tweets by the hour or minute. They spiked late in the Oscars telecast, when excited viewers began tweeting about Bigelow becoming the first woman to win Best Director.
“By replaying tweets, you can explore any topic that people have discussed on Twitter,” wrote Dylan Casey, Google product manager for real-time search, in a post on Google's blog.
For now, users can explore tweets going back about two months - to February 11 - although Google promises that you’ll soon be able to search as far back as the very first tweet on March 21, 2006.
Google on Wednesday introduced a “replay” feature that allows users to search tweets posted at any given point in time - down to the minute.
Let’s say you're curious to see what people were tweeting about Kathryn Bigelow the night of the Academy Awards on March 7. After you type her name into Google's search field, select “Show Options” on the results page and then click “Updates.”
A timeline will appear above the results, allowing you to zero in on tweets by the hour or minute. They spiked late in the Oscars telecast, when excited viewers began tweeting about Bigelow becoming the first woman to win Best Director.
“By replaying tweets, you can explore any topic that people have discussed on Twitter,” wrote Dylan Casey, Google product manager for real-time search, in a post on Google's blog.
For now, users can explore tweets going back about two months - to February 11 - although Google promises that you’ll soon be able to search as far back as the very first tweet on March 21, 2006.
MySpace unveils new event calendar
MySpace, which has long been an online hangout for musicians and music fans, is now making it easier for users to keep up with musical happenings.
The social-networking site unveiled its new global events calendar Thursday. Called MySpace Events, the feature is a “global platform that supplies artists and users with tools to create, discover and share events including an easy-to-use calendar,” said Marcus Womack, director of events and ticketing, in a MySpace blog post.
Users also will have the opportunity to sync their MySpace Events with Facebook and Twitter, making it easier for people to manage their “entire social calendar and share events across the Web,” Womack said.
MySpace will add different types of events - sports, nightlife and arts happenings - in addition to the “concerts and pop culture events” already featured on the site, Womack said.
The site also will allow users to receive alerts about future shows of their choice and purchase tickets through MySpace, a service made possible by the site’s partnership with Ticketmaster and Live Nation.
The social-networking site unveiled its new global events calendar Thursday. Called MySpace Events, the feature is a “global platform that supplies artists and users with tools to create, discover and share events including an easy-to-use calendar,” said Marcus Womack, director of events and ticketing, in a MySpace blog post.
Users also will have the opportunity to sync their MySpace Events with Facebook and Twitter, making it easier for people to manage their “entire social calendar and share events across the Web,” Womack said.
MySpace will add different types of events - sports, nightlife and arts happenings - in addition to the “concerts and pop culture events” already featured on the site, Womack said.
The site also will allow users to receive alerts about future shows of their choice and purchase tickets through MySpace, a service made possible by the site’s partnership with Ticketmaster and Live Nation.
Facebook 'likes' the whole Web
Facebook's "like" button is about to get more prevalent on the Web, according to news reports.
The Financial Times and The New York Times report that the social networking giant - with 400 million users worldwide - will push its "like" feature onto other Web sites, enabling users to share preferences for news stories, Web sites and products more easily.
Currently, Facebook users click the "like" button on Facebook.com to alert their online friends that they find a certain status update, photo or other Facebook item interesting. The reported change would put that functionality on many other Web sites, too, linking a person's preferences for all kinds of things into the Facebook social network.
That's similar to another branch-out feature called Facebook Connect, which lets people sign into other Web sites by using their Facebook name and password.
The announcement is expected to come at Facebook's annual developer conference, called f8, which will be held in San Francisco on Wednesday.
The Financial Times wrote that the "like" functionality would let Facebook "use data from these interactions to target them with related adverts once they return to Facebook.com." In a response sent to the newspaper, Facebook says it will make no changes to its ad policies at f8.
“All the products we are launching at f8 are focused on giving developers and entrepreneurs ways to make the Web more social,” the Facebook spokesperson told The Financial Times. “We have no announcements or changes planned to our ad offering and policies.”
Nytimes.com says Facebook's "like" feature will compete with a social media toolbar promoted by a group of Web companies, including Google and Meebo.
The move is part of an effort by Facebook to dominate the social Web by being everywhere - kind of like Starbucks - instead of just in one place, writes the tech blog Mashable, in a post titled "Facebook 'likes' world domination."
The discussion comes amid controversy about Facebook's proposed changes to its privacy settings. Sophos, a security company, says 95 percent of Facebook users are dissatisfied with the proposed changes, according to a 680-person survey of the company's online readers.
Sophos describes the proposed privacy-setting changes in this way:
… if you're logged into Facebook and then visit a third party website, that site will be able to access the following:
• your name
• your profile picture
• your gender
• your friends and connections
• your user ID
• any content shared using the "Everyone" privacy setting
Other observers expect Facebook to release details on a new feature called "place," which could let Facebook users tell their online friends where they are in addition to what they're doing. Such "location-based" features have been popularized by other sites, like Gowalla and Foursquare.
