In the field of technology,new inventions are there every day.Someone kept busy in coding ,someone in networking ,someone in blogging and some of them in developing softwares.

Test

Powered by Blogger.

Friday 13 April 2012

Network attacks

NETWORK ATTACKS

attacks on network

Men in middle attack
Attackers position themselves between two systems and actively participate
in the connection to gather data. The attacker may also run program which
spoofs dns reply, configured to send false DNS information so that a DNS query
for a given website will resolve to the attacker's IP address. Then the attacker will
activate a program such that it will transparently proxy all HTTP and HTTPS traffic it receives. The DNS spoof program detects DNS request for www.abc.com and redirects the client to
attacker's machine. The ARP table convinces the victim's machine that it is indeed talking
to the intended web server. The victim's browser starts to establish a secure connection.



All messages for establishing SSL connection are sent to MITM running on the attacker's machine.
Hacker's system acts as a SSL proxy, establishing two SSL connections-one from victim to the attacker's
machine and the other from attacker's machine to the actual web server. When establishing the SSL session
between the victim machine and the attacker machine, MITM program will send the attacker's own certificate. The victim's browser will notice that the certificate is not signed by a trusted Certificate Authority and show
a message to the user asking the user whether to accept this un-trusted certificate or not. The normal tendency is to accept
it, thinking it is some error message.
denial of service(DOS)
A denial of service attack (DOS) is an attack through which a person can render
a system unusable or significantly slow down the system for legitimate users by overloading
the resources, so that no one can access it. If an attacker is unable to gain access to a machine, the attacker most probably will
just crash the machine to accomplish a denial of service attack.
Posted by at No comments:
Labels:

Network Attacks

NETWORK ATTACKS
Attacks on network


Attacking a network means either defacing it to ground or accessing a data which
you should not. In a network there are mainly two types of attacks are possible.
1). Denial of Service (DOS) attack.
2). Data Stealing.
network-infrastructure attacks
Hacker attacks against network infrastructures can be easy, because many
networks can be reached from anywhere in the world via the Internet. Here are some examples of network-infrastructure attacks: Connecting into a network through a rogue modem attached to a computer behind
a firewall Exploiting weaknesses in network transport mechanisms, such as TCP/IP and NetBIOS Flooding a network with too many requests, creating a denial of service (DoS)
for legitimate requests installing a network analyzer on a network and capturing every packet that travels across it, revealing confidential information in clear text.
common network attacks

1) Sniffing Attack.
2) Man in middle attack.
3) DOS attacks.
sniffing attacks

Sniffers monitor network data. A sniffer can be a self-contained software program or a hardware device with
the appropriate software or firmware programming.
Sniffers usually act as network probes or "snoops" examining network traffic but
not intercepting or altering it. Some sniffers work only with TCP/IP packets, but the more sophisticated tools can work with many other protocols and at lower levels such as the Ethernet frame.
concept

A sniffer is a piece of software that captures the traffic on a network. They are available for
several platforms in both commercial and open-source variations. Some of simplest packages use a command line interface and dump captured data to the screen, while sophisticated ones use GUI, graph traffic statistics, track multiple sessions and offer several configuration options.
Sniffers are also the engines for other programs. Network Intrusion Detection Systems (NIDS)
use sniffers to match packets against a rule-set designed to flag anything malicious or strange. Network utilization and monitoring programs often use sniffers to gather data necessary for metrics and analysis. It is to be noted that sniffers do not intercept or alter the data it captures.
The most common way of networking computers is through Ethernet. The Ethernet protocol works by broadcasting packets to all
hosts on the network, with the packet header containing the MAC address of the machine that is meant to receive the packet. All others are supposed to ignore it. A NIC (Network Interface Card, also known as Ethernet card) that is accepting all packets, regardless of the intended machine is said to be in promiscuous mode. A sniffer is a program that sets the desired NIC into promiscuous mode.
note
A packet sniffer is known for its ability to "sniff" plain text passwords. On a normal LAN there are thousands
of packets being conversed by numerous machines every minute. Therefore, anything transmitted in plaintext, such as passwords, web pages, database queries and messaging over the network will be vulnerable to sniffing. man in the middle
Posted by at No comments:
Labels:

Database concepts

DATABASE CONCEPTS

DBMS(DATABASE MANAGEMENT SYSTEM)

DBMS contains information about a particular enterprise
Collection of interrelated data
Set of programs to access the data
An environment that is both convenient and efficient to use
Database Applications:
Banking: all transactions
Airlines: reservations, schedules
Universities: registration, grades
Sales: customers, products, purchases
Online retailers: order tracking, customized recommendations
Manufacturing: production, inventory, orders, supply chain
Human resources: employee records, salaries, tax deductions
Databases touch all aspects of our lives

Purpose of Database Systems
In the early days, database applications were built directly on top of file systems
Drawbacks of using file systems to store data:
Data redundancy and inconsistency
Multiple file formats, duplication of information in different files
Difficulty in accessing data
Need to write a new program to carry out each new task
Data isolation multiple files and formats
Integrity problems
Integrity constraints (e.g. account balance > 0) become buried in program code rather than being stated explicitly
Hard to add new constraints or change existing ones

Drawbacks of using file system
Atomicity of updates
Failures may leave database in an inconsistent state with partial updates carried out
Example: Transfer of funds from one account to another should either complete or not happen at all
Concurrent access by multiple users Concurrent accessed needed for performance
Uncontrolled concurrent accesses can lead to inconsistencies
Example: Two people reading a balance and updating it at the same time
Security problems
Hard to provide user access to some, but not all, data
Database systems offer solutions to all the above problems

Levels of Abstraction

Physical level: describes how a record (e.g., customer) is stored.

Logical level: describes data stored in database, and the relationships among the data.
type customer = record
customer_id : string; customer_name : string; customer_street : string; customer_city : string;
end; View level: application programs hide details of data types.
Views can also hide information (such as an employees salary) for security purposes.
DBMS(DATABASE MANAGEMENT SYSTEM)

An architecture for a database system
Posted by at No comments:
Labels:

configuring apache server

Configuring of Apache server
Listed below is information on how to configure the Apache web server to run PHP programs on Windows machines.
For information on installing and configuring Apache for Windows, please see the following:
Installing and Configuring Apache for Windows

1. Install PHP
PHP needs to be downloaded and installed before continuing. You can download PHP
from the PHP download page at http://www.php.net/downloads.php. Download the zip package from the "Windows Binaries" section. This guide will assume the PHP version is version 5.x.
Create a folder on your machine for PHP. For example, c:\php. Extract all
of the files from the zip file to the c:\php directory.
Copy the file called c:\php\php.ini-recommended to c:\php\php.ini
If you want to be able to see error messages from your PHP pages,
open EditRocket and open the php.ini file. Search for the line display_errors,
and make sure the value is set to On.

2. Configure Apache to run PHP as a Module
This guide assumes you are using apache 2.2. To configure Apache to run PHP
, the httpd.conf file needs to be modified. This file is located in the apache installation directory under the conf folder. Open the httpd.conf file in EditRocket and do the following:
A. Add the following line after all of the LoadModule statements:
LoadModule php5_module "c:/php/php5apache2_2.dll"
B. Search for AddType, and add the following after the last AddType line:
AddType application/x-httpd-php .php
C. Add the PHP location to the end of the httpd.conf file.
For example, at the end of the file, add the following: PHPIniDir "c:/php"

3. Restart Apache Now, the apache web server needs to be restarted.
You can do this either via the Apache service located in the services control
panel or via the Start -> All Programs -> Apache . . . -> Control Apache Server menu option. 4. Run a test PHP page You can use the EditRocket hello world PHP template
for a test PHP page. This is located in File -> New From Template ->php ->Hello_World_Program.
Save this file as test.php to your htdocs folder under your apache installation directory. Open your web browser and type in your apache host (and :port if the port is something other than 80) followed by test.php, for example http://localhost/test.php
If u are using xampp server than put all your php files in htdocs folde
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)

