Introduction

Your home computer is a popular target for intruders. Why? Because intruders want what you’ve stored there. They look for credit card numbers, bank account information, and anything else they can find. By stealing that information, intruders can use your money to buy themselves goods and services.

But it’s not just money-related information they’re after. Intruders also want your computer’s resources, meaning your hard disk space, your fast processor, and your Internet connection. They use these resources to attack other computers on the Internet. In fact, the more computers an intruder uses, the harder it is for law enforcement to figure out where the attack is really coming from. If intruders can’t be found, they can’t be stopped, and they can’t be prosecuted.

Why are intruders paying attention to home computers? Home computers are typically not very secure and are easy to break into. When combined with high-speed Internet connections that are always turned on, intruders can quickly find and then attack home computers. While intruders also attack home computers connected to the Internet through dial-in connections, high-speed connections (cable modems and DSL modems) are a favorite target.

No matter how a home computer is connected to the Internet, intruders’ attacks are often successful. Many home computer owners don’t realize that they need to pay attention to computer security. In the same way that you are responsible for having insurance when you drive a car, you need to also be responsible for your home computer’s security. This document explains how some parts of the Internet work and then describes tasks you can do to improve the security of your home computer system. The goal is to keep intruders and their programs off your computer.

How do intruders break into your computer? In some cases, they send you email with a virus. Reading that email activates the virus, creating an opening that intruders use to enter or access your computer. In other cases, they take advantage of a flaw or weakness in one of your computer’s programs – a vulnerability – to gain access.

Once they’re on your computer, they often install new programs that let them continue to use your computer – even after you plug the holes they used to get onto your computer in the first place. These backdoors are usually cleverly disguised so that they blend in with the other programs running on your computer.

The next section discusses concepts you need to know, especially trust. The main part of this document explains the specific issues that need your attention. There are examples of how to do some of these tasks to secure a Microsoft Windows 2000-based computer. We also provide checklists you can use to record information about the steps you have taken to secure your computer. Finally, a glossary defines many of the technical terms used in this document. Unless otherwise stated in the glossary, the definitions come from the Webopedia Online Dictionary for Computer and Internet Terms

Whether your computer runs Microsoft? Windows?, Apple’s Mac OS, LINUX, or something else, the issues are the same and will remain so as new versions of your system are released. The key is to understand the security-related problems that you need to think about and solve.

Thinking About Securing Your Home Computer

Before diving into the tasks you need to do to secure your home computer, let’s first think about the problem by relating it to something you already know how to do. In this way, you can apply your experience to this new area.

So, think of your computer as you would your house, your apartment, or your condo. What do you know about how that living space works, what do you routinely do to keep it secure, and what have you installed to improve its security? (We’ll use this “computer-is-like-a-house-and-the-things-in-it” analogy throughout, departing only a few times to make a point.)

For example, you know that if you have a loud conversation, folks outside your space can probably hear you. You also routinely lock the doors and close the windows when you leave, and you don’t give the keys to just anyone. Some of you may install a security system to complement your practices. All of these are part of living in your home.

Let’s now apply similar thinking to your home computer. Email, instant messaging, and most web traffic go across the Internet in the clear; that is, anyone who can capture that information can read it. These are things you ought to know. You should always select and use strong passwords and exercise due care when reading all email, especially the unsolicited variety. These are things you ought to do. Finally, you can add a firewall, an anti-virus program, patches, and file encryption to improve the level of security on your home computer, and we’ll call these things you ought to install.

The rest of this document describes the things you ought to know, do, and install to improve the security of your home computer.

Things You Ought To Know

One starting point for solving home computer security problems is being aware of how the Internet and some of its technologies work. If you know how they work, you can evaluate solutions to the problems that come up. You can also use the Internet more safely and responsibly. In this section, we’ll talk about two topics: trust and information in the clear as it crosses the Internet.

Trust
Human beings are trusting by nature. We trust much of what we hear on the radio, see on television, and read in the newspaper. We trust the labels on packages. We trust the mail we receive. We trust our parents, our partner or spouse, and our children. We trust our co-workers. In fact, those who don’t trust much are thought to be cynical. Their opinions may be all too quickly ignored or dismissed.

The Internet was built on trust.1 Back in the mid 1960s, computers were very expensive and slow by today’s standards, but still quite useful. To share the expensive and scarce computers installed around the country, the U.S. government funded a research project to connect these computers together so that other researchers could use them remotely. This project was called the ARPAnet, named after the government research agency – ARPA, the Advanced Research Projects Agency – that funded and managed the project.

Key to the ARPAnet was the level of trust placed in its users; there was little thought given to malicious activity. Computers communicated using a straightforward scheme that relied on everybody playing by the rules. The idea was to make sharing ideas and resources easy and as efficient as the technology of the day provided. This philosophy of trust colors many of the practices, procedures, and technologies that are still in place today.

Only within the last few years, when Internet commerce (known as e-commerce) began to spread, it has become inadequate to rely principally on trust. Since the days of the ARPAnet, we’ve changed the way we use computer networks while others have changed the underlying technologies, all in an attempt to improve the security of the Internet and the trust we place on it.

Let’s dig deeper into two examples of what we trust in our daily lives. When you receive mail through the post office, many envelopes and the letters in them contain the sender’s address. Have you ever wondered if those addresses were valid; that is, do they match the address of the person or persons who really sent them? While you could check to see that those addresses are valid and refer to the person they name, it’s not an easy task.

How would you go about it? Would you call the phone number provided with the letter? That number could also be invalid, and the person that answers the phone could be as misleading as the original address. Perhaps you could call directory assistance or the police department that has jurisdiction over the town where the letter was supposedly from. They might be helpful, but that is likely to take lots of time. Most people wouldn’t bother.

And it’s not just return addresses either. How about advertisements, news stories, or the information printed on groceries? Suppose you were on a low-fat diet. You’d want to buy foods low in fat. To select the right foods, you’d read the product label at the grocery store. How do you know that the label information is valid? What’s to say it’s not forged? And how would you know?

The Internet has many of the same issues, and email is one of the best examples. In an email message, an intruder can easily fabricate where the came from. But this information forging – called spoofing by intruders and security professionals – is not limited to just email. In fact, the basic unit of information transferred on the Internet – called a packet – can also be easily forged or spoofed.

What does this mean and why should you care? It means that any information you receive from some other computer on the Internet should not be trusted automatically and unconditionally. When you trust an email message that turns out to have a harmful virus attached to it, your computer can be infected, your files destroyed, and your work lost. And that’s why you should care.

This is how the Internet works. It was built on trust. Over time, there have been technological changes that are worthy of a higher level of our trust than before. Nonetheless, a true sense of insecurity is better than a false sense of security. So, think about the information you trust. Be critical and cautious.


Information in the Clear

When you have a conversation with someone in your living space, everybody within earshot can hear the words and probably understand them. If your conversation is especially loud and your windows open, even passersby can hear. If you want privacy, you and your conversation partner need to go to another room and close the doors and windows.

The Internet works much the same way, except the room is much, much bigger. When you send email, browse a web site, or chat online with someone, the conversation between you and that person does not go directly from your computer to his or her computer. Instead, it goes from your computer to another computer to still another computer and so on, eventually reaching his or her computer. Think of all of these computers as an Internet “room.”

Anyone, or, more accurately, any program, in that Internet room that can hear that conversation can also probably understand it. Why? Because just like the conversation at home, most Internet conversations are in the clear, meaning that the information exchanged between computer systems is not concealed or hidden in any way.

Again, this is how the Internet works. You need to know that the information sent across the Internet may be at risk of others listening in, capturing what you send, and using it for their own benefit.

Later, we’ll talk about encryption as a way to address this problem. Encryption uses mathematics to conceal information. There are many programs you can install to encrypt the information you send across the Internet.

What Should I Do To Secure My Home Computer?

Securing your home computer is not a trivial task. There are many topics to consider and many steps to follow. They take time to learn and do. If you can, read this entire document before you begin to secure your computer. You’ll have a better understanding of the effort and all its facets. This ought to help you when you begin to tackle the tasks described here.

In the next part of this document, we describe two types of activities. Some you can do using the programs that came with your computer: working with passwords and email attachments, running programs, and backing up your work. For other activities, you might need to obtain some specialized programs: applying patches, and running anti-virus, firewall, and file encryption programs. Though some vendors’ products provide these features, we’ll assume your computer doesn’t have any of them so you’ll need to add all of them.

Here then is the list of tasks you need to do to secure your home computer. Their order is based on how intruders attack computers, beginning with the most-often used attack methods. By starting with the lower numbered tasks, you address the biggest problems you face in securing your home computer. Remember that most sections end with a reference to a web site that you can use to find an example of how to do the task on a Microsoft Windows 2000 computer.