You can find all the details about Facebook's proposed changes here. Take a read and let us know what you think. Also, check back on this site and on our Twitter feed for updates from the f8 conference on Wednesday.
The Financial Times and The New York Times report that the social networking giant - with 400 million users worldwide - will push its "like" feature onto other Web sites, enabling users to share preferences for news stories, Web sites and products more easily.
Currently, Facebook users click the "like" button on Facebook.com to alert their online friends that they find a certain status update, photo or other Facebook item interesting. The reported change would put that functionality on many other Web sites, too, linking a person's preferences for all kinds of things into the Facebook social network.
That's similar to another branch-out feature called Facebook Connect, which lets people sign into other Web sites by using their Facebook name and password.
The announcement is expected to come at Facebook's annual developer conference, called f8, which will be held in San Francisco on Wednesday.
The Financial Times wrote that the "like" functionality would let Facebook "use data from these interactions to target them with related adverts once they return to Facebook.com." In a response sent to the newspaper, Facebook says it will make no changes to its ad policies at f8.
“All the products we are launching at f8 are focused on giving developers and entrepreneurs ways to make the Web more social,” the Facebook spokesperson told The Financial Times. “We have no announcements or changes planned to our ad offering and policies.”
Nytimes.com says Facebook's "like" feature will compete with a social media toolbar promoted by a group of Web companies, including Google and Meebo.
The move is part of an effort by Facebook to dominate the social Web by being everywhere - kind of like Starbucks - instead of just in one place, writes the tech blog Mashable, in a post titled "Facebook 'likes' world domination."
The discussion comes amid controversy about Facebook's proposed changes to its privacy settings. Sophos, a security company, says 95 percent of Facebook users are dissatisfied with the proposed changes, according to a 680-person survey of the company's online readers.
Sophos describes the proposed privacy-setting changes in this way:
… if you're logged into Facebook and then visit a third party website, that site will be able to access the following:
• your name
• your profile picture
• your gender
• your friends and connections
• your user ID
• any content shared using the "Everyone" privacy setting
Other observers expect Facebook to release details on a new feature called "place," which could let Facebook users tell their online friends where they are in addition to what they're doing. Such "location-based" features have been popularized by other sites, like Gowalla and Foursquare.
You can find all the details about Facebook's proposed changes here. Take a read and let us know what you think. Also, check back on this site and on our Twitter feed for updates from the f8 conference on Wednesday.
Social networking startup poised for IPO
Social networking startup Demand Media is preparing an initial public offering and has hired Goldman Sachs as an underwriter, according to a report published Friday.
Demand Media, a $1.5 billion company founded by former MySpace chairman Richard Rosenblatt, plans to file its initial public offering by August with Goldman Sachs (GS, Fortune 500) at the helm, the Financial Times reported.
Goldman Sachs has already served as one of the chief sources of funding for the company, raising $355 million since 2006 in conjunction with Oak Investment Partners, Spectrum Equity Investors and Generation Partners, according to the report.
Demand Media, one of the lead suppliers of video content to YouTube, and Goldman Sachs both declined to comment.
Sal Morreale, IPO expert for Cantor Fitzgerald, said it was too early to tell what kind of price the company would try to get for a public launch. But he said there will definitely be an enormous amount of interest on Wall Street, given the Internet presence of Demand Media and its potential backing by a financial heavyweight like Goldman.
"If this is the main supplier of content to YouTube, obviously it will attract some action, depending on pricing," he said.
Demand Media, a $1.5 billion company founded by former MySpace chairman Richard Rosenblatt, plans to file its initial public offering by August with Goldman Sachs (GS, Fortune 500) at the helm, the Financial Times reported.
Goldman Sachs has already served as one of the chief sources of funding for the company, raising $355 million since 2006 in conjunction with Oak Investment Partners, Spectrum Equity Investors and Generation Partners, according to the report.
Demand Media, one of the lead suppliers of video content to YouTube, and Goldman Sachs both declined to comment.
Sal Morreale, IPO expert for Cantor Fitzgerald, said it was too early to tell what kind of price the company would try to get for a public launch. But he said there will definitely be an enormous amount of interest on Wall Street, given the Internet presence of Demand Media and its potential backing by a financial heavyweight like Goldman.
"If this is the main supplier of content to YouTube, obviously it will attract some action, depending on pricing," he said.
Facebook attacked over refusal to install panic button
Britain's online child protection agency attacked Facebook yesterday for its continued refusal to install a panic button on its site.
Richard Allan, head of policy for the social networking site in Europe, said it had agreed a series of measures allowing users in the UK to report concerns about child safety directly to the Child Exploitation and Online Protection centre (Ceop).
The new system flags up Ceop after users have already gone through Facebook's own reporting procedure.
But Jim Gamble, the chief executive of Ceop, said that by rejecting a visible panic button, a measure supported by the police, the operators of the website had shown that they did not understand deterrence.
