Information Technology | Engineering Magazines

Understanding the Web Hosting Providers

November 17th, 2009 by engineering magazines

Communication has been very rapidly developed. The information technology as part of the development of the more advanced communication system around the world has also been shifted all the time. People’s need on information that is fast, exact, decentralized and reliable has been accommodated by the information technology. Information technology is basically a combination of computer science and communication science. It is about how to maintain information spread anywhere, accessible and also in the effort to make it free. It is also to maintain communication between people and simplify the essence of communication.

In the field of business, information technology has also been a very popular trend nowadays. People are looking for alternative and possibility whether the promising information technology can also be used to run business. Internet based business is basically a home based business. It can be conducted anywhere and do not need a very huge needs of infrastructure as running a manufacturing business or sort of things. Internet based business has been experienced by some people that at last influence the other to also try this new trend since people also able to see the success of internet based businessmen.

Internet based business must be related to what so called web hosting. It is for a web master who wishes to manage his or her web sites. Just like a business in cellular communication, there are also providers for website hosting. The providers will provide you services on designing your web and building system of your website so that it is measurable and also reliable. The providers usually also provide you web hosting guide for you to learn better. For your information you can also look for the directory of the web hosting to see the rankings of the best provider for hosting a website. You will also find three kind of web hosting from which you can choose the best suits you.

Read the rest »

Tech Awards Circle Silver Winner: Asankya

November 16th, 2009 by engineering magazines

Tech Awards Circle celebrates the products, services, vendors and individuals making a difference in the industry today. The winners represent a broad range of achievements, from hardware to software to services in consumer/SOHO, SMB, midrange, and enterprise markets. Gold, silver and bronze awards were given out in each category.

Asankya, a leading provider of high-performance for a new generation of Internet applications that need high throughput, security and two-way delivery, has been selected as a winner of the Tech Awards Circle, taking Silver in the Enterprise Service category. Winners were selected by an independent circle of publication reviewers/journalists from nominations based on a broad range of achievements – from product and technology innovations to talented executive leadership and engineering innovators.

“Despite overwhelmingly strong competition, Asankya exhibited true industry excellence to be recognized among the top of the Tech Awards Circle,” said Kevin Anderson, awards program coordinator. “Our judges were pleased at the level of submissions from all the vendors entering this year’s competition, so to be named a winner of this prestigious award is a testament to the quality and innovation unrivaled in the high tech community. We wish Asankya continued success and look forward to them defending their title during the next awards period.”

According to Asankya CEO, Scott Ryan, “Asankya take pride in enabling the secure delivery of mission-critical applications in the cloud for enterprises, SaaS providers and agencies of the Federal government, and we are pleased to be recognized for our technology advancement and innovation.”

About Asankya’s Award-Winning RAPIDnet Application Enabling Network

Asankya’s RAPIDnet is the premier Application Enabling Network for the high-speed delivery of secure Internet applications. The breakthrough Asankya RAPID Protocol uses multiple pathways across the Internet to deliver large improvements in throughput and consistency while maintaining the security and availability that enterprise applications require. This enables Asankya’s customers to take advantage of public cloud economics while preserving the security and speed benefits of private networks.

Asankya’s RAPIDnet is the only application delivery service that accelerates encrypted traffic, optimizes bi-directionally, and improves the performance of both TCP- and UDP-based applications. The RAPID Protocol, the cornerstone of Asankya’s RAPIDnet, is a breakthrough parallel networking technology that increases throughput across the Internet by using multiple pathways, solves transport inefficiencies inherent in TCP, and reduces network load by removing duplicate packets. The research leading to RAPID was initially funded by the National Science Foundation, developed at the Georgia Institute of Technology, and first utilized by the U.S. Intelligence Community.

About Tech Awards Circle

Tech Awards Circle was established this year to truly honor the ‘best of the best’ in technology. Tech Awards Circle is not affiliated with an analyst firm or a media company, both of which are directly supported by tech vendors through consulting relationships or advertising sales, so it is uniquely unbiased and immune to conflicts of interest. Entries are judged by an independent circle of journalists, including product reviewers, each with at least a decade of experience covering technology from consumer electronics to enterprise-class computing. To prevent these judges from being unduly influenced by vendors, they have agreed to remain anonymous. For more information or to be added to the mailing list please visit www.techawardscircle.com.

