BestInternetSecurity.net

The Domain Name System (DNS) relies on a hierarchical database system. At the top of this system sit thirteen root servers with names following the format letter.root-servers.net, where the letter ranges from A to M.

Many people mistakenly assume that there are only 13 root servers in the world. In fact, each root server notation represents a cluster of servers dispersed all over the world. Each of these is administrated by different organizations.

The cluster of servers working for a particular letter of root servers uses the routing technique of “anycasting,” according to RFC 1546¹:

“There are a number of situations in networking where a host, application, or user wishes to locate a host which supports a particular service but, if several servers support the service, does not particularly care which server is used.  Anycasting is an internetwork service which meets this need.  A host transmits a datagram to an anycast address and the internetwork is responsible for providing best effort delivery of the datagram to at least one, and preferably only one, of the servers that accept datagrams for the anycast address.”

Check out these links for a geographical mapping of the root servers’ locations:
http://www.icann.org/maps/root-servers.htm
http://www.circleid.com/posts/dns_root_servers_google_maps/ (on Google Maps)

Root servers serve as the final point of resort to resolve the Top Level Domain (TLD). For example, if your DNS servers do not know where to locate the DNS record of the “.jp” of the domain name www.jetro.go.jp, it will query the root servers to locate the DNS server taking part in the resolution of TLD “jp” and then continue the resolution of the domain “go.jp” by the DNS server referred by the root server. This domain name resolution process works recursively until it gets an authoritative answer for the requested host of the domain name www.jetro.go.jp.

In fact, DNS servers rarely query the root servers as they cache any previously resolved domain names, including those of the TLDs. Depending on a DNS server’s configuration, it usually keeps those responses in the cache for two days. Therefore, considering the example given above, the DNS server will store the DNS server information to process TLD “jp” in the cache memory, so that each query related to TLD “jp” will go directly to the DNS server handling “jp” TLD without repeatedly querying the root servers.

Perhaps the most common reason for your DNS servers to query root servers is an error in typing a non-exiting TLD. For instance, if you mistakenly type “jq” instead of “jp” in the above domain name, your DNS servers have not yet resolved any TLD of “jq”. Therefore, it has to go to the root server to check for its related information. Of course, in this case, the root server will return a non-existing error message to your DNS servers, and you are notified of the failure to locate the domain name.

As the root servers are dispersed all over the world, it is quite difficult technically to launch an attack on all of them at the same time. Therefore, it is unlikely that this robust system will stop servicing the Internet community because of common attack such as DOS (Denial of Service), even by the most well planned hacking activity. This is fortunate, since the DNS root server system is a vital part of the Internet, serving thousands or millions of people online everyday.

If you are interested to understand more about root DNS servers’ operation, go to this link for more details:
http://www.isoc.org/briefings/020/

¹ Partridge, C., Mendez, T., Milliken, Walter. (1993) Request for Comments: 1546, Network Working Group, Available from: http://rfc.net/rfc1546.html [Accessed 4 April 2008]

Tags: DNS Root Servers Attack, anycasting, TTL

What does the name Trojan Horse imply in way of network security, and what threats do Trojan Horses bring to a network computing system?

First let’s look at history to understand the name “Trojan Horse.” The Trojan War, as you may already know, is the ancient war between the Greeks and the city of Troy that took place during the thirteenth century. The Greeks won the war with Troy because of a very clever and deceptive trick. Greek soldiers pretended to withdraw from the battle, leaving behind a huge wooden horse. Troy, believing that they had won the war, dragged the wooden horse into their city and began to celebrate victory. However, by doing so, they walked right into the trap set by the Greeks. Greek soldiers were actually hiding inside the wooden horse. As they waited patiently inside the horse, the people of Troy celebrated heavily. When the soldiers emerged from the horse during the night, the inebriated citizens of Troy were easily defeated.

In today’s world of computer security, we now use the term “Trojan Horse” to refer to certain malicious software (or “spyware”) programs that are designed to remotely control a computer by a hacker. Much like the ancient Greeks, a hacker will attempt, in every conceivable way, to lure users to unknowingly install the Trojan Horse on their computers.

