Living in the world of information – Walking the tightrope For Security
Any technological advance is more than one price, but progress admist fierce and pressure to cut time to market leaves many gaps that sooner or later come out and significantly damage before making resources. The world seems Site be a victim of it and its amazing to see that intelligent brains are sitting on the other side of the bench. How is that possible? Proof? What can done to mitigate the risks.
Injection of code into Web servers Iframe: The worst of the crowd. There is a vulnerability being exploited on Linux servers web hosting. There is an iframe tag injected into one of the HTML pages. The iframe is "0" coordinates and therefore are hidden, while invoking the browser and links the site of spam. There is no antivirus in the world which is detected as a virus that is the way it is supposed to be as it is fact, not a virus. Moreover, when any user on the client side invokes the same page, basically triggers on the link downloads malicious content without user content. It is only when the Trojan is downloaded and begins to infect the scanner detects and cleans. It merely temporarily cleaning and the same process continues in the loop.
Mobile messaging Bluetooth: The design of the Bluetooth stack has a gap in how it is implemented in the protocol. The handshake 3-way is flawed because when a user use the messaging feature of the adapter sends a message to a mobile user. There is no way that the recipient will be able to find details of the sender.
The players in the line of ethics: Many security organizations in the world of viruses spread themselves and then offer solutions to their own creation exploits. Not only the virus, which is common WRT spam, malware, trojans, spyware, etc.. Even if one has the evidence, there is no central organization (worldwide) where they could present evidence and allegations against these vendors. A more common problem is that very fact that virus spreads on the client machine in case that the client does not extend the subscription (This is a very common problem seen in most of the vendors.
Banks and Financial Institutions: Banks and other financial institutions are losing millions of dollars in terms of fraud and scams online, but there is no news in the media. Reason if end users are left relying on the bank and most banks to avoid disclosure of absorbing the facts and the loss.
The browser wars: Most browsers have security implementations and underlying technologies that have gaps. Although there is no body rector standardized (w3c.org), but its upto the vendor whether they fit or not.
Syn Flood ..
When a client sends a "Syn" the server, the server knows that someone wants to connect to it. This means that the client is trying to connect and is asking for permission. The TCP IP stack has to send this customer a 'Syn Ack. You have to know some things about the client, as your IP address, port number, sequence number in the "Syn" etc. To store this information, the TCP IP stack has to allocate some memory. When the TCP IP stack sends the client a 'Syn Ack', blocks a connection for the client, and allocates some memory until it receives an "Ack" the customer. Until the server receives an "Ack" the client, the connection is called as a "half open" connection. The allocation of memory or resources is an expensive process. The more memory that assigns IP TCP half open connections, the least of which is memory for the implementation of other programs. Initially, the TCP / IP stack is allocated just enough memory to store 8 ajar connections.When TCP IP stack received an 'Ack' would declare that the connection is no longer a half-open connection, but a live connection. In other words, this is now an open connection.
Suppose a TCP IP stack can have 8 half open connections. Suppose that all 8 half-open connections are busy. When SYN, a 9 "packet arrives, the TCP IP stack would not be able to adapt to it. And therefore Syn "9 of this package would be rejected. Nobody what would now be more able to connect to the machine. Obviously, the stack is not like us, the class of people waiting patiently for hours in length to the next bus to arrive. If an 'Ack' from the customer does not arrive within a certain period of time, ends the TCP IP stack through TCP connection.
One could write a program that will keep sending a header bytes forty years with the flag 'in Syn. Thus, we would be sending only the 'SYN' without sending 'ACK packets. This will occupy eight half-open connections that were in the TCP / IP stack. Also we know that the TCP IP stack provides a preset timer after which it will terminate each of our half-open connections. Suppose we know that the timer is set to sixty seconds. Since we know that our half open connection will be terminated after 60 seconds is not possible for us to keep sending bundling SYN every sixty seconds for every half-open connections are busy to 'SYN packets. This method, used to keep other clients to connect to a server that is known as "SYN flooding".
