Sunday, September 30, 2012

Types of Cloud Computing 

There are three relevant types of clouds: Private (internal or vendor hosted), Public (external), and Hybrid (mixed). Each cloud infrastructure has unique characteristics that can meet business objectives.

  • Private: Private cloud (also called internal cloud or corporate cloud) is a computing architecture that provides hosted services to a limited number of people behind a security validation. For this higher security, most private computing is hosted from within the organizations. Hence, the organizations themselves have to “buy, build, and manage them" and thereby is not accepted by many as an actual cloud computing and subsequently do not even reap benefits from the major advantages of Cloud Computing.
  • Public: A public cloud is actually the known version of Cloud and is based on the original cloud computing model. Here the service provider manages the resources including the applications and data storage and makes it available to the general public over the Internet. Generally the Public cloud service providers operate on a pay-per-usage model but some also provide free services till a certain limit to attract more users.
  • Hybrid: Hybrid cloud as the name suggests is a composition of two or more clouds generally private and public. The individual cloud models remain independent entities but function together, thereby, offering the benefits of multiple deployment models. It sometimes is used in the reference of a platform where multiple cloud systems are connected and which offers the flexibility to move programs and data easily from one deployment system to another.

Saturday, September 29, 2012

Content Filter - URL Filtering

Content Filter

A content filter is a piece of hardware or software that acts a shield between the Internet and a user's computer, blocking access from potentially objectionable or offensive material. A Content Filter helps decide which content is acceptable for viewing and access through a given system. Software that controls content, which is also known as web filtering programs or censorware, is a term used for applications created and developed for managing what information or media is allowed to be seen by the end user (specifically content from the Internet). In addition, content filters generally let you block any Web pages or search results that contain single or multiple instances of user-specified keywords.

URL Filtering

URL filtering section can be used to block access to URLs based on their host name and / or file path. If the URL is denied, an error page template is sent to the web browser.URL filter can not only be used to block access to specific websites, but it can also be used to very effectively and granularly block specific objects like banners and advertisement, search engine queries, URLs containing specific words like 'sex' or 'mail', and access to IMs and Chats like Yahoo Messenger, Google Talk, Rediff Bol, etc.

Friday, September 28, 2012

Nmap Network Discovery and Mapping

Nmap is one of the most useful network discovery tools that we will ever use. Nmap allows you to explore networks of any size to determine the following information Port details, Host details, State, Service, Devices, Addresses, and much more. Nmap is one of those applications that we need to open anytime to see issues on the network, need to get information about hosts, track down an IP address, etc. Nmap is flexible, powerful, deployed all over the world. It is one among the top 10 programs. It is easy to use, well documented, cross platform and free. Nmap is one of the command line tool, but the same features also available in another front end tool Zenmap. To install Zenmap, we need to install Nmap along with it.


Download the Nmap-6.01-setup (24.9 MB) file into the computer.
·         Double click à Click I agree
·         Click Next à Click Install 
·         Click Next à Click Next àClick Finish

·         Find a target IP Address {ie:} à Enter the input Text Box that says Target
·         From the Drop-down box to the Right that says Profile à Select Intense scan
·         Press  à Scan button to begin scanning your target, Wait for Zenmap to scan our target's IP
·         Nmap Output tab à Shows the progress of the scanning with detailed information about the scan
·         Ports / Hosts tab à List the Open Ports and it'll tell that which port is open and which Port is closed and since we picked Intense scan it will show the TCP and UDP ports.
·         Topology tab à Shows 3D/2D Graphic viewer of the route from the router to the targets and it will show the hops along the way and our target that we traced. If we press Fisheye and Controls buttons we will have more options to see the graphic image to show more details.
·         Host Details tab à Show the information about the host target OS detection, Mac address, and our target computer whether if their computer is active or inactive.

Thursday, September 27, 2012

Microsoft Baseline Security Analyzer(MBSA)

Microsoft Baseline Security Analyzer is a very useful tool designed for the IT professionals.  It will show Microsoft security recommendations and offers specific remediation guidance. 


