Brain Book: March 2014

Thursday 27 March 2014

INTEL SSD PRODUCTS COMPARISON

Intel® SSD Product Comparison

Product Name	Capacity (GB)	Sequential Read/Write (up to MB/s)	Random 4KB Read/Write (up to IOPS)	Form Factor	Interface
Data Center Products
Intel® SSD DC S3700 Series	100 / 200 / 400 / 800	500 / 460	75,000 / 36,000	2.5-inch	SATA 6 Gb/s
Intel® SSD DC S3500 Series	80 / 120 / 160 / 240 / 300 / 400 / 480 / 600 / 800	500 / 450	75,000 / 11,500	2.5 and 1.8-inch	SATA 6 Gb/s
Intel® SSD 910 Series	400 / 800	2000 / 1000	180,000 / 75,000	PCI Express* add-in card	PCI Express* x8
Professional Products
Intel® SSD Pro 1500 Series	80 / 120 / 180 / 240 / 360 / 480	540 / 490	48,000 / 80,000	2.5-inch M.2	SATA 6 Gb/s
Consumer Products
Intel® SSD 730 Series	240 / 480	550 / 470	89,000 / 74,000	2.5-inch	SATA 6 Gb/s
Intel® SSD 530 Series	80 / 120 / 180 / 240 / 360 / 480	540 / 490	41,000 / 80,000	2.5-inch mSATA M.2	SATA 6 Gb/s
Intel® SSD 525 Series	30 / 60 / 120 / 180 / 240	550 / 520	50,000 / 80,000	mSATA (1/8^th size of 2.5”)	SATA 6 Gb/s
Intel® SSD 335 Series	180 / 240	500 / 450	42,000 / 52,000	2.5-inch	SATA 6 Gb/s

Monday 24 March 2014

Voice over Internet Protocol (VoIP) is a form of communication that allows you to make phone calls over a broadband internet connection instead of typical analog telephone lines. Basic VoIP access usually allows you to call others who are also receiving calls over the internet. Interconnected VoIP services also allow you to make and receive calls to and from traditional landline numbers, usually for a service fee. Some VoIP services require a computer or a dedicated VoIP phone, while others allow you to use your landline phone to place VoIP calls through a special adapter.

VoIP configurations

Dedicated routers

These devices allow you to use your traditional phone to place VoIP calls. They are connected to cable/DSL modems (or any high-speed internet source) and allow you to attach an ordinary telephone. Once configured, and with an appropriate VoIP provider and service plan, these devices require no special software or interaction with a computer. In fact, you only need to pick up your phone and dial a number at the dial tone. You also may bring your adapter with you when you travel and make calls wherever broadband internet access is available.

Adapters (USB)

These devices also allow you to use a traditional phone to place VoIP calls. They usually come in the form of USB adapters that are slightly larger than the typical thumb drive. They feature a standard modular phone jack to which you can attach an ordinary phone line. Once connected, your phone behaves as if it were connected to standard phone service. Behind the scenes, however, the included software is actually setting up a VoIP call.

Software-controlled VoIP applications: “softphones”

There are many software applications (“softphones”) that allow you to place VoIP phone calls directly from an ordinary computer with a headset, microphone, and sound card. Internet telephony service providers usually give away their softphones but require that you use their service. Together, these applications and services enable users to talk to other people using the same service at no cost, and to the rest of the world for a fee. Software-based VoIP applications are quite attractive to consumers because they often already have most of the components necessary to get started at little to no cost.

Dedicated VoIP phones

A VoIP phone looks like an ordinary corded or cordless telephone, but it connects directly to a computer network rather than a traditional phone line. A dedicated VoIP phone may consist of a phone and base station that connects to the internet or it may also operate on a local wireless network. Like the VoIP adapters mentioned above, dedicated VoIP phones also require a provider and service plan.

Threats / Risks

Many of the threats associated with VoIP are similar to the threats inherent to any internet application. Internet users are already familiar with the nuisance of email abuse in the form of spam and phishing attempts. VoIP opens yet another pathway for these annoyances, which can lead to spam over internet telephony (SPIT), spoofing, and identity theft. Additionally, the confidentiality of VoIP conversations themselves has come into question, depending on service type or VoIP configuration.