“Putting the button in a safety centre is liking putting a burglar alarm inside your house,” he said.
“People still break in because they don’t realise you are in there and at the end of the day your family is still traumatised.”
Mr Gamble met the heads of Facebook in Washington DC to try to persuade them to install the button, which would allow users to report inappropriate behaviour on the site directly to Ceop.
Other networking sites, including Bebo, have introduced the button but Facebook has agreed only to a link to Ceop after users have made an initial report on the site itself.
“Each website has taken the concept of the panic button and done it in a way that fits their environment,” Mr Allan said.
“That’s precisely what we are doing... If you click on the report link that is there today you get a screen right in your face to say you can report this to Ceop as well.”
The button has cross-party political support in Britain and is also backed by leading child and anti-bullying charities.
Chief constables from across England and Wales, including Sir Paul Stephenson, the Scotland Yard Commissioner, have signed a letter supporting the move.
Mr Gamble said: “If they don’t adopt the button we are simply not going to go away.
“We need to protect the children of the UK.”
Richard Allan, head of policy for the social networking site in Europe, said it had agreed a series of measures allowing users in the UK to report concerns about child safety directly to the Child Exploitation and Online Protection centre (Ceop).
The new system flags up Ceop after users have already gone through Facebook's own reporting procedure.
But Jim Gamble, the chief executive of Ceop, said that by rejecting a visible panic button, a measure supported by the police, the operators of the website had shown that they did not understand deterrence.
“Putting the button in a safety centre is liking putting a burglar alarm inside your house,” he said.
“People still break in because they don’t realise you are in there and at the end of the day your family is still traumatised.”
Mr Gamble met the heads of Facebook in Washington DC to try to persuade them to install the button, which would allow users to report inappropriate behaviour on the site directly to Ceop.
Other networking sites, including Bebo, have introduced the button but Facebook has agreed only to a link to Ceop after users have made an initial report on the site itself.
“Each website has taken the concept of the panic button and done it in a way that fits their environment,” Mr Allan said.
“That’s precisely what we are doing... If you click on the report link that is there today you get a screen right in your face to say you can report this to Ceop as well.”
The button has cross-party political support in Britain and is also backed by leading child and anti-bullying charities.
Chief constables from across England and Wales, including Sir Paul Stephenson, the Scotland Yard Commissioner, have signed a letter supporting the move.
Mr Gamble said: “If they don’t adopt the button we are simply not going to go away.
“We need to protect the children of the UK.”
Intrusion detection system
An intrusion detection system (IDS) is a device (or application) that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station. Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents, which are violations or imminent threats of violation of computer security policies, acceptable use policies, or standard security practices. Intrusion prevention is the process of performing intrusion detection and attempting to stop detected possible incidents.Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, attempting to stop them, and reporting them to security administrators. In addition, organizations use IDPSs for other purposes, such as identifying problems with security policies, documenting existing threats, and deterring individuals from violating security policies.IDPSs have become a necessary addition to the security infrastructure of nearly every organization.
IDPSs typically record information related to observed events, notify security administrators of important observed events, and produce reports. Many IDPSs can also respond to a detected threat by attempting to prevent it from succeeding. They use several response techniques, which involve the IDPS stopping the attack itself, changing the security environment (e.g., reconfiguring a firewall), or changing the attack’s content.
IDS Terminology
* Alert/Alarm- A signal suggesting that a system has been or is being attacked.
* True Positive- A legitimate attack which triggers an IDS to produce an alarm.
* False Positive- An event signaling an IDS to produce an alarm when no attack has taken place.
* False Negative- A failure of an IDS to detect an actual attack .
* True Negative- When no attack has taken place and no alarm is raised.
* Noise- Data or interference that can trigger a false positive.
* Site policy- Guidelines within an organization that control the rules and configurations of an IDS.
* Site policy awareness- The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity.
* Confidence value- A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack.
* Alarm filtering- The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks.
Types of Intrusion-Detection systems
There are two main types of IDS's: network-based and host-based IDS.
In a network-based intrusion-detection system (NIDS), the sensors are located at choke points in network to be monitored, often in the demilitarized zone (DMZ) or at network borders. The sensor captures all network traffic and analyzes the content of individual packets for malicious traffic.
In a host-based system, the sensor usually consists of a software agent, which monitors all activity of the host on which it is installed, including file system, logs and the kernel. Some application-based IDS are also part of this category.
Network intrusion detection system (NIDS)
It is an independent platform that identifies intrusions by examining network traffic and monitors multiple hosts. Network Intrusion Detection Systems gain access to network traffic by connecting to a hub, network switch configured for port mirroring, or network tap. An example of a NIDS is Snort.
Host-based intrusion detection system (HIDS)
It consists of an agent on a host that identifies intrusions by analyzing system calls, application logs, file-system modifications (binaries, password files, capability/acl databases) and other host activities and state. An example of a HIDS is OSSEC.
