What is VPN ?

Source: wikipedia

It doesn’t matter if you are an IT administrator or just a regular user I am sure you have asked yourself sometimes what is VPN ? What does that stand for, what is the use of the VPN, how can you configure a VPN, MPLS and other questions related to this topic.

Let’s start with explaining the acronym VPN: it stands for Virtual private network and it is used when refering to an extension of a private network over other public networks like the Internet for example.

A virtual private network, or VPN enables a host machine to send and receive information over shared or public networks just like it was part of the private network. How is that possible ? Simple, it establishes a virtual point-to-point link by using dedicated connections, encryption or both.

The VPN over the Internet is in fact a wide area network or WAN between the locations.

Types of VPN

A VPN can be either remote-access and it will link a standalone computer to a network or site-to-site and it will link two networks. Inside a company, remote access VPNs give the employees the ability to access the organization’s intranet from other places except the office (home, etc.) and site-to-site VPNs lets users from various offices that are not on the same geozone to share one virtual network. A VPN can also connect two standardized networks over a dissimilar one (eg: two IPv6 networks connected over an IPv4 one).

When asking yourself what is VPN and how can it be classified you ca think of the following answer:

It can be sorted by
1. the protocols used to direct (tunnel) the traffic
2. the tunnel terminal point (customer or network provider)
3. the connectivity it offers: remote access or site to site
4. the layers of security it offers
5. the OSI layer used to connect to the network (Layer 2 circuits or Layer 3 connectivity)

We hope this article has helped you answering to the question what is VPN; in the future we will cover other VPN related topics like Security mechanisms, Authentication, Routing, Provider Provisioned VPN, OSI Layer and more.

You can find out more about open VPN client here.

Advantages of custom software development

So you are thinking about hiring a company to develop a custom software that will adapt to the needs of your business model. In this article we will answer to some of the questions that a company might have before outsourcing software development to others.

1. How to find the right company to work with for your custom software development ?

First you should check out if your IT staff, or other company employees know someone that could be a candidate for outsourcing the custom software you are looking for.

Of course there are lots of freelancers out there waiting for work on websites like freelancer.com, guru.com or odesk.com. You can also require to see their portfolio and make an idea about their level of knowledge.

Another way of finding the right company to do this jobs is to search it on google or to look in the local and national classifieds.

It is very important to get some feedback from their former clients in order to find out what is the level of trust and how will they treat you after you have made the payment. Because you’ll need them later for all kind of tweaks and service related issues.

2. Do I really need custom software development ?

This is another question that companies often ask. It doesn’t really matter if the company has 10, 500 or 10000 employees because at some point even a 10 employees company might need some customization for their software. Even a dentist could benefit from custom software development in order to print the prescription for his patients with the social security number embedded.

Although small businesses, with 50-100 employees might not have the necessay revenue to acquire a fully customized application software they could try and do a macro based customization around an existing software like Microsoft Excel or Word via Visual Basic instead of outsourcing software development for a new word processor.

3. What are the phases of software development ?

You might be interested what are the steps required for a custom software development. Any professional company will tell you this :

a. Requirement Analysis
b. Design and Specifications
c. Coding and Testing
d. Integration and System Testing
e. Deployment and Maintenance

This is also known as the Watterfall model and should make sense if you look at the picture below.

With this in mind I hope you have cleared a little the topic on what are the advantages of custom software development.

In our increasingly Internet-dependent and Web-dependent world, network security software is more important than ever.

For example, if you have an Apple iPhone there’s a device that allows you to scan a user’s credit card and then send that information via a Web-interface to a  receiver. The key here is that there’s also a tracking algorithm running, along with, hopefully, a randomizing 128-bit encryption algorithm to a that  is tracked by a banking system using similarly randomizing banking software processing. The key to this link is that the system also must be running network security software that not only randomizes the devices used to do the recording – actually radio transceivers – with the devices used to do the recording (another transceiver). Network security software must keep its randomization algorithms up to the minute and must not only switch the randomizing software encryption but also the network security software must synchronize, change and track the WiFi channels being used  (there are 11).

Yes, this type of network security software is a programmer’s nightmare, but if you have the right group of programmers (there are those who enjoy complex math problems like this and making puzzles out of puzzles) you will be the winners as your network security software will remain locked down almost continuously.

Of course, the commercials would have you think that using a smartphone and a card swiper was as secure as if you were in a business office, but any time over-the-air transmission is involved you just have to acknowledge that you have made the work of the programming staff much harder, especially in keeping the bad guys away. The truth of the matter is you’re not making your programming staff’s life any easier if you go into the WiFi network security software business, but someone has to.