Spam over internet telephony (SPIT)

As VoIP usage increases, so will the pesky marketing strategies associated with it. Perennial annoyances like telemarketing and spam have been plaguing consumers and internet users for years. A new sort of hybrid of these two concepts is SPIT, or spam over internet telephony. Like email spamming, sending commercial messages via VoIP is fast and cheap. Unlike traditional telemarketing, though, VoIP offers the potential for large volumes of unsolicited calls, due to the wide array of tools already available to attackers on the internet. Telemarketers could easily send large amounts of messages to VoIP customers. Unlike traditional spam email messages, which average only 10–20 kilobytes in file size, unwanted VoIP voicemails can require megabytes of storage.

Spoofing

It is technically possible for an attacker to masquerade as another VoIP caller. For example, an attacker could possibly inject a bogus caller ID into an ordinary VoIP call so that the receiver believes the call to be coming from a known and trusted source (a bank, for example). The receiver, fooled by the electronic identification of the caller, may place unwarranted trust in the person at the other end. In such an exchange, the receiver may be tricked into disclosing personal information like account numbers, social security numbers, or secondary authentication factor: a mother’s maiden name, for example. This scheme is essentially the VoIP version of traditional phishing, where a user follows links in an unsolicited email and is tricked into providing personal information on a bogus web site. Attackers may use these bits and pieces of personal information to complete partial identity records of victims of identity theft.

Confidentiality concerns

Many critics of VoIP question its confidentiality. The concern is that VoIP data sometimes travels unencrypted over the internet. Therefore, it is technically possible for someone to collect VoIP data and attempt to reconstruct a conversation. Although it is extremely difficult to achieve, some software programs are designed to piece together bits and pieces of VoIP data in an effort to reconstruct conversations. While such activity is currently rare, you should be aware of this possibility as it may increase as VoIP becomes more widespread.

How to Protect Against Risks

Many of the principles and practices for safe VoIP usage are the same as those you may already be practicing with other internet applications. Ignoring these general principles could allow attackers to gain control of your computer operating system by means of an existing software flaw or a misconfiguration unrelated to your VoIP application. It may then be possible for them to exploit flaws in your VoIP configuration, thereby possibly gaining access to personal

information you share when using VoIP. Here are some of the key practices of good personal computing:

Use and maintain anti-virus and anti-spyware programs.
Be cautious about opening files attached to email messages or instant messages.
Verify the authenticity and security of downloaded files and new software.
Configure your web browser(s) securely.
Use a firewall.
Identify, back-up, and secure your personal or financial data.
Create and use strong passwords.
Patch and update your application software.
Do not divulge personal information to people you don’t know.
If you are using a software VoIP application, consider using encryption software for both your installation and for those you wish to talk to.

Accidentally Locked Yourself out of the sudoers group?

Have you accidentally locked yourself out of the sudoers group? Don't worry, here's a way to fix it.

If you don't have a root user that you could use to log in with to fix this issue, so.
what you have to do is boot in single user mode, which would give you root permissions and then add yourself back to the sudoers group.

To do this, you could reboot and select the "Recover" option,
OR
Once in the GRUB screen, select the Linux entry and press 'e' to edit that entry.
Then, go to the end of the line that starts with 'Linux' and add a single '1'.
Now press Control-x to boot.
You will get a prompt asking for your root password. If you're using Ubuntu and don't have a root account, you simply press Enter and you're in.
OR
Just 'su' your way back to the sudoers group
Once you are logged as root execute:
usermod -aG sudo <youruser>
Run 'visudo' and make sure you have the proper line added for your user as look like below.

user ALL=(ALL:ALL) ALL

Once you finished, save and close the editor (Esc, ':q!') and press Ctrl-d to restart the system.

Monday 17 March 2014

CLOUD COMPUTING

CLOUD COMPUTING BASICS

Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

This cloud model promotes availability and is composed of five essential characteristics:

1. On-demand self-service,

2. Broad network access,

3. Resource pooling,

4. Rapid elasticity,

5. Measured Service;

On-demand self-service:

A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service’s provider.

Broad network access:

Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and personal digital assistants [PDAs]).

Resource pooling:

The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the subscriber generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or data center). Examples of resources include storage, processing, memory, network bandwidth, and virtual machines.