About Asankya (www.asankya.com)

Asankya enables high-performance for the new generation of Internet applications that need high throughput, security and two-way delivery. The company’s RAPIDnet Application Enabling Network is utilized by leading SaaS companies, cloud storage providers, private enterprise cloud users and key government entities. Asankya is venture-backed by Veritas Venture Partners, In-Q-Tel, Seraph Group, Georgia Research Alliance and Ridgewood Advisors. Asankya is headquartered in Atlanta, Georgia.

Read the rest »

Tags: awards program, bronze awards, category winners, critical applications, enterprise service, gold silver, high throughput, industry excellence, internet applications, kevin anderson, prestigious award, program coordinator, rapidnet, scott ryan, secure delivery, service category, speed delivery, technology advancement, technology innovations, true industry

Posted in Information Technology Add a comment

Social Engineering

January 10th, 2009 by engineering magazines

The goal of my paper will be to explore the topic of Social Engineering in all its facets. But what really is social engineering? Is it a term that can be applied in any field other than Information Technology? Your Dictionary references Webster’s Dictionary, which defines social engineering as thus (Your Dictionary, 2006):

A deceptive process in which crackers “engineer” or design a social situation to trick others into allowing them access to an otherwise closed network, or into believing a reality that does not exist.

However, in a much broader sense, social engineering can indeed take place outside of a technical field or applied to describe a non-I.T. related situation, because in reality, the act essentially involves deceiving another individual into divulging information that should be kept secret. The following definition better describes social engineering in this light (Social engineering (security), 2009):

Social engineering is the act of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud or computer system access; in most cases the attacker never comes face-to-face with the victim.

The goal of this paper aims to explore these many situations that others might not classify as an social engineering act to steal information, and in addition to that goal, explore similar objectives throughout: to create a conversation about social engineering by generating awareness, discuss the many different kinds of social engineering methods, cite examples of real world social engineering events & the people responsible, and finally, cover a list of best practices to avoid social engineering attacks.

        So now that we have established a “working definition” by which to base the foundation of this discussion on social engineering, the next logical step would be to mention a few of the well-known techniques employed in social engineering acts (Granger, 2001).

A very widely recognized form of social engineering occurs over the phone, which gives all the anonymity in the world a person with malicious intent could ask for. Those that are particularly vulnerable to this type of threat are help desks, customer service reps, and of course, the common victim: the innocent individual minding their own business at home, on the comfort of their couch. But just because most of these attacks are known to occur over the phone, does not mean that you are safe when actually using the phone yourself. What do I mean by this? IT’s known as shoulder surfing (Dwyer, 2008), or when someone else gleans your PIN number or ATM number by simply standing over your shoulder at either a large airport or phone booth.

Another great example of why social engineering isn’t just something to worry about at the workplace is how often thieves thrive on another technique known as Dumpster Diving, which involves hackers or anyone with malicious intent attaining information such as: calendars showing when employees might be out of town, policy manuals detailing how internal systems are protected, or even hard drives that can be restored & vital information discovered (Berg, 1995).

But my favorite form of social engineering has to be the form described as Quid Pro Quo. (Wikipedia, 2009) Imagine, if you will, that the “attacker” attempts to randomly ring up someone claiming to be returning their technical support call; eventually, said attacker will find someone who is grateful to have been called back, who will have no problem following whatever instructions the attack doles out… which will most likely be either a series of malicious commands or the giving up of valuable information (such as a credit card number or name and password).

        While there are certainly many more techniques that could be discussed, I would like to focus the next section on elaborating on the techniques described above with specific, real world scenarios of social engineering taking place. A very fascinating example of an attacker making the victim believe that he is of a higher authority is described by McAfee Avert Labs and SANS analyst Lennny Zeltser (Kumar, 2009):

Apparently, yellow fliers were placed on vehicles in a parking lot, and the fliers claimed that the vehicles were in violation of parking regulations. The fliers further stated that the owner could visit a certain website to get more information and pictures about the offense.

Now you can imagine the result of this very clever form of social engineering: said victim sees the fliers and once they reach home, attempt to visit the designated website – only to be told to download a toolbar or some other form of disguised malware, which in turn infects their PC with even more malware.

Kevin Mitnick, who was once one of the most wanted hackers in the U.S. in the late twentieth century, wrote a book entitled The Art of Deception (Mitnick, Amazon, 2009). In his book, he describes several examples of social engineering, and in one he describes how someone could wait for a snow storm to occur, and then calling the network center posing as a… you guessed it, snowed-in employee. In other similar examples, Mitnick gives a smaller example of how someone could get a police officer to divulge when he might be out of town, and by scheduling a court date at that specific time; get out of the speeding ticket (Mitnick, Social Engineering Books, 2006).