To be truthful, you can only guarantee total security with  network security software that recognizes an over-the-air transaction via WiFi  makes it a must to have paired scanning units, one where the software is encoded and the other where it is decoded (at the bank). The network security software must also use a randomizing 128-bit encryption software program that  so quickly that even a hacker were to record every transaction that happened during an afternoon, the information would be useless.

This type of always randomizing software (whether it’s the encryption algorithm that decrypts the information at the bank or the network security software itself) is available, but it is an expensive proposition and usually requires a special key on the smart device and a similar key on the receiving device. Add in spread-spectrum (low-powered) transmissions that are spread across all of the channels available and you have about as hacker-proof a system as possible.

However, as they have always said, locks are for honest people, so you can be certain that for every new randomizing version of network security software that appears or every device that causes randomization to occur, the world of hackerdom will be seeking workarounds. Since the outside isn’t the place, hackers head back to the world they know, systems. Hackers challenge authors such as Sophos, McAfee and Symantec to keep tightening things up and locking things down and they still look for, and in some cases, find holes that are usually caught quickly as there are people constantly checking the network security software for weaknesses and if any are found they are fixed.

This is why you may find that some days there are multiple fixes sent out by your network security software provider – they are trying to keep the hackers out. The best move here is to elect the manufacturer’s automated installation procedure so you know your software will be up to date even if there are five updates in 24 hours.

The problem with this, though, is that with the dependence we place on the Internet and computerized  networking we are facing constant threats not only organized crime, but hacker gangs and even other nations trying to undo your Internet. You must stay one step ahead of them by keeping your network security software up to date.

Some of the features that PacketFence offers are:

• BYOD workflows
• Guests management
• Multiple enforcement methods including Role-Based Access Control (RBAC)
• Compliance checks for computers present on your network
• Integration with various vulnerability scanners and intrusion detection solutions
• Bandwidth accounting for all devices.

PacketFence 4.0 also introduced some new features:

• Brand new Perl-based Web administrative interface using the Catalyst framework
• New violation actions to set the node’s role and deregister it
• Support for scanning dot1x connections for auto-registration by EAP-Type
• Support for auto registering dot1x node based of the EAP-Type
• New searchable MAC Addresses module to query all existing OUI prefixes
• New advanced search capabilities for nodes and users
• New memory object caching subsystem for configuration files
• Ubuntu packages.

And below there are som enhancements that are found in this last version:

• Authentication sources can now be managed directly from the GUI
• Roles (previously called categories) are now computed dynamically using authentication sources
• Portal profiles and portal pages are now managed from the GUI
• Fingerprints and User Agents modules are now searchable
• Translated all remediation pages to French
• Updated Brazilian Portuguese and Spanish translations.

Download NAC PacketFence 4.0 here.

The analystst at Webroot have lately found that there are two apps that promise font installation for Android gadgets that also pose a threat and look like an open door for spyware.

These apps, Galaxy Fonts and Free Galaxy Classic Fonts got banned from Google Play but they are still available for download at the developer’s website.

If the user downloads and initiates one of these apps, and wants to download and install a new font, the app will silently download the ikno.apk file that is a spying app used to forward SMSs, location informations, call logs to a web interface where the spy can filter out that information.

The website of the developer looks like it offers the iKno app to be downloaded from Google Play, but in fact the users download it from the website.

It is possible that this option is for the ones that intended want to install the app on a given device (to spy on the owner), and the font apps from Google Play is intended to make the victim unintentionally install the spyware at the spy’s recommendation.

Because the apps are now banned from Google Play, it is not possible to say if the permissions they requested reveals their hidden nature, but there are good odds that it is so.

Anyway, a lot of users did not even write a review about them, so the best idea is to invest in a reliable mobile security software.

Taking intro consideration that a Metasploit module that is taking advantage of this vulnerability got released, it is just a matter of time before this exploit will be embedded in other harmful exploit kits.

Internet Explorer 8 users are suggested to upgrade to IE 9 or 10, but the ones that cannot or do not want to do that should download and install the Fix it. It doesn’t even need a rebooting of the machine.

If you are sure what version of Internet Explorer do you have, just press ALT+H and click on About Internet Explorer.

Microsoft is creating a patch for this flaw, but is not sure if it will make it in this month’s Patch Tuesday.

You can download the Fix it patch here.

Thanks to the fact that Facebook uses the email addresses in order to login to its service, a hacker just needs to find out a Hotmail expired account and request access for it to Microsoft. Then, the hacker can misuse the “Forgotten Password” choice that Facebook offers.