Intrusion detection systems can also be system-specific using custom tools and honeypots.
Passive system vs. reactive system
In a passive system, the intrusion detection system (IDS) sensor detects a potential security breach, logs the information and signals an alert on the console and or owner. In a reactive system, also known as an intrusion prevention system (IPS), the IPS responds to the suspicious activity by resetting the connection or by reprogramming the firewall to block network traffic from the suspected malicious source. This can happen automatically or at the command of an operator.
Though they both relate to network security, an intrusion detection system (IDS) differs from a firewall in that a firewall looks outwardly for intrusions in order to stop them from happening. Firewalls limit access between networks to prevent intrusion and do not signal an attack from inside the network. An IDS evaluates a suspected intrusion once it has taken place and signals an alarm. An IDS also watches for attacks that originate from within a system. This is traditionally achieved by examining network communications, identifying heuristics and patterns (often known as signatures) of common computer attacks, and taking action to alert operators. A system that terminates connections is called an intrusion prevention system, and is another form of an application layer firewall.
The term IDPS is commonly used to refer to hybrid security systems that both "detect" and "prevent" for sure.
Statistical anomaly and signature based IDSes
All Intrusion Detection Systems use one of two detection techniques: statistical anomaly based and/or signature based.
Statistical anomaly based IDS- A statistical anomaly-based IDS establishes a performance baseline based on normal network traffic evaluations. It will then sample current network traffic activity to this baseline in order to detect whether or not it is within baseline parameters. If the sampled traffic is outside baseline parameters, an alarm will be triggered.
Signature-based IDS- Network traffic is examined for preconfigured and predetermined attack patterns known as signatures. Many attacks today have distinct signatures. In good security practice, a collection of these signatures must be constantly updated to mitigate emerging threats.
Limitations
Noise - Noise can severely limit an Intrusion detection systems effectiveness. Bad packets generated from software bugs, corrupt DNS data, and local packets that escaped can create a significantly high false-alarm rate.
Too few attacks- It is not uncommon for the number of real attacks to be far below the false-alarm rate. Real attacks are often so far below the false-alarm rate that they are often missed and ignored.
Signature updates - Many attacks are geared for specific versions of software that are usually outdated. A constantly changing library of signatures is needed to mitigate threats. Outdated signature databases can leave the IDS vulnerable to new strategies.
IDS evasion techniques
Intrusion detection system evasion techniques bypass detection by creating different states on the IDS and on the targeted computer. The adversary accomplishes this by manipulating either the attack itself or the network traffic that contains the attack.
Development
A preliminary concept of an IDS began with James P. Anderson and reviews of audit trails.[4] An example of an audit trail would be a log of user access.
Fred Cohen noted in 1984 (see Intrusion Detection) that it is impossible to detect an intrusion in every case and that the resources needed to detect intrusions grows with the amount of usage.
Dorothy E. Denning, assisted by Peter G. Neumann, published a model of an IDS in 1986 that formed the basis for many systems today.Her model used statistics for anomaly detection, and resulted in an early IDS at SRI International named the Intrusion Detection Expert System (IDES), which ran on Sun workstations and could consider both user and network level data.IDES had a dual approach with a rule-based Expert System to detect known types of intrusions plus a statistical anomaly detection component based on profiles of users, host systems, and target systems. Lunt proposed adding an Artificial neural network as a third component. She said all three components could then report to a resolver. SRI followed IDES in 1993 with the Next-generation Intrusion Detection Expert System (NIDES).
The Multics intrusion detection and alerting system (MIDAS), an expert system using P-BEST and LISP, was developed in 1988 based on the work of Denning and Neumann. Haystack was also developed this year using statistics to reduce audit trails.
Wisdom & Sense (W&S) was a statistics-based anomaly detector developed in 1989 at the Los Alamos National Laboratory.W&S created rules based on statistical analysis, and then used those rules for anomaly detection.
In 1990, the Time-based Inductive Machine (TIM) did anomaly detection using inductive learning of sequential user patterns in Common LISP on a VAX 3500 computer.The Network Security Monitor (NSM) performed masking on access matrices for anomaly detection on a Sun-3/50 workstation.The Information Security Officer's Assistant (ISOA) was a 1990 prototype that considered a variety of strategies including statistics, a profile checker, and an expert system.[13] ComputerWatch at AT&T Bell Labs used statistics and rules for audit data reduction and intrusion detection.
Then, in 1991, researchers at the University of California, Davis created a prototype Distributed Intrusion Detection System (DIDS), which was also an expert system.The Network Anomaly Detection and Intrusion Reporter (NADIR), also in 1991, was a prototype IDS developed at the Los Alamos National Laboratory's Integrated Computing Network (ICN), and was heavily influenced by the work of Denning and Lunt.NADIR used a statistics-based anomaly detector and an expert system.