Rapid elasticity:

Capabilities can be rapidly and elastically provisioned, in some cases automatically, to quickly scale out and rapidly released to quickly scale in. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be purchased in any quantity at any time.

Measured Service:

Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service.

Three service models:

Cloud Software as a Service (SaaS)

Cloud Platform as a Service (PaaS)

Cloud Infrastructure as a Service (IaaS)

SaaS

The capability provided to the consumer to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a Web browser (e.g., Web-based email). The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.

PaaS

The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations.

IaaS

The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over the operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls).

Four deployment models:

Private cloud

Community cloud

Public cloud

Hybrid cloud

Private Cloud:

The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on-premise or off-premise.

Community Cloud:

The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be managed by the organizations or a third party and may exist on-premise or off-premise.

Public Cloud:

The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.

Hybrid Cloud:

The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds).

Key enabling technologies include:

(1) fast wide-area networks

(2) powerful, inexpensive server computers

(3) high-performance virtualisation for commodity hardware

Thursday 13 March 2014

LAN SECURITY: In-Band Versus Out-of-Band Solutions

In-Band

In-band appliances sit in the flow of live network traffic, frequently close to where endpoints access the network (potentially in the access layer switch itself), so that all client-side traffic into and out of the network must pass through them. As such, they are able to directly provide both pre-connect and post-connect security services. Most in-line LAN security appliances co-locate the authenticator, PEP, and PDP functions in a single, stand-alone device.

In other words, because they are analyzing and passing live network traffic, in-band devices act as the enforcement point themselves rather than relying on another network system.

Out-of-Band

Out-of-band appliances are actually in-line for the login phase of the user session, and so can provide pre-connect compliance checks and policy enforcement. However, once the posture check is done, the user is authenticated, and policy decisions are made, they typically switch themselves out of the user traffic path for the remainder of the session.

The following table summarizes the differences between the in-band and out-of-band approaches.

Features	In-band	Out-of-band	Benefit
Endpoint Compliance and User Authentication	Performed in straightforward manner, with remediation options that avoid VLAN steering.	Must be done in a provisional VLAN, then client traffic steered to an assigned or quarantine VLAN. Threats can spread within VLAN.	Does not ever require client to re-acquire IP address, which adds delays in users logging in.
Identity-Based Access Controls	Internal stateful firewall policies based on source, destination, and traffic content.	VLAN steering would work if different roles are placed in different VLANs. Finer granularity requires upstream firewalls.	In-band provides fine-grained identity based access controls as basic security feature.
Malware Detection	Continuous malware detection using various techniques, including behavior and signatures	No visibility into user traffic since out of flow of network traffic during session. Requires additional upstream IPS for comparable security.	In-band provides persistent malware detection and prevention as a basic feature.
Visibility and Monitoring	Continuous monitoring of and visibility into all user activities, with associated user-based reports	No visibility into user traffic since out of circuit. Requires additional sensors, displays and reporting infrastructure for comparable security.	In-band provides persistent role-based monitoring and visibility as a basic feature.
Quarantine Enforcement	Done using stateful firewall approach, shielding all users from each other	Places non-compliant users in a common quarantine VLAN	In-band protects vulnerable or infected clients from each other.
Cost	No hidden deployment or reconfiguration costs, no upgrades to existing infrastructure required.	Initial capital expense for devices and controllers, but higher operational costs, and potential upgrades of enforcement points	In-band offers lower overall cost of deployment and management.

Intel's new 800 Gbps MXC cable for DataCenters

Intel's new 800 Gbps MXC cable

New cable technology from Intel will soon be available to data centers and supercomputers, providing significant speed increases over what is already available. Known as MXC, a name which isn't an acronym, the cables are based on Intel's Silicon Photonics technology and support 800 Gbps transfers in each direction, or 1.6 Tbps as an aggregate.

Each cable is a collection of up to 64 separate fibers that support 25 Gbps transfers apiece: 32 are dedicated transmitting cables, and the other 32 are for receiving. Corning, which will manufacture the cables, will also make 8, 16 and 32 fiber cables available to customers at varying, but unspecified costs.