Task 1 - Install and Use Anti-Virus Programs

If someone rang your doorbell and wanted to come into your living space to sell you something or to use your telephone, you’d need to make a decision whether or not to let them in. If they were a neighbor or someone you knew, you’d probably let them in. If you didn’t know them but believed their story and found them to be otherwise acceptable, say they were neat and clean and not threatening, you’d probably also let them in, but you’d watch them closely while they were in your space.

What are you doing here? You are profiling this person and then deciding what to do based on that profile. It’s your responsibility to be concerned about who enters your living space. Further, if you have children, you’ve probably also taught them how to deal with strangers who come to your door.

Anti-virus programs work much the same way. These programs look at the contents of each file, searching for specific patterns that match a profile – called a virus signature – of something known to be harmful. For each file that matches a signature, the anti-virus program typically provides several options on how to respond, such as removing the offending patterns or destroying the file.

To understand how anti-virus programs work, think about scam artists – people who visit your home to try to get you to buy a phony product or service, or to let them in. Once inside, they may try to steal your valuables or try to harm you in some way.

There are a variety of ways you might find out about a specific scam artist lurking in your neighborhood. Perhaps you see a television report or read a newspaper article about them. They might include pictures and excerpts of the story the scam artist uses to scam their victims. The news report gives you a profile of someone you need to be on the lookout for. You watch for that person until either the story fades away or you hear that they’ve been caught.

Anti-virus programs work much the same way. When the anti-virus program vendors learn about a new virus, they provide an updated set of virus signatures that include that new one. Through features provided by the updated anti-virus program, your home computer also automatically learns of this new virus and begins checking each file for it, along with checking for all the older viruses. However, unlike scam artists, viruses never completely fade away. Their signatures remain part of the master version of all virus signatures.

Suppose a scam artist was at your front door. What would you do? Perhaps you’d not encourage them to come in nor buy their product but, at the same time, you’d try not to upset them. You’d politely listen to their story and then send them on their way. After you closed the door, you may call the police or the telephone number given in the report that initially brought them to your attention.

With viruses, you often have the chance to react to them when they’ve been discovered on your home computer. Depending upon the specific characteristics of the virus, you might be able to clean the infected file. Or you might be forced to destroy the file and load a new copy from your backups or original distribution media. Your options depend upon your choice of anti-virus program and the virus that’s been detected.

In your living space, you look at those who come to your door and you look at what you receive in the mail. These are two of the ways that items can get into your living space, so you examine them, sometimes closely, sometimes not.

Viruses can reach your computer in many ways, through floppy disks, CD-ROMs, email, web sites, and downloaded files. All need to be checked for viruses each time you use them. In other words, when you insert a floppy disk into the drive, check it for viruses. When you receive email, check it for viruses (remember to use the KRESV tests described in Task 3 - Use Care When Reading Email with Attachments). When you download a file from the Internet, check it for viruses before using it. Your anti-virus program may let you specify all of these as places to check for viruses each time you operate on them. Your anti-virus program may also do this automatically. All you need to do is to open or run the file to cause it to be checked.

Just as you walk around your living space to see if everything is OK, you also need to “walk” around your home computer to see if there are any viruses lurking about. Most anti-virus programs let you schedule periodic exams of all files on your home computer on a regular basis, daily for example. If you leave your computer turned on over night, think about scheduling a full-system review during that time.

Some anti-virus programs have more advanced features that extend their recognition capabilities beyond virus signatures. Sometimes a file won’t match any of the known signatures, but it may have some of the characteristics of a virus. This is comparable to getting that “there’s something not quite right here, so I’m not going to let them in” feeling as you greet someone at your door. These heuristic tests, as they’re called, help you to keep up with new viruses that aren’t yet defined in your list of virus signatures.

An anti-virus program is frequently an add-on to your home computer, though your newly purchased computer might include a trial version. At some point, say after 60 days, you must purchase it to continue using it. To decide whether to make that purchase or to look elsewhere, use these steps for evaluating anti-virus programs:

The Demand test: Can you check a file on demand, for example, when you want to send an attachment as part of the KRESV tests?

The Update test: Can you update the virus signatures automatically? Daily is best.

The Respond test: What are all the ways that you can respond to an infected file? Can the virus checker clean a file?

The Check test: Can you check every file that gets to your home computer, no matter how it gets there, and can those checks be automated?

The Heuristics test: Does the virus checker do heuristics tests? How are these defined?

These tests – the DURCH tests – help you compare anti-virus programs. Once you’ve made your selection, install it and use all of its capabilities all of the time.

Intruders are the most successful in attacking all computers – not just home computers – when they use viruses and worms. Installing an anti-virus program and keeping it up to date is among the best defenses for your home computer. If your financial resources are limited, they are better spent purchasing a commercial anti-virus program than anything else.

Task 2 - Keep Your System Patched

If one of your appliances broke, you’d probably try to have it repaired. You’d call a repairperson whom you hope could do the job. You’d get an estimate and then you’d either get it fixed or replace it. Your goal is to somehow restore the functions that the appliance provides.

What do you do when a software “appliance” – a program – or the operating system itself breaks? How do you restore the functions that they provide? Do you know whom to call or even where to look to determine what to do next?

Most vendors provide patches that are supposed to fix bugs in their products. Frequently these patches do what they’re supposed to do. However, sometimes a patch fixes one problem but causes another. For example, did you ever have a repairperson fix an appliance but in the process, they scratched the floor or damaged a countertop during their visit? For a computer, the repair cycle might have to be repeated until a patch completely fixes a problem.

Vendors often provide free patches on their web sites. When you purchase programs, it’s a good idea to see if and how the vendor supplies patches, and if and how they provide a way to ask questions about their products. Just as appliance vendors often sell extended warranties for their products, some software vendors may also sell support for theirs.

Have you ever received a recall notice for your car or another product you’ve purchased? Vendors send these notices to product owners when a safety-related problem has been discovered. Registering your purchase through the warranty card gives the vendor the information they need to contact you if there is a recall.

Program vendors also provide a recall-like service. You can receive patch notices through email by subscribing to mailing lists operated by the programs’ vendors. Through this type of service, you can learn about problems with your computer even before you discover them and, hopefully, before intruders have the chance to exploit them. Consult the vendor’s web site to see how to get email notices about patches as soon as they’re available.

Some vendors have gone beyond mailing lists. They provide programs bundled with their systems that automatically contact their web sites looking for patches specifically for your home computer. These automatic updates tell you when patches are available, download them, and even install them. You can tailor the update features to do only want you want, such as just telling you something new is waiting but doing nothing more.

While the patching process is getting easier, even to the point where it can be completely automated, it is not yet foolproof. In some cases, installing a patch can cause another seemingly unrelated program to break. The challenge is to do as much homework as you can to learn what a patch is supposed to do and what problems it might cause once you’ve installed it.

This is a hard job. Often, the vendors don’t tell you about problems their patches can cause. Why? Because it is simply impossible to test all possible programs with all possible patches to discover unexpected side effects. Imagine doing that job and then continuing to do that for each new program and patch that comes along. Vendors rely on their customers to tell them when something unexpected happens once a patch is installed. So, if this happens to you, let them know.

Imagine then that you’ve either found a patch on the vendor’s site or you’ve received notice that a patch is available. What do you do next? Follow the steps below to evaluate a patch before you install it:

The Affected test: Does this patch affect one of the programs on your computer? If it doesn’t affect your computer, you’re done. Whew!

The Break test: Can you tell from the vendor’s web site or the patch’s description if installing it breaks something else that you care about? If installation does break something, then you have to decide how to proceed. Try notifying the vendor of the program that might break to learn what their strategy is for addressing this problem. Also, use your web browser to learn if anyone else has experienced this problem and what he or she did about it.

The Undo test: Can you undo the patch? That is, can you restore your computer to the way it was before you installed the patch? Currently, vendors are building most patches with an uninstall feature that enables you to remove a patch that has unwanted consequences. In addition, some computers also come with features that help you restore them to a previously known and working state should there be a problem. You need to know what your computer provides so that you can undo a patch if necessary.

Recall from the Introduction that intruders exploit vulnerabilities to gain access to home computers. How do intruders find out about these vulnerabilities? In many cases, they read the same vendor mailing lists and use the same automatic notification schemes that you use. This means that you need to evaluate and install patches on your home computer as soon as they’re available. The longer a vulnerability is known, the greater the chances are that an intruder will find it on your home computer and exploit it. With the ABU tests, you can quickly evaluate and install patches to keep intruders off your home computer.