Now, the genius tried to design a method to prevent these floods SYN. He created a method known as the "wall of fire", whereby, said SYN flooding could be prevented. This method works with a principle very simple. TCP IP stack never checks the client IP address, accepting or rejecting the connections. Since it is possible that the TCP and IP to know the address of each client connecting to it, just check the customer that keeps giving "Syn" and not respond with "Ack." The "wall of fire" is a team that checks the IP addresses of incoming customers. The person who designed the fire wall, located just in front of the TCP IP. The "wall of fire" is then given the IP address of that client and if the client tries to connect to the server as soon as the package would be reduced. But if the customer keeps changing direction Random IP – the IP address can go up to $ 4 million – the "Syn ACK 'to the machine would go wrong. Thus, by sending different and the bad IP addresses, you can easily bypass the firewall. Therefore, at present, no solution exists for "SYN flooding".
Land Attack ..
The name sounds like if there were a war, but it is not. A ground attack is just a name given to a method devised by Mr. Land to give a little more headache to the servers. It just happens in the source and destination IP address, with the same address as the server. In this case, the server itself sends a 'Syn Ack. When the poor try to send an "Ack" himself for a "Syn" That never sent, it always crashes.
Reliability ..
However, the Internet Protocol itself is not reliable. This is because there is nothing in intellectual property, which tells us if the package you have sent has arrived or not. There is no mechanism in IP, which will tell if the package has reached its destination safely and in order. This does not mean that intellectual property sends packets through properly, it's just that there is no guarantee that the package will arrive. Take the example of the Postal Service in India. Suppose you want to send Tiruvananthapuram a letter by regular mail. Now, it is that mail is always lost, the Post Office Department at some point the letter is delivered, but no guarantee that it will get there. You can reach Tiruvananthapuram but again can not arrive on time. It is also possible that if you send two letters, one after another, the second letter may come first. There is no way that the Postal Department will return to you and say that the mail has not arrived, or arrived late or that the second letter came first. Also is the case with the IP protocol. There is no way in which he again and tells him that he had sent the package has arrived or not.
Because of this we can be comfortable with only the IP protocols. If we make additions to the rules of the IP protocol, so that IP again and let us know if the package has arrived or not, will cause the IP protocol very complex.
Now the protocol deals only with IP routers. Is the research is to make sure your package going from one extreme to another in the shortest time possible. IP is the router reporting the target location is, is the source and other such details. The main concern IP protocols is speed. You have to try to reach the destination as quickly as possible and who cares about nothing more. The IP protocol has sacrificed reliability of the speed and it shows. Why not let him do the work you do best? ie routing.
If the Internet is to rely exclusively on intellectual property, the result would be quite chaotic. It is to combat the problem of unreliability, which created the TCP protocol. TCP is the exact opposite of the IP protocol. It is the main concern is reliability. It is the protocol that handles TCP checksums, and sequencing. To send a packet network, it is likely that the package can be divided into two or more packages – depending on the size of your package. Now, each packet can reach the port of destination at different times and in different orders. Is it not necessary that packets received in the order they are sent? Otherwise, the package can get to the party in a haphazard manner by which the message is completely illogical and confusing. It is the work of the TCP protocol to ensure that every packet reaches the destination and placed together in the correct order.
Sequencing …
Let now how we can send data through a client to a server. When the data is sent through the server, the "sequence number" and "number confirmation "are very important. The client tells the server about who is" the number. This number was randomly generated by the TCP IP stack. Our TCP / IP stack will start the numbering of the data sent through the server of this issue. We explain the concept of a "sequence number and a "confirmation number" of a better way with the help of the following example. Suppose you are sending the data shown below.
ABCDEFGHIJKL
2 3 4 5 6 7 8 9 10 11 12 13
Suppose that we agree with the server in the "sequence number '2. Therefore, our data are numbered 2 onwards. Suppose we are sending 3 bytes of data at once, along with the TCP / IP. Thus, the server will receive a packet of 43 bytes. In this package, the number in the "recognition" is nonsense.
IP header
20 bytes
TCP Header
20 bytes
ABC 3 bytes
At the moment the server receives the packet it responds with an 'Ack'. This' Ack 'is 40 bytes and have their' flag Ack 'on. When the 'ACK flag is the meaning that now the "Confirmation" is valid.
The server looks at the size the package and found to have sent three bytes of data. He knows that you have sent data bytes A, B and C, which are numbered 2, 3 and 4. He will take the last ie, the byte number 4 and add 1 to it, to get the number 5. The server, this figure as the "confirmation number" in the "Ack" He sends us to inform us that you have received our package.
