The first step we reset the access points with first pressed the reset button on the back of the access points during the 10 seconds pake paper clip, and let us be sure settingannya back to the default.

Furthermore, the laptop / PC, we give a static ip address 192.168.1 .* (fillable star aja what the origin is not under the 245 and 255). If you already connect the UTP cable from the laptop / PC to the access point directly.

Ping the 192.168.1.245 address, if any reply then proceed to open the browser type the above address (192.168.1.245) in the address bar. If you exit the dialog box input the user password “admin” password on the town, while the username leave it blank. Click OK and you will find the settings page of the web-based access point.

If you plan to connect the access point on your network that have different market segments (eg in addition to 192.168.1 .*) change the static IP to the appropriate segments, or can also select DHCP if you do not want to give Static IP. Cuman the last possible you will find it hard to find the IP access point later.

In the web based control panel from the access point you can adjust various settings provided by the WAP54G, eg Mode, authentikasinya or change the default password.

After completion to determine the IP of the WAP54G is unplug the UTP cable from the laptop / PC, then connect to your network.

You should be able to access web-based control panel access point of your network.

source: http://uch1h4sasuke.wordpress.com/setting-akses-poin/

use of an intranet to automate image library

And what an intranet is in use in the library as well? intranet can also use the library at the medical school library for example using intranet facility to UGM an online journal can only be viewed or downloaded at the library because it uses your IP address is registered with a site provider of online medical journals that have been given the firewall (firewall is a device software / hardware that regulates access to a person into an intranet or the user permissions within the local network to external network) connected to local Internet network, in order to protect the information system assets from attacks by outsiders.

This makes the intranet really stood independently. Another thing that distinguishes the Internet is from the side of the intranet usage. Applications and information are for the intranet within an organization itself, while information on an Internet site intended for the general public.

Type of utilization of the intranet

Intranet usage actually depends on the organizational form penggunannya. Is a shop, multinational corporations, institutions pile of library or other departments. By understanding the work of these organizations will facilitate the design model of an intranet is not used.

In an institution the library intranet is widely used for:
1. OPAC (online public catalouge) or online catalog can be accessed at all connected with the roar of the library network
2. membrikan maximum service to users, for example, an online journal medica guise of medicine can only be accessed in the library of medicine.
3. information service system, etc.
4. Online circulation system

Components to build an intranet

Components to build an intranet is basically the same as the components to build the Internet, such as:

1. browser application (Internet exploler, Opra, the mozilla firefox, netscape)
2. computer server
3. network devices
4. TCP / IP protocol
5. programming language (html, php, mysql, etc.)
6. client computer
7. developer tools

that need to be added to the intranet if sebagianinformasi organization wants to be exposed in the Access external network (Internet) is a firewall and router (this will be an intranet extranet).

Internet

Intercenneted network or better known as the Internet is a global komuniasi system that links computers and computer networks around the world. Every computer and network connected langsug or indirectly to some of the main trail, called the internet backbone and are distinguished from one another using a unique name that can be called 32-bit IP address. Example 202.133.81.6

How to connect to the Internet:
1. register at the ISP (internet service provider)
2. via modem dial up (telephone)
3. with GPRS mobile phone melalusi

The difference with the internet intranet and extranet:
Intranet
Koputer is a network-based TCP / IP protocols such as the internet, only used internally by companies or offices with a web-based applications and technologies such as internet data communication (even internet cafes (cafe) can be categorized as intranet)
Extranet
If a business entity or expose some of the internal network to the outside community.
Internet
Communication is a global communications network which connects all of the computers in the world despite the different systems and machinery oprasi.

Internet: Strategy Use, In the Library

Internet offers a new alternative in gaining information as well as dissemination of information. If the earlier, print-based information is the prima donna of traditional libraries, the new format is available now in digital form via the Web. Collections of digital materials that are transmitted electronically and is called the digital library, its presence is increasingly important in meeting the information needs of users.

Use of the Internet in a library can be differentiated into two types.

Firstly, the provision of access is the provision of facilities and infrastructure in which librarians and library users can use the Internet. In this regard, as the library provides a number of computer terminals connected to the Internet. Provision of access service aims to enable academicians can obtain information that originates from the Web, which is required to support the teaching-learning process and research. These activities are basically the same as the provision of printed library materials that are routine activities of a traditional library.

Users can conduct searches themselves, or by ordering materials they need to librarians. In this regard, knowledge and experience of librarians in the search to be very important because it can increase the efficiency of librarians and users. Librarian in accordance with the basic role, in providing access to the Internet can act as mentors, especially for new users, consultants like reference librarian functions, oversight for the use of an unproductive, search based on user orders, diseminator for the dissemination of information about Web material, and organizers to organize Web materials.

Secondly, electronic publication is to publish a variety of activities and information about the libraries. In this case, and maintain their own library has a Web site. Web Publishing aims to publish various information about the library and its activities. This activity is basically the same with the publication of leaflets, brochures, pamphlets library guides, new acquisition lists, catalogs of various kinds, etc., that are usually performed by a library, and other publicity activities. In this regard, the library acts as a publisher.