One last thing: patches are usually distributed as programs. This means that you need to use the DCAL steps described in Task 7 - Use Care When Downloading and Installing Programs before loading and installing a patch. Intruders often take advantage of vulnerabilities wherever they may be. In many cases, the vulnerabilities they exploit may have patches, but those patches were not installed. For your home computer, make time to keep your programs patched wherever possible. If you can’t patch a program, shop around for an equivalent program and use it until the original program is fixed or you’ve abandoned it in favor of something more reliable.

You can spend money on maintenance where you get patches for programs, but that’s usually not necessary. Since most vendors provide free patches, mailing lists, and automatic updates, keeping your computer patched usually only costs you time.

Task 3 - Use Care When Reading Email with Attachments

We’ve all heard stories about people receiving an item in the mail that in some way caused them harm. We’ve heard of letter bombs and exploding packages, and in 2001, we learned about Anthrax-laden letters. Although their frequency is low, they do make news.

These unsolicited items are sent to unsuspecting recipients. They may contain a return address, a provocative envelope, or something else that encourages its receiver to open it. This technique is called social engineering. Because we are trusting and curious, social engineering is often effective.

In the case of the Anthrax letters addressed to United States senators, the envelopes contained a school’s return address as an inducement to open them. What government official wouldn’t want to serve their constituency by reading and responding to a letter supposedly sent by a class at a school, especially an elementary school? By opening the letter and subsequently spreading its lethal contents, the recipient complied with the wishes of the sender, a key foundation of social engineering. In the pre-Anthrax letter days, a mail handler might have given little thought to the contents of the letter or the validity of the return address. Those days are behind us.

You probably receive lots of mail each day, much of it unsolicited and containing unfamiliar but plausible return addresses. Some of this mail uses social engineering to tell you of a contest that you may have won or the details of a product that you might like. The sender is trying to encourage you to open the letter, read its contents, and interact with them in some way that is financially beneficial – to them. Even today, many of us open letters to learn what we’ve won or what fantastic deal awaits us. Since there are few consequences, there’s no harm in opening them.

Email-borne viruses and worms operate much the same way, except there are consequences, sometimes significant ones. Malicious email often contains a return address of someone we know and often has a provocative Subject line. This is social engineering at its finest – something we want to read from someone we know.

Email viruses and worms are fairly common. If you’ve not received one, chances are you will. Here are steps you can use to help you decide what to do with every email message with an attachment that you receive. You should only read a message that passes all of these tests.

The Know test: Is the email from someone that you know?

The Received test: Have you received email from this sender before?

The Expect test: Were you expecting email with an attachment from this sender?

The Sense test: Does email from the sender with the contents as described in the Subject line and the name of the attachment(s) make sense? For example, would you expect the sender – let’s say your Mother – to send you an email message with the Subject line “Here you have, ;o)” that contains a message with attachment – let’s say AnnaKournikova.jpg.vbs? A message like that probably doesn’t make sense. In fact, it happens to be an instance of the Anna Kournikova worm, and reading it can damage your system.

The Virus test: Does this email contain a virus? To determine this, you need to install and use an anti-virus program. That task is described in Task 1 - Install and Use Anti-Virus Programs.

You should apply these five tests – KRESV – to every piece of email with an attachment that you receive. If any test fails, toss that email. If they all pass, then you still need to exercise care and watch for unexpected results as you read it.

Now, given the KRESV tests, imagine that you want to send email with an attachment to someone with whom you’ve never corresponded – what should you do? Here’s a set of steps to follow to begin an email dialogue with someone.

Since the recipient doesn’t already Know you, you need to send them an introductory email. It must not contain an attachment. Basically, you’re introducing yourself and asking their permission to send email with an attachment that they may otherwise be suspicious of. Tell them who you are, what you’d like to do, and ask for permission to continue.

This introductory email qualifies as the mail Received from you.

Hopefully, they’ll respond; and if they do, honor their wishes. If they choose not to receive email with an attachment from you, don’t send one. If you never hear from them, try your introductory email one more time.

If they accept your offer to receive email with an attachment, send it off. They will Know you and will have Received email from you before. They will also Expect this email with an attachment, so you’ve satisfied the first three requirements of the KRESV tests.

Whatever you send should make Sense to them. Don’t use a provocative Subject line or any other social engineering practice to encourage them to read your email.

Check the attachments for Viruses. This is again based on having virus-checking programs, and we’ll discuss that later.

The KRESV tests help you focus on the most important issues when sending and receiving email with attachments. Use it every time you send email, but be aware that there is no foolproof scheme for working with email, or security in general. You still need to exercise care. While an anti-virus program alerts you to many viruses that may find their way to your home computer, there will always be a lag between when a virus is discovered and when anti-virus program vendors provide the new virus signature. This means that you shouldn’t rely entirely on your anti-virus programs. You must continue to exercise care when reading email.


Task 4 - Install and Use a Firewall Program

This section describes a firewall, its importance to your home computer strategy, and a way to think about the job you need to do. We’re going to depart from our “computer-is-like-a-house-and-the-things-in-it” analogy to use another that you are probably also familiar with: an office building.

Have you ever visited a business where you first stopped at the reception desk to interact with a security guard? That guard’s job is to assess everybody who wishes to enter or leave the building to decide if they should continue on or be stopped. The guard keeps the unwanted out and permits only appropriate people and objects to enter and leave the business’s premises.

Let’s dig deeper into this analogy. When someone enters a building, the security guard usually greets them. If they have an appropriate identification badge, they show it to the guard or swipe it through a reader. If all is OK, they pass through the guard’s checkpoint. However, if something’s wrong or if they are a visitor, they must first stop at the guard desk.

The guard asks whom they wish to see. The guard may also ask for identification such as a driver’s license or their company ID. The guard reviews the list of expected guests to see if this person is approved to visit the party in question. If the guard decides everything is all right, the visitor may pass. The visitor usually signs a logbook with their name, the company they represent, whom they are seeing, and the time of day.

On a computer, the firewall acts much like a guard when it looks at network traffic destined for or received from another computer. The firewall determines if that traffic should continue on to its destination or be stopped. The firewall “guard” is important because it keeps the unwanted out and permits only appropriate traffic to enter and leave the computer.

To do this job, the firewall has to look at every piece of information – every packet – that tries to enter or leave a computer. Each packet is labeled with where it came from and where it wants to go. Some packets are allowed to go anywhere (the employee with the ID badge) while others can only go to specific places (visitors for a specific person). If the firewall allows the packet to proceed (being acceptable according to the rules), it moves the packet on its way to the destination. In most cases, the firewall records where the packet came from, where it’s going, and when it was seen. For people entering a building, this is similar to the ID card system keeping track of who enters or the visitor signing the visitor’s log.

The building’s guard may do a few more tasks before deciding that the person can pass. If the person is a visitor and is not on the visitors list, the guard calls the employee being visited to announce the visitor’s arrival and to ask if they may pass. If the employee accepts the visitor, they may proceed. The guard may also give the visitor a badge that identifies them as a visitor. That badge may limit where in the building they can go and indicate if they need to be escorted. Finally, no matter whether the person is a visitor or an employee, the guard may inspect their briefcase or computer case before they pass.

The firewall can also check whether a given packet should pass, allowing the computer’s user to respond to unanticipated network traffic (just as the guard does with the unexpected visitor). Individual packets can be allowed to pass, or the firewall can be changed to allow all future packets of the same type to pass. Some firewalls have advanced capabilities that make it possible to direct packets to a different destination and perhaps even have their contents concealed inside other packets (similar to the visitor being escorted). Finally, firewalls can filter packets based not only on their point of origin or destination, but also on their content (inspecting the briefcase or computer case before being allowed to pass).

Back to the office building, when employees leave the building, they may also have to swipe their ID card to show that they’ve left. A visitor signs out and returns their temporary badge. Both may be subject to having their possessions inspected before being allowed to leave.

Firewalls can also recognize and record when a computer-to-computer connection ends. If the connection was temporary (like a visitor), the firewall rules can change to deny future similar connections until the system’s user authorizes them (just as visitors must re-identify themselves and be re-approved by an employee). Finally, outgoing connections can also be filtered according to content (again, similar to inspecting possessions at the exit).

What does this all mean? It means that with a firewall, you can control which packets are allowed to enter your home computer and which are allowed to leave. That’s the easy part.

The hard part is deciding the details about the packets that are allowed to enter and exit your home computer. If your firewall supports content filtering, you also need to learn which content to allow and which not to allow. To help you get a handle on this harder task, let’s return to our security guard analogy.

Imagine that you are that security guard and it’s your first day on the job. You have to decide who’s allowed in, who’s allowed out, and what people can bring into and take out of the building. How do you do this?

