New products from Apple

Improved and faster MacBook Air and Mac mini, new Apple ThunderBolt Display screen and launch of the Mac OS X Lion are the new series of products introduced by Apple.

The new MacBook Air is faster than ever, the brand new Mac mini is very powerful despite its small size, and the new Apple ThunderBolt Display is the first screen in the world with the ThunderBolt technology. Also, Apple’s new operating software is released, called Mac OS X Lion.

The upgraded MacBook Air, offers next-generation Intel Core i5 and i7 processors and is 2.5x faster than the previous generation. It also has a built in ThunderBolt port for fast data transfer. Available in models with 11 inches and 13 inches, it has a backlit keyboard, flash storage and long-lasting battery for up to 7 hours.

Regarding the new Mac mini, it is twice as fast with dual-core Intel Core i5 and i7 processors, and equipped with the new graphics card AMD Radeon HD which provides sophisticated graphics for more fun. It also has a ThunderBolt port for much more scalability. Finally, it is also available in version with Lion Server installed.

Also, Apple launched its new 27 “LED backlit monitor, the Apple ThunderBolt Display, the first screen in the world with ThunderBolt technology to enable the user to link a Mac that has a ThunderBolt port and create a truly impressive workstation.

Finally, it became available the long awaited Mac OS X Lion, the eighth update of the most advanced operating system for computers in the world. The Lion, which is available through the Mac App Store at a price of 23,99 €, brings over 250 new features to the MAC.

Cyber Attacks to Sega

The latest cyber attacks have now hit Sega, another gaming company after Sony and Nintendo.

As BBC, Reuters and AFP reported, Sega announced that data for their users was compromised from their online network, Sega Pass. Confidential information such as names, birth dates, email addresses, passwords etc were stolen, while stating that the credit card numbers remained unaffected. The company admitted that data information were stolen from the database for approximately 1.3 million customers.

The Sega Pass network was shut down in order to mitigate the attack and reinforce the level of security, Sega said, and apologized to customers for the problem. Remains unknown when the network will operate again.

The violation in security was found last Thursday by the European Sega subsidiary company and was not revealed until recently. The hacker group Lulz Security, which has claimed responsibility for many of the recent major cyber-attacks, but not for the last one, voluntarily offered to help Sega to discover the culprit and punish him.

Site to Site VPN between Cisco ASA and Router

In this post we will configure Site-to-Site IPSEC VPN between a Cisco IOS Router and ASA Firewall. ASA configuration is not much different from Cisco IOS with regards to IPSEC VPN since the fundamental concepts are the same. Let’s start our LAB example and we’ll see how it’s done.

Consider the following diagram. The first site (Remote1) is equipped with a Cisco ASA firewall (any model) and the second site (Remote2) is equipped with a Cisco Router. Remember that a Cisco ASA firewall is by default capable to support IPSEC VPN but a Cisco Router must have the proper IOS software type in order to support encrypted VPN tunnels.

Equipment Used in this LAB:

  • ASA 5510 – Cisco Adaptive Security Appliance Software Version 8.0(3)
  • Cisco Router 2801 – C2801-ADVIPSERVICESK9-M Version 12.4(9)T4

Scenario:

LAN of Remote1 must be connected to LAN of Remote2 via VPN Tunnel. The most usual scenario is that the WAN cloud is the Internet, so secure connectivity shall be provided between the two LAN networks over the Internet.

First of all we shall make sure that the outside interfaces of ASA and router must be reachable over the WAN. Now let’s start IPSEC VPN configuration.

Cisco ASA Configuration

First I started ASA configuration.

I’ve created an Access list, which will match the interesting traffic which is the traffic to be encrypted. If source is 192.168.3.0/24 and destination is 192.168.4.0/24, then traffic will be matched by the access list as “interesting traffic” and will be encrypted and pass through the tunnel.

ASA(config)# access-list vpn extended permit ip 192.168.3.0 255.255.255.0 192.168.4.0 255.255.255.0

!IKE PHASE #1
! I’ve created a phase1 policy. This policy provides secured process of exchanging Keys.

ASA(config)# crypto isakmp policy 1

! For authentication I used Pre-shared. This method is most frequently used today.
ASA(config)# authentication pre-share

!For encryption I used 3des.
ASA(config)# encryption 3des

! Hashing md5.
ASA(config)# hash md5

! I used second group of diffie-hellman. Group1 is used by default. The most secured is Group5.
ASA(config)# group 2

! configure crypto key. The keys must match to each other between peers. Otherwise Phase1 will not be completed.
ASA(config)# crypto isakmp secretsharedkey address 192.168.2.2

NOTE: Crypto key is hidden in ASA configuration. If we look at configuration, it will be shown in following way.
tunnel-group 192.168.2.2 ipsec-attributes
pre-shared-key *

! Activate policy on Outside interface.
ASA(config)# crypto isakmp enable outside

! IKE PHASE #2- VPN Tunnel is established during this phase and the traffic between VPN Peers is encrypted according to the security parameters of this phase.

! I created Transform-set, by which the traffic will be encrypted and hashed between VPN peers.
ASA(config)# crypto ipsec transform-set ts esp-3des esp-md5-hmac

! Apply the access list created earlier for matching the interesting traffic.
ASA(config)# crypto map vpn 10 match address vpn

! I indicated address of Remote2 peer public outside interface.
ASA(config)# crypto map vpn 10 set peer 192.168.2.2

! Apply also the transform-set.
ASA(config)# crypto map vpn 10 set transform-set ts

! Attach the already created Crypto-map and VPN to outside interface.
ASA(config)# crypto map vpn interface outside

ASA configuration is completed here (regarding the VPN config of course). Now let’s start Router Configuration below.