Site libraries provide new opportunities for librarians to do something previously considered difficult to do. Opportunities include the following published typical high school or college that is not published but are documented in the library as a deposit of high school or college. These works include materials by and about the school or college, which includes research reports, papers, papers of seminars, symposia, lecture materials, and publications of other schools or colleges. Other activities are made possible by the extension service as an alternative to the extension of loans by telephone, between the user’s consultation with reference librarians, providing links to other Web resources, newsletter publishing, and so forth.

source: http://kangbudhi.wordpress.com/2007/09/12/teknologi-jaringan-intranet-ekstranet-dan-internet-di-perpustakaan/

Weaknesses / Threats Network Wifi (Wireless Fidelity)

Security issues is very important in computer networks, especially in wireless networks. The presence of many vendors of wireless products serving a variety of products at prices affordable to drivers of contributing to widespread use of wireless technology. This wireless technology is not only suitable for use in office or business users. Home users can also use this technology for easy connectivity. This paper is directed to provide information on threats as well as quick and easy way to secure wireless network. As already discussed in the beginning, the wireless technology is relatively more vulnerable to security problems. As the name implies, wireless technology uses radio waves as a means of data transmission. Security processes will become more difficult because you can not see radio waves used for data transmission.

Weaknesses of wireless networks can generally be divided into two types, namely the weakness on the configuration and weakness on the type of encryption used. One example of the causes for weaknesses in the current configuration to build a wireless network quite easily. Many vendors that provide facilities that enable the user or admin so often found in wireless networks are still using the default wireless configuration congenital vendors. Often installed on the wireless network is still using the default settings congenital vendors such as SSID, IP Address, remote management, DHCP is enabled, frequency channels, without encryption and even user / password for wireless administration is still the standard factory default.

WEP (Wired Equivalent Privacy), which became standard for wireless security before, when this can be easily solved with the various tools that are available for free on the internet. WPA-PSK which is considered to be the solution to replace WEP, now also has to be solved by using an offline dictionary attack.

Some weaknesses in wireless networks that can be used to attack the attacker, among others:

1. Security Gap

Many users of wireless networks can not imagine what kind of danger that was up to them as being associated with a wireless access point (WAP), such as WLAN signals can be infiltrated by hackers. Below this may be a threat in wireless networks, among them:

- Sniffing to Eavesdrop

Package that is data such as HTTP access, email, and Iain, Iain, which is passed by wireless waves can be easily captured and analyzed by an attacker using an application such as the Kismet packet sniffer.

- Denial of Service Attack

These types of attacks carried out by flooding (flooding) network so that wireless signals collide and produce a damaged packages.

- Man In The Middle Attack

Increased security with encryption and authentication techniques can still be penetrated by finding weaknesses that network protocol operation. One of them by exploiting the Address Resolution Protocol (ARP) in TCP / IP so that a clever hacker can take over the wireless network.

- Rogue / unauthorized Access Point

Rogue APs can be installed by someone who wanted to disseminate / longer emits wireless transmissions with an illegal manner or without consent. The goal, the attacker can infiltrate the network through the AP this wild.

- Configuring the access point that is not true

This condition is very much due to a lack of understanding in configuring the security system of the AP.

Activities that threaten the security of wireless networks over done in a way that is known as Warchalking, wardriving, WarFlying, WarSpamming, or WarSpying. Number of access points / base stations are built along with the cheapness of Internet connection subscription fee, resulting in hacking activities are often applied to get Internet access illegally. Obviously, without the need to pay.

2. Hide SSID

Many administrators hid Services Set Id (SSID) wireless network with the intention that only those who know the SSID can be connected to their networks. This is not true, because the hidden SSID may not actually be perfect. At certain times or in particular when the client will connect (associate) or when it will decide himself (deauthentication) of a wireless network, then the client will still send the SSID in the form of plain text (although the use of encryption), so if we mean to bug it, can easily find that information. Some tools that can be used to obtain an in-hidden ssid, among others: kismet (kisMAC), ssid_jack (airjack), aircrack and much more. Here meupakan Kismet applications perform sniffing cup.

hide-ssid

3. WEP

Technology Wired Equivalency Privacy, or WEP was the encryption standard is one of the most widely used. However, WEP encryption techniques have vulnerabilities that quite disturbing. Truly, this is very dangerous security hole. There is no more important data, which can pass safely. All data that has been encrypted will be solved even by the intruders. WEP Weaknesses include:

* The problem of weak keys, RC4 algorithm used can be solved.
* WEP uses a static key
* Problem initialization vector (IV) WEP
* Problems Cyclic Redundancy Check the integrity of the message (CRC-32)

WEP has two levels, namely 64-bit key and 128 bits. Actually, the secret key on 64 bit WEP key is only 40 bits, 24 bits is an Initialization Vector (IV). Similarly, the 128-bit WEP key, secret key consists of 104 bits.

Basically, each packet of data sent by using WEP encryption consists of the initialization vector (IV) and the encrypted data contains a checksum (section to check whether there are changes to the data transmitted). WEP weak point lies in the length of 24 bits IV. An algorithm is usually used to calculate the encrypted code from the IV and the WEP key before being sent through the WLAN. Data receiver will reconstruct the data with the IV and the WEP key of course, already determined. Actual WEP standard recommends that IV is always a different code for each packet of data. Unfortunately, not all manufacturers do this.

