Apple Myth Squashed !! Mac Users Beware !!

After a long break from blogging, iv decided to post this article which piqued my curiosity, as a security awareness message for ICT users worldwide, as well as to refute a widely believed myth among PC users .

Traditionally, Apple’s Mac OS users have been able to boast of  immunity to virus infections which have constantly plagued their Windows & Linux counterparts, who form the vast majority of the World’s PC user market.

However on April 1st 2012, a new variation of an existing Flashback Trojan, titled "BackDoor.Flashback.39” was detected by a Russian based antivirus vendor “Dr Web”.  While earlier versions of Flashback were detected around September 2011, what is interesting about this particular variation is that it specifically targets Mac Operating  Systems. Essentially this implies devices such as “ Iphones & Ipads,” containing Apple’s patented IOS, may also have the potential to be infected since the two OS share similarities and may have similar vulnerabilities.

The malware, just like its previous versions, masquerades as a Flash player update from bogus websites. It uses vulnerabilities within the Java programming language (which uses Flash based software) to “allow the code to be installed without the user's permission”. Once installed, it sends a message to an external intruder's control server with a unique ID, allowing the infected machine to be “hijacked” and used as a botnet.  

This incidence gained popularity among world news vendors such as BBC, CNN, when the infection count reached more than 650,000 worldwide within the first week. Initial reports indicate that the malware appears to be targeting users mainly in “English speaking countries” such as USA, Canada, UK, & Australia. However, this does not mean that other non English speaking countries are immune.

Map of known Flashback Virus infections (Taken from Dr Web’s Site)

While no signs of malicious activity has been detected as of yet, Apple and Oracle have quickly released security updates to fix such vulnerabilities, and supplied links to removal tools.  However, this incident appears to have thrashed the widely believed myth among cyber experts and general ICT users alike, that “Apple devices can’t be infected ”.

It is currently predicted among cyber security experts, that hackers may have begun development of malicious code just like the Flashback malware, targeted towards the world’s growing Apple market of macbooks, Iphones & Ipads. 

So for all you Apple people out there, Listen up !!

You are no longer immune !! Take extra steps to protect yourself !! & Welcome to a world of evolving cyber threats !!

New Standard for Wireless Networks

The IEEE has released a new wireless standard 802.22 which commenced work in 2004. It’s supposed to utilize the unused white spaces within the TV frequency spectrum and operate in the VHF/UHF TV broadcast bands in frequencies between 54 MHz to 698 MHz.

What does this mean for wireless users ?

This standard is intended for use within Wireless Regional Area Networks (WRAN), which are designed to bring broadband internet access to remote rural areas and concentrated urban centers.

The standard is supposed to operate within 100 kms from the base station, resulting in a coverage area of approximately 31,080 square kilometers.

This is a huge breakthrough for wireless users, where the potential to access files wirelessly through the office network, while sitting in your home is possible. (Even if your home is not adjacent to your office).

More information can be found at this link : http://www.gizmag.com/ieee-80222-standard-completed/19417/ 

 

 

 

Unified Communications Protocols Part 2

Hello Everyone,

Its been a very long time since i haven’t blogged. Been too busy with office and other personal stuff.

Anyhow, as given in my previous post, this is the second part of the Unified communications protocols article. If you want to know about the basics of unified communications protocols, read the first part of this article. Otherwise, read on:

Fax Over IP (FOIP) :

As given in my previous article, unified communications is changing the face of telecommunications across the globe. In the first part, iv discussed about VOIP and its impact to society and the way we communicate with other people across the planet.

However, an equally and important concept is FOIP. With the advances in technology, it is possible to send and receive faxes securely via the Internet.  This is done by Fax Over IP or FOIP as it is commonly called FOIP has been around for ages, but in the past, it didn’t usually compare to sending a real fax, where you could easily verify that the other party has received your fax. However, the latest generation of FOIP technology combines the benefits of traditional fax with integration into Internet technology.

The concept behind FOIP is transmission of data over a packet switched network such as the Internet, rather than a circuit-switched network such as the Plain Old Telephone System (PSTN or telephone network). This method of transfer reduces the resources taken for transmission and FOIP works using a protocol which converts fax documents into images and transmits them over the VOIP network. The receiving fax device interprets the image and converts it back into an analog based fax signal.