Download the MBSASetup-x86-EN (1588kb) file to your computer
Ø  Double click the Fileà Click Run
Ø  Click Next àSelect I Accept the licence agreement
Ø  Click Next à Click Next
Ø  Click Install à Click O.K


a)       Scan a computer:
Check a computer using its name or IP address, this scan using for home or personal computers.
Ø  Click à Scan a Computer; then you will enter IP address or Computer name
Ø  Click à Start Scan, it will check online Microsoft Security Updates, and then your system scan will start

b)       Scan multiple computers:
Check multiple computers using a domain name or a range of IP addresses, this scan using for network environment.
Ø  Click à Scan multiple computers, then you will enter Domain name or IP address range
Ø  Click à Start Scan, it will check online Microsoft Security Updates, and then your system scan will start

Both scans detailed report will show Security Update, Administrative Vulnerabilities, Additional System Information, Internet Information Services, SQL Server, Desktop Application results.

Download Link:

Tuesday, September 25, 2012

Types of DMZ Architecture


A Demilitarized Zone (DMZ) is a network segment that is separated from other networks. Many organizations use them to separate their Local Area Networks (LAN) from the Internet. This puts additional security between their corporate network and the public Internet. It can also be used to separate one particular machine from the rest of a network, moving it outside of the protection of a firewall.


In a computer network, the hosts most vulnerable to attack are those that provide services to users outside of the local area network, such as e-mail, web and Domain Name System (DNS) servers. Because of the increased potential of these hosts being compromised, they are placed into their own sub-network in order to protect the rest of the network if an intruder were to succeed in attacking any of them.

Hosts in the DMZ have limited connectivity to specific hosts in the internal network, although communication with other hosts in the DMZ and to the external network is allowed. This allows hosts in the DMZ to provide services to both the internal and external network, while an intervening firewall controls the traffic between the DMZ servers and the internal network clients.

Types of Architectures

Two of the most basic methods are with a single firewall, also known as the three legged model, and with dual firewalls.

Single firewall

A single firewall with at least 3 network interfaces can be used to create a network architecture containing a DMZ. The external network is formed from the ISP to the firewall on the first network interface, the internal network is formed from the second network interface, and the DMZ is formed from the third network interface. The firewall becomes a single point of failure for the network and must be able to handle all of the traffic going to the DMZ as well as the internal network.

Dual firewall

A more secure approach is to use two firewalls to create a DMZ. The first firewall also called the "front-end" firewall must be configured to allow traffic destined to the DMZ only. The second firewall also called "back-end" firewall allows only traffic from the DMZ to the internal network. This setup is considered more secure since two devices would need to be compromised. This architecture is, of course, more costly. The practice of using different firewalls from different vendors is sometimes described as a component of a "defense in depth" security strategy.

Types of firewalls and their functions


A firewall can either be software based or hardware based and is used to help keep a network secure. A system designed to prevent unauthorized access to or from a private network. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. Its primary objective is to control the incoming and outgoing network traffic by analyzing the data packets and determining whether it should be allowed through or not, based on a predetermined rule set. A network's firewall builds a bridge between an internal network that is assumed to be secure and trusted, and another network, usually an external network, such as the Internet, that is not assumed to be secure and trusted.

Types of Firewalls

Personal firewalls are designed to protect a single host from unauthorised access. They can take the form of software or hardware.

Network firewalls protect the whole network from unauthorised access. They can be a dedicated appliance (hardware) which is installed on the system or a software application or an integration of the two.

Software firewall applications are installed on top of the operating system and can be configured for more than one purpose including spam filter and DNS server. Examples of personal software firewalls include ZoneAlarm and Comodo; network capable software firewalls include Linus IPTables and Checkpoint NG.

Hardware Firewalls are dedicated appliances that physically sit between two networks; for example, the internet and the organisation's network. An example of a dedicated appliance could be the CISCO PIX or a Netgear router (for SO/HO).

Packet Filtering Firewall analyse network traffic at the transport layer. It will look at each packet entering or leaving the network and accepts or rejects it based on user defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing.

Packet filters typically enable you to permit or deny the data flow based on the following controls:
  • Source of the packet (IP address)
  • Destination of the packet (IP address)
  • Type of transport layer (TCP, UDP)
  • Transport layer source port
  • Transport layer destination port

Circuit Level Gateway operate at the session layer of the OSI model examining each connection to ensure that it follows a legitimate 'handshake' for the transport layer protocol being used (usually TCP). This is depends on TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.