The Lawrence Berkeley National Laboratory announced Bro in 1998, which used its own rule language for packet analysis from libpcap data.Network Flight Recorder (NFR) in 1999 also used libpcap.APE was developed as a packet sniffer, also using libpcap, in November, 1998, and was renamed Snort one month later, and has since become the world's largest used IDS/IPS system with over 300,000 active users.
The Audit Data Analysis and Mining (ADAM) IDS in 2001 used tcpdump to build profiles of rules for classifications.
In 2003 Dr. Wenke Lee argues for the importance of IDS in networks with mobile nodes.
IDPSs typically record information related to observed events, notify security administrators of important observed events, and produce reports. Many IDPSs can also respond to a detected threat by attempting to prevent it from succeeding. They use several response techniques, which involve the IDPS stopping the attack itself, changing the security environment (e.g., reconfiguring a firewall), or changing the attack’s content.
IDS Terminology
* Alert/Alarm- A signal suggesting that a system has been or is being attacked.
* True Positive- A legitimate attack which triggers an IDS to produce an alarm.
* False Positive- An event signaling an IDS to produce an alarm when no attack has taken place.
* False Negative- A failure of an IDS to detect an actual attack .
* True Negative- When no attack has taken place and no alarm is raised.
* Noise- Data or interference that can trigger a false positive.
* Site policy- Guidelines within an organization that control the rules and configurations of an IDS.
* Site policy awareness- The ability an IDS has to dynamically change its rules and configurations in response to changing environmental activity.
* Confidence value- A value an organization places on an IDS based on past performance and analysis to help determine its ability to effectively identify an attack.
* Alarm filtering- The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks.
Types of Intrusion-Detection systems
There are two main types of IDS's: network-based and host-based IDS.
In a network-based intrusion-detection system (NIDS), the sensors are located at choke points in network to be monitored, often in the demilitarized zone (DMZ) or at network borders. The sensor captures all network traffic and analyzes the content of individual packets for malicious traffic.
In a host-based system, the sensor usually consists of a software agent, which monitors all activity of the host on which it is installed, including file system, logs and the kernel. Some application-based IDS are also part of this category.
Network intrusion detection system (NIDS)
It is an independent platform that identifies intrusions by examining network traffic and monitors multiple hosts. Network Intrusion Detection Systems gain access to network traffic by connecting to a hub, network switch configured for port mirroring, or network tap. An example of a NIDS is Snort.
Host-based intrusion detection system (HIDS)
It consists of an agent on a host that identifies intrusions by analyzing system calls, application logs, file-system modifications (binaries, password files, capability/acl databases) and other host activities and state. An example of a HIDS is OSSEC.
Intrusion detection systems can also be system-specific using custom tools and honeypots.
Passive system vs. reactive system
In a passive system, the intrusion detection system (IDS) sensor detects a potential security breach, logs the information and signals an alert on the console and or owner. In a reactive system, also known as an intrusion prevention system (IPS), the IPS responds to the suspicious activity by resetting the connection or by reprogramming the firewall to block network traffic from the suspected malicious source. This can happen automatically or at the command of an operator.
Though they both relate to network security, an intrusion detection system (IDS) differs from a firewall in that a firewall looks outwardly for intrusions in order to stop them from happening. Firewalls limit access between networks to prevent intrusion and do not signal an attack from inside the network. An IDS evaluates a suspected intrusion once it has taken place and signals an alarm. An IDS also watches for attacks that originate from within a system. This is traditionally achieved by examining network communications, identifying heuristics and patterns (often known as signatures) of common computer attacks, and taking action to alert operators. A system that terminates connections is called an intrusion prevention system, and is another form of an application layer firewall.
The term IDPS is commonly used to refer to hybrid security systems that both "detect" and "prevent" for sure.
Statistical anomaly and signature based IDSes
All Intrusion Detection Systems use one of two detection techniques: statistical anomaly based and/or signature based.
Statistical anomaly based IDS- A statistical anomaly-based IDS establishes a performance baseline based on normal network traffic evaluations. It will then sample current network traffic activity to this baseline in order to detect whether or not it is within baseline parameters. If the sampled traffic is outside baseline parameters, an alarm will be triggered.
Signature-based IDS- Network traffic is examined for preconfigured and predetermined attack patterns known as signatures. Many attacks today have distinct signatures. In good security practice, a collection of these signatures must be constantly updated to mitigate emerging threats.
Limitations
Noise - Noise can severely limit an Intrusion detection systems effectiveness. Bad packets generated from software bugs, corrupt DNS data, and local packets that escaped can create a significantly high false-alarm rate.
Too few attacks- It is not uncommon for the number of real attacks to be far below the false-alarm rate. Real attacks are often so far below the false-alarm rate that they are often missed and ignored.
Signature updates - Many attacks are geared for specific versions of software that are usually outdated. A constantly changing library of signatures is needed to mitigate threats. Outdated signature databases can leave the IDS vulnerable to new strategies.