For example, hackers can start an attack by sending malicious emails inviting the recipient to download and install Trojan Horse programs that actually appear to be useful. Another way hackers lure unsuspecting users is by offering interesting or seemingly practical programs on a site as a free download. Users install these software programs containing malicious code, unknowingly giving the hacker access to their computers.

How Trojan Horses work
A Trojan Horse program works by opening a connection point in your computer (usually a designated TCP port) and waiting for the hacker to remotely connect to this port. Upon a successful connection, the hacker immediately takes control of the victim’s computer, reading and changing data inside the machine, remotely monitoring the user’s activities. Some versions of powerful Trojan Horse software can even monitor the user’s screen in real time, log his or her keyboard strokes, and remotely shut down the machine.

Since some popular Trojan Horse programs will open a well known connection port inside the victim’s computer, an attacker can regularly scan the Internet for computers being “planted” with Trojan Horse looking for opened ports. For example, popular Trojan Horse programs like Netbus uses TCP port 12345 and 12346, and Back Orifice uses 31337. You can always find popular Trojan Horse ports by doing a search on Google using the search phrase “popular ports of Trojan Horse.”

Once found, the hacker can immediately take control of the machine by connecting to these easily recognized ports. This means hackers don’t need to spend time implanting the program to the victim’s machine if someone else has previously introduced the Trojan Horse software to the user’s system.

Trojan Horse programs pose a very great threat to computer security. The user’s naiveté as to its existence gives the attacker further power to intrude on other computers within the same network associated with the victim’s machine. As you can imagine, this can cause problems in catastrophic proportions.

How to Know If Your Computer Has a Trojan Horse
You can find out if your computer is infected by performing a simple audit. Access your command prompt screen and type in the command “netstat –n”. This will show all the open local ports and remote ports.

If you are interested in determining what programs are tied to specific ports, you can use the program fport which is available here:
http://www.foundstone.com/us/resources/proddesc/fport.htm

How to Avoid Trojan Horses
A number of spyware monitoring and removal software programs are available. If you are using Windows XP, perhaps the easiest one you can attain is Windows Defender from Microsoft found here:
http://www.microsoft.com/athome/security/spyware/software/default.mspx

Also, the related spyware removal tool from Microsoft can be found here:http://www.microsoft.com/downloads/details.aspx?familyid=AD724AE0
-E72D-4F54-9AB3-75B8EB148356&displaylang=en

In addition to relying on Trojan Horse detection and removal tools, a better way to control problems with spyware is user education. A careful computer user should not casually download programs from unknown sources off the Internet or open email attachments that appear suspicious or unfamiliar.

Failure to follow simple preventative measures such as these can lead to serious security breaches. Remember in 2005, when the Atlanta-based credit card processing company CardSystems Solutions Inc. was hacked? A Trojan Horse program was implanted in the company’s network and it was estimated that the information of more than 40 million credit card customers was leaked as a result of this security incident.1 A class-action suit was then filed in the California Superior Court in San Francisco against CardSystems Solutions Inc, Visa, and MasterCard.²

You certainly don’t want you and your company to be the next victim, do you?

¹ Evers, J. (2005) Details emerge on credit card breach, CNET News.com, Available from: http://www.news.com/Details-emerge-on-credit-card-breach/2100-7349_3-5754661.html [Accessed 31 March 2008]

² Evers, J. (2005) Lawsuit seeks disclosure in credit card heist, CNET News.com, Available from: http://www.news.com/Lawsuit-seeks-disclosure-in-credit-card-heist/2100-7350_3-5765383.html [Accessed 31 March 2008]

Tags: CardSystems Solutions Inc. Spyware

What are RADIUS AAA Servers?

According to Convery, S.(2007)¹: “RADIUS was developed by Livingston Enterprises (now part of Alcatel-Lucent) in the early 1990s, became an Internet standard through the IETF in 1997, and today is the most widely accepted AAA protocol.