RSS

Categories

Followers

Blog Archive

rTechIndia

RtechIndia->technology ahead

rtech

rtechindia

RtechIndia

Go rtechindia

Go rtechindia

RtechIndia

Friday 13 April 2012

Network attacks

NETWORK ATTACKS

attacks on network

Men in middle attack
Attackers position themselves between two systems and actively participate
in the connection to gather data. The attacker may also run program which
spoofs dns reply, configured to send false DNS information so that a DNS query
for a given website will resolve to the attacker's IP address. Then the attacker will
activate a program such that it will transparently proxy all HTTP and HTTPS traffic it receives. The DNS spoof program detects DNS request for www.abc.com and redirects the client to
attacker's machine. The ARP table convinces the victim's machine that it is indeed talking
to the intended web server. The victim's browser starts to establish a secure connection.



All messages for establishing SSL connection are sent to MITM running on the attacker's machine.
Hacker's system acts as a SSL proxy, establishing two SSL connections-one from victim to the attacker's
machine and the other from attacker's machine to the actual web server. When establishing the SSL session
between the victim machine and the attacker machine, MITM program will send the attacker's own certificate. The victim's browser will notice that the certificate is not signed by a trusted Certificate Authority and show
a message to the user asking the user whether to accept this un-trusted certificate or not. The normal tendency is to accept
it, thinking it is some error message.
denial of service(DOS)
A denial of service attack (DOS) is an attack through which a person can render
a system unusable or significantly slow down the system for legitimate users by overloading
the resources, so that no one can access it. If an attacker is unable to gain access to a machine, the attacker most probably will
just crash the machine to accomplish a denial of service attack.
Posted by at 0 comments

Network Attacks

NETWORK ATTACKS
Attacks on network


Attacking a network means either defacing it to ground or accessing a data which
you should not. In a network there are mainly two types of attacks are possible.
1). Denial of Service (DOS) attack.
2). Data Stealing.
network-infrastructure attacks
Hacker attacks against network infrastructures can be easy, because many
networks can be reached from anywhere in the world via the Internet. Here are some examples of network-infrastructure attacks: Connecting into a network through a rogue modem attached to a computer behind
a firewall Exploiting weaknesses in network transport mechanisms, such as TCP/IP and NetBIOS Flooding a network with too many requests, creating a denial of service (DoS)
for legitimate requests installing a network analyzer on a network and capturing every packet that travels across it, revealing confidential information in clear text.
common network attacks

1) Sniffing Attack.
2) Man in middle attack.
3) DOS attacks.
sniffing attacks

Sniffers monitor network data. A sniffer can be a self-contained software program or a hardware device with
the appropriate software or firmware programming.
Sniffers usually act as network probes or "snoops" examining network traffic but
not intercepting or altering it. Some sniffers work only with TCP/IP packets, but the more sophisticated tools can work with many other protocols and at lower levels such as the Ethernet frame.
concept

A sniffer is a piece of software that captures the traffic on a network. They are available for
several platforms in both commercial and open-source variations. Some of simplest packages use a command line interface and dump captured data to the screen, while sophisticated ones use GUI, graph traffic statistics, track multiple sessions and offer several configuration options.
Sniffers are also the engines for other programs. Network Intrusion Detection Systems (NIDS)
use sniffers to match packets against a rule-set designed to flag anything malicious or strange. Network utilization and monitoring programs often use sniffers to gather data necessary for metrics and analysis. It is to be noted that sniffers do not intercept or alter the data it captures.
The most common way of networking computers is through Ethernet. The Ethernet protocol works by broadcasting packets to all
hosts on the network, with the packet header containing the MAC address of the machine that is meant to receive the packet. All others are supposed to ignore it. A NIC (Network Interface Card, also known as Ethernet card) that is accepting all packets, regardless of the intended machine is said to be in promiscuous mode. A sniffer is a program that sets the desired NIC into promiscuous mode.
note
A packet sniffer is known for its ability to "sniff" plain text passwords. On a normal LAN there are thousands
of packets being conversed by numerous machines every minute. Therefore, anything transmitted in plaintext, such as passwords, web pages, database queries and messaging over the network will be vulnerable to sniffing. man in the middle
Posted by at 0 comments