IDS evasion techniques
Intrusion detection system evasion techniques bypass detection by creating different states on the IDS and on the targeted computer. The adversary accomplishes this by manipulating either the attack itself or the network traffic that contains the attack.
Development
A preliminary concept of an IDS began with James P. Anderson and reviews of audit trails.[4] An example of an audit trail would be a log of user access.
Fred Cohen noted in 1984 (see Intrusion Detection) that it is impossible to detect an intrusion in every case and that the resources needed to detect intrusions grows with the amount of usage.
Dorothy E. Denning, assisted by Peter G. Neumann, published a model of an IDS in 1986 that formed the basis for many systems today.Her model used statistics for anomaly detection, and resulted in an early IDS at SRI International named the Intrusion Detection Expert System (IDES), which ran on Sun workstations and could consider both user and network level data.IDES had a dual approach with a rule-based Expert System to detect known types of intrusions plus a statistical anomaly detection component based on profiles of users, host systems, and target systems. Lunt proposed adding an Artificial neural network as a third component. She said all three components could then report to a resolver. SRI followed IDES in 1993 with the Next-generation Intrusion Detection Expert System (NIDES).
The Multics intrusion detection and alerting system (MIDAS), an expert system using P-BEST and LISP, was developed in 1988 based on the work of Denning and Neumann. Haystack was also developed this year using statistics to reduce audit trails.
Wisdom & Sense (W&S) was a statistics-based anomaly detector developed in 1989 at the Los Alamos National Laboratory.W&S created rules based on statistical analysis, and then used those rules for anomaly detection.
In 1990, the Time-based Inductive Machine (TIM) did anomaly detection using inductive learning of sequential user patterns in Common LISP on a VAX 3500 computer.The Network Security Monitor (NSM) performed masking on access matrices for anomaly detection on a Sun-3/50 workstation.The Information Security Officer's Assistant (ISOA) was a 1990 prototype that considered a variety of strategies including statistics, a profile checker, and an expert system.[13] ComputerWatch at AT&T Bell Labs used statistics and rules for audit data reduction and intrusion detection.
Then, in 1991, researchers at the University of California, Davis created a prototype Distributed Intrusion Detection System (DIDS), which was also an expert system.The Network Anomaly Detection and Intrusion Reporter (NADIR), also in 1991, was a prototype IDS developed at the Los Alamos National Laboratory's Integrated Computing Network (ICN), and was heavily influenced by the work of Denning and Lunt.NADIR used a statistics-based anomaly detector and an expert system.
The Lawrence Berkeley National Laboratory announced Bro in 1998, which used its own rule language for packet analysis from libpcap data.Network Flight Recorder (NFR) in 1999 also used libpcap.APE was developed as a packet sniffer, also using libpcap, in November, 1998, and was renamed Snort one month later, and has since become the world's largest used IDS/IPS system with over 300,000 active users.
The Audit Data Analysis and Mining (ADAM) IDS in 2001 used tcpdump to build profiles of rules for classifications.
In 2003 Dr. Wenke Lee argues for the importance of IDS in networks with mobile nodes.
War dialing
War dialing or wardialing is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, Bulletin board systems and fax machines. Hackers use the resulting lists for various purposes, hobbyists for exploration, and crackers - hackers that specialize in computer security - for password guessing.
A single wardialing call would involve calling an unknown number, and waiting for one or two rings, since answering computers usually pick up on the first ring. If the phone rings twice, the modem hangs up and tries the next number. If a modem or fax machine answers, the wardialer program makes a note of the number. If a human or answering machine answers, the wardialer program hangs up. Depending on the time of day, wardialing 10,000 numbers in a given area code might annoy dozens or hundreds of people, some who attempt and fail to answer a phone in two rings, and some who succeed, only to hear the wardialing modem's carrier tone and hang up. The repeated incoming calls are especially annoying to businesses that have many consecutively numbered lines in the exchange, such as used with a Centrex telephone system.
The popularity of wardialing in 1980s and 1990s prompted some states to enact legislation prohibiting the use of a device to dial telephone numbers without the intent of communicating with a person.
The name for this technique originated in the 1983 film WarGames. In the film, the protagonist programmed his computer to dial every telephone number in Sunnyvale, California to find other computer systems. 'WarGames Dialer' programs became common on bulletin board systems of the time, with file names often truncated to wardial.exe and the like due to length restrictions on such systems. Eventually, the etymology of the name fell behind as "war dialing" gained its own currency within computing culture.[1]
A more recent phenomenon is wardriving, the searching for wireless networks (Wi-Fi) from a moving vehicle. Wardriving was named after wardialing, since both techniques involve brute-force searches to find computer networks. The aim of wardriving is to collect information about wireless access points (not to be confused with piggybacking).
Similar to war dialing is a port scan under TCP/IP, which "dials" every TCP port of every IP address to find out what services are available. Unlike wardialing, however, a port scan will generally not disturb a human being when it tries an IP address, regardless of whether there is a computer responding on that address or not. Related to wardriving is warchalking, the practice of drawing chalk symbols in public places to advertise the availability of wireless networks. Despite its widespread coverage [in the news?], warchalking never particularly caught on as a popular activity.
