SPAMBUSTER Part 3 of 3: Web Site Betrayal
SPAMBUSTER Part 2 of 3: Botnets, Blacklists, and Berries.
In part one of SPAMBUSTER we covered what is commonly referred to as address spoofing.
Today we are venturing into darker territory; one of Theft, Spies, and Zombies. I’ll be honest; the total Geek in me really wants to run with this Zombie theme, but I’ll try to keep it toned down.
It’s easy to think that e-mail fraud only amounts to bad links and phony deals regarding pharmaceuticals, but in all actuality SPAM is much more like a gateway to Cyber-Crime. Let’s put it this way, with anonymity a spammer can use false trust via misrepresentation to harvest, exploit or steal sensitive information and digital resources. (more…)
SPAMBUSTER Part 1 of 3: How do spammers send from my e-mail address?
Spammers are crafty folks and they are good at taking advantage of protocols that were invented when the Internet was less like a wilderness and more like a suburban neighborhood.
As a result, spammers can relatively easily disguise themselves with a particular e-mail address simply because the server protocol used to send e-mail works under the assumption of trust and kindness. So, in many cases any spammer with an understanding of how SMTP (Simple Mail Transfer Protocol) works can represent themselves as any e-mail, including your own.
SMTP is like a small neighborhood where doors don’t get locked, and as a result, anyone can come in and represent themselves as the owner of that house. These miss-representations are referred to as address spoofing exploits and are often used to make an e-mail seem trustworthy enough for you to reply with information they can use to exploit you. The overall technique is often referred to as e-mail phishing and has become a very popular method for exploitation.
However it’s not all bad news.
Here is the thing about SMTP… It is an Internet standard and changing it becomes very difficult. So the modern SPAM fighters of the world have taken to making SMTP armor or – if I’m sticking with my house analogy – door locks and peepholes. Typically this armor is referred to as a SPAM filter or an e-mail security solution. If you are not using one of these solutions, your first step would be to get one.
Cue Superman theme music…
These things are able to reference Internet blacklists for known spammers, filter e-mails that contain viruses, and detect forged (spoofed) e-mails like described above. Oh, and they can leap buildings and stop speeding locomotives.
Having said that, every solution out there has its kryptonite and there is not one 100% fool-proof method for stopping spammers. So along with a filtering solution like the above, here are some things you or your systems administrator can do to help the SPAM fighters of the world keep the e-mail interwebs clear of junk.
1. Make sure your e-mail administrator is publishing an accurate SPF (Sender Policy Framework) record for each domain you own or manage.
- This is an e-mail validation system designed to prevent e-mail SPAM by addressing address spoofing.
- It allows e-mail administrator to specify which SMTP servers are allowed to represent themselves as coming from your domain.
2. Look into implementing DKIM (DomainKeys). This might be a bit tricky depending where your e-mail is hosted, but like I always say – it’s better to ask the question.
- DKIM attaches a digitally encrypted key to each e-mail header. This allows the receiving e-mail server to query the sending server with the encrypted key. If the key is a match then the rest of the e-mail is allowed through.
Stay tuned as our next installment of SPAMBUSTER will discuss botnets and how they can turn you into a spammer without you ever knowing it.
Luis is the Products Manager for Research & Development at High Touch, Inc. He carries Microsoft, SonicWALL, Six Sigma, APICS, Unix/Linux expertise and certifications. For more tech advice and reviews you can follow Luis on Twitter using @rodlui1 or look him up on LinkedIn.
Is Your Network Armed or Dangerous?
I’ve been asked many times, “How do we secure our computer network?” My response is always, “At every level of communication and in all directions.” I hate answering in broad terms but every network is different. When addressing network security we must be able to understand the communication flow in all directions.
For reasons of simplicity, let’s consider a secure family home. At the perimeter of a home there might be a privacy fence. The fence was installed to keep out threats and keep in children and/or animals. Within the fence is the garage door, exterior doors and windows locked from outside threats with locking mechanisms that also keeps children from straying outside. The home may have a security system that monitors those same doors and windows from outside and inside threats. The interior of this home may be completely baby-proofed with cabinet, drawer or appliance locks, electrical covers, and baby gates for the stairs. We could argue that this is a paranoid family but they have addressed security at every level and in all directions.
At High Touch we use the same principles when addressing network security.
Computer networks are most vulnerable to the Internet. It’s at this level where a business class device should be in place to protect your computers from Internet threats and computers from straying to the Internet on unwanted or dangerous web sites. This device should be able to facilitate and protect remote communications from entering your network. Finally, this device must be able to provide some kind of reporting that would alert administrators of dangers.