WEP standard makers also did not mention how to make IV. In general, used a random generator. By using this generator, we can be sure that sooner or later the same IV code will be reused. The researchers estimate that the same IV is used every data packet 4000-5000. After learning the principles of the WEP, the intruder only needs to wait for the same IV used to calculate the WEP key and then the next entry in the network. At this stage, the intruder can do anything in the wireless network. Software to do all these things can be obtained free on the Internet. With a little additional knowledge and training, opening up the WEP encryption can be done easily. Armed with such software, everyone can learn to be an intruder.

The above attack requires considerable time and packet, to shorten the time, hackers usually do traffic injection. Traffic Injection is often done by collecting the ARP packet and then sent back to the access point. This resulted in the collection of the initial vector easier and faster. Unlike the first attack and second, for the attack traffic is necessary specifications injection devices and applications that start rarely found in stores, ranging from chipsets, firmware version, and versions of drivers, and not infrequently have to do patching of drivers and applications.

Applications that can be used to perform packet capture of airodump. Here are examples of applications that are mengcaptute airodump packet in the WLAN.

capture-wlan-package

After sufficient data dicapture, cracking process is carried out to find the WEP key. Applications that can be used to penetrate the aircrack WEP encryption. Here is an example of successful application aircrak find the WEP key.

WEP key-

4. WPA-PSK or WPA2-PSK

WPA is a temporary security technology designed to replace WEP key. There are two types ie, WPA Personal (WPA-PSK) and WPA-RADIUS. Currently already be on crack are WPA-PSK, namely the method of offline brute force attack. Using brute force trial and error a lot of words from a dictionary. This attack will succeed if the passphrase is used wireless are indeed contained in the dictionary words that are used to the hacker. To prevent any attacks against wireless security using WPA-PSK, use a passphrase that is long enough (one sentence).

5. MAC Filter

Almost every wireless access point or router MAC filtering is facilitated by the security. This is actually not much help in securing wireless communications, because the MAC address is very easy dispoofing or even altered. Tools ifconfig in OS Linux / Unix or a variety of tools such as network utilities, regedit, smac, machange on OS windows with easy to use for MAC address spoofing or replace.

Wifi is still frequently found in offices and even the ISP (which is usually used by the cafe-cafe) that only use MAC filtering protection. By using wardriving applications like kismet / aircrack kisMAC or tools, we can obtain information on the MAC address of each client that is connected to an Access Point. After getting this information, we can connect to the access point by changing the MAC in accordance with this client. In wireless networks, does not lead to duplication of MAC address conflicts. It merely requires a different IP client earlier.

Here is a list of client MAC addresses that connect to an access point by using the tools kismet.

mac-address-list

To change the MAC address of network interface, just use simple tools like MAC makeup.

mac-address-network-interface

6. Captive Portal

Captive portals become a popular mechanism for community infrastructure and WiFi hotspot operators that provide user authentication for infrastruktrur and IP flow management, such as, traffic shaping and bandwidth control, without the need to install specific applications on a user’s computer. Authentication process can be performed safely through an ordinary web browser on the user side. Captive portals also have the potential to allow us to do things securely via SSL & IPSec rule and set up quality of service (QoS) per user, but still maintain the network that are open in WiFi infrastructure.

Captive portal is actually a router or gateway machine which does not protect or allow the traffic until the user making the registration / authentication. Here’s how the captive portal:

* Users with a wireless client is allowed to connect wireless to get the IP address (DHCP)
* Block all traffic except those leading to a captive portal (Registration / Web-based Authentication), which is located on the cable network.
* Redirect or belokkan all web traffic to a captive portal
* Once a user to register or login, allow access to the network (Internet)

Here’s an example of the captive portal login page.

captive-portal1

Some things to note, that the captive portal client connection tracking only based on IP and MAC address after authenticating. This makes is possible to use a captive portal with no authentication for IP and MAC Address can be spoofing. The attack was done by the IP and MAC spoofing. MAC Address spoofing as has been described previously. Medium to IP spoofing, more efforts are needed to utilize the ARP cache poisoning, by doing the redirect traffic from a client who has been connected before.

Other attacks are fairly easy to do is to use the Rogue APs, ie configure the Access Point that uses components of the same information that APs targets, including SSID, BSSID to the frequency channel is used. So when there is a client that will connect to the AP made us, can we divert traffic to the actual AP.

Not infrequently the captive portal built on a hotspot has a weakness in its network configuration or design. For example, authentication is still using plain text (HTTP), network management can be accessed via wireless (located on one network), and many more. Another weakness of the captive portal is that the communication traffic data or when it is authenticating (connected network) will be sent is still not encrypted, thus easily intercepted by hackers. For that we need to be careful to connect to the hotspot network, so try using a secure communications protocol such as https, pop3s, ssh, imaps ff.