One strategy is to be very conservative: let no one in or out and let no possessions in or out. This is very simple, very easy to achieve, but not particularly helpful to the business if none of its employees or visitors can get in or out. Nor is it helpful if they can’t bring anything with them. With this type of strategy, your tenure as a security guard may be short-lived.

If you try this, you quickly learn that you need to change your strategy to allow people in and out only if they have acceptable identification and possessions using some agreed-to criteria. Add the requirement that if you don’t meet the precise criteria for admittance, you don’t get in.

With most firewalls, you can do the same thing. You can program your firewall to let nothing in and nothing out. Period. This is a deny-all firewall strategy and it does work, though it effectively disconnects you from the Internet. It is impractical for most home computers.

You can do what the security guard did: review each packet (employee or visitor) to see where it’s coming from and where it’s going. Some firewall products let you easily review each packet so that you can decide what to do with it. When you are shopping for a firewall, look for this review feature because it can be quite helpful. Practically speaking, it isn’t easy to decide which traffic is all right and which is not all right. Any feature that makes this job easier helps you achieve your goal of securing your home computer.

Just like the security guard who learns that anybody with a company photo ID is allowed to pass, you too can create firewall rules that allow traffic to pass without reviewing each packet each time. For example, you may choose to allow your Internet browsers to visit any web site. This rule would define the source of that traffic to be your browsers (Netscape Navigator and Microsoft Internet Explorer, for example) and the destination location to be any web server. This means that anybody using your home computer could visit any Internet web site, as long as that web server used the well-known standard locations.

Now that you have an idea of what your firewall security guard is trying to do, you need a method for gathering information and programming your firewall. Here is a set of steps to use to do just that:

The Program test: What’s the program that wants to make a connection to the Internet? Although many programs may need to make the same type of connection to the same Internet destination, you need to know the name of each. Avoid general rules that allow all programs to make a connection. This often results in unwanted and unchecked behavior.

Introduction to BIOS Passwords

The best method to reset a BIOS password depends on what BIOS the computer has. Common BIOS's include AMI, Award, IBM and Phoenix. Numerous other BIOS's do exist, but these are the most common.

Some BIOS's allow you to require a password be entered before the system will boot. Some BIOS's allow you to require a password to be entered before the BIOS setup may be accessed.

The general categories of solutions to reset a BIOS password are:
Using a Backdoor BIOS Password
Resetting the BIOS Password using Software
Resetting the BIOS Password using Hardware
Vendor Specific Solutions for resetting the BIOS Password
Using a Backdoor BIOS Password

Some BIOS manufacturers implement a backdoor password. The backdoor password is a BIOS password that works, no matter what the user sets the BIOS password to. These passwords are typically used for testing and maintenance. Manufacturers typically change the backdoor BIOS passwords from time to time.
AMI Backdoor BIOS Passwords

Reported AMI backdoor BIOS passwords include A.M.I., AAAMMMIII, AMI?SW , AMI_SW, BIOS, CONDO, HEWITT RAND, LKWPETER, MI, and PASSWORD.
Award Backdoor BIOS Passwords

One reported Award backdoor BIOS password is eight spaces. Other reported Award backdoor BIOS passwords include 01322222, 589589, 589721, 595595, 598598 , ALFAROME, ALLY, ALLy, aLLY, aLLy, aPAf, award, AWARD PW, AWARD SW, AWARD?SW, AWARD_PW, AWARD_SW, AWKWARD, awkward, BIOSTAR, CONCAT, CONDO, Condo, condo, d8on, djonet, HLT, J256, J262, j262, j322, j332, J64, KDD, LKWPETER, Lkwpeter, PINT, pint, SER, SKY_FOX, SYXZ, syxz, TTPTHA, ZAAAADA, ZAAADA, ZBAAACA, and ZJAAADC.
Phoenix Backdoor BIOS Passwords

Reported Phoenix BIOS backdoor passwords include BIOS, CMOS, phoenix, and PHOENIX.
Backdoor BIOS Passwords from Other Manufacturers

Reported BIOS backdoor passwords for other manufacturers include:
Manufacturer BIOS Password
VOBIS & IBM merlin
Dell Dell
Biostar Biostar
Compaq Compaq
Enox xo11nE
Epox central
Freetech Posterie
IWill iwill
Jetway spooml
Packard Bell bell9
QDI QDI
Siemens SKY_FOX
SOYO SY_MB
TMC BIGO
Toshiba Toshiba

Remember that what you see listed may not be the actual backdoor BIOS password, this BIOS password may simply have the same checksum as the real backdoor BIOS password. For Award BIOS, this checksum is stored at F000:EC60.
Resetting the BIOS Password using Software

Every system must store the BIOS password information somewhere. If you are able to access the machine after it has been booted successfully, you may be able to view the BIOS password. You must know the memory address where the BIOS password is stored, and the format in which the BIOS password is stored. Or, you must have a program that knows these things.

You can write your own program to read the BIOS password from the CMOS memory on a PC by writing the address of the byte of CMOS memory that you wish to read in port 0x370, and then reading the contents of port 0x371.

!BIOS will recover the BIOS password for most common BIOS versions, including IBM, American Megatrends Inc, Award and Phoenix.

CmosPwd will recover the BIOS password for the following BIOS versions:
ACER/IBM BIOS
AMI BIOS
AMI WinBIOS 2.5
Award 4.5x/4.6x/6.0
Compaq (1992)
Compaq (New version)
IBM (PS/2, Activa, Thinkpad)
Packard Bell
Phoenix 1.00.09.AC0 (1994), a486 1.03, 1.04, 1.10 A03, 4.05 rev 1.02.943, 4.06 rev 1.13.1107
Phoenix 4 release 6 (User)
Gateway Solo - Phoenix 4.0 release 6
Toshiba
Zenith AMI
Resetting the BIOS Password using Hardware

If you cannot access the machine after if has been powered up, it is still possible to get past the BIOS password. The BIOS password is stored in CMOS memory that is maintained while the PC is powered off by a small battery, which is attached to the motherboard. If you remove this battery, all CMOS information (including the BIOS password) will be lost. You will need to re-enter the correct CMOS setup information to use the machine. The machines owner or user will most likely be alarmed when it is discovered that the BIOS password has been deleted.

On some motherboards, the battery is soldered to the motherboard, making it difficult to remove. If this is the case, you have another alternative. Somewhere on the motherboard you should find a jumper that will clear the BIOS password. If you have the motherboard documentation, you will know where that jumper is. If not, the jumper may be labeled on the motherboard. If you are not fortunate enough for either of these to be the case, you may be able to guess which jumper is the correct jumper. This jumper is usually standing alone near the battery. If you cannot locate this jumper, you might short both of the points where the battery connects to the motherboard.

If all else fails, you may have to clear the BIOS password by resetting the RTC (Real Time Clock) IC (Integrated Circuit) on your motherboard.

Many RTC's require an external battery. If your RTC is one of this type, you can clear the BIOS password just by unsocketing the RTC and reseating it.

RTC's which require external batteries include:
Dallas Semiconductor DS12885S
TI benchmarq bq3258S
Motorola MC146818AP
Hitachi HD146818AP
Samsung KS82C6818A

Most RTC chips with integrated batteries can be reset to clear the BIOS password by shorting two pins together for a few seconds.

You will see more than one option for some chips due to testing by various people in the field. Remember to remove power from the system before shorting these pins.
RTC Chip Pins
Dallas DS1287A
TI benchmarq bp3287AMT 3 (N.C.) and 21 (NC/RCL)
Chips & Technologies P82C206 12 (GND) and 32 (5V)
-or-
74 (GND) and 75 (5V)
OPTi F82C206 3 and 26
Dallas Semiconductor DS12887A 3 (N.C.) and 21 (RCLR)

You should be able to discover how to reset the BIOS password stored in most RTC (Real Time Clock) chips by reading the manufacturers data sheet for that RTC. Some RTC's, like the Dallas DS1287 and TI benchmarq bq3287mt cannot be cleared. The solution to resetting the BIOS password on systems with those RTC's is to purchase a replacement RTC chip. How inconvenient!
Vendor Specific Solutions for Resetting the BIOS Password
Resetting a Dell BIOS Password

Christophe Grenier has written a program that will calculate the master BIOS password for Dell Latitudes from the Service Tag number. That program is available at http://www.users.globalnet.co.uk/~skynet/zips/latitude.exe.
Resetting a Toshiba BIOS Password

KeyDisk will reset the BIOS password on Toshiba laptops.