Another widely adopted AAA protocol, which predates RADIUS as an RFC by four years, is the Terminal Access Controller Access Control System (TACACS). Though never an Internet standard, TACACS evolved into XTACACS and then TACACS+, the latter of which is the only version of TACACS in use today.”

radius aaa servers

RADIUS AAA server is one of the most popular remote access technology components.  Its main functions are to:

• consolidate the login request received by the remote network authenticator(s) within an organization,
• verify the eligibility of the remote user’s right to access inside the corporate network, and
• authenticate the user per the agreed-upon authentication methods.

The acronym AAA stands for Authentication, Authorization, and Accounting. The authentication process performs verification of a remote user’s identity, the authorization process determines what a remote user is allowed to do on the network, and the accounting process logs the user’s activities in relation to network access.  These actions are activities the RADIUS AAA server performs with other network remote access components within a corporate network environment.

RFC 2865² describes in detail the authentication methods and the packet format of a RADIUS server, and RFC 2866³ describes a protocol for carrying accounting    information between a Network Access Server and a shared Accounting Server. It should be noted that RFC 2866 does not specify an Internet standard of any kind.

TACACS+ (Terminal Access Controller Access-Control System Plus) is another popular protocol that provides access control for routers, network access servers and other networked computing devices via one or more centralized servers. The main difference between TACACS+ and RADIUS is that TACACS+ separates the two operations: authentication and authorization are combined within the RADIUS server.  Also, TACACS+ uses TCP to communicate, while RADIUS uses UDP. (Source: Wikipedia.org)⁴

¹ Convery, S. (2007), Network Authentication, Authorization, and Accounting: Part One, The Internet Protocol Journal – Volume 10, No. 1, Available from: http://www.cisco.com/web/about/ac123/ac147/
archived_issues/ipj_10-1/101_aaa-part1.html  [Accessed 31 March 2008]

² Rigney, C. Ed. (2000) Request for Comments: 2865, Network Working Group, Available from: http://rfc.net/rfc2865.html [Accessed 31 March 2008]

³ Rigney, C. (2000) Request for Comments: 2866, Network Working Group, Available from: http://rfc.net/rfc2866.html [Accessed 31 March 2008]

⁴ Wikipedia, the free encyclopedia (2008) TACACS+, Available from: http://en.wikipedia.org/wiki/TACACS%2B  [Accessed 31 March 2008]

PPTP port belong to Point-to-Point Tunneling Protocol (PPTP). PPTP is a method for implementing virtual private networks that works on the data link layer. It serves the purpose of encrypting a remote computer’s network traffic to a host using Point-to-Point Protocol’s (PPP’s) authentication methods of PAP (Password Authentication Protocol) or CHAP (Challenge-Handshake Authentication Protocol). It was replaced by L2TP (Layer 2 Tunneling Protocol) or IPSEC (Internet Protocol Security) as a common remote network connection change, replacing dial-up network access to broadband access in recent years.

PPTP can be regarded as an extension of PPP, which provides router-to-router and host-to-network connections over asynchronous and synchronous connections. Since PPTP works on a data link layer (the second layer of a seven-layer model of network communications), it allows multi-protocol communications of the upper layers to be held using a secure communication channel over the Internet.

How does PPTP work?

According to Microsoft Corporation (2006) ¹, the benefits of PPTP are:

“Through PPTP, it is possible for remote users to access their corporate networks & applications by dialing into the ISP’s point of presence (POP), instead of dialing directly into the company network. PPTP connects directly to the target server by creating a virtual network for each remote client, one that the server administrator can monitor and manage like any other Remote Access port ”

The popularity of PPTP rests in the fact that it is the bundled dialup networking feature Microsoft put forth in most of its Windows Client products. (Microsoft was one of the members of the development group of PPTP).

RFC1334 defines both CHAP and PAP.

PAP according to RFC 1334 ²:

The Password Authentication Protocol (PAP) provides a simple method for the peer to establish its identity using a 2-way handshake.  This is done only upon initial link establishment.