Facebook will then send an email that contains a link to reset the passwork, so the hacker that now has access to the activated email will also get their hands on the login user name and password used to access Facebook.

And it looks that it is not so hard after all to find out the expired Hotmail accounts. Here is how:

To facilitate and automate this process, we developed a shell script which checks the MX records on the mail server of any email provider and sends a test email so as to check whether the email is received or not. A failure to deliver the test mail suggests that the email account does not exist on the mail server. The only downside to this approach is that the email address of an individual has to be known and tested manually by the script.

Several email providers, such as, in our case, Hotmail, provide an even easier option to find not only one, but a group of expired email accounts. Windows Live Messenger, an instant messaging service provided by Microsoft, allows anyone to import their friends list from Facebook. The records in this imported list are categorized into two groups:

1. People who are currently on Windows Live.

2. People who are not currently on Windows Live.

Membership in the first category signifies that the person in question has already signed up for the Windows Live service; besides, people having a Hotmail account are automatically signed up for Windows live. On the other hand, membership in the second category denotes that the person in question does not currently hold an active Windows Live account. Then, in case that person’s email is Hotmail email address, we can safely conclude that this email address has expired. We can then proceed to reactivate it ourselves.

This websites were poisoned with modified JavaScript codes that contain iFrames redirecting users to one of the many websites that holds the ZeroAccess Trojan and other fake antivirus solutions.

The infected websites are the ones the are owned by the Washington WTOP Radio, Federal News Radio, Real Clear Science, The Christian Post, Real Clear Policy, a picture aggregator website, an online scuba diving forum, and more. Zscale analysts think that it is probable they all have the same backend platform.

“Attacks targeting end users generally involve some form of social engineering whereby the potential victim must be convinced to visit a site, download a file, etc. Attackers will therefore write a script designed to comb the web looking for popular sites exposing a common flaw and when identified, inject a single line of malicious code into the sites,” they explained. “In that way, any user visiting the otherwise legitimate (but now infected) site, can become a victim.”

This mass compromise is aimed only at Internet Explorer users, maybe because the cyberscammers are using exploits that work only for this particular software. Users that are browsing the sites using other browsers don’t trigger the redirection chain.

As Zscaler shared, the websites were still compromised 3 days ago.

The ISP has blocked the fake website that offered support for the live chat, but they have mentioned that it is possible for other websites to pop up.

In this case, the cyberscammers were using a software used for live chat services offered by Volusion, an the fake chat windows was displaying the eBay logo.

This branding was later removed from the website, and was then replaced with a place holder, thus giving the phishers the ability to easily impersonate whatever company they would like and misuse their live chat support. More than that, Volusion provides this service with a valid SSL certificate, so may users could in fact believe they are really using a legit service.

“The agent providing ‘support’ claimed that the chat was accessed by clicking a live chat button in eBay’s order confirmation email. When Netcraft attempted to question the legitimacy of the live chat, the agent immediately disconnected,” they told.

They are telling their users to access the live chats only from the company legit website (and not from links they receive in emails), and never disclose private informations like passwords or PIN’s in the live chat session, because a legit company would not need this kind of information.

But the malware writers are smart. They know that a lot of users will have no clue that their machines are affected if they put ZeroAccess’ activities to a minimum.

ZeroAccess frequently will be installed on the users’ machine by the user itself, that gets fooled into thinking they are installing some legit software like Adobe Flash Player or Java update. The installed downloader then gets the ZeroAccess malware and begins clogging the CPU’s resources.

“Since this is a rootkit, there are no toolbars/extensions/BHO’s added to the browser. There are also no modified proxy settings or modified hosts files. What is interesting about this rootkit sample is that the redirects do not happen every time. The action will occur about once every three attempts.” according to Webroot’s Richard Melick. “The number of redirects caps out around 4-5 and then everything will seem normal until a restart of the browser.

“This erratic action can make it extremely difficult to troubleshoot. It can also prove to be very frustrating for a user to explain as it is not consistent and once the redirection occurs enough times, the issue stops for the rest of the browsing session. We have seen instances where consumers have just been ‘living with it’ for months,” he also told.

Fortunatelly for the users, this kind of contamination is almost harmless if compared to other kinds of data gathering and banking malware.

Anyway, it is a good idea not to just live with this kind of malware as it reduces the usability of the Internet, it generates revenue for the creators, that will be motivated to develop and infect with the malware more unwary victims and in the end the search results that have no relevancy could bring in more harmful malware of phising attempts.