        A few of these examples of social engineering are really quite startling. How can one hope to avoid falling into these tricks when many of them are so clever? There are a few “best practices” that can be taught which will help falling into the social engineering traps. Some may be ideal for teaching fellow employees and others might just be applicable to the individual, helping him or her to live a more secure life in regards to their important information’s safety.

        Some of the best techniques to teach employees, as identified by US-CERT (United States Computer Emergency Readiness Team), are as follows (McDowell, 2004):

Be suspicious of any phone calls, visits, or email messages from individuals asking about employee or internal information. Always ask any individual claiming to be of a legitimate organization to verify their claims; this is especially true if they could use your position as a gateway to attain privileged information (for example, you work at a help desk). Almost never reveal sensitive information over the internet. Never. Before doing anything with any amount of sensitive information, consult a higher authority or person with full knowledge of your company’s security policy. Always shred any company documents before discarding them. Even the slightest bit of information can give an attacker inside knowledge as to who works at the company, their operating hours, or phone numbers.

Richard Steinnon of the website CIO Update decries what is often touted as the “best defense against social engineering:” training. He stipulates that if you determine a mandatory training in order to sharpen peoples’ awareness is needed in order to avoid social engineering attacks… then you already have a hole in your defenses. Ultimately, the very best defense against a good social engineering attack is: enforce policy (Stiennon, 2009).

            In conclusion, I have covered a wide ranging of topics all of which involve a discussion centered on Social Engineering. What began as an initial exploration into the definition of Social Engineering, the discussion then progressed into examples of the varying types of social techniques that attackers employ to trick others into divulging sensitive information.

Many common examples of real world attacks were also covered and how devastating their implications can be to the victims; corporations or individuals are not safe against any sort of Social Engineering attack. Chief among those who used to be considered the most dangerous of all, Kevin Mitnick, wrote a book describing in detail how wide-ranging Social Engineering attacks can be.

And finally, I briefly covered some “best practices” to avoid such social attacks from occurring to you or future employees. While it may seem obviously to a technically inclined individual, everyone can be a victim of these kinds of attacks when not following the most basic of policies. Being intelligence with information essentially keeping it to yourself. But rest assured that there are those out there who are constantly inventing new and dangerous ways in which to trick innocent people into giving away important information. And it’s only with constant diligence and a re-affirmation to confidentiality can we hope to avoid the trap known as Social Engineering.

Works Cited

Berg, A. (1995, November 11). Social Engineering. Retrieved April 19, 2009, from Packet Storm Security : http://www.packetstormsecurity.org/docs/social-engineering/soc_eng2.html

Dwyer, J. (2008, January 12). Picking Pockets? Nah, Surfing Shoulders. Retrieved April 19, 2009, from New York Times: http://www.nytimes.com/2008/01/12/nyregion/12about.html

*Granger, S. (2001, December 18). A True Story. Retrieved April 19, 2009, from Security Focus: http://www.securityfocus.com/infocus/1527*

Kumar, L. (2009, February 4). Real World Social Engineering. Retrieved April 19, 2009, from McAfee Avert Labs Blog: http://www.avertlabs.com/research/blog/index.php/2009/02/04/real-world-social-engineering-to-spread-malware-online/

*Major, S. D. (2009). Social Engineering: Hacking the Wetware! Information Security Journal: A Global Perspective , 40-46. *

McDowell, M. (2004). Tips. Retrieved April 19, 2009, from US-CERT.GOV: http://www.us-cert.gov/cas/tips/ST04-014.html

Mitnick, K. (2009). Amazon. Retrieved April 19, 2009, from Amazon: http://www.amazon.com/Art-Deception-Controlling-Element-Security/dp/0471237124

Mitnick, K. (2006). Social Engineering Books. Retrieved April 19, 2009, from Social Engineering: http://www.social-engineering.eu/books/artofdeception/

Social engineering (security). (2009, April 16). Retrieved April 19, 2009, from Wikipedia: http://en.wikipedia.org/wiki/Social_engineering_(security)

Stiennon, R. (2009, October 19). The Best Defense Against Social Engineering. Retrieved April 19, 2009, from CIO Update: http://www.cioupdate.com/trends/article.php/3638951/The-Best-Defense-Against-Social-Engineering

Wikipedia. (2009, April 16). Retrieved April 19, 2009, from http://en.wikipedia.org/wiki/Social_engineering_(security)

Your Dictionary. (2006). Retrieved April 19, 2009, from http://www.yourdictionary.com/hacker/social-engineering

By: James Banicar

About the Author:

Read the rest »