7. Wardrive

Wardrive is an electronic fishing expedition to find a weak wireless network. Most, most of these wireless networks are not even given a password or encryption to protect it. This activity is carried out to search for any network that will be made the object of attack. Thus, we can perform attacks on wireless networks that we have to target. To make the event, only required simple tools. These activities generally aim to get an internet connection, but many also made for certain purposes ranging from curiosity, trial and error, research, practical tasks, and other crimes.

Application for Site Survey / Wardrive “Netstumbler 0.4.0″

Mengexploit first step in the experiment is to find a Wireless Network Access Point. Tools that can be used to do this is Netstumbler. This partner is easy to use tools for finding signals of Wireless Networking. These tools can also measure the signal strength and noise generated because of the many who Connectivitas to one Access Point.

Results of scanning and analysis of WLAN networks on-boarding boarding area about using the tools of IT Telkom Netstumbler:

netstumbler

Graph of signal obtained using this tool on the SSID “ITTelkom”:

ssid-e2809cittelkome2809d

8. Protocol Weaknesses in Wireless Networks

The weaknesses of wireless networks, in fact can not be separated from the weaknesses of the various kinds of protocols that use, among others:

1.8 EAPOL (Extensible Authentication Protocol

EAPOL is a common type of protocol used for wireless authentication and point-to-point connection. When the official client sends packets to the AP. AP receive and respond to a request, or the AP has made the authorization process. From the EAPOL protocol, there are gaps that can be used to obtain the authentication value.

However, there is value authentication only when the inception of the official client communication with the AP. Furthermore, if already connected, EAPOL protocol did not appear again, except when 10 thousand the next package appears. A hacker can send an (injection) EAPOL packet containing the result of spoofing spoofing addresses which have been aligned SSID, MAC Address and IP Address of the source / destination.

Official client sends EAPOL packet to get a response from the AP for authentication process. Furthermore, the AP will check to see ID cards from the client. Attacker exploit the weakness of the protocol by making a fake ID card in order to be allowed entry by the AP and get a number to enter the same room.

Beacon Management 8.2

Beacon Management is one type of protocol used by each AP to transmit RF signals to proclaim the existence of the AP. When done Beacons and capture protocol decode it, would be obtained by the fact that in each of its Transmission rate, Beacon management sent some information, such as SSID, encryption type, channel, MAC Address, and Iain, Iain.

Weakness (vulnerability) that can be utilized from this protocol type are as follows. An attacker would capture the client management package Beacon emitted by the AP. Furthermore, the attacker client will retransmit the packet Beacon management. Typically, the value transmitted by the AP Beacon for 100ms. When the attackers capture Beacon client AP, then re-emit the Beacon, there will be two the same Beacon. Sending a different source, but contains the same information. This means that there are two APs the same SSID contains information, MAC Address, the same. As a result, all client can not communicate with the AP the truth, unless the attacker stops sending a packet is Beacon.

3.8 Deauthentkation / Disassociation Protocol

The term is commonly used to exploit this gap protocol called Broadcast Deauthentication Attack. This attack will be flooded with Deauthentication WLAN packet so that disrupt the wireless service on the client. This type of attack is the most dangerous attack because it would break the connection target client or all clients associated with AP attacker requests the termination of the connection by using Deauthentication / Disassociation immediately responded by the AP. If there is an ISP company affected by this attack, it will be a lot of complaints from customers due to rupture the entire client network.

Applications that can be used for this attack is Aireplay. Here are examples of applications of work being done Deauthentication Aircrak Broadcast Attack.

deauthentkation-protocol

8.4 RF Signal Jamming

RF signals are electromagnetic waves that are used to exchange information over the air from one node to another node. Today, the RF signals are widely used, such as FM radio waves to transmit, waves of television or as a means of data transmission through wireless networks.

RF signal has advantages, but also have weaknesses. RF signals easily disturbed by external RF-based systems, such as cordless phones, microwaves, Bluetooth devices, and others. When such devices are used simultaneously, the performance of wireless networks can be reduced significantly because of competition in the use of the same medium. In the end, such interference can cause errors in the bits of information that is being sent so that the re-transmission occurs and delays to users.

Probe-Request Management 5.8

When the first client attempts to connect itself with the AP, the AP will do-respond probes to check whether the client request to enter the wireless network are allowed or not. Gaps that can be used by attackers is to manipulate the probe packet-respond. Furthermore, attackers probe request-respond. If the request is done by sending a request as much as possible, for example, 500 packets in one second, the AP will not be able to respond to the package so much. That is, the AP no longer able to communicate with other clients.

source: http://joinchen.wordpress.com/2009/11/03/kelemahan-wifi/

A security researcher demonstrated how to break and are ready to tap phone calls nearby. Two software supporting the action that was ready to be disseminated.

If the application is needed that has spread, tapping phone calls going into the game the script kiddies can be done by anyone who wants, simply by downloading software available on the internet.

“GSM Hacking has entered the stage of script kiddie, just like Wi-Fi Hacking few years ago when people everywhere easily breaking into neighbor’s Wi-Fi,” said Karsten Nohl, a cryptography and security researchers at Security Research Labs, as quoted from TheRegister, Thursday (29/07/2010).