After the Link Establishment phase is complete, an Id/Password pair is repeatedly sent by the peer to the authenticator until authentication is acknowledged or the connection is terminated.

PAP is not a strong authentication method.  Passwords are sent over the circuit “in the clear”, and there is no protection from playback or repeated trial and error attacks.  The peer is in control of the frequency and timing of the attempts.

Any implementations which include a stronger authentication method (such as CHAP, described below) MUST offer to negotiate that method prior to PAP.

CHAP according to RFC1334 ²:

The Challenge-Handshake Authentication Protocol (CHAP) is used to periodically verify the identity of the peer using a 3-way handshake. This is done upon initial link establishment, and MAY be repeated anytime after the link has been established.

After the Link Establishment phase is complete, the authenticator sends a “challenge” message to the peer.  The peer responds with a value calculated using a “one-way hash” function.  The authenticator checks the response against its own calculation of the expected hash value.  If the values match, the authentication is acknowledged; otherwise the connection SHOULD be terminated.

This authentication method depends upon a “secret” known only to the authenticator and that peer.

(Comment: Usually the secret refers to the peer’s password.)

The secret is not sent over the link.

(Comment: There is no way an attacker can gain access to the secret.)

This method is most likely used where the same secret is easily accessed from both ends of the link.

(Comment: On the authenticator’s side, we usually use a Radius server to store the password database centrally inside of it. (The Radius Server verifies the “secret” for the remote access terminal carrying out the authentication process with the peer.) The Challenge packet from the authenticator contains one octet of “Identifier” field and a variable stream of “Challenge” values. These two variables MUST be changed every time a Challenge packet is sent.)

The Response Value is the one-way hash calculated over a stream of octets consisting of the Identifier, followed by (concatenated with) the “secret”, followed by (concatenated with) the Challenge Value.  The length of the Response Value depends upon the hash algorithm used (16 octets for MD5).

If the peer’s Response value matches what has been calculated by the authenticator using the same algorithm, then the authentication is successful.

References:

¹ Microsoft Corporation (2006), How to Set Up a Windows NT PPTP Client, Available from: http://support.microsoft.com/kb/154062 [Accessed 28 March 2008]

² Lloyd, B. Simson, W. (1992), Request for Comments: 1334, Network Working Group, Available from: http://rfc.net/rfc1334.html [Accessed 28 March 2008]

Domain Name System (DNS) is the magical ability of Internet hosts to translate the machine-readable IP address numbers like 216.109.112.135 to something meaningful to humans, like www.yahoo.com. A sophisticated hierarchical database system in the Internet is required to accomplish this task. One of the core components of that system is the DNS server, which serves as the translator. For instance, when you type the domain name http://www.yahoo.com into your favorite browser, your computer directs this request to a designated DNS server—usually provided by your Internet Service Provider (ISP)—which helps translate it to the machine-readable IP address 216.109.112.135. This enables your computer to connect your browser software to the correct web server’s website.

If you are interested in knowing the IP address(es) of your DNS server(s), you can access them using Windows 2000/XP/VISTA, by choosing Start -> Run, then typing the word “cmd” in the command window, and clicking OK.

In the command prompt window, type “ipconfig/all” and hit return. This will display a list of network connection information. For example:

From this list, you can see that the DNS server IP addresses are
217.1.32.208 and 215.251.144.126. This machine will query either one of these two DNS servers for any new domain name enquiry.

You may wonder: what if these two DNS servers return a wrong IP address for the domain name you specified? If this happens, you will be re-directed to a wrong site—even though you have typed the correct domain name in your browser.

And this is exactly what a hacker can do. If a hacker attacks a DNS server and maliciously corrupts the information in the DNS server’s database, then all the hosts that rely on this DNS server for domain name resolution could be misdirected to a wrong Internet sever.

This enables the hacker to hijack the Internet connection of the victims. For example, a hacker could re-direct an Internet banking site’s domain name to his or her own server and lure visitors to key in their private login information into this fake website. This allows the hacker to steal this information for the purpose of committing crimes such as identity theft.