Personal computers must have anti-virus, anti-spyware and anti-malware software that is effective and current. Free anti-virus programs may have the right price but are often not effective. Again, threats come in all directions so ensure your anti-virus software scans input devices like DVD(s) and external USB drives.
Wireless communication should be treated as a convenience and never intended for production. Wireless networks are especially vulnerable because they are easy to connect to and hard to secure. If you are intent on using wireless, find a business class device to segregate the traffic and ensure that you are using a wireless encryption that has been compromised already. Please remember it is against Federal Law to connect to someone else’s wireless network without permission.
E-mail security is an absolute must! There are 3 trillion more SPAM messages each day worldwide than there was a year ago. Many SPAM messages contain threats whose intent are to steal information from you for the purpose of taking your money. Gone are the days of, “I just won’t open those e-mails!” Many SPAM e-mails are made to look exactly like the ones you are expecting and it’s easy to get fooled and infected. Good E-mail Security Servers stop these e-mails and threats from reaching your inbox so you don’t have to deal with them!
When considering network security find a trusted and proven provider. Ensure that their products and services are up to par by speaking with their existing client base. If they want your business, they will let you speak to their clients.
Windows Server 2008: One Year Later
It’s been over a year since the release of Windows Server 2008 and the buzz continues. Windows Server 2008 is the most substantial upgrade to the Windows Server product line since the Server 2000 days. Windows Server 2008 was in development an achingly long time, and some of its many features were originally slated for its predecessors, Windows Server 2003 and Windows Server 2003 R2, much like Windows Vista. Unlike Vista, however, this lengthy schedule hasn’t proven problematic. As a matter of fact, it’s arguably worked to the product’s advantage. Windows Server 2008 is a mature and stable operating system that will without doubt be the platform for servers of all kinds for many years.
Like all server versions since Windows Server 2000, Windows Server 2008 utilizes an evolved version of the Active Directory (AD) infrastructure, however, many of the features of this new OS are radical and revolutionary. Key among these major advances are Server Core, which provides a lightweight version of the server aimed at specific workloads, and Hyper-V, Microsoft’s hypervisor-based virtualization technology.
Windows Server 2008 is feature-rich upgrade with numerous functional advantages over its predecessors. Here are some the changes in this release that I feel will have the biggest customer impact. While previous versions of Windows Server featured separate management consoles for all of the various roles and features in the OS and, in Windows Server 2003, a simple Manage Your Server dashboard, Windows Server 2008 provides the new Server Manager. This is a one-stop shop for daily management needs and is the only tool that many Windows administrators will need to use on a regular basis.
What makes Server Manager even more useful is that each section of the console’s UI gets its own dedicated home page, each of which includes information pertinent to the role or feature at hand, along with links to fix problems, get more information, and access other tools. It’s a thoughtful, well-designed application, both logical and useful.
As previously stated, one amazing feature of Windows Server 2008 is Server Core. Most of the Windows Server 2008 product editions can be installed in two modes, the traditional GUI-based server and a lightweight new command line-based environment called Server Core. In the Server Core mode, Microsoft has stripped out virtually all the GUI, the only user interface you’ll see in Server Core is a single command line window floating over an empty blue backdrop. Many will ask what is the purpose of having Server Core? Server Core is designed to reduce the attack surface of the server to be as small as possible. As such, a Server Core install is also more limited than that of a standard Windows Server 2008 installation. It supports just nine roles, including AD, AD LDS, DHCP, DNS, File, Print, Virtualization (Hyper-V), Web Server, and WMS, compared to 18 roles in the full server.
Read-Only Domain Controller (RODC) is new functionality that allows administrators to optionally configure the AD database as read-only, where only locally cached user passwords are stored on the machine and AD replication is unidirectional, rather than bidirectional. Once again, what purpose does this hold? With so many organizations in today’s age that are installing servers in branch offices and other remote locations, these servers often connect back to the home office using slow or unreliable WAN links. That makes AD replication–and even authentication–an arduous and lengthy process. After placing the server in the remote location, only the user names and passwords of users who hit the server locally are cached on that server.
RODC is an excellent solution for physically insecure remote servers. If you combine RODC with other new Windows Server 2008 technologies like BitLocker and Server Core, you can configure the most secure remote server possible. That way, even hackers who gain physical control of the server can’t take over your network. And removing the stolen RODC from your Active Directory is as simple as checking a switch. The great thing from a global standpoint is that only those users who logged on to that machine will need to change their passwords, not the entire organization.