To get a sense of what sort of upgrade this is for data center environments, today's cables are typically capable of 10 Gbps transfers. Not only will MXC cables be faster, they'll also be higher density, more resistant to damage, and capable of pushing their top speeds over longer distances. Intel claims you'll be able to transfer at 800 Gbps at lengths up to 300 meters, giving data center and supercomputer engineers greater flexibility.

In the future Intel are hoping to increase the transfer rate of each line up to 50 Gbps, which would double the throughput of an MXC cable without the need for extra fibers. The company is also hoping to integrate MXC inside racks, creating a "more efficient architecture that separates CPU, storage, power, and networking resources into individual components that can be swapped out as needed."

MXC cable assemblies are currently being sampled to customers and will move to full production in Q3 2014. Going through and replacing copper interconnects with fiber won't be a cheap proposition, but Intel and Corning hope to make the technology a cheap competitor to existing solutions.

DISABLE USB STORAGE DEVICE

HOW TO PREVENT USERS FROM CONNECTING USB STORAGE DEVICES?

If a USB storage device is not already installed on the computer
If a USB storage device is not already installed on the computer, assign the user or the group and the local SYSTEM account Deny permissions to the following files:
%SystemRoot%\Inf\Usbstor.pnf
%SystemRoot%\Inf\Usbstor.inf

When you do this, users cannot install a USB storage device on the computer. To assign a user or group Deny permissions to the Usbstor.pnf and Usbstor.inf files, follow these steps:
Start Windows Explorer, and then locate the %SystemRoot%\Inf folder.
Right-click the Usbstor.pnf file, and then click Properties.
Click the Security tab.
In the Group or user names list, add the user or group that you want to set Deny permissions for.
In the Permissions for UserName or GroupName list, click to select the Deny check box next to Full Control.

Note Also add the System account to the Deny list.
In the Group or user names list, select the SYSTEM account.
In the Permissions for UserName or GroupName list, click to select the Deny check box next to Full Control, and then click OK.
Right-click the Usbstor.inf file, and then click Properties.
Click the Security tab.
In the Group or user names list, add the user or group that you want to set Deny permissions for.
In the Permissions for UserName or GroupName list, click to select the Deny check box next to Full Control.
In the Group or user names list, select the SYSTEM account.
In the Permissions for UserName or GroupName list, click to select the Deny check box next to Full Control, and then click OK.

If a USB storage device is already installed on the computer:
you can change the registry to make sure that the device does not work when the user connects to the computer.

This method contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs.

To set the Start value, follow these steps:
1. Click Start, and then click Run.
2. In the Open box, type regedit, and then click OK.
3. Locate and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor
4. In the details pane, double-click Start.
5. In the Value data box, type 4, click Hexadecimal (if it is not already
selected), and then click OK.

6. Exit Registry Editor.

Wednesday 12 March 2014

SQL INJECTION ATTACK

SQL Injection Attack

Structured Query Language (SQL) injection is an attack technique that attempts to subvert the relationship between a webpage and its supporting database, typically in order to trick the database into executing malicious code. SQL injection usually involves a combination of over-elevated permissions, unsanitized/untyped user input, and/or true software (database) vulnerabilities.

Causes
Simply stated, SQL injection vulnerabilities are caused by software applications that accept data from an untrusted source (internet users), fail to properly validate and sanitize the data, and subsequently use that data to dynamically construct an SQL query to the database backing that application. For example, imagine a simple application that takes inputs of a username and password. It may ultimately process this input in an SQL statement of the form
string query = "SELECT * FROM users WHERE username = "'" + username + "' AND password = '" + password + "'";

Since this query is constructed by concatenating an input string directly from the user, the query behaves correctly only if password does not contain a single-quote character. If the user enters "joe" as the username and "example' OR 'a'='a as the password, the resulting query
becomes

SELECT * FROM users WHERE username = 'joe' AND password = 'example' OR
'a'='a';

The "OR 'a'='a' clause always evaluates to true and the intended authentication check is bypassed as a result.

Detection

Detection of SQL injection attacks can be attempted with web server log auditing combined with network Intrusion Detection Systems (IDS). If you run a production web server, you must enable logging and periodically review these logs. Numerous software tools exist that allow for the rapid search of web server logs for specified keywords or regular expressions. Typical searches include commands and characters that should not normally be provided by a user, such as "EXEC", "POST", "UNION", "CAST", or a single quotation mark. While there are many potential searches, each will be useful only in the proper context since valid web forms that require the use of these commands have the potential to generate false positives.