When we receive the server 'Ack', we look at your "confirmation number" which is 5. We know we have to start sending data at byte number 5 onwards. Therefore, place 5 as the "sequence number" for the next package we will send to him. Along with this package, send three bytes of data on the server. As our 'sequence number' is now 5 server will now receive D, E and F which are numbered 5, 6 and 7, which is the next packet. The server uses the number of bytes the end of this package, ie add 7 and 1 to the same answer with a "confirmation number" 8. Upon receiving the "ACK packet", sent by the server, we now know we have to send the data bytes from 8 onwards. If we do not receive an "Ack" for any package that we send, we need to retransmit packets that after a certain amount of time.
It is a fact that the server is wasting your time responding with forty bytes of "time of each Ack 'send a packet of three bytes. Instead of the server we sends an 'Ack' for each packet received, decide to send an 'Ack' after receiving two packages. We are now sending the server two packages, one after another, before it responds with an "Ack". As for our previous example, the server can send an 'Ack' with the acknowledgment of I get the number 8 instead of 5, the first time. This means that the server has received the byte number 2 to 7 and you want me to send the next packet from 8 bytes. This it shows that 'ACK' can be grouped together.
When you send two packages, one after another, the second packet may arrive first. But since that our data has been numbered sequentially, the server will take care of our data in the correct order.
TCP is a decent protocol. It is no misbehavior, Unlike other protocols that we will speak later. At the time the customer receives an 'Ack' means that the server has received a packet and responded with an 'Ack'. We – the customer – has to calculate the first round of the total time ie the time from the time they send a package to the time we receive an 'Ack' from the server. Suppose a packet is sent to the server and receive an 'Ack', 1 second later. We now know that the transmission time, This one is 1 / 2 second. After holding the parcels for 15 minutes, at intervals of 1 second, suddenly realize that the server is responding to "every Ack '2 seconds. This shows that now there is congestion on the line. So if you receive an 'Ack' well, we also would sending our packages later.
Suppose another case in which we are sending a packet to the server. We can not wait indefinitely for the server responds with a "Ack. This may be due to the reason that our package has not reached the server. It may also be due to the reason that the server may have sent a 'Ack', but the 'Ack' did not reach us.
Because of this we have to set a retransmission timer, which inform us that it is time to re – transmit a packet. We may be able to set the relay time too high and you can receive the 'ACK' at a faster rate. For example, suppose you set the time of transmission to be 5 seconds and the server responds with an "Ack" in 2 seconds. So we are losing 3 seconds without need. Therefore, we must restore our timer dynamically than 2 seconds.
If you set the timer for a short time the relay is possible that we may receive an "Ack" after it broadcast the packet. For example, if we put our time of transmission to 1 second and the server responds with a 'Ack' after 2 seconds. Then we broadcast the first packet without waiting a reasonable time for the 'Ack' to reach us. As So we need to reset our timer for 2 seconds. Even if the server received duplicate our package is smart enough to fail.
If this was the way the TCP worked, then the whole process would also slow transmission and more of a liability than an asset to the network. Slow because the server would to wait for an "Ack" from the client every time you sent some packages. To protect the lengthy protocol in TCP there is something known as the size the window – which incidentally we had said he would explain later. Well, the time has come when we feel you should know what a window size means. So now learn about the 'window size'.
Let's talk about a case in which we are receiving data from a server. The server sets a limit to the number of bytes of data that you can send without receiving an "Ack" us. This ceiling is known as the window size. There is a constant figure, but may vary due to a number of factors such as congestion, etc.
Suppose the window size of the package that comes to us from the server is specified as "4, 0 '. The server will send data up to 4 * 256 + 0 * 1, ie1024 bytes required before we send a' Ack '. The cut knows he can keep sending data, we do not send the 1025th byte to send him an "Ack". This increases the speed of data flow.
Analysis:
1. We, the customers have no choice bombardment money trying to protect ourselves. They still use and keep updating, regardless of price.
2. Our machines resources are governed by the so-called scanners claiming to protect us. At the same time, absorb the maximum resources of the machine from the memory and processing / bandwidth of the power grid and so on.
3. In today's world that is supposed to be a world of IT is being run by Microsoft in one place and security agents in the other. The customers pay for their services even more expensive and their resources are not in your own control that depend largely at the mercy of the service provider / supplier.
The Future: Sooner or later the world will be smarter migrate suppliers and will be much more informed policy and practice invasive sellers. that would be more active and better placed to make informed decisions
new apple ipad tablet
Comments on this entry are closed.