Most Toshiba laptops can be convinced to boot without their power-on BIOS password by attaching a dongle to the serial port which crosses a number of the pins. The pin out is:
Pins
1-5-10
2-11
3-17
4-12
6-16
7-13
8-14
9-15

Some Toshiba's can be convinced to bypass the startup BIOS password if you hold down the <LEFT-SHIFT> key while booting the system.
Resetting an IBM ThinkPad BIOS Password

KeyMaker will recover the BIOS password on IBM ThinkPads.
Resetting an IBM Aptiva BIOS Password

Some IBM Aptiva's can be convinced to bypass the startup BIOS password if you press both mouse buttons repeatedly while booting the system.

Proxy Servers Listed: 46    Last Update: 2006-10-14    Anonymous: 6    Transparent: 25    Other: 15
IP Port Type Country Last Test
 

84.21.92.94 3128 transparent Russian Federation 2006-10-14 Whois
221.146.71.30 8080 high anonymity South Korea 2006-10-13 Whois
125.248.244.131 8080 transparent South Korea 2006-10-13 Whois
195.175.37.6 8080 transparent Turkey 2006-10-13 Whois
165.228.128.10 3128 transparent Australia 2006-10-13 Whois
85.207.10.36 3128 transparent Czech Republic 2006-10-13 Whois
59.11.18.86 8080 high anonymity South Korea 2006-10-14 Whois
64.25.77.3 8080 anonymous United States 2006-10-13 Whois
85.10.203.228 8080 transparent Germany 2006-10-13 Whois
125.189.53.221 8080 high anonymity South Korea 2006-10-14 Whois
203.160.1.48 80 transparent Vietnam 2006-10-13 Whois
61.110.98.33 80 transparent South Korea 2006-10-13 Whois
125.244.107.2 8080 transparent South Korea 2006-10-13 Whois
192.76.71.99 80 anonymous United States 2006-10-13 Whois
200.65.127.163 3128 transparent Mexico 2006-10-13 Whois
85.10.195.48 3128 transparent Germany 2006-10-13 Whois
221.138.181.216 8080 high anonymity South Korea 2006-10-13 Whois
222.165.189.55 80 transparent Sri Lanka 2006-10-13 Whois
194.254.169.40 3128 transparent France 2006-10-13 Whois
61.120.143.56 8080 high anonymity Japan 2006-10-14 Whois
217.17.254.67 8080 anonymous Bahrain 2006-10-13 Whois
59.41.253.35 80 transparent China 2006-10-13 Whois
200.76.240.39 3128 transparent Mexico 2006-10-13 Whois
203.160.180.47 8080 anonymous Philippines 2006-10-13 Whois
203.94.90.1 80 transparent Sri Lanka 2006-10-13 Whois
59.4.140.84 8080 high anonymity South Korea 2006-10-14 Whois
200.242.135.2 3128 transparent Brazil 2006-10-13 Whois
82.194.63.89 80 transparent Bahrain 2006-10-14 Whois
58.99.17.24 8080 high anonymity Taiwan 2006-10-14 Whois
219.110.171.239 8080 high anonymity Japan 2006-10-13 Whois
61.32.118.227 8080 high anonymity South Korea 2006-10-13 Whois
59.150.129.181 8080 high anonymity South Korea 2006-10-13 Whois
125.243.145.2 8080 transparent South Korea 2006-10-13 Whois
200.174.85.195 3128 transparent Brazil 2006-10-13 Whois
61.14.160.31 3128 transparent Malaysia 2006-10-13 Whois
202.83.175.61 8080 anonymous Pakistan 2006-10-13 Whois
222.165.189.66 80 transparent Sri Lanka 2006-10-13 Whois
58.60.63.33 3128 transparent China 2006-10-13 Whois
59.9.22.71 8080 high anonymity South Korea 2006-10-14 Whois
24.183.20.65 7212 high anonymity United States 2006-10-14 Whois
59.5.127.108 8080 high anonymity South Korea 2006-10-14 Whois
219.136.239.51 80 high anonymity China 2006-10-13 Whois
210.212.161.98 3128 transparent India 2006-10-13 Whois
209.163.147.246 3128 anonymous United States 2006-10-13 Whois
66.220.11.235 3128 transparent United States 2006-10-13 Whois

Proxy Servers: Protect Your Privacy! If you are a frequent internet surfer then you know the dangers that lurk on the world wide web. There are many people that are constantly trying to steal your personal information and plant Spyware, Trojans, Adware and Viruses on your computer!

A few years ago, people used proxy servers to hide their identity while they downloaded music or video games, now with so many hackers online, it has become somewhat a necessity for a lot of web surfers to conceal their identity for their own protection.

What is a proxy server? A proxy server is simple, it is a server already on an internet, in which a web surfer connects to and uses the anonymous proxy servers contact and IP information. This way anyone that comes in contact with you while on line does not know your true identity (your real IP) and better yet, can not download viruses or steal your IP information.

TechnoWorldInc.com provides you with the best 24 hrs per day updated proxy server lists on the net. With our proxy server list usa, china, japan, europe etc. you will be surfing the net anonymously! Free proxies downloads will be available soon, too!

What is anonymous surfing?


Anonymous surfing is browsing web sites privately.

Anonymous surfing encompasses two different forms of privacy:
* Privacy protection from the web site you are browsing.
* Privacy protection from eavesdroppers who may be watching your network connection.

Why Anonymous Surfing?

There are many reasons why someone would want to do anonymous surfing. People surf anonymously to protect themselves from the government, their employers, or nosy family members.

People in Iran use anonymous surfing to prevent being executed in the streets. People in corporate America use anonymous surfing to avoid sharing the details of their personal lives with their employers. Everyone uses anonymous surfing to protect their privacy from nosy web sites and annoying advertisers.

How does anonymous surfing work?

Anonymous web surfing works by putting a proxy server between the user and the web site. The web browser talks to the proxy server, and the proxy server talks to the web site.

The web site does not know who you are, it only knows who the anonymous proxy server is. The anonymous proxy server does know who you are -- so you had better choose an anonymous proxy server that you trust.

There are four technical approaches utilized to enable anonymous surfing through a proxy server:

Anonymous surfing through a web site

With these systems, you browse the web site of the anonymous proxy server and enter in the URL of the web page you actually want to surf.
Anonymous surfing through client applications

With these systems, you download and install a client application which manages the details of anonymous surfing for you.
Anonymous surfing though an anonymous web proxy service

With these services, you configure your browser to point to an anonymous web proxy. These systems are public and are setup and advertised for anonymous proxy usage.
Anonymous surfing though an anonymous server

With these systems, you configure your browser to point to an anonymous web proxy. These systems are published in constantly updated lists on many web sites on the Internet. You normally do not know who is running each of these anonynmous proxy servers. You hope it isn't someone who is recording your traffic.


Features to Look For in a Web Proxy Service for Anonymous Surfing

 good web proxy service will setup a TLS or SSL tunnel with the anonymous surfer. This will prevent network sniffers from eavesdropping on the person who is anonymous surfing.

Some proxy servers support FTP, while others only support HTTP. Some, but not all, anonymous proxy servers support HTTPS. Make sure to select an anonymous proxy server which support the protocols you want to use.

In addition to hiding your IP address, an anonymous proxy server will typically remove traffic such as:
Cookies
Scripts
Pop-ups
Banners
Referrer information

These options should be configurable by the end-user to enable to proxy server to work with web sites which require cookies or pop-ups.


Web Proxy Services for Anonymous Surfing

Anonymous web proxy services tend to be somewhat unstable, the list of current anonymous web proxy services changes constantly. In addition, some anonymous web proxy services are free services and others are not. Most of the current proxy services offer some version of limited free service, and then try to upsell you to a monthly subscription.

Here are some current proxy services which make anonymous surfing possible:

Cotse
The Cloak
Anonymizer
IDzap
Mega Proxy
@nonymous
Guardster
Proxy Web
SnoopBlocker
Proxify
Bitesize Work
proxy spinner
The Virtual Browser
NoMoreLimits

Subnetting


Subnetting an IP Network can be done for a variety of reasons, including organization, use of different physical media (such as Ethernet, FDDI, WAN, etc.), preservation of address space, and security. The most common reason is to control network traffic. In an Ethernet network, all nodes on a segment see all the packets transmitted by all the other nodes on that segment. Performance can be adversely affected under heavy traffic loads, due to collisions and the resulting retransmissions. A router is used to connect IP networks to minimize the amount of traffic each segment must receive.