Application Level Firewalls or Proxy Firewalls work at the application layer of the OSI model by forcing both sides of communication through the proxy. It applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can impose performance degradation. The proxy servers are effectively hides the true network addresses.

Network Address Translation is a functionality to hide the true address of protected hosts. Originally, the NAT function was developed to address the limited number of IPv4 routable addresses that could be used or assigned to companies or individuals as well as reduce both the amount and therefore cost of obtaining enough public addresses for every computer in an organization. Hiding the addresses of protected devices has become an increasingly important defence against network reconnaissance.

Stateful Inspection occurs when certain key parts of packets are compared to a database of trusted information.

Monday, September 24, 2012


GFI SandBox is an automated malware analysis tool which allows the analysis of virtually any Windows application or file including infected Office documents, PDFs, malicious URLs, Flash ads and custom applications.

  • Click à Submit your malware sample for a free analysis, it will redirect to 
  • Click à File Chosen button upload your sample malware, Enter your email ID, then confirm your email ID, and enter the captcha
  • Click à Accept and submit my file.

The detail PDF report contains an executive-level summary, including network activity and screenshots also sent you by email.

Link: (formerly CWSandbox)

Sunday, September 23, 2012

Cloud computing and types of services

Cloud computing defined as dynamically scalable shared resources accessed over a network. Cloud computing security sometimes referred to simply as "cloud security" is an evolving sub domain of computer security, network security, and more broadly information security. It refers to a broad set of policies, technologies, and controls deployed to protect data, applications, and the associated infrastructure of cloud computing. Cloud computing services such as Amazon EC2 and Windows Azure are becoming more and more popular but it seems many people are still unclear as to what exactly the buzzword “Cloud computing” actually means.  In its simplest form, the principle of Cloud computing is the provision of computing resources via a network.

There is a critical need to securely store, manage, share and analyze massive amounts of complex data. Because of the critical nature of the applications, it is important that clouds be secure. The major security challenge with clouds is that the owner of the data may not have control of where the data is placed. This is because if one wants to exploit the benefits of using cloud computing. Therefore, we need to safeguard the data in the midst of untrusted processes. Cloud Computing Security Issues depend on the type of Cloud Computing used. The framework for Cloud Computing Security is the same. The concept of cloud computing represents a shift in thought, in that end users need not know the details of a specific technology. Clouds allow users to pay for whatever resources they use, allowing users to increase or decrease the amount of resources requested as needed. Cloud servers can be used to motivate the initiation of a business and ease its financial burden in terms of Capital Expenditure and Operational Expenditure.


Cloud services are usually divided in the three main types, Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS).

Software as a Service (SaaS)

Software as a service (SaaS) includes a complete software offering on the cloud. Users can access a software application hosted by the cloud vendor on pay-per-use basis. The applications are typically offered to the clients via the Internet and are managed completely by the Cloud provider. That means that the administration of these services such as updating and patching are in the provider’s responsibility. This is a well established sector. One big benefit of SaaS is that all clients are running the same software version and new functionality can be easily integrated by the provider and is therefore available to all clients. The pioneer in this field has been offering in the online Customer Relationship Management (CRM) space. Other examples are online email providers like Google, Gmail, Microsoft’s hotmail, Google docs and Microsoft’s online version of office called BPOS (Business Productivity Online Standard Suite).

Platform-as-a-Service (PaaS)

Platform as a Service (PaaS) involves offering a development platform on the cloud. It’s more popular and mostly utilized by the developer community and was likely started with the introduction and popularity of Linux open source code. This cloud computing model provides a platform for developers to code, test and experiment new software without the complexity of setting up and maintaining test, development and production servers. Platforms provided by different vendors are typically not compatible. Typical players in PaaS are Google’s Application Engine, Microsoft’s Azure, and

Infrastructure-as-a-Service (IaaS)

This is hardware related services using the principles of cloud computing. It delivers hardware resources such as CPU, disk space or network components as a service. These resources are usually delivered as a virtualization platform by the Cloud provider and can be accessed across the Internet by the client. Leading vendors that provide Infrastructure as a service are Amazon EC2, Amazon S3, Rackspace Cloud Servers and Flexiscale.