HOW FAX OVER IP (FOIP) WORKS

Faxing over IP networks can occur by the following types of transmission. These are:

• Inband Faxing – This method involves fax tones being digitally encoded by the coder-decoder (same codec) similar to voice and transmitted along the IP network. However, the use of low bit-rate codecs and in-efficient encoding of fax/modem tones and other non speech sounds have resulted in discontinued use of this method for use in transmission of faxes over IP networks, since this was deemed to be possible only through the use of higher bit-rate codecs (G.726R32 or G.711) which resulted in higher bandwidth consumption.

• Real time IP Faxing – This method involves the transmission of fax information as IP data packets using a high level Internet protocol called T.38, from Fax server to Fax server. The principle behind Real time IP faxing is that it uses the same protocol in phone-line faxing (T.30) for conversion and interpretation of image data, but transmits this data using T.38 . The use of T.38 eliminated the need for high bandwidth consumption in sending fax data as IP packets, and also ensured faster delivery times and reliability than Inband faxing. This provided significant cost savings, since users could use their existing internet connections to transmit and receive faxes without paying anything extra.

• Store and Forward Faxing – This method is considered as an advancement over real time faxing. Store and Forward Faxing uses T.37 (another high level Internet protocol), to convert scanned fax data to tagged image file format (TIFF) and transmit the data as email attachments.  

That being said, fax transmissions over any IP network can be implemented in different combinations. These include:

 FAX capable PC to Normal Fax Machine

IP Fax machine to Normal Fax machine 

IP Fax machine to IP Fax machine

The above images were taken from http://home.howstuffworks.com/foip1.htm.

Consider the integration/use of VOIP, FOIP in your existing networks and save a lot of things, primarily bandwidth and money. 

Unified Communications Mechanisms Part 1

Unified Communications

In today's world, companies ranging from Small Office/Home Office (SOHO) to medium/big corporate possess data communication networks which involve integration of email, video conferencing, ip based telephony, and Web based systems for maximum efficiency. To streamline this process, the trend is to integrate/migrate existing analog systems towards full IP based networks. Part of this uses the following important protocols:

VOIP

Most technology users would have heard of or at least used VOIP in some way.

• But how many people really understand the concept of VOIP?
  
• How many people understand the implications of VOIP for personal and business use, as highlighted in Daadi's Blog (http://daadi.org/why-voip-should-matter-moreto-everyone?)
  

These questions and more may be answered in a relatively simpler way, as follows: 

VOIP is a revolutionary new technology which is changing the way communications take place in the world. The principle of VOIP involves converting of analog based voice signals into digital ip based traffic and transmitting it through an IP network such as the Internet. VOIP uses many different protocols, among which the industry standard and most popular is Session Initiation Protocol (SIP).  

Different types of VOIP connections are possible, using various ip based devices. They are:

• Hardware based VOIP (IP phones) – These resemble your ordinary desktop phones, with one major difference. Instead of a normal RJ-11 type telephone port, they contain an RJ-45 based Ethernet port which can be connected directly to a network device such as a switch or router. They also contain inbuilt software necessary to make IP based voice calls through a gateway router, connected to the Internet. Wi-Fi based hardware phones can also be used for a mobile experience within a designated area such as a corporate office.
  

  

  How an IP Phone Works

• Software based VOIP (Soft Phone) – In essence, this type of VOIP is most often used by people all around the world today. Except for your internet charges, you don't normally pay anything extra to make a video/audio call to that important person at the other end of the world. All you need to is the VOIP software, a headset, a microphone and an internet connection. There are two main divisions within this type of VOIP connectivity, which are:
  

1. Computer to Computer – This type involves the software being installed on computers, with all the other items such as the headset, microphone and internet connection being attached and accessed using your computer. Users can connect to each other by using login ids as the means of identification, and establishing connections between computers over the Internet. The most popular software in use today as part of this process is
   
   

   

   
   
    
2. Mobile integrated VOIP – This type involves the use of smart phones and/or Wi-Fi enabled devices which can have VOIP software installed on them. This enables users to make calls to other users using the existing mobile based GSM network, by dialing into a SIP based gateway through the VOIP software. This allows them access to the Internet via an IP based network enabling them to make free/low cost VOIP calls. In other words, users can use any existing internet connection via Wi-Fi or 3G, instead of costly "minutes" or high mobile charges on pre-paid and post-paid plans. They will be charged only the price of local calls.
   