Subnet Masking


Applying a subnet mask to an IP address allows you to identify the network and node parts of the address. The network bits are represented by the 1s in the mask, and the node bits are represented by the 0s. Performing a bitwise logical AND operation between the IP address and the subnet mask results in the Network Address or Number.
For example, using our test IP address and the default Class B subnet mask, we get:

10001100.10110011.11110000.11001000      140.179.240.200   Class B IP Address
11111111.11111111.00000000.00000000      255.255.000.000   Default Class B Subnet Mask
--------------------------------------------------------
10001100.10110011.00000000.00000000      140.179.000.000   Network Address

Default subnet masks:

Class A - 255.0.0.0 - 11111111.00000000.00000000.00000000
Class B - 255.255.0.0 - 11111111.11111111.00000000.00000000
Class C - 255.255.255.0 - 11111111.11111111.11111111.00000000

More Restrictive Subnet Masks

Additional bits can be added to the default subnet mask for a given Class to further subnet, or break down, a network. When a bitwise logical AND operation is performed between the subnet mask and IP address, the result defines the Subnet Address (also called the Network Address or Network Number). There are some restrictions on the subnet address. Node addresses of all "0"s and all "1"s are reserved for specifying the local network (when a host does not know it's network address) and all hosts on the network (broadcast address), respectively. This also applies to subnets. A subnet address cannot be all "0"s or all "1"s. This also implies that a 1 bit subnet mask is not allowed. This restriction is required because older standards enforced this restriction. Recent standards that allow use of these subnets have superceded these standards, but many "legacy" devices do not support the newer standards. If you are operating in a controlled environment, such as a lab, you can safely use these restricted subnets.
To calculate the number of subnets or nodes, use the formula (2n-2) where n = number of bits in either field, and 2n represents 2 raised to the nth power. Multiplying the number of subnets by the number of nodes available per subnet gives you the total number of nodes available for your class and subnet mask. Also, note that although subnet masks with non-contiguous mask bits are allowed, they are not recommended.

Example:

10001100.10110011.11011100.11001000      140.179.220.200   IP Address
11111111.11111111.11100000.00000000      255.255.224.000   Subnet Mask
--------------------------------------------------------
10001100.10110011.11000000.00000000      140.179.192.000   Subnet Address
10001100.10110011.11011111.11111111      140.179.223.255   Broadcast Address

In this example a 3 bit subnet mask was used. There are 6 (23-2) subnets available with this size mask (remember that subnets with all 0's and all 1's are not allowed). Each subnet has 8190 (213-2) nodes. Each subnet can have nodes assigned to any address between the Subnet address and the Broadcast address. This gives a total of 49,140 nodes for the entire class B address subnetted this way. Notice that this is less than the 65,534 nodes an unsubnetted class B address would have.

You can calculate the Subnet Address by performing a bitwise logical AND operation between the IP address and the subnet mask, then setting all the host bits to 0s. Similarly, you can calculate the Broadcast Address for a subnet by performing the same logical AND between the IP address and the subnet mask, then setting all the host bits to 1s. That is how these numbers are derived in the example above.

Subnetting always reduces the number of possible nodes for a given network.


for more information...click...

http://www.ralphb.net/IPSubnet/class_a.html
http://www.ralphb.net/IPSubnet/class_b.html
http://www.ralphb.net/IPSubnet/class_c.html

What is an IP Address

Every machine on the Internet has a unique identifying number, called an IP Address. A typical IP address looks like this:

216.27.61.137
To make it easier for us humans to remember, IP addresses are normally expressed in decimal format as a "dotted decimal number" like the one above. But computers communicate in binary form. Look at the same IP address in binary:

11011000.00011011.00111101.10001001

The four numbers in an IP address are called octets, because they each have eight positions when viewed in binary form. If you add all the positions together, you get 32, which is why IP addresses are considered 32-bit numbers. Since each of the eight positions can have two different states (1 or 0) the total number of possible combinations per octet is 28 or 256. So each octet can contain any value between 0 and 255. Combine the four octets and you get 232 or a possible 4,294,967,296 unique values!

Out of the almost 4.3 billion possible combinations, certain values are restricted from use as typical IP addresses. For example, the IP address 0.0.0.0 is reserved for the default network and the address 255.255.255.255 is used for broadcasts.

The octets serve a purpose other than simply separating the numbers. They are used to create classes of IP addresses that can be assigned to a particular business, government or other entity based on size and need. The octets are split into two sections: Net and Host. The Net section always contains the first octet. It is used to identify the network that a computer belongs to. Host (sometimes referred to as Node) identifies the actual computer on the network. The Host section always contains the last octet. There are five IP classes plus certain special addresses:

Default Network - The IP address of 0.0.0.0 is used for the default network.
Class A - This class is for very large networks, such as a major international company might have. IP addresses with a first octet from 1 to 126 are part of this class. The other three octets are used to identify each host. This means that there are 126 Class A networks each with 16,777,214 (224 -2) possible hosts for a total of 2,147,483,648 (231) unique IP addresses. Class A networks account for half of the total available IP addresses. In Class A networks, the high order bit value (the very first binary number) in the first octet is always 0.

Net Host or Node

115. 24.53.107


Loopback - The IP address 127.0.0.1 is used as the loopback address. This means that it is used by the host computer to send a message back to itself. It is commonly used for troubleshooting and network testing.
Class B - Class B is used for medium-sized networks. A good example is a large college campus. IP addresses with a first octet from 128 to 191 are part of this class. Class B addresses also include the second octet as part of the Net identifier. The other two octets are used to identify each host. This means that there are 16,384 (214) Class B networks each with 65,534 (216 -2) possible hosts for a total of 1,073,741,824 (230) unique IP addresses. Class B networks make up a quarter of the total available IP addresses. Class B networks have a first bit value of 1 and a second bit value of 0 in the first octet.
Net Host or Node

145.24. 53.107


Class C - Class C addresses are commonly used for small to mid-size businesses. IP addresses with a first octet from 192 to 223 are part of this class. Class C addresses also include the second and third octets as part of the Net identifier. The last octet is used to identify each host. This means that there are 2,097,152 (221) Class C networks each with 254 (28 -2) possible hosts for a total of 536,870,912 (229) unique IP addresses. Class C networks make up an eighth of the total available IP addresses. Class C networks have a first bit value of 1, second bit value of 1 and a third bit value of 0 in the first octet.
Net Host or Node

195.24.53. 107


Class D - Used for multicasts, Class D is slightly different from the first three classes. It has a first bit value of 1, second bit value of 1, third bit value of 1 and fourth bit value of 0. The other 28 bits are used to identify the group of computers the multicast message is intended for. Class D accounts for 1/16th (268,435,456 or 228) of the available IP addresses.
Net Host or Node

224. 24.53.107


Class E - Class E is used for experimental purposes only. Like Class D, it is different from the first three classes. It has a first bit value of 1, second bit value of 1, third bit value of 1 and fourth bit value of 1. The other 28 bits are used to identify the group of computers the multicast message is intended for. Class E accounts for 1/16th (268,435,456 or 228) of the available IP addresses.
Net Host or Node

232. 24.53.107


Broadcast - Messages that are intended for all computers on a network are sent as broadcasts. These messages always use the IP address 255.255.255.255.

IP Spoofing: An Introduction


Criminals have long employed the tactic of masking their true identity, from disguises to aliases to caller-id blocking. It should come as no surprise then, that criminals who conduct their nefarious activities on networks and computers should employ such techniques. IP spoofing is one of the most common forms of on-line camouflage. In IP spoofing, an attacker gains unauthorized access to a computer or a network by making it appear that a malicious message has come from a trusted machine by “spoofing” the IP address of that machine. In this article, we will examine the concepts of IP spoofing: why it is possible, how it works, what it is used for and how to defend against it.

History

The concept of IP spoofing, was initially discussed in academic circles in the 1980's. While known about for sometime, it was primarily theoretical until Robert Morris, whose son wrote the first Internet Worm, discovered a security weakness in the TCP protocol known as sequence prediction. Stephen Bellovin discussed the problem in-depth in Security Problems in the TCP/IP Protocol Suite, a paper that addressed design problems with the TCP/IP protocol suite. Another infamous attack, Kevin Mitnick's Christmas Day crack of Tsutomu Shimomura's machine, employed the IP spoofing and TCP sequence prediction techniques. While the popularity of such cracks has decreased due to the demise of the services they exploited, spoofing can still be used and needs to be addressed by all security administrators.

Technical Discussion

To completely understand how these attacks can take place, one must examine the structure of the TCP/IP protocol suite. A basic understanding of these headers and network exchanges is crucial to the process.

Internet Protocol – IP

Internet protocol (IP) is a network protocol operating at layer 3 (network) of the OSI model. It is a connectionless model, meaning there is no information regarding transaction state, which is used to route packets on a network. Additionally, there is no method in place to ensure that a packet is properly delivered to the destination.