Another type of attack involves using similar domain names like paypal.com and paypa1.com. Can you tell the difference between these two domain names? No, we didn’t make a typo! Actually, the first “paypal” ends with a lower-case “l” (L), and the second one ends with the numeral “1” (ONE). In this scenario, the attacker uses various tricks like scam emails to lure the visitors to click a deceptive link in order to direct visitors to their own fake site and obtain private login information as in the first example. The term “phishing” has been coined to describe this type of security breach.

Perhaps the solution to counter these problems is user education. Internet users should be made aware that these kinds of attacks are possible, and learn how to determine that the sites that they are visiting are genuine ones.

Usually, for a website to perform the authentication information exchange with a visitor, such as asking for a visitor’s login information, it will initiate a popular Internet secure communication method called SSL (Secure Socket Layer). You can determine that the website is using this secure method by looking at the address in the address bar: the “https.” part of the address will automatically change to “https.” At that moment, the web server opens an encrypted communication with the visitor by providing its server certificate to your computer. This server certificate can be viewed in your browser by clicking the “padlock” sign. It is usually at the lower right corner (Internet Explorer version 6 and Firefox) or upper right corner beside the address bar (Internet Explorer version 7) of your browser.

If the site is genuine, you can clearly see the site’s URL along with the certificate authority that issues the server certificate (two common certificate authorities are Verisign or Thawte).

Take a look at the well-known Internet banking website, Citicorp. When you pull up the Citicorp banking login screen, click on the padlock as described above to display the website’s certificate. Note that this one is issued by Verisign.

If you click on the option “View certificates” you can view more detailed information of this server certificate:

Here you can verify that the certificate is of the domain “citibank.com” and the certificate has not yet expired.

After completing validation process, you can now safely enter your login information with confidence, because the site is very unlikely a fake site. If you following these steps every time you access a secure web site, you can avoid becoming the victim of a DNS attack.

Tags: Domain Name Server, identity theft hacking

TCP/IP (Transmission Control Protocol / Internet Protocol) is a set of communications protocols that implement the protocol stack on which the Internet and most commercial networks run. However, from a security standpoint, it is not inherently secure. To understand why, we must first look at the history of TCP/IP.

TCP/IP was designed more than 30 (thirty) years ago in a research environment. It was the native communication protocol of one of the earliest operating systems in computing history: Unix.

One of Unix’s variants, the BSD (Berkeley Systems Database) Unix developed by the University of California in Berkeley, was first embedded with networking protocol TCP/IP in 1983. At that time, since Unix was mainly used in an academic environment, it was not designed to handle high network traffic. It also was not designed to handle modern business-critical network applications.

Additionally, most of the application-related protocols associated with TCP/IP—such as FTP, TELNET, and SMTP—were designed without consideration of the security issues we face today.

The fundamental weakness of the TCP/IP protocol lies in the IP (Internet Protocol) layer. For example, the IP address of a typical IP packet can be arbitrarily created. There is no method of verifying whether or not a particular source IP address is genuine.

This leads to a possible “IP Spoofing” attack. This is when an attacker pretends to be sending data from an IP address other than his or her own address. As a result, there is no authentication process when using that IP protocol.

Another weakness of the TCP/IP protocol is that the IP layer does not carry any encryption function to preserve the confidentiality and integrity of security functions. This creates the possibility of a serious security breach known as a “man-in-the-middle attack.” In this type of breach, the attacker seizes an IP packet, reads and modifies the upper layers within it, and releases the packet again within the network, passing it back and forth between a sender and receiver.  The sender and receiver involved are unaware an attack is in process.

Hopefully, IPv6 (successor of the traditional IP protocol IPv4) will solve these problems. The IPv6 protocol is equipped with authentication and encryption capabilities, solving the long-standing security problems of IPv4. (Note: The IPv4 protocol uses a four 8-bit address scheme in order to provide 32 bits of address space, whereas IPv6 uses a sixteen 8-bit address structure, creating much bigger 128 bits of address space.) However, the adoption of the IPv6 protocol is unexpectedly slower than was originally anticipated.  Many believe that the “dot-com bubble burst,” which slowed down the acquisition of IPv4 address spaces, is to blame for this delay.