The term is also used today by analogy for various sorts of exhaustive brute force attack against an authentication mechanism, such as a password. While a dictionary attack might involve trying each word in a dictionary as the password, "wardialing the password" would involve trying every possible password. Password protection systems are usually designed to make this impractical, by making the process slow and/or locking out an account for minutes or hours after some low number of wrong password entries.
War dialing is sometimes used as a synonym for demon dialing, a related technique which also involves automating a computer modem in order to repeatedly place telephone calls.
A single wardialing call would involve calling an unknown number, and waiting for one or two rings, since answering computers usually pick up on the first ring. If the phone rings twice, the modem hangs up and tries the next number. If a modem or fax machine answers, the wardialer program makes a note of the number. If a human or answering machine answers, the wardialer program hangs up. Depending on the time of day, wardialing 10,000 numbers in a given area code might annoy dozens or hundreds of people, some who attempt and fail to answer a phone in two rings, and some who succeed, only to hear the wardialing modem's carrier tone and hang up. The repeated incoming calls are especially annoying to businesses that have many consecutively numbered lines in the exchange, such as used with a Centrex telephone system.
The popularity of wardialing in 1980s and 1990s prompted some states to enact legislation prohibiting the use of a device to dial telephone numbers without the intent of communicating with a person.
The name for this technique originated in the 1983 film WarGames. In the film, the protagonist programmed his computer to dial every telephone number in Sunnyvale, California to find other computer systems. 'WarGames Dialer' programs became common on bulletin board systems of the time, with file names often truncated to wardial.exe and the like due to length restrictions on such systems. Eventually, the etymology of the name fell behind as "war dialing" gained its own currency within computing culture.[1]
A more recent phenomenon is wardriving, the searching for wireless networks (Wi-Fi) from a moving vehicle. Wardriving was named after wardialing, since both techniques involve brute-force searches to find computer networks. The aim of wardriving is to collect information about wireless access points (not to be confused with piggybacking).
Similar to war dialing is a port scan under TCP/IP, which "dials" every TCP port of every IP address to find out what services are available. Unlike wardialing, however, a port scan will generally not disturb a human being when it tries an IP address, regardless of whether there is a computer responding on that address or not. Related to wardriving is warchalking, the practice of drawing chalk symbols in public places to advertise the availability of wireless networks. Despite its widespread coverage [in the news?], warchalking never particularly caught on as a popular activity.
The term is also used today by analogy for various sorts of exhaustive brute force attack against an authentication mechanism, such as a password. While a dictionary attack might involve trying each word in a dictionary as the password, "wardialing the password" would involve trying every possible password. Password protection systems are usually designed to make this impractical, by making the process slow and/or locking out an account for minutes or hours after some low number of wrong password entries.
War dialing is sometimes used as a synonym for demon dialing, a related technique which also involves automating a computer modem in order to repeatedly place telephone calls.
Triple log in Yahoo Messenger in one computer
Mungkin Dual log in yahoo messenger hal yang biasa bagi anda. Bagaimana kalo log in 3 id yahoo messenger sekaligus, Bagaimana? Apakah anda tertarik, Berikut ini akan saya berikan tips dan tutorial triple log in yahoo messenger.
Tripple log in Yahoo messenger in one computer.
1. Ganti setting email yahoo loe jadi yg versi Beta terbaru karena ada fasilitas chatting sekaligus email disitu... misalnya account pertamanya : pertama@yahoo.com nah.. login aja via email... kan ada fasilitas chatting juga disitu... (pake browser Firefox)
2. Login account kedua, misalnya kedua@yahoo.com, lewat YM loe...
3. Klik kesini --->>> http://webmessenger.yahoo.com/
trus sign-in as different user dech... yaitu account ketiga loe,
misalnya ketiga@yahoo.com (pake browser IE)
Nah... bisa 3 account kan? tapi program YM-nya tetep cuman ada 1 di kompie... klo mo nambah YM.. silahkan ikutin triknya Bro Machop di atas tuh... okay? Happy chatting tapi ingat tidur ya ^^.
Tripple log in Yahoo messenger in one computer.
1. Ganti setting email yahoo loe jadi yg versi Beta terbaru karena ada fasilitas chatting sekaligus email disitu... misalnya account pertamanya : pertama@yahoo.com nah.. login aja via email... kan ada fasilitas chatting juga disitu... (pake browser Firefox)
2. Login account kedua, misalnya kedua@yahoo.com, lewat YM loe...
3. Klik kesini --->>> http://webmessenger.yahoo.com/
trus sign-in as different user dech... yaitu account ketiga loe,
misalnya ketiga@yahoo.com (pake browser IE)
Nah... bisa 3 account kan? tapi program YM-nya tetep cuman ada 1 di kompie... klo mo nambah YM.. silahkan ikutin triknya Bro Machop di atas tuh... okay? Happy chatting tapi ingat tidur ya ^^.