Database concepts

DATABASE CONCEPTS

DBMS(DATABASE MANAGEMENT SYSTEM)

DBMS contains information about a particular enterprise
Collection of interrelated data
Set of programs to access the data
An environment that is both convenient and efficient to use
Database Applications:
Banking: all transactions
Airlines: reservations, schedules
Universities: registration, grades
Sales: customers, products, purchases
Online retailers: order tracking, customized recommendations
Manufacturing: production, inventory, orders, supply chain
Human resources: employee records, salaries, tax deductions
Databases touch all aspects of our lives

Purpose of Database Systems
In the early days, database applications were built directly on top of file systems
Drawbacks of using file systems to store data:
Data redundancy and inconsistency
Multiple file formats, duplication of information in different files
Difficulty in accessing data
Need to write a new program to carry out each new task
Data isolation multiple files and formats
Integrity problems
Integrity constraints (e.g. account balance > 0) become buried in program code rather than being stated explicitly
Hard to add new constraints or change existing ones

Drawbacks of using file system
Atomicity of updates
Failures may leave database in an inconsistent state with partial updates carried out
Example: Transfer of funds from one account to another should either complete or not happen at all
Concurrent access by multiple users Concurrent accessed needed for performance
Uncontrolled concurrent accesses can lead to inconsistencies
Example: Two people reading a balance and updating it at the same time
Security problems
Hard to provide user access to some, but not all, data
Database systems offer solutions to all the above problems

Levels of Abstraction

Physical level: describes how a record (e.g., customer) is stored.

Logical level: describes data stored in database, and the relationships among the data.
type customer = record
customer_id : string; customer_name : string; customer_street : string; customer_city : string;
end; View level: application programs hide details of data types.
Views can also hide information (such as an employees salary) for security purposes.
DBMS(DATABASE MANAGEMENT SYSTEM)

An architecture for a database system
Posted by at 0 comments

configuring apache server

Configuring of Apache server
Listed below is information on how to configure the Apache web server to run PHP programs on Windows machines.
For information on installing and configuring Apache for Windows, please see the following:
Installing and Configuring Apache for Windows

1. Install PHP
PHP needs to be downloaded and installed before continuing. You can download PHP
from the PHP download page at http://www.php.net/downloads.php. Download the zip package from the "Windows Binaries" section. This guide will assume the PHP version is version 5.x.
Create a folder on your machine for PHP. For example, c:\php. Extract all
of the files from the zip file to the c:\php directory.
Copy the file called c:\php\php.ini-recommended to c:\php\php.ini
If you want to be able to see error messages from your PHP pages,
open EditRocket and open the php.ini file. Search for the line display_errors,
and make sure the value is set to On.

2. Configure Apache to run PHP as a Module
This guide assumes you are using apache 2.2. To configure Apache to run PHP
, the httpd.conf file needs to be modified. This file is located in the apache installation directory under the conf folder. Open the httpd.conf file in EditRocket and do the following:
A. Add the following line after all of the LoadModule statements:
LoadModule php5_module "c:/php/php5apache2_2.dll"
B. Search for AddType, and add the following after the last AddType line:
AddType application/x-httpd-php .php
C. Add the PHP location to the end of the httpd.conf file.
For example, at the end of the file, add the following: PHPIniDir "c:/php"

3. Restart Apache Now, the apache web server needs to be restarted.
You can do this either via the Apache service located in the services control
panel or via the Start -> All Programs -> Apache . . . -> Control Apache Server menu option. 4. Run a test PHP page You can use the EditRocket hello world PHP template
for a test PHP page. This is located in File -> New From Template ->php ->Hello_World_Program.
Save this file as test.php to your htdocs folder under your apache installation directory. Open your web browser and type in your apache host (and :port if the port is something other than 80) followed by test.php, for example http://localhost/test.php
If u are using xampp server than put all your php files in htdocs folde
Posted by at 0 comments
Subscribe to: Posts (Atom)