According to Nohl, with more spread of software that, it hoped the industry will switch to a more secure encryption. “Just as Wi-Fi, when they switch to WPA encryption. Hopefully it will also occur in GSM,” he said.

What software used? Here are two of them:

• Kraken, this software will be released at the Black Hat Security Conference in Las Vegas. Usefulness of this tool is to take the secret key in an SMS message encryption and voice conversation in less than 30 seconds. Developer is none other than Frank A. Stevenson, known as breaker CSS encryption on DVDs.
• AirProbe, the latest version of this software will also be distributed at the same event. AirProbe is capable of recording a digital signal that ‘passing’ between the tower base stations with mobile phones. Combined with GNU radio, AirProbe can retrieve data in real time and store only the required packages for tapping.

In addition, security and computer forensics investigators TheGrugq have explained the existence of weaknesses in the GSM system. And certain weaknesses can be exploited even by using just a handheld device.

Through the attack named RACHell, the perpetrator could be showered with RAC BTSs Request to ‘crash’ (not functioning). Another technique, called IMSI detach, can prevent certain mobile phone to receive SMS and voice calls over the mobile phone number was unknown.

World map with cable networks Asian countries top the speed of the internet, according to a global survey by the Akamai network.

Akamai data shows global Internet speed is only about 1.7 Mbps (megabits per second), but some Asian countries already have high speed.

Fastest broadband network in the world is in the city of Masan, South Korea.

Internet speeds in South Korea the average maximum rate of 12 Mbps with 33 Mpbs.

“100 Mbps is available in South Korea but the prices are not affordable by the community, about several hundred dollars per month,” said David Belson, Akamai’s chief of marketing.

Asian Domination
Akamai’s report for the first time researching the Internet by the middle of the growing need for mobile phone data.

Akamai shows 83 of the 109 mobile phone network providers to offer more speed than 2Mpbs.

Average speed Internet via mobile phones globally average Kbps to 7.2 Mbps 105th.

Asia dominates list of Internet speed with more than half of the 100 cities have the highest in Japan. Only 12 cities in the United States are included in the list.

The top twenty cities are in Japan or South Korea with the exception of the city of Umea in Sweden, where the number 18.

Other cities in Europe that occupies the top 100 places including Baden-Baden in Germany, Wageningen in the Netherlands and Timisoara in Romania.

The report also examines what he called attacks on Internet traffic, such as the amount of spam. Russia was in the top spot with 12% of this disorder.

Akamai provides approximately 15 to 30% of internet network.

In the first quarter of this year, more than 487 million unique IP addresses from 233 countries or areas related to the company network. (source: http://detik.com )

Aspects of network security is closely associated with services provided: inbound or outbound. Security on outbound service Can be done with the best possible firewall configuration.

Similarly, anonymous access inbound servicing, Standard and Poor ‘anonymous FTP, HTTP, Gopher, etc .. In this case, intentionally provided information for everyone. Another case Pls We Want to Provide a non-anonymous access (authenticated or services), whereby in Addition through the firewall, Someone Who is requesting access must Also get a ‘permission’ server after first proving his identity. This is the authentication. Furthermore, the authors use the term as a synonym for the word autentisasi.

RISK-SECURITY SERVICE INBOUND
Why Should autentisasi … ..? The Internet is a public network, and is open to everyone all over the world to merge. Once the size of this network, has raised profits and losses. We Often Hear and read about damaging the computer system, financial, or confidential information the Pentagon database of student academic transcripts. The sentence is adequate to represent the statement That We Should be ‘vigilant’ Those against ‘evil’ and the always Strive to minimize the possibility for Them to be Able to do his evil intentions. It’s easy to negate the possibility Of intruders (illegal access) from the outside by closing all inbound traffic channel service to the internal network. But this means have reduced the main benefits of the network: communication and use of resources together (sharing resources). Thus, a natural consequence with a large network Enough, is to accept and try to minimize this risk, not abolish Them.

We will from the start from a network-administrator (NA) That has been doing a good job, in Preparing ‘defense’ for the all services, outbound and inbound anonymous. Some Things That Need additional Should be remembered again. Whether the defense is strong Enough for the theft of the relationship (hijacking attacks)? Therein are already Considered the possibility of illegal monitoring of information packets are sent (packet sniffing – playback attack)? Or is it actually includes the readiness to illegally access from inside the system (false authentication)?

Happens hijacking usually on a computer network to contact us, although to Some rare cases, can occur at any point in its path. So That the NA would be wise to consider granting an access to the trusts, only from the computer most do not have the Same security system or May be more ‘robust’, compared with the network under the responsibility, he said. Minimize the Chances of this unfortunate business, Also Can be done by adjusting the packet-filter as well or use a server modifications. For example, We Can Provide facilities for anonymous-FTP any computer anywhere, but authenticated-FTP is given only on the hosts listed in the list of ‘trust’. Hijacking the middle of the paths Can be avoided with the use of encryption Between networks (end to end encryption).