A few improved features that greatly enhance this version of Windows Server are the Web Server and Terminal Services. Previous versions of Windows Server included these features, but the improvements are worth note. The Web Server is now driven completely by Internet Information Services 7. Like the server itself, IIS 7 is completely componentized so that only those components needed for the desired configuration are installed, keeping the server and its processes at a reasonable and manageable level. Terminal Services (TS) sees some major changes in Windows Server 2008. The new TS RemoteApp functionality allows admininistrators to remotely deploy individual applications to desktops, instead of entire PC environments, which can be confusing to users. These applications download and run on user desktops and, aside from the initial logon dialog box, function and look almost exactly as they would were they installed locally. The other notable changes in TS are that it includes TS Easy Print, which makes it easy to print to local printers from remote sessions, 32-bit color support in TS sessions, and seamless copy and paste operations between the host OS and remote sessions.
For the first time, Windows Server ships with a firewall that is enabled by default. The new Windows Firewall is bidirectional and works seamlessly with all of the roles and features you can configure in Windows Server 2008. This is a major change, and one that could hamper compatibility with third party products, so testing will be crucial.
One of the most important and future-looking technologies in Windows Server 2008 is Hyper-V. Hyper-V is a hypervisor-based virtualization platform that brings various performance advantages when compared to application-level virtualization platforms like Virtual Server. Compared to market leader VMWare, Microsoft’s offering is immature and unproven, but its gaining ground fast.
This only touches the surface of the new functionality in Windows Server 2008, highlighting but a subset of the improvements Microsoft has unleashed with this version. Windows Server 2008 enables so much new functionality, and comes with so many changes, that you will need to dedicate some time to understanding how these changes will benefit your own requirements and needs. Windows Server 2008 is a solid and impressive upgrade that should meet the needs of virtually any business customer. I see no serious downsides to this product at all.
What the heck is Managed Services??!!
What the heck is Managed Services??!! No one has ever asked me this but I can tell by the look on their face when I say it this is what they are thinking and just don’t want to ask. All too often those in a particular industry will have a name or a description for something that they think everyone knows when they really don’t. This is just that situation.
So, what is Managed Services? You can look it up in Wikipedia and get a pretty good idea but let me give you my definition.
Managed Services are everywhere. Your car dealer does it by providing scheduled oil changes for free or a reduced rate and lawn care companies do it by spraying your lawn for weeds monthly for a fixed rate. The commonality in these two examples is the proactive nature of the services. The dealer will change your oil to ensure the longevity of your vehicle. The lawn care service is spraying to reduce the instances of weeds in your yard.
Now let’s tie it back to what I know, Information Technology (IT). Wikipedia tells us that Managed Services is about proactively providing a set of services and billing a fixed monthly fee. I agree, but it’s more than that. A Managed Services provider should feel a responsibility to be a strategic partner with the client for any and all of their IT needs. Sure it’s great that you can expect a set monthly fee that will allow you to budget for your IT needs but any IT company can come in and tell you what’s wrong with your infrastructure, fix it and proactively monitor it. Can they develop a relationship with you, understand your business needs, and design a solution around what will make your business and/or employees more productive? You want to trust that your provider has your best interest at heart. You have the right and your business deserves this.
So, when you hear Managed Services provider don’t think only of “proactive monitoring of your infrastructure for a set monthly fee”. Think of honest, strategic, trust, expert and partnership.
Goodbye XP, Hello Windows 7, and Asta-la-Vista Baby!
As you probably gathered from my title, I am not a big fan of Windows Vista. Since I have been a certified Microsoft Systems Engineer, I have seen everything that Microsoft had to dish out in my generation; Generation X that is. DOS was a little before my time but I did have the privilege to work on everything from Windows for Workgroups to the current Windows 7. Since I was primarily a Windows 9x baby and still scratching my head over MS Millennium edition, XP was a natural transition for me. Why you say? Because I could make it look and feel like a Windows 9x OS (operating system).
What Microsoft has forgotten is that the public has short memories and even shorter patience. Those who remember the days of upgrading to XP – regardless whether it was an NT or 9x system – remember there were some painful hurdles even then. Hardware, software and driver compatibility problems plagued the XP “eXPerience” when that operating system first hit the shelves, but the industry was quick to react. Yes, I said shelves, those were the days when you actually had to go to the store and buy most things.
My first experience with Vista was extremely painful. Since I considered myself to be a master of Microsoft’s operating systems, my first installation and configuration of the Vista OS left me feeling like a school kid again. The failure of Vista boils down to basic psychology, people and computer nerds like myself who enjoy and revel in the feeling of being masters and not school kids. When you stare at the control panel for 10 minutes, looking for the Add and Remove Programs menu, you know this OS is not going to be successful or accepted by the general public; regardless how much money Microsoft throws at those TV commercials or other marketing campaigns. If you have to sell the public due to negative public feedback and the resistance of most companies, it is time to go to the drawing board again, thus we have Windows 7.