Another explanation points to the widely adopted Network Address Translation (NAT) protocol. This protocol allows an individual, private network to use reserved IP addresses for its hosts in order to access the public Internet before they use a NAT router as a proxy—which requires IPv4 addresses to communicate. The benefit of the NAT protocol for users is that it dramatically reduces the need for unique public IP addresses assigned to each host within a private network for it to access the Internet.

No matter what the real reason for the delay is, it is becoming imperative that we take a serious look at migrating to IPv6. It has been predicted that the number of available Ipv4 addresses will be depleted within the next five years¹. In addition to complying with the limitation of this rigid time constraint, adopting the new IPv6 protocol will also resolve most of the security issues of IPv4, creating more secure networking systems.

¹ Jorgenson, L. (2007) IP address depletion hastens IPv6 adoption Available from: <http://www.searchnetworking.com.au/topics/article.asp?DocID=1267040> [Accessed 25 March 2008].

Tags: IP Spoofing, TCP, 7-layer model

There are many possible physical security threats associated with electrical power supply. A few examples, and ones you may already be familiar with, include :

• Blackout:  a complete loss of power.
• Sag or Brownout:  a decrease in voltage levels, usually of short duration but may last anywhere from fractions of a second to hours.
• Surge: a short-term increase in the level of voltage, generally lasting a fraction of a second
• Spike:  an instantaneous surge causing a tremendous increase to levels of voltage, usually lasting no longer than one-millionth of a second¹.

In order to address these threats to physical security, a secure electrical system for computing equipment must possess the following properties:

1. Dedicated Circuits
2. Physical Access Control must be implemented for:
   • Master Circuit Breakers
   • Transformers
   • Power Distribution Panels and Feeder Cables
3. Emergency Power Off Controls must be installed and accessible by the personnel on-duty
4. Voltage Monitoring/Recording and Surge Protection should be in place

Ensuring Computer Availability through a Backup Power Supply
To ensure that your computer system remains available for use in spite of power supply threats, the power supply has to be made “fault tolerant” through the use of a Backup Power Supply. There are three ways to achieve this:

1. Alternate Feeders
2. Emergency Power Generator
   If using alternate feeders is not feasible, an emergency power generator should be considered as an alternative for mission critical operations. However, this security measure is very costly to maintain and operate. It is advised that a detailed analysis be performed in order to justify the high cost of this security option.
3. Uninterruptible Power Supply (UPS)
   UPS provides just enough time for the computing system to back up data and shutdown before electrical power completely fails. UPS requires regular testing and maintenance work to ensure proper operation.  Additionally, UPS involves the use of hazardous hydrogen gas.

In addition to computing equipment, Backup Power Supply is also needed for the following vital systems:

• Lighting
• Physical Access Control Systems
• Fire Protection Systems
• Communications Equipment
• Telephone Systems
• HVAC

¹Source: University of Connecticut Computer Center (1997), Electrical Disturbances, Available from: http://vm.uconn.edu/~year2000/edisturb.html [Accessed 20 March 2008].

Work Factor is defined as the amount of effort (usually measured in units of time) needed to break a cryptosystem.

The Work Factor of a cryptosystem is related to its key-length and the working mechanism used (encryption and decryption algorithms). For example, if the brute force attack method is used to break the system (trying all possible combinations of the key), then the work factor is directly proportional to the length of the key. For every addition of one bit to the key length, the time needed (work factor) is doubled.

The biggest threat to an encryption system is perhaps the ever-increasing speed of computers. Let’s consider a popular symmetric encryption—DES algorithm—as an example. According to Schneier, back in 1998 the amount of time required to break a DES 56–bit key Cryptosystem with a $220,000 device was 4.5 days¹.