Confidentiality of data and passwords is Also the topic of security design. Programs dedicated to packet-sniffing cans automatically displays the contents of Each packet of data Between the client and server. Password protection from crimes and Standard and Poor Can be done by implementing a single-use passwords (non-reusable passwords), so although they want Could be monitored by the sniffer, the password again Can not be Used.

The risk of hijacking and sniffing the data (not the password) Can not be avoided altogether. That it means NA Should consider this possibility and perform optimization for the less his chance. Restricted number of accounts with full access and remote access time, is one form of optimization.

Mechanism AUTENTISASI
Subject autentisasi is evidentiary. Evidenced includes three categories, namely: that something about ism (something you are sha) We know something (something you know SYK), and something That We have customers (you guys have something SYH). Sha closely related to the field of biometrics, Standard and Poor ‘checking-finger prints, retinal examination, voice analysis, etc. .. SYK is identical With the password. As for the SYH is Generally Used as a smartcard identity card. \

Perhaps, now is still widely Used is the password to the system. To avoid theft of passwords and use the system illegally, would be wise if our network system equipped with a disposable passwords. How Can the application of this method?

First, use the system time-stamp encrypted. In this way, the new password sent after The first is modified based on the current time. Second, using a challenge-response system (CR), Nowhere depends We give the password challenge from a server. We Are Preparing a preliminary list of answers (response) is Different for the ‘questions’ (Challenge), Which differ by the server. Because the course is so hard to memorize A Few TENS or hundreds of passwords, it Will Be Easier if the memorized rules to change the challenge is given to the response (so it is not random). For example rule is: “kapitalkan fifth letter and delete the fourth letter”, then the password That We give MxyPtlk1W2 Mxyzptlk1W2 is to challenge the system.

If the CR system, must be Known ‘rules’ her, then at the time-stamp system, We must remember the password for the provision of These time-stamps. Do not complicate this way? How lucky Mechanisms These are Generally handled by a device, either with software or hardware. Kerberos, autentisasi software created at MIT and Adopt a time-stamp system, requiring modifications to the client for time synchronization with the server and giving a stamp-time passwords. Modifications client program Reminds us of the proxy and, Indeed, something like that. CR systems are usually applied at the Same Time with hardware support. Examples of operational CR system is a device SNK-004 card (Digital Pathways) That Can be applied in conjunction with packet-FWTK TIS (Trusted Information Systems – Internet Firewall Toolkit).

TIS-FWTK disposable passwords offer solutions (CR) systems that ‘fun’: S / Key. S / Key hash algorithm iteratively apply the procedure to a seed, so the system Can validate-client instant response but did not have the ABILITY to predict the response, the next client. So if there is infiltration in the system, ‘there is no’ something ‘Which Could be Stolen (usually a list of passwords). Hash algorithm has two properties play. First, the input Could not be regenerated from the output (non-reversible). Second, there are two possible inputs for a Same output.

Encryption and Cryptography
Cryptography has grown so long, people want information Pls That he submitted Can not ‘read’ by a party not Interested. Traditionally Known as the two Mechanisms cryptography, public key or private key. DES (data encryption standard) Used by Kerberos to use private-key system. RSA (Rivest Shamir Addleman) implement public-key systems. One of the Contributors of RSA, and then make Ron Rivest MD4 (message digest function # 4) Used by the S / Key-TIS-FWTK him “. Optimization and crossbreed Between These two traditional methods of Childbirth PGP (Pretty Good Privacy). Discussion of the DES, RSA, or PGP is a separate book and not in place is disclosed here. But clearly, the system characterized by private key-decrypt-encrypt process through the keys are identical, while in the public-key systems, this process is done with two keys: a public key to encrypt and decrypt secret key for both Which of These key relationships and have close digenerasikan via a mathematical algorithm. Because of the mathematical processes required in advance, the speed of public-key systems Thousands of cans several times slower than equivalent private-key algorithm, although on the other hand Offers better protection. Exploitation of the advantages and disadvantages of private and public key systems is PGP, Which for the transmission of data is done with the key system-private-key That session runs fast, while the transmission of session-key of his own using public-key .

With encryption, the information We send it to a network through another network security doubts (the Internet), relatively more secure. Between Encryption networks cause a ‘thief’ must try a little harder to get illegal information Which Had he hoped. Trust There are opportunities for the implementation of encryption, namely: at the application level, data-link level and network level.
Application-level encryption requires the use of client-server is a special software. In accordance with the OSI reference model, encryption of the data-link is only valid for point to point connection, Standard and Poor ‘encryption system on a phone modem. While network-level encryption (network layer) is applied on the router or other equipment Which is adjacent to both sides of the network. Optimization of the interests and security policies carried out by adjusting the types / part of the IP packet will of some encrypted, adjustments to the firewall architecture and, consequently, the effectiveness of encryption key distribution, etc .. In the future, technology Nowhere VLANs (virtual LANs) is estimated to be a top choice for Intranet (enterprisewide), the use of network-level encryption has changed from so Important. Perhaps equally Important to state That while a company is ‘forced’ to use the internet as a route for delivery of sensitive information Between head office and other branches dibelahan earth.