   
   

   

   Mobile VOIP -- Skype installed on a Phone

• Analog Telephone Adapter (ATA) based VOIP – This is a device which allows your regular desktop based analog phone to be connected to your computer or internet connection for making VOIP calls. The device acts an analog-to-digital converter. Basically, it takes the analog signals generated by the phone and converts it to a digital form for transmission through your IP based network such as the Internet. This is possible through the use of inbuilt codecs which compresses an analog audio signal into digital form for transmission and backwards for replay by the receiving ATA.
  
  

  

  How an ATA works

  
  The setup process involved is fairly straightforward and most ATA's come equipped with additional software which can be accessed via a web browser for further configuration and customization.
  
  

  

  Linksys SPA3102 -- ATA

1. Remove the ATA from the box
   
2. Plug the telephone cable in the telephone box to the ATA
   
3. Plug the cable of the phone into the required port of the ATA
   
4. Connect the ATA to the ip network by means of an Ethernet cable, and you are ready to make VOIP calls

What does this mean?

VOIP is useful because any standard internet connection can be used to make free/lower cost phone calls to anywhere in the world, bypassing the phone company and its "costly" mobile/telephone charges. The impact of VOIP can be summarized as follows:

• 

  Phone bills get cut in Half !!

  It will dramatically reduce corporate phone bills by backhauling audio traffic in digitized ip format on existing Internet connections. Basically, businesses only pay internet charges while using the existing network to make free/low cost calls (audio and video) with their suppliers/business partners and other teleworkers across the globe.
  
  
  
   
• Residential users can use VOIP as a means for making free/low cost video and audio calls to their loved ones in other countries. They would only have to pay for internet charges, which at often cheaper than making overseas calls.
  
  
  

  

  Communicate with your loved ones across the Globe for Free !!

In the Maldives, based on the telecommunication rules in force by Communications Authority of Maldives (CAM), it is against the law for any business to act as a third party VOIP provider through the use of any existing IP based network of any telecommunications company such as Focus, Dhiraagu and Wataniyya.

However, as far as I know, Residential and Corporate users can incorporate VOIP into their own network for use through their existing internet connection(s).

If anyone has any contradicting information or updates regarding the laws in Maldives about VOIP use, please feel free to share this for the benefit of others.

Next: Unified Communications Part 2

Hospitality Gateways

Most corporations and/or establishments that provide paid lodgings now present High Speed Internet Access (HSIA) services for their employees and guests, including visitors.However, some of the issues faced include the following:

• How is it possible to centrally manage internet connectivity to different groups of users such as guests, senior management, employees, etc.?
• How can we provide a central internet access system where free, pre-paid, or time based access plans without exposure to the internal network?
• How can we integrate such a system of centralized internet access to our property management system (PMS) in order to generate revenue?
• How do we cater to the different Operating Systems and configurations of internet accessible devices such as laptops, PDA’s, and mobile phones?
• Is it possible to customize the system to our corporate image, and provide access plans without compromising on network security and bandwidth?
• How do we prevent a single guest from utilizing majority of the bandwidth and control user sessions?
  
  
  The most popular solution today which addresses all these issues and more is an Access Controller, otherwise known as a Hospitality Gateway. Hospitality Gateways control and manage user sessions to the Internet. In addition, they address the issue of private networks accountability for use of internal corporate IT resources such as printers.  Examples include network access for students at a college or university, Internet access for visitors in a corporate conference room or reception area, and other situations where it's desirable to grant controlled network access to visitors and guests. 
  
  
  How do they work?
  • When a user opens a browser and attempts to reach any web page hosted outside the corporate LAN, or sites not granted local access, the user machine issues a Domain Name Service (DNS) request to lookup the IP address of the specified domain required.
  • At this point, the Gateway hijacks or intercepts the request and returns the IP address of the login page stored on the gateway, which may be customized to the corporation’s look and feel.
  • The login page is displayed and the user enters their username and password. The login page which the user sees first is referred to as the captive portal (or portal page informally) since the page is the only way out to the Internet.
  • The login details are checked to determine if the user is authorized and what type of access they are granted (free, pre-paid or time based charge plan), based on the settings in the gateway.
  • The webserver built in to the gateway notifies the user on authorization results, and if successful, they are redirected to their original webpage, where they can proceed normally. If unsuccessful, the gateway will display an error message and the process has to be repeated.
  
