Archive

Posts Tagged ‘IT’

Occupy Flash! Because HTML 5 is Better, Right?

November 22, 2011 Leave a comment

I’m no fan of Flash. As a web developer, I absolutely hate working with it. As an end user, I cringe at its many vulnerabilities and security flaws. As an administrator, I’m exasperated with its near-weekly patch releases. But as much as I would like to see Flash be chased out of our browsers by an online mob bearing digital torches and pixelated pitchforks, HTML 5 isn’t quite ready to fill the void resulting from such a coup…


The rest of this story is posted on our new site: http://www.sysmincomputing.com

If you want to read this story, click here!

Advertisements

Vital Factors for Implementing a Data Warehouse in an Organization

November 18, 2011 Leave a comment

Many organizations are sitting on a treasure trove of information, but have no good way to access it for analysis and comparison. A data warehouse can provide that analytical power and functionality by aggregating all of this data from a variety of data sources (databases, spreadsheets, logs, etc.) and organizing it in a way that makes cross querying easy. Unfortunately, many organizations jump feet first into developing a data warehouse, only to see it fail after investing a great deal of time, money, and effort into the project. Additionally, a well implemented data warehouse can still fail if an organization is unable to convince its employees to use it. For these reasons, I’ve put together a few key factors to help your organization’s data warehouse have the greatest chance for success…


The rest of this story is posted on our new site: http://www.sysmincomputing.com

If you want to read this story, click here!

Categories: Technology Tags: , , ,

Yet Another “Sophisticated” Attack

November 10, 2011 Leave a comment

You know, I’m getting a little tired of companies using words like “advanced,” “sophisticated,” and “APT” to describe attacks that can be done after watching a 5 minute YouTube video. I’m sorry, but XSS, SQL Injection, and brute forcing passwords do not count as “Advanced.” It bothers me that companies use these words as a way of making excuses for being hacked. Just because someone got past your lousy security doesn’t mean that you are excused from all blame…


The rest of this story is posted on our new site: http://www.sysmincomputing.com

If you want to read this story, click here!

Stop That Annoying “Unused Icons on Your Desktop” Popup in Windows XP

September 24, 2011 Leave a comment

Yes, I know that Windows 7 is around and there are a million tutorials on this very topic. But lets face it, Windows XP isn’t going anywhere for a while yet, and I don’t know of a single person who likes this “feature.” In fact, as a tech this has to be one of the most common question people ask me. So I’m adding yet another guide on how to permanently pop that annoying message balloon!


The rest of this story is posted on our new site: http://www.sysmincomputing.com

If you want to read this story, click here!

Formating a Drive Using the Windows Command Line

September 16, 2011 Leave a comment

Nowadays it seems like Windows has a GUI for everything. Whether its modifying GPOs using a MMC Snap-in or performing registry hacks with the regedit tool, its rare for even a Windows Technician to spend much time in the command line any more. On rare occasions however, even the most adept mouse-wielding users may find a task that is easier (or even necessary) to do in the command line. One such task I find myself doing is formatting a system disk using Microsoft’s format command…


The rest of this story is posted on our new site: http://www.sysmincomputing.com

If you want to read this story, click here!

Sending Mass Email in Thunderbird Using MailTweak

September 16, 2011 Leave a comment

While Outlook has some great features for a corporate environment, Mozilla Thunderbird is probably one of my all-time favorite email clients. Its cross-platform compatible (runs on Linux, Windows, and Mac), fast, highly customizable, open source, and free to download and use (take that Microsoft!). Just like its cousin, the Mozilla Firefox browser, extra functionality and features can be added to Thunderbird by installing plugins. One of my all-time favorite plugins for Thunderbird (along with Enigmail), is MailTweak. This plugin adds a great deal of extra features and functionality to an already great program. One of these features that I find myself using fairly often, is sending personalized mass emails…


 

The rest of this story is posted on our new site: http://www.sysmincomputing.com

If you want to read this story, click here!

Advantages and Security Considerations of Utilizing the IPv6 Protocol

December 14, 2010 Leave a comment

* The PDF version of this paper can be downloaded here.

Abstract

Internet Protocol version 6 has been available for nearly a decade, but many entities in the private sector have been hesitant to adopt this new technology. With the decreasing number of IPv4 addresses, however, the switch to the newer protocol will soon become a necessity. Luckily, IPv6 offers several features that not only improve performance and security, but also allow for a gradual transition from one protocol to the other. It is essential however, that Administrators and other support staff become familiar with the new protocol before adopting it within their network. Several advantages and dangers of this protocol are highlighted, in order for the reader to become more familiar with the variety of risks and advantages associated with its implementation. By providing IT staff with training, and developing a plan for the gradual migration to the new protocol, organizations can make this transition smoothly and without disruption.

Why Use IPv6?

IPv4 Available Address Space

Figure 1: ARIN, Percentage of available IPv4 addresses as of September 2010.