Windows 7 has a lot of great features and a few drawbacks. I believe it will be more successful than Vista due to some added features and a lot of eye candy. I am still a little upset that the control panel does not resemble XP, even when you select the classic view. The “Add and Remove Programs” menu is actually listed as “Programs-uninstall a program” (fig. 1) in the control panel, unless you selected to the view “All Control Panel Items” (fig.2).
figure 1
figure 2
The other main drawback, in my opinion, is the non XP upgrade feature or 32 to 64 bit upgrade feature. You would think some of the best minds at Microsoft could have figured this out, but I am sure if it could be done they would have done it. Windows 7 has a migration tool for Windows XP that works pretty good for migrating standard user documents and settings, but all software programs and undiscovered drivers will need to be re-loaded. For those of you who already went through the pain staking switch to Vista, you will experience a rather quick and seamless upgrade to Windows 7. If you have 64 bit hardware with 32 bit Vista loaded on your computer, you can only upgrade to 32 Windows 7. In order to take advantage of the full 64 bit performance of your hardware, you will need to reload the entire operating system.
One of the great improvements and features for those who like running their legacy XP applications (which did not run in compatibility mode in Windows Vista), I guarantee they will run in Windows 7 Professional and Ultimate. This feature will require the user to download and install XP Mode and Windows Virtual PC. When XP mode is selected for certain applications, a virtual XP environment actually runs the application, in a window (fig.3). You no longer have to boot and work in a virtual PC environment as you did in Windows Vista. To receive more information in reference to these features, visit http://www.microsoft.com/windows/virtual-pc/default.aspx.
XP application runs in a window
figure 3
Hardware and resource management is another vast improvement since Windows Vista. In my experience, Vista ran great on four gigabytes of RAM, pretty good on two gigabytes of RAM, and okay on one gigabyte, as long as your computer had a mutli-core processor. Windows 7 will actually runs very well on a single processor and one gigabyte of RAM. This is done by managing the background services. It is a rather simple and genius concept; if you are not using a specific service, Windows 7 will not run it. Windows 7 is really geared for the portable user in mind. When you open the lid to your notebook, XP and Vista always seemed to take a while to come out of standby or sleep mode to reinitialize your wireless access. Here is a seven-second, Windows 7 test for you. When you open the lid to your notebook, it takes approximately seven seconds to bring your computer out of sleep mode to re-initialize wireless communications. Do not take my word for it, click on the following link: http://www.microsoft.com/windows/windows-7/features/sleep-and-resume.aspx
There are many added features and benefits of Windows 7 which I urge you read about and discover.
Do not be disappointed when you first start up Windows 7 and see a lot of similar Vista’s appearances and features. It is similar in some ways but different in many. On a performance and added features scale, it is far superior than Vista, and completely blows XP out of the water. Microsoft’s marketing team had been busy with the Windows 7 release by claiming the following; “Your PC Simplified”, “Works the Way You Want”, and “Engineered by Us, Inspired by You.” The consumer will ultimately be the final judge but I definitely think Microsoft did it right this time. Thank you for almost 10 years XP, I have greatly enjoyed the eXPerience and your stable presence. To Vista; ‘Yea though I walk through the Valley of The Shadow of Death…..’
SonicWALL Unveils New TZ Series Product Line
SonicWALL has unveiled three new enhanced models from its popular SonicWALL TZ Series – the TZ100, TZ200 and TZ210.
Sonicwall TZ Models
This new line provides the perfect solution for those in the small-to-midsize business market who require the utmost performance incorporating the latest technologies, functionality with minimized complexity and cost of ownership. By including a new service – Comprehensive Anti-Spam – to it’s already impressive arsenal, SonicWALL remains true to their commitment in providing superior Unified Threat Management (UTM) protection. With that, they are now offereing unheard of UTM throughput speeds, noting the TZ100 as being 2.5X faster than the previous generation TZ models. Using advanced SonicWALL NSA technology, these can deliver throughput performance of up to 200 Mbps for Stateful Packet Inspection and up to 50 Mbps for UTM (TZ210). The TZ 210 adds high-performance dual GbE interfaces for WAN and primary LAN (independent or part of a configurable 5-port Fast Ethernet switch).
Sonicwall UTM Throughput
These models also now offer lightning fast 802.11n wireless technology to give users the ability to stay connected at speeds 5X faster than status quo 802.11g, yet still compatible with older wireless devices. Another new feature being offered on these models that hasn’t been offered in the past is SSL VPN technology, making remote access easier than ever before. In addition, the TZ Series offers an option for 3G and analog modem connectivity for use as the primary or failover connection. The functionality and ease of use has become SonicWALL’s strongpoint in selling their product line over the years. They offer a suite of wizards to make configuration and setup a breeze.
With the release of the new TZ series product line, SonicWALL has released a sophisticated line-up while revolutionizing future-proofed devices.