Examining the IP header, we can see that the first 12 bytes (or the top 3 rows of the header) contain various information about the packet. The next 8 bytes (the next 2 rows), however, contains the source and destination IP addresses. Using one of several tools, an attacker can easily modify these addresses – specifically the “source address” field. It's important to note that each datagram is sent independent of all others due to the stateless nature of IP. Keep this fact in mind as we examine TCP in the next section.

Transmission Control Protocol – TCP

IP can be thought of as a routing wrapper for layer 4 (transport), which contains the Transmission Control Protocol (TCP). Unlike IP, TCP uses a connection-oriented design. This means that the participants in a TCP session must first build a connection - via the 3-way handshake (SYN-SYN/ACK-ACK) - then update one another on progress - via sequences and acknowledgements. This “conversation”, ensures data reliability, since the sender receives an OK from the recipient after each packet exchange.


 
As you can see above, a TCP header is very different from an IP header. We are concerned with the first 12 bytes of the TCP packet, which contain port and sequencing information. Much like an IP datagram, TCP packets can be manipulated using software. The source and destination ports normally depend on the network application in use (for example, HTTP via port 80). What's important for our understanding of spoofing are the sequence and acknowledgement numbers. The data contained in these fields ensures packet delivery by determining whether or not a packet needs to be resent. The sequence number is the number of the first byte in the current packet, which is relevant to the data stream. The acknowledgement number, in turn, contains the value of the next expected sequence number in the stream. This relationship confirms, on both ends, that the proper packets were received. It’s quite different than IP, since transaction state is closely monitored.

Consequences of the TCP/IP Design

Now that we have an overview of the TCP/IP formats, let's examine the consequences. Obviously, it's very easy to mask a source address by manipulating an IP header. This technique is used for obvious reasons and is employed in several of the attacks discussed below. Another consequence, specific to TCP, is sequence number prediction, which can lead to session hijacking or host impersonating. This method builds on IP spoofing, since a session, albeit a false one, is built. We will examine the ramifications of this in the attacks discussed below.

Spoofing Attacks

There are a few variations on the types of attacks that successfully employ IP spoofing. Although some are relatively dated, others are very pertinent to current security concerns.

Non-Blind Spoofing

This type of attack takes place when the attacker is on the same subnet as the victim. The sequence and acknowledgement numbers can be sniffed, eliminating the potential difficulty of calculating them accurately. The biggest threat of spoofing in this instance would be session hijacking. This is accomplished by corrupting the datastream of an established connection, then re-establishing it based on correct sequence and acknowledgement numbers with the attack machine. Using this technique, an attacker could effectively bypass any authentication measures taken place to build the connection.

Blind Spoofing

This is a more sophisticated attack, because the sequence and acknowledgement numbers are unreachable. In order to circumvent this, several packets are sent to the target machine in order to sample sequence numbers. While not the case today, machines in the past used basic techniques for generating sequence numbers. It was relatively easy to discover the exact formula by studying packets and TCP sessions. Today, most OSs implement random sequence number generation, making it difficult to predict them accurately. If, however, the sequence number was compromised, data could be sent to the target. Several years ago, many machines used host-based authentication services (i.e. Rlogin). A properly crafted attack could add the requisite data to a system (i.e. a new user account), blindly, enabling full access for the attacker who was impersonating a trusted host.

Man In the Middle Attack

Both types of spoofing are forms of a common security violation known as a man in the middle (MITM) attack. In these attacks, a malicious party intercepts a legitimate communication between two friendly parties. The malicious host then controls the flow of communication and can eliminate or alter the information sent by one of the original participants without the knowledge of either the original sender or the recipient. In this way, an attacker can fool a victim into disclosing confidential information by “spoofing” the identity of the original sender, who is presumably trusted by the recipient.

Denial of Service Attack

IP spoofing is almost always used in what is currently one of the most difficult attacks to defend against – denial of service attacks, or DoS. Since crackers are concerned only with consuming bandwidth and resources, they need not worry about properly completing handshakes and transactions. Rather, they wish to flood the victim with as many packets as possible in a short amount of time. In order to prolong the effectiveness of the attack, they spoof source IP addresses to make tracing and stopping the DoS as difficult as possible. When multiple compromised hosts are participating in the attack, all sending spoofed traffic, it is very challenging to quickly block traffic.

Misconceptions of IP Spoofing

While some of the attacks described above are a bit outdated, such as session hijacking for host-based authentication services, IP spoofing is still prevalent in network scanning and probes, as well as denial of service floods. However, the technique does not allow for anonymous Internet access, which is a common misconception for those unfamiliar with the practice. Any sort of spoofing beyond simple floods is relatively advanced and used in very specific instances such as evasion and connection hijacking.

Defending Against Spoofing

There are a few precautions that can be taken to limit IP spoofing risks on your network, such as:

Filtering at the Router - Implementing ingress and egress filtering on your border routers is a great place to start your spoofing defense. You will need to implement an ACL (access control list) that blocks private IP addresses on your downstream interface. Additionally, this interface should not accept addresses with your internal range as the source, as this is a common spoofing technique used to circumvent firewalls. On the upstream interface, you should restrict source addresses outside of your valid range, which will prevent someone on your network from sending spoofed traffic to the Internet.

Encryption and Authentication - Implementing encryption and authentication will also reduce spoofing threats. Both of these features are included in Ipv6, which will eliminate current spoofing threats. Additionally, you should eliminate all host-based authentication measures, which are sometimes common for machines on the same subnet. Ensure that the proper authentication measures are in place and carried out over a secure (encrypted) channel.

Conclusion

IP Spoofing is a problem without an easy solution, since it’s inherent to the design of the TCP/IP suite. Understanding how and why spoofing attacks are used, combined with a few simple prevention methods, can help protect your network from these malicious cloaking and cracking techniques.

i am explaining u what is =rand() function exactly....
>
> It is for test purposes... or u can say for Benchmarking the
> Performance....
>
> = rand(x, y)
> the parameter x is for number of paragraphs (default is 3)
> the parameter y is for number of sentences per paragraph (default is
> 4)
>
> means if u just type =rand()
>
> it will still work...with defaults arguments..
>
> Rand is not an easter egg, it is a feature. It helps to visualise
> sample text when you are doing layout. We use it often.
>
> Microsoft Word allows you to quickly insert sample text into a
> document. To do this, type =rand() in the document where you want
the
> text to appear, and then press ENTER.
>
> Read microsoft's KB article:
> http://support.microsoft.com/default.aspx?scid=kb;en-us;212251 for
> more information

ur welcome Taruna..

Introduction
These files are made by groups that release wazez. Each of the 3 files have a specific purpose. The .nfo & .diz files are included with almost every release that a warez group will make. The .sfv file

.nfo files
.nfo (aka .information) file contains information about a release.

Theses are often called (group name).nfo, (release name).nfo or (short group name)-(short release name).nfo

They contain very usefull information about the file(s) that you have downloaded. They could contain one/all of the following:
- Serial codes
- URL's
- Instuctions for cracks
- Anything else

One of the mose intoresting things about these files is the groups ASCII art logos. Making a good logo is a highly skilled job. These files are also used for the group to release news or information about the group (its members/recruitment/closure/etc).

To view these files, people normally use notepad (just drag it in). I would reccomend using the d*mn NFO Viewer:
http://damn.to/

.diz files
.diz file contains a short description about a release

These are normally called file_id.diz

They normally contain information about the following:
- Release version
- The group that released it
- The date released
- Protection cracked(?)

Normally most people dont read these, as most (if not all) of the information provided in them is in the .nfo file, but sometimes they do contain more information, or even if there is no .nfo file.

These files also contain a small amount of ASCII art, but just a very small logo.

To view these files, people normally use notepad (just drag it in). I would also reccomend using the d*mn NFO Viewer:
http://damn.to/
.sfv files
.sfv contains the CRC32 checksums for a (usually large) release of file(s)

Theses are normally called (short group name)-(short release name).sfv

When a group releases a large number of files, you may sometimes get one of the following:
- Incomplete files
- Corrupt files
- Missing files

This is where the .sfv file comes in. Using a sfv file checker, you can make sure all of the files you downloaded are complete, non-corrupt and all there! Just load up the .sfv file in the sfv checker and click verify!

To check the files, I would reccomend using the FlashSFV checker:

http://flashfxp.ws/zip/freeware/flashsfv2.0f.zip
From http://www.flashfxp.com/

If you use Google, and you accept it's cookie, you should give some thought to the implications, both good and potentially bad : this page tries to help you do that, together with an easy way to anonymize it without missing out on its benefits.


for more info read this article
http://www.imilly.com/google-cookie.htm

Internet Error Codes

Here are the most common codes and messages you're likely to see on your Web browser (HTTP), when accessing Usenet, using e-mail, or using the FTP protocol to upload or download files.