Moore’s law states that over time, technology increases such that computing devices double their speed every 18-months for the same amount of construction cost. With this being the case, we can now, in 2008, build a similar machine at the same cost of $220,000 that will break the same DES 56-bit key within 64 minutes!

For this very reason, DES was replaced with Triple DES and other advanced encryption algorithms, ending its widespread contribution to encryption applications since its invention by IBM in 1974. The algorithm was perfectly designed to withstand such a long period of practical application challenges, with its only shortcoming being the relatively short key-length: 56 bit.¹ Schneier, B. (1998), A Hardware DES Cracker, Counterpane Systems, Available from: http://www.schneier.com/crypto-gram-9808.html [Accessed 20 March 2008].

To understand Environmental Physical Control, we need to understand how your HVAC system affects your computing environment. HVAC stands for three words: Heating, Ventilation and Air Conditioning. Your HVAC system controls various environmental factors that must be monitored to ensure that your computing equipment operates effectively.

Temperature: Between 21 and 23 degrees Celsius (70 to 73 degrees Fahrenheit) is the general optimal temperature range for computing equipment to operate.

Humidity: The best relative humidity for computer equipment operation is from 45% to 55% because an environment too humid can cause corrosion.  On the other hand, environments too dry can cause static damage. A static charge of above 20,000 volts is potentially harmful to a system.

Pressurization and Ventiliation: Positive pressurization and ventilation must be maintained in order to keep contaminants from entering the facility. Airborne particulates should be kept at appropriate levels since dust and other contaminants can impact computer hardware operation.

According to Keranen E. (2006), dust particles can contain moisture, organic material such as carbon and various minerals, and/or various chemicals. All of these can affect the reliability and life span of computing equipment.

Integrated circuits (ICs) can suffer from overheating due to the insulating effect of dust as well as suffer from electrical shorts caused by dust across their contacts. The most susceptible ICs are those having a metal lid acting as a heatsink cooling surface. To prevent overheating and failure, this metal surface and heatsink need to be essentially dust-free. Dust acts like an insulating blanket, preventing proper convection cooling.” ¹— E. Keranen (2006) Effects of dust on Computer Electronics and Mitigating Approaches.

In addition to dust, an excess concentration of certain gasses such as ammonia can speed up corrosion inside the electronic components of the system, leading to malfunction.

Some devices such as printers should be located outside of the computing facility. A printer’s toner could generate carbon particles, which are moisture absorbent and combustible, threatening the computing equipment’s security.

Of course, non-smoking policies should be enforced within critical computing facilities in order to reduce fire hazards as well as minimize the pollutants related to smoking.

¹ Keranen E. (2006) Effects of dust on Computer Electronics and Mitigating Approaches. [Internet]. Computer Dust Solutions, Available from.

http://www.computerdust.com/SPECIAL_REPORT_ON_DUST_
EFFECTS_ON_ELECTRONICS.pdf [Accessed 17 March 2008].

Tags: Environmental Controls, Environmental Physical Controls, Pollution

Google hacking refers to the use of Google as a powerful search engine to uncover websites with security bugs and technical issues. Google, with its crawling engine, searches and indexes the content of websites around the world 24/7.  It essentially captures everything from normal website presentation to websites with technical problems, displaying error messages into its database in regard to visitors’ queries.

For example, it is not unusual to see an ASP website displaying errors messages such as:

“InvalidOperationException: Failed to map the path ‘/<Application_Name>/App_GlobalResources/’.”

This error message reveals the server’s application path as well as part of the server’s internal file structure. Experienced hackers can use this vital information to initiate an attack on that system.

Google contains probably the world’s largest collection of snapshots for any website.  It records an enormous number of websites with various error messages like the one above. Anyone who knows how can easily search for the relevant messages with advanced commands in search queries like “inurl:”, which will refine a search to look for particular error messages.

For further information on various advanced search query techniques, click here: http://www.google.com/help/operators.html

Johnny Long, a researcher, writer, and a “white” hacker for web application security, has written a useful book on Google hacking. Find more information by clicking the image:

Tags: Web Applications Security