  
  Common Features
  
  
  • Most gateways provide a feature called Walled Garden. This refers to a list of web addresses that can be reached through a gateway (since they are under the control of gateway) before the user logs in. For example, a hotel website, a local city guide site, and a weather site. A corporate Walled Garden may include access to web pages showing the current schedule, emergency information, or building maps.
  • Another popular feature provided by gateways includes Zero Configuration. Zero configuration means that any client connecting to a Gateway-powered Network can be connected without having to change any network or application settings, or require the use of any special client software or hardware. This usually occurs by means of the Dynamic Address Translation (DAT) protocol which enables transparent broadband network connectivity, covering all types of IP configurations (static IP, DHCP, DNS), regardless of the platform or the operating system used—ensuring that everyone gets access to the network without the need for changes to their computer’s configuration settings or client-side software.
  • AAA (Authentication, Authorization, and Accounting) services, and subscriber management functionality - Authentication refers to the confirmation that a user who is requesting services is a valid user of the network services requested. Authorization refers to the service whereby a particular user or network device can perform a given activity. E.g.: access certain websites such as Facebook, use 3^rd party software on the LAN, such as skype, msn, etc. Accounting refers to tracking of network resources by users and devices for the purpose of billing, trend and capacity analysis.
  • Integration with Property Management System (PMS) – Most hospitality gateways provide the option of integration to an accommodation providers PMS such as Fidelio and Micros, or its own inbuilt PMS server which provides customized billing and accounting functions.  This is useful for providing guests, employees and visitors with subscription based internet access plans, and generate revenue for the business.
  • Most gateways have easy web based management features. In addition, they usually contain R-232 ports by which administrators can gain console access, and telnet capabilities provide a means for scalable remote access over the network. Telnet access can also be granted via the Ethernet ports. 
    
    
    Some of the big names in Hospitality gateways include: 
    
    
    
    
    
     
    
    
    
    
    The InnGate issued by Antlabs is specially designed to support the needs of visitor based networks. Main features include:
    
    
    
    • Multi-portal web login wizard.
    • Configurable multi-level administration support with audit trail.
    • Account-slip printer for easy account provisioning.
    • Volume prepaid and access code authentication.
    • Anti-DoS / SPAM protection and alerts.
    • Searchable session logs.
    • Gigabit ports.
    • Multi-Tier QoS.
    • Ease of Maintenance.
    
    
    
    
    In the Maldives, Inngate(s) are used by Dhiraagu Telecom as the hospitality gateway of choice as part of their Revenue Shared Packages designed for medium to large sized businesses.
    
    

    

    Inngate

    
    
    
    
    
    
    
    
    
    
    
    The VSG1200 and the G-4100 are gateways issued by Zyxel. They provide a rich set of features including:

    

    G4100

    

    VSG1200

    
    
    • PMS integration with Micros Fidelio
    • Credit card billing
    • Email forwarding
      
      
      
      
      
      
      
      
      
      
      
      
      
      Nomadix Access Gateways are a freestanding, fully featured network appliance that enables public access service providers to offer broadband Internet connectivity to their customers. They are powered by a patented and patent-pending suite of embedded software, called the Nomadix Service Engine (NSE). Key features include:
      
      

      

      AG 2300

      • Allows for flexible WAN Connectivity (T1/E1, Cable, xDSL
      • Supports 802.11a/b/g and hybrid networks utilizing wired Ethernet
      • Allows segmenting the network into public and private sections using VLANs
      • User-friendly ways of remote management—through a Web interface, SNMP MIBs, and Telnet interfaces    
      • Zero Configuration using patented Dynamic Address Translation (DAT) algorithms
      • Supports billing plans using credit cards, scratch cards, or monthly subscriptions, or direct billing to a Property Management System (PMS) and can base the billable event on a number of different parameters such as time, volume, IP address type, or bandwidth.
      • Access Control and Authentication and security using walled gardens, and a patented INAT (Intelligent Network Address Translation) feature.
      • A 5-Step service branding methodology comprising of Initial Flash Page branding, Initial Portal Page Redirect (Pre-Authentication), Home Page Redirect (Post-Authentication), displaying corporate branding during the user’s session, and post-paid PMS