Comprehensive detection of SQL injection attacks is very difficult. Even with logging enabled on all production webservers and Intrusion Detection Systems (IDS) on network chokepoints, the number of methods that attackers can use and combine to evade detection is daunting. For instance, attackers can manipulate the whitespace between commands, encode using decimal, HEX, BASE64, etc., and even inject characters that the webserver / database will ignore in order to evade detection by IDS or log-based analysis.

Detection Heuristics
Automatic detection of SQL injection vulnerabilities relies on heuristics of how the target application behaves (or rather misbehaves) in response to specially crafted queries. The techniques are sometimes categorized into the following types:
Boolean-based blind SQL injection (sometimes referred to as inferential SQL
injection): Multiple valid statements that evaluate to true and false are supplied in the affected parameter in the HTTP request. By comparing the response page between both conditions, the tool can infer whether or not the injection was successful.

Time-based blind SQL injection (sometimes referred to as full blind SQL injection): Valid SQL statements are supplied in the affected parameter in the HTTP request that cause the database to pause for a specific period of time. By comparing the response times between normal requests and variously timed injected requests, a tool can determine whether execution of the SQL statement was successful.

Error-based SQL injection: Invalid SQL statements are supplied to the affected parameter in the HTTP request. The tool then monitors the HTTP responses for error messages that are known to have originated at the database server.

Most tools employ a combination of these techniques and some variations in order to achieve better detection and exploitation success.

Mitigation/Best Practices

The following mitigation strategies and best practices can be used to minimize the risks associated with this attack vector: As with any system or architecture changes, local administrators are best positioned to know which strategies are appropriate for their specific networks and systems.

Network Level Recommendations

Deny access to the internet except through proxies for Store and Enterprise servers and workstations.
Implement firewall rules to block or restrict internet and intranet access for database systems.
Implement firewall rules to block known malicious IP addresses.
Harden internal systems against the potential threat posed by a compromised system on the local network. (Do not rely on firewalls to prevent access to insecure systems; secure them.)

System / Application Level Recommendations

Secure both the operating system and the application.

Consider using NIST or other industry standard security checklists to harden both the operating systems and the applications
Run only the minimum required applications and services on servers necessary to perform their intended function. In other words, disable all unnecessary applications and services.
Follow application vendor security guidelines.

Update and patch production servers regularly.

Include both operating system patches and application patches.

Disable potentially harmful SQL stored procedure calls.

‘xp_cmdshell’ on MSSQL has been frequently used by attackers.

Deny extended URLs.

Excessively long URLs can be sent to Microsoft IIS servers, causing the server to fail to log the complete request. Unless specific applications require long URLs, set a limit of 2048 characters. Microsoft IIS will process requests over 4096 bytes long, but will not place the contents of the request in the log files. This has become an effective way to evade detection while performing attacks.

Sanitize/validate input.

Ensure data is properly typed.
Ensure data does not contain escaped code.
Consider using type-safe stored procedures/prepared statements.

Ensure error messages are generic and do not expose too much information.

Keep error messages short and usable.
Do not disclose internal database structure, table names, or account names.

Use principles of least privilege.

Install and run authorized Microsoft SQL Server and IIS services under a non-privileged account.
Apply the principle of 'least privilege' on all SQL machine accounts.
Remove guest accounts unless operationally necessary.
Use an application account for database access.

Enforce best practice password and account policies.

Require the use of a password on Microsoft SQL Server administrator, user, and machine accounts.
Change default/built-in account passwords.
Change application account passwords regularly.
Use strong passwords.
Lock out accounts after several unsuccessful logon attempts.

Document all database accounts, stored procedures, and prepared statements along with their uses.

Delete/disable unnecessary accounts (including default accounts).
Delete/disable unnecessary stored procedures/prepared statements.

Perform regular audits and penetration testing.

Audit transaction logs for suspicious activity.
Audit group and role memberships to ensure enforcement of least access principles.
Audit stored procedures on a regular basis and remove unnecessary ones.
If you use ASP, consider using Microsoft’s code analyzer.
Consider using HP’s scrawlr utility to help identify problems.
Conduct penetration tests against applications, servers, and perimeter security