Dual Log in Yahoo Messenger in one computer
Mungkin teman-teman memiliki ID Yahoo lebih dari 1 dan ingin online keduanya. Atau ada teman anda yang berkunjung dan ingin log in yahoo messenger tapi anda tidak ingin id anda di log out. Berikut ini akan saya beri tips cara dual log in yahoo messenger
Membuka 2 Yahoo Messenger di 1 komputer
1. Buka editor regedit dengan cara klik menu: Start > Run lalu ketikan regedit and then klik ok.
2. Cari key [HKEY_CURRENT_USER\Software\Yahoo\Pager\Test].
3. Setelah itu klik kanan mouse di key Test pilih New > DWORD Value
4. Kemudian hapus nama New Value #1 dan ketikan (ganti dengan) kata plural.
5. Kemudian double klik maka akan muncul dialog Edit DWORD Value
dan isikan nilai value data nya 00000020 lalu OK dan tutup editor
regedit.
Nah setelah mengikuti tips - tips di atas lalu restart computer anda untuk menjalankan regedit yang telah di edit tadi.
Masukkan id yahoo anda yang pertama dan anda akan masuk ke id yahoo anda yang pertama, lalu click icon yahoo messenger lg masukkan id yahoo messenger kedua anda sekarang anda memakai 2 id sekaligus di 1 computer.Untuk mencheck berhasil apa tidak silahkan di check di kanan bawah dibagian hidden icons anda akan melihat 2 icon yahoo messenger.
Silahkan dicoba teman-teman.
Membuka 2 Yahoo Messenger di 1 komputer
1. Buka editor regedit dengan cara klik menu: Start > Run lalu ketikan regedit and then klik ok.
2. Cari key [HKEY_CURRENT_USER\Software\Yahoo\Pager\Test].
3. Setelah itu klik kanan mouse di key Test pilih New > DWORD Value
4. Kemudian hapus nama New Value #1 dan ketikan (ganti dengan) kata plural.
5. Kemudian double klik maka akan muncul dialog Edit DWORD Value
dan isikan nilai value data nya 00000020 lalu OK dan tutup editor
regedit.
Nah setelah mengikuti tips - tips di atas lalu restart computer anda untuk menjalankan regedit yang telah di edit tadi.
Masukkan id yahoo anda yang pertama dan anda akan masuk ke id yahoo anda yang pertama, lalu click icon yahoo messenger lg masukkan id yahoo messenger kedua anda sekarang anda memakai 2 id sekaligus di 1 computer.Untuk mencheck berhasil apa tidak silahkan di check di kanan bawah dibagian hidden icons anda akan melihat 2 icon yahoo messenger.
Silahkan dicoba teman-teman.
Mempercepat koneksi tanpa menggunakan software
Sekarang saya akan memberikan tips yang lumayan sering dipakai dan sedikit membantu dalam mempercepat koneksi tanpa menggunakan software, dengan yang menggatur settingan dari window-nya.
Baiklah kita mulai tipsnya, oh ya sebelumnya saya menggunakan windows xp, buat yang menggunakan vista dan 7 silahkan dicoba, soalnya settingan ini pasti ada pada settiap OS keluaran windows.
1. Klik kanan pada icon "My Computer" >> "pilih Properties".
2. Pada window system properties, pilih tab "hardware" >> pilih "Device Manager".
3. Pada window "device manager", double click pada "ports(COM&LPT)" >> lalu double click pada "device application interface" yang ada di list.
4. maka akan muncul device application interface sesuai dengan port yang di click tadi. lalu pilih tab port setting >> nah sekarang kita tinggal ubah settingan yang ada di bits per second-nya menjadi 128000 dan flow controlnya diubah menjadi hardware. selesai, klik ok.
ya, simple kan? sekarang tinggal menikmati koneksi internet yang lebih baik. selamat menikmati.
Baiklah kita mulai tipsnya, oh ya sebelumnya saya menggunakan windows xp, buat yang menggunakan vista dan 7 silahkan dicoba, soalnya settingan ini pasti ada pada settiap OS keluaran windows.
1. Klik kanan pada icon "My Computer" >> "pilih Properties".
2. Pada window system properties, pilih tab "hardware" >> pilih "Device Manager".
3. Pada window "device manager", double click pada "ports(COM&LPT)" >> lalu double click pada "device application interface" yang ada di list.
4. maka akan muncul device application interface sesuai dengan port yang di click tadi. lalu pilih tab port setting >> nah sekarang kita tinggal ubah settingan yang ada di bits per second-nya menjadi 128000 dan flow controlnya diubah menjadi hardware. selesai, klik ok.
ya, simple kan? sekarang tinggal menikmati koneksi internet yang lebih baik. selamat menikmati.
Subscribe to:
Posts (Atom)