The codes can generally by grouped as follows -
100-199 - Information Codes. Provide information about the request or the servers involved.
200-299 - Success Codes. Indicate that the request was accepted or the requested file has no content (empty).
300-399 - Redirects. Requested content has moved.
400-499 - Client Errors. Cannot find content or you don't have the correct permissions to access it.
500-599 - Server Errors. There is a problem at the server end stopping the request from completing successfully.



To give you a greater understanding of these errors, here is a list of the most popular codes.

As a rule of thumb, the first thing you should if you get an error is make sure that you have typed in the URL or page address correctly.

Bad request 400
The request could not be understood by the server due to bad syntax. You should not repeat the request without modifications.

Unauthorized 401
The creators of a Web page may want only certain people have access to that page. You should only retry the request if you know that you have authorization.

PaymentRequired 402
This message gives a specification of charging schemes which are acceptable. You may retry the request with a suitable ChargeTo header.

Forbidden 403
The request is for something forbidden. Authorization will not help. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable. (The file needs to be set with "read permissions" for all users.)

Not found 404
The server has not found anything matching what you requested. Make sure that the Web address (URL) that you typed in exactly matches the address you were given. Check that the capitalization matches, spelling, and punctuation, like dots (.) and slashes (/), are correctly placed. Be sure you are using the forward slash (/) and not the backward slash (\).

405 Method Not Allowed
The method specified in the Request-Line is not allowed for the resource identified by the request. The response must include an Allow header containing a list of valid methods for the requested resource.

406 Not Acceptable
The resource identified by the request is only capable of generating response entities which have content characteristics not acceptable according to the accept headers sent in the request.

407 Proxy Authentication Required
This code is similar to 401 (Unauthorized), but indicates that you must first authenticate yourself with the proxy. The proxy must return a Proxy-Authenticate header field (section 14.33) containing a challenge applicable to the proxy for the requested resource. You may repeat the request with a suitable Proxy-Authorization header field (section 14.34). HTTP access authentication is explained in section 11.

408 Request Timeout
The client did not produce a request within the time that the server was prepared to wait. You may repeat the request without modifications at any later time.

409 Conflict
The request could not be completed due to a conflict with the current state of the resource. This code is only allowed in situations where it is expected that the user might be able to resolve the conflict and resubmit the request.

410 Gone
The 410 response is primarily intended to assist the task of web maintenance by notifying the recipient that the resource is intentionally unavailable and that the server owners want remote links to that resource be removed.

411 Length Required
The server refuses to accept the request without a defined Content- Length. The client may repeat the request if it adds a valid Content-Length header field containing the length of the message-body in the request message.

412 Precondition Failed
The precondition given in one or more of the request-header fields evaluated to false when it was tested on the server. This response code allows the client to place preconditions on the current resource metainformation (header field data) and thus prevent the requested method from being applied to a resource other than the one intended.

413 Request Entity Too Large
The server is refusing to process a request because the request entity is larger than the server is willing or able to process. The server may close the connection to prevent the client from continuing the request.

414 Request-URI Too Long
The server is refusing to service the request because the Request-URI is longer than the server is willing to interpret.

415 Unsupported Media Type
The server is refusing to service the request because the entity of the request is in a format not supported by the requested resource for the requested method.

Internal Error 500
The server encountered an unexpected condition which prevented it from fulfilling the request. Your request could not be processed due to an internal server error.

Not implemented 501
The server does not support the functionality required to fulfill the request. This is the appropriate response when the server does not recognize the request method and is not capable of supporting it for any resource.

502 Bad Gateway
The server, while acting as a gateway or proxy, received an invalid response from the upstream server it accessed in attempting to fulfill the request.

503 Service Unavailable
The server is currently unable to handle the request due to a temporary overloading or maintenance of the server. The implication is that this is a temporary condition which will be alleviated after some delay. If known, the length of the delay may be indicated in a Retry-After header. If no Retry-After is given, you should handle the response as it would for a 500 response.

504 Gateway Timeout
The server, while acting as a gateway or proxy, did not receive a timely response from the upstream server it accessed in attempting to complete the request.

505 HTTP Version Not Supported
The server does not support, or refuses to support, the HTTP protocol version that was used in the request message. The response should contain an entity describing why that version is not supported and what other protocols are supported by that server.

Mastering the Windows Task Manager



I think that everyone who has used Windows XP would say it’s the most robust and most stable of all the Windows operating systems before it. However, there are times where an application or even a game doesn’t respond well or locks up the system. A lot of people would assume solutions from past operating system experience and just turn off the power and restart the computer. This technique is a little extreme and sometimes a little dangerous as well. Windows since version 98 has had a function called Task Manager, and with every version of Windows it’s gotten more powerful and better at bringing back locked up or misbehaving applications.

In the Task Managers before Windows 2000, holding the Ctrl-Alt-Del combination does either a complete reset of the system or brings up the task manager and hopefully allows you to shut down the program that is not responding; sometimes holding the keys doesn’t result in anything at all. Windows 9x or ME sometimes also evoked a blue screen of death if the Ctrl-Alt-Del was used. In Windows 9x, when you did get the task manager open and try to close a program that is not responding, sometimes it wouldn’t shut the application down, and you would still have to do a hard reset. I think Microsoft learned from Windows NT—which by far, up to this point, was better at handling locked up systems—and decided that the home PC user would appreciate the added stability especially when it came to installing beta software, hardware drivers, or even just tweaking one’s system and the software provided some unexpected results. Its important to have control when it is needed most, and that’s exactly what Windows NT-, 2000-, and XP-based operating systems gave the user.

XP’s Task Manager is the most useful of all managers before it. Just right-clicking on the task bar brings up a small menu, and through that menu one can select the Task Manager. The manager has several tabs running across the top, but the most important ones are the Applications, Processes, and Performance. Each one of these tabs will give users critical information regarding the status and health of their machines.

The Applications Tab


The Applications tab shows all the currently running applications. If you have an application that locked up, this is the first tab I would recommend going to. The software being used is listed in the window under the task column, and the status column will show either “Running” or “Not Responding.” Here you can highlight the unresponsive software and click on the End Task button, and after a few seconds the application will close; and depending on your settings, a dialogue box will appear and ask if you want to send a report to Microsoft. This procedure should take care of most lockups on the system, and it will bring Windows back to its normal functionality without having to shutdown and restart.



Also in this section you can run a new task or switch to another task to bring it to the front if you have multiple windows open.

The Processes Tab


The Processes tab is a little more powerful and more information-ridden. All applications and tasks running in the background are listed here, as well how much memory each task is using including how many CPU cycles it uses. If you are running low on system resources here you can find which tasks are causing the problem. The best way of determining if processes are being a system hog is to look at the amount of memory being used and look at the process and determine if it’s necessary. For example, processes virus scans that are running in the background while you are writing an article or doing some video editing obviously are not needed and you can shut them down temporarily and gain back some memory as well as some CPU power. You can shut down the non-critical tasks to give you back some memory or CPU power if need be. Windows starts a lot of tasks, and some of them are not necessary; shutting these extra tasks gives you back some memory and CPU cycles, thus more overall system performance. Don’t, however, try to end tasks that are SYSTEM tasks; sometimes they have random results and ending them could make more problems than it could solve. For example, shutting down the EXPLORER tasks will produce a non-working system because the taskbar and windows and icons will disappear. User tasks are okay to shut down, and if you do want to close a system task, make sure you understand what it does before you decide to close it. If you are not sure about a task and if it’s safe to close, do a Google search for the process and the detailed information will make it clear if you want or can shut it down.



The Performance Tab


Finally there is the Performance tab. This tab does just want it says—it monitors, in real time, the performance of the system. Specifically, the memory usage is monitored here. You will find information about total system memory and how much of it is in use and how much is left. CPU usage also is shown here, and if you keep this window open and use the PC, you will see the graph move in real time in relation to work being done on the computer. This window allows you to see in real time how a change that you make has an effect on your system. You can see immediately in the processes tab how closing non-critical tasks restores some CPU power as well as see how much system memory is left for other applications If you tweaked your system and you see that you are running low on memory, you can pinpoint it to the last application you opened and see if it’s a poorly written application or you have a memory leak somewhere. By going back to the processes tab and closing tasks one by one you can check the performance tab to see if makes a difference on the system.



The task manager can be a powerful tool to manage your overall system health or can be used to monitor you system for problems, even though there are more freeware/shareware programs out there that may do it better, but the task manager is free and it’s easy-to-use once you understand what you are looking at.