In response to the inevitable departure from IPv4, the latest Internet Protocol (IPv6), has been available in most major operating systems

and network devices for nearly a decade. Its design includes features that resolve many of our modern-day networking concerns without relying on stopgap technologies, such as Network Address Translation (NAT) and Private Network Addressing. The United States Federal Government has even gone so far as to issue a string of deadlines going from 200

8 to 2014 in an effort to migrate both their internal clients and external servers to the new protocol (Marsan, 2010b). Despite various technological advantages for migrating to the new protocol, a large  percentage of the private sector have displayed a reluctance to venture into the unfamiliar IPv6 waters. As time  passes, however, it will become increasingly advantageous for these companies to invest the time and training to safely and effectively implement this new technology on their networks. For these corporations and their clients, the incentives for transitioning to IPv6 include: increased address space, the ability to gradually migrate from IPv4, and the native incorporation of the IPSec Protocol Suite.

The Numbers Behind Version 6

Perhaps the most well known advantage to IPv6 is the increased number of addresses available for use. In IPv4, network addresses are 32 bits long, which results in 232 (approximately 4.3 billion) unique addresses to be used around the world. Despite the adoption of stopgap technologies like NAT routing, the increasing popularity of PCs and mobile network devices have resulted in these addresses to be depleted at an alarming rate. According to the American Registry for International Numbers (ARIN), 94.5% of all IPv4 addresses have been assigned as of September 3, 2010 (See Figure 1). Furthermore, it has been projected that the remaining 5.5% will be assigned as early as the end of this year (Marsan, 2010a). IPv6 on the other hand, uses an address of 128 bits (approximately 3.4×10^38), resulting in an address space sufficiently large to handle future networking needs for years to come.

Making the Transition Easy

Most businesses today have a significant amount of money and time invested in their IPv4 networks. Normally, it would be impossible for most to switch their entire network over to a new protocol without devoting massive amounts of resources to the project. Such a financial burden would be both detrimental to the business, and ultimately hamper the success of the new protocol in general. In order to avoid this situation, the designers of IPv6 were careful to implement several features that allow both IPv4 and IPv6 networks to interact with each other. Such changes allow organizations to gradually transition from one protocol to the other without incurring a large financial burden. This is accomplished through the use of IPv4 tunnels and running both IPv4 and IPv6 in tandem on a host.

In order to route IPv6 traffic across IPv4 networks, IPv6 utilizes what is known as an “IPv6-over-IPv4 Tunnel.” In this situation, an IPv6-enabled host will package a datagram in accordance with the specifications of the protocol and send it over the network. When the packet reaches a router connecting an IPv6 network to an IPv4 network, the entire packet is encapsulated in the data section of an IPv4 packet and forwarded along to the next stop. Finally, when another IPv6 network is reached, the IPv4 header is removed and the packet is sent to its final destination (Miller, 1998). If additional security is desired through the use of a VPN, the entire VPN package is packaged as shown in Figure 2. This ensures that at any stop of its journey, the packet will have the correct header for the network segment it is on.

IPv6-Over-IPv4 Tunneling Packet

Figure 2: Diagram of an IPv6 packet being tunneled through an IPv4 VPN.

While tunneling is used to ensure a packet can travel successfully from one part of a network to another, it is also important that all hosts are able to understand both IPv6 and IPv4 packets in order to communicate with each other. In response to this need, most modern-day operating systems configure IPv4 and IPv6 to run in “dual-stack mode” by default (Hogg, 2009). This allows for transparent communication between two hosts without user interaction, despite the IP version being used. From the view point of Network and Systems Administrators, this is a very convenient feature. Such a configuration does bring about security implications that will be discussed in the next section of this paper.

Security from the Start

One of the greatest advantages from the standpoint of security is the protection provided in IPv6 by the IPsec Protocol Suite. IPsec provides both authentication and confidentiality to IP communications through the combined use of an Authentication Header (which depends on SHA-1, MD5, or AES-XCBC hashing algorithm, combined with HMAC for added security), and an Encapsulating Security Payload (which uses AES, DES, or TrippleDES combined with CBC to encrypt the packet, see Figure 3 for more details) (Network Working Group, 2007b). Because IPsec works on the network layer, the protection it provides occurs transparently. This helps to remove some of the burden of securing IP connections from the user (Panko, 2004). While IPsec is also available for IPv4, it requires extra configuration to setup and use, whereas in IPv6 it is built directly into the protocol.

CBC Encryption

Figure 3: Wikipedia, Top: CBC encryption mode is performed by using an XOR on an IV and the planetext message. Each subsequent message is XORed with the previous encrypted packet. This not only ensures that each packet is unique and secure secure, but also that each packet depends on all subsequent packets to be able to decrypt the data. Bottom: Decryption occurs much the same way as encryption, but instead of the planetext, the cyphertext is used in the XOR to decrypt each packet.

Read more…