Figure. Cloud Services

The above classification is well accepted in the industry. David Linthicum describes a more granular classification on the basis of service provided. These are listed below:
  • Storage-as-a-service
  • Database-as-a-service
  • Information-as-a-service
  • Process-as-a-service
  • Application-as-a-service
  • Platform-as-a-service
  • Integration-as-a-service
  • Security-as-a-service
  • Management/Governance-as-a-service
  • Testing-as-a-service
  • Infrastructure-as-a-service

Saturday, September 22, 2012

Portable Network Monitor : Look@LAN

Look@LAN is a Portable application that allows a user to monitor which clients are connected to a local network. Look@LAN will display the IP addresses of any computer attached to your local network and will determine if the machines are online or offline and can display if the computer is using a Windows operating system or not. You can limit scan ranges based on IP address, network adapter, or port types. Plus the utility ships with ping, traceroute, and a tree-based network viewer already built in.

Friday, September 21, 2012

URL Shorteners 

URL shortening services allow users to transform long links into shortened, abbreviated URLs, which act the same as the original URL, but have far fewer characters. For example, if I wanted to shorten one of our recent blog posts using

I would enter the original URL,

and using their service, I could shorten the link with just one click to:

By shortening a URL to 18 or 19 characters instead of 100+, users are provided with a more manageable, cleaner and easier to recall URL. Additionally, a shortened link cuts down on the number of characters a user has to copy and paste into an email or tweet, as well as preventing error when copying over characters from an excessively long URL.

Some URL shortening services, like and TinyURL, allow users to create custom URLs. Custom-built links are more readable and memorable, and can help you to establish your brand in a recognizable, shortened format.

Tracking shortening services such as and offer users insight into their shortened URLs, such as click rates, visitor profiles, referring sites and real-time traffic overviews.

Here’s a list of some of the most popular URL shortening services

  2. TinyURL

Thursday, September 20, 2012

How Metasearch engines work

What is a search engine?

To understand what a meta search engine is, first you have to understand how a search engine works. The search engine visits billions of websites and creates a database or repository of sorts of the various sites. This is known as the index. Then whenever a user enters the search query, something magical happens and the pages that are deemed relevant to what you asked for are returned.

What is a metasearch engine?

Meta search engines are search engine tools that pass queries on to many other search engines and/or directories and then summarize all the results in one handy interface. (Example: A meta search engine is a search engine that uses more than one search engine to find what you're looking for).

How metasearch engine work?

Meta search engines don’t have a repository or index of their own; they take advantage of indices created by other search engines. In fact they present this as their strong point. A typical meta search engine pulls off the results from a number of search engines, say Google, Bing, and Ask, and then apply their own algorithms in some cases to re-order the results.

There are probably hundreds of them out there, some of the prominent ones are: Dogpile, Mamma and Kartoo.

Wednesday, September 19, 2012

Online Image Steganography Tool

Steganography is about hiding a message so that no one can tell it's there. For users, that means hiding files inside other files. There are many Steganography tools around to help that you can use to hide your files transparently. But here we will discuss about the online tool. 


Click Photo Choose File à Select a JPG file

Click Hide File Choose File à Select a hide file (e.g: notepad or similar text editor)

Click à Start


Click Photo Choose File à Select “encrypt Steganography image”

Click à Start (Here you can find hide file)

Tuesday, September 18, 2012

HTTrack Website Copier

This is an open source Web-based offline browser utility. It lets you download Web sites to local directories, building recursively all directories, getting HTML, images, and other files from the server to your computer. HTTrack arranges the original site's relative link structure. Simply open a page of the "mirrored" Web site in your browser, and you can browse the site from link-to-link, as if you were viewing it online. The program can also update an existing mirrored site, and resume interrupted downloads. It is fully configurable, and has an integrated help system.

Click Next à Select the Project Name (For example: abc) àClick Next

Select Default action à Download Web Sites à Click Add URL ( à Click Next

Click à Finish.

Then you will check the base path, default location (C:\My Web sites). See a copy of an entire website (mirroring).