AND TIS-FWTK Kerberos authentication server
Kerberos is one of the works of Athena project, a collaboration Between MIT, IBM and DEC. Kerberos was Designed to medukung autentisasi and encryption of data on a distributed environment through modification of standards of client or server. Some of the operating system vendor has submitted a Kerberos into on their products. MIT Itself provides a free version of Unix That has many in-Kerberizing. Even for the interests ported to the operating system or client-server That software does not support Kerberos, MIT provides its source-code, Also free. Project Athena Kerberos implemented in many applications Itself Poor ‘NFS, rlogin, email and password system. Secure RPC (Sun Microsystems) Also implements the Same thing.

There are Trust Things to consider in the implementation of Kerberos. Modification of the client and server software would cause restrictions on choice of applications. Unfortunately Also the there is no alternative method as a substitute for source-code modification (as in the proxy That allow the user a custom procedure or custom client software). Then, most people Also Agreed to call: “Kerberos is relatively Difficult to implement / manage”.

Other packages offered by the system autentisasi TIS-FWTK: authentication-server. Servers These are Designed in a modular, flexible mechanism autentisasi That supports many popular as a standard reusable password system, S / Key, SecurdID cards from Security Dynamics (systems with time-stamps), SNK-004 card Digital Pathways’ s (CR system) and an Mechanisms easy to integrate new. Back to the conversation at the beginning of this writing, if our primary interest is how to prepare the ‘defense’ for non-anonymous inbound service, perhaps the authentication-server solution is thys of consideration. Why? How does this system work? Not much space in this paper to load all our discussions about autentisasi, but the will of the cover Illustration below give you a little picture for you, Interested network security, authentication-server Concerned.

Source : http://radensomad.com/security-dan-keamanan-jaringan-komputer-dan-internet.html

Wireless network without cables or commonly referred to with a wireless network is easy enough for the configure, and also feels very flexible, especially if we want when walking path around the home or office with a notebook / laptop can still access the internet. However, because the Wifi / wireless lan using a wave, so it was easier to hack a cable Internet connection. some tips below to browse our safer when surfing in cyberspace using wifi

1. Using encryption
Encryption is the first security measure, many also from wireless access points (WAPs) that do not use encryption as a default configuration. Though many already have a WAP that Wired Equivalent Privacy (WEP) protocol, also by default be disabled. WEP does have some cracks in security, and an experienced expert in the field of the internet can definitely break through the security door, but it still helped a lot of security than no encryption. Be sure to make setting the WEP authentication method to “shared key” rather than “open system”. To “open system”, he does not use encrypted data, but only authenticate the client. Change the WEP key periodically do this to avoid password theft, and use 128-bit WEP rather than the 40-bit.

2. Use strong encryption
Because of the existing vulnerabilities in WEP, it is advisable to use Wi-Fi Protected Access (WPA). To use WPA, WAP must support. from the client side must also be able to support WPA TSB.

3. Change the default administrator password
Most manufacturers have the same administrative password for all these production WAP. The default password of course, already well known by hackers, which they later can also use it to change the configuration on your WAP to their interests. that must be done in the WAP settings is to change the default password. Use at least eight characters, a combination of letters and numbers will be increasingly difficult to be penetrated by a cracker, passwords should not use the word of words in the dictionary (usually easily penetrated by distionary attack) because the software only match the words with the existing password in the dictionary .

4. Turn off SSID Broadcasting
Service Set Identifier (SSID) which is the name of the wifi network. Standard configuration, the SSID of the WAP will be send out. This can make users easy to find searching and found that network, because the SSID will appear in the list of network providers who are on wifi users. If the SSID at the turn of, the user must know the SSID in advance of his order to connect with the network.

5. Turn off when not in use WAP
This method seems very simple, but also a few companies or individuals using this method. If we have users who only connect on a certain while, do not activate the wifi network at any time because it can provide opportunities for intruders to do the things that can hurt us. better turn off the access point when not in use.

6. Change the default SSID
Manufacturers always provide a default SSID. SSID broadcast disable the usefulness of is to reduce the possibility of other people know the name of our network, but if you still use the standard SSID, it is not difficult to guess the SSID of our network.

7. Using MAC filtering
Most WAP will allow us to use a filter media access control (MAC). This means we can make a “white list” of users who can access our wireless network, based on the options the MAC or physical address listed on each card network pc. Connections from the MAC is not in the list can not access.

This method is not always safe, because there could be for a hacker sniffing packets trying to transmit via our wifi network and find a valid MAC address from one user, and then tried to spoof. But MAC filtering can make an intruder who still do not experience difficulties.

8. Isolate the wireless network from the LAN
To password internal cable network from threats coming from the network without wires, so need to be made wireless DMZ or perimeter network is isolated from the LAN. This means using a firewall between wifi and LAN networks.
And for wireless users who need access to the internal network, users must first authenticate to the RAS server or use VPN. This provides an extra layer for a password.

9. Control the wireless signal
802.11b WAP can emit frequencies up to 300 feet. But this distance can be added by altering the antenna with a higher range. By using high-gain antenna, we can use a longer distance. Directional antenna to transmit the signal transmitted in a particular direction, and the signal wave is not circular as it did with omnidirectional antennas are commonly found on the WAP package defaults. In addition, by selecting a suitable antenna, we can control distance and direction signals to be safe from intruders. For the record, there are few who can configure the WAP signal strength and direction via WAP config TSB.

10. Emit waves at different frequencies
One way to avoid hackers usually use the technology, 802.11b / g, more powerful is to use 802.11a. Because 802.11a can work on different frequencies (frequency of 5 GHz), the NIC is created on the sophisticated technology will not be able to get a signal TSB.

Sharp is known as a TV producer now beginning to explore the origin of the Company eBook reader device Tokyo, Japan is currently working on two models eBook Reader which can be used to watch videos and listen to audio content. In addition, Sharp is also preparing eBook distribution service.

Second Reader eBooks are still in the prototype stage and reportedly soon be launched near the end of 2010 this year. One of them will have a 5.5 inch screen and the other with a larger 10.8-inch screen. Both are equipped with color touch screen feature.

Quoted from eReader Good site, Wednesday (07/21/2010), eBooks XMDF Sharp will use the format. This format is very popular and widely used in Japan for his ability to bridge the gap between the text and format to view video content.

“Latest XMDF lets users more easily view digital content including video and audio, and there is automatic adjustment for the layout to match the needs of publishers,” said one senior executive of Sharp, Masami Obatake.

He also added that e-publishing business is very interesting a lot of attention lately among this. So he thought, with the launch of two devices and distribution service later this year Sharp eBooks will be a very appropriate time. (Source: http://detiknet.com)

Acquisition of Palm, which opened early this year has attracted several leading technology companies. Not many people know that if Apple and Google also briefly glanced at it.

However, as is known, Hewlett-Packard (HP) eventually won the bidding on the Palm worth U.S. $ 1.2 billion. Earlier, HTC and Lenovo becomes the bustling company cited the company will purchase the smartphone. In fact, apart from that there is also Apple, Google, and BlackBerry, Research In Motion (RIM) is interested woo Palm.

Apple and Google seem to look at Palm as a repository of intellectual property and patents of potential growth for their companies. Reportedly, as quoted from Cnet, on Friday (07/16/2010), Apple could offer Palm’s patent portfolio. Although for that, Apple should support two different platforms of competing applications. But then, Apple does not supply enough heartbreaking Palm.

Google also, as stated by people in the internet giant, had intended to acquire Palm, but then failed to make an offer.

Likewise with RIM, have fared the same as Apple and Google. Although RIM is actually the first company that approached the Palm. But alas, the HP and then come up with higher bids.

Many analysts assess, Palm to HP’s acquisition is an important step for them before entering the smartphone market. HP was so smien with the operating system webOS owned by Palm and intend to develop it.

The creator / web providers are generally categorized web security as something that should be considered only after the website was created and is ready for use by the user. Many web security experts have even suggested that, in general there is a whole website on the internet are vulnerable to be governed by the attacker, and the gap is usually relatively easy to be found even to be exploited.

Currently a non-profit organization Open Web Application Security Project (OWASP) has released a list containing the 10th of fruit that can threaten the top slot of your website. Who made this list has grown, web technology (2.0), just like AJAX and RIA (Rich Internet Applications) that makes viewing the website more attractive and lead to rise to new types of gaps has also been included.
Here is the list issued by the OWASP:

1. Cross Site Scripting (XSS)
Gap XSS, is a web application as a user can enter data and send to the web browser without having to perform validation and encoding of the content of these data, an attacker can cause XSS Cracks run snippets of code (script), his property in the target browser, and allow it to steal a user’s session targets, even to create a worm.

Second. Injection flaws
Cracks Injection, generally against SQL injection (database) from a web application. This may happen if the user enters the data as part of a command (query) a deceptive interpreter to execute the order or modify any data.

3. Malicious File Execution
These gaps result in an attacker can remotely create a file that contains code and data for execution, one of which is remote file inclusion (RFI).

4. Insecure Direct Object Reference
Is a gap that occurs when the maker of internal reference merekspos web applications use objects, like files, directories, database records, etc.

5. Cross Site Request believe are forged (CSRF)
This gap will force that has been the target browser log-in to send a “pre-authenticated request” to the web applications that are known to have gaps, and force the browser to do things that target profitable attacker.

6. Information Leakage and Improper Error Handling
Attackers use the information obtained from the gap caused by information provided by web applications such as an error message (error) and configurations that can be seen.

7. Broken Authentication and Session Management
This gap is due to the bad handling of the process of authentication and session management, so an attacker can get the password, or key is used for authentication.

8. Insecure Cryptographic Storage
Generally web applications rarely use cryptographic functions to protect critical data that is owned, or using cryptographic functions that are known to have weaknesses.

9. Insecure Communications
Very few web applications that secure communications path, it is utilized by the attacker as a gap to gain valuable information.

10. Failure to restrict URL access
Often, web applications display only removes the link (URL) from unauthorized users, but this is very easily bypassed by accessing those URLs directly.

For more details in his review of your web application, you can read directly from the official website of OWASP.

copy by :  http://dhyrom.com