Cisco Router Configuration

ISAKMP Phase 1

! Enter crypto-isakmp policy configuration mode for configuring crypto isakmp policy.
Router(config)# crypto isakmp policy 10

! Turn on 3des as an encryption type.
Router(config)# encr 3des

! I indicated MD5 as a hashing type.
Router(config)# hash md5

! I indicated pre-share authentication.
Router(config)# authentication pre-share

! I used second group of diffie-hellman. group1 is used by default.
Router(config)# group 2

! I defined peer key same as ASA site.
Router(config)# crypto isakmp secretsharedkey address 192.168.1.2

It’s not necessary to match policy numbers. The most important is to match corresponding parameters of policy. Otherwise negotiation of Phase1 will not be successful.

! Access list for matching interesting traffic.
Router(config)# ip access-list extended vpn
Router(config)# permit ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255

ISAKMP PHASE 2
!
! Create IPSEC transform-set, by which the mechanism of hashing and encryption is determined, by which the traffic will be hashed/encrypted in VPN tunnel later.
Router(config)# crypto ipsec transform-set ts esp-3des esp-md5-hmac

! Enter into crypto-map configuration mode.
Router(config)# crypto map vpn 10 ipsec-isakmp

! Indicate IP address of peer.
Router(config)# set peer 192.168.1.2

! Indicate IPsec transform-set created above.
Router(config)# set transform-set ts

! Apply access list created above.
Router(config)# match address vpn

! Apply crypto-map to interface.
Router(config)# interface FastEthernet0/0
Router(config)# crypto map vpn

With this, VPN configuration is completed so let’s start verification.

! In the output below it is shown that ISAKMP PHASE1 is active, which means that negotiation of PHASE1 is completed successfully.

ASA# show crypto isakmp sa

Active SA: 1
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1

1 IKE Peer: 192.168.2.2
Type : L2L Role : initiator
Rekey : no State : MM_ACTIVE

Router# show crypto isakmp sa
dst src state conn-id slot
192.168.1.2 192.168.2.2 MM_ACTIVE 1 0

! Checking ISAKMP PHASE2. Here we see that IPSec is working and the interesting traffic flows in VPN Tunnel.

ASA# show crypto ipsec sa
interface: outside
Crypto map tag: vpn, seq num: 10, local addr: 192.168.1.2

access-list vpn permit ip 192.168.3.0 255.255.255.0 192.168.4.0 255.255.255.0
local ident (addr/mask/prot/port): (192.168.3.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.4.0/255.255.255.0/0/0)
current_peer: 192.168.2.2

#pkts encaps: 344, #pkts encrypt: 344, #pkts digest: 344
#pkts decaps: 344, #pkts decrypt: 344, #pkts verify: 344

#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 344, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #framents created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0

Router# show crypto ipsec sa

interface: FastEthernet0/0
Crypto map tag: vpn, local addr 192.168.2.2

protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.4.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.3.0/255.255.255.0/0/0)
current_peer 192.168.1.2 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 344, #pkts encrypt: 344, #pkts digest: 344
#pkts decaps: 344, #pkts decrypt: 344, #pkts verify: 344

#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

VPN Tunnel is established and works.

Top iPhone 5 Features To Look Out For

The magnificent communication device, iPhone, is expected to witness another re-launch in the second half of 2011. Although the official release date of the device is yet to be disclosed the gadget lovers across the globe are already anticipating a mega launch in the upcoming months. As per the industry analysts, the new iPhone 5 would be glazed with some of the finest set of features that would make it a class apart device amongst the league of the rest.

Apple has set new benchmarks in the industry and rest of the equipment manufacturers often draw their inspiration from the marvel design and feature set that Apple has offered to all its customers. One of the much appreciated aspects about the device is that it has the most sensitive touch screen amongst similar smartphone touch devices. The new iPhone 5 would be powered on A5 processor and the front ending OS platform would be iOS4.3. Only iPad 2 has been powered on the new OS and it would be really interesting to note the performance of the device on the robust hardware support. The new iPhone is all set to take the world by surprise with its finest set of features and support on the go.

It is anticipated that the global launch of their most beloved device would be on a higher and better scale than iPad 2. Analysts are also anticipating enablement of 5 MP or more in the new iPhone 5. The end users should not be surprised if Apple provides 8 MP camera on the new device. Apple’s competitors, primarily Samsung, are keen to cover on the aspects where Apple hasn’t concentrated while launching the product.

The new iPhone 5 might be even sleeker than iPhone 4 as far as the depth size dimension is concerned. However, the overall design would be kept same by the equipment manufacturer. There were certain rumours about Apple releasing an abridged version of iPhone 5, however, all that seems to be past and it looks like an unlikely move by apple at the moment. Though there could be few free apps installed this time round. These would be pertaining to music and business. The new iPhone would be the order of the day amongst professionals and students.

They are anticipating the phone to be cheaper and a real value addition when slated against their daily deliverables. The connectivity options would be restricted to Bluetooth, Wi-Fi, 3G and local USB. The 4G support is not that matured enough at this point in time and Apple too would refrain from over committing its customers on the feature set. It would be interesting to note the approach of the equipment manufacturer in the competitive times.

Today I have stumbled upon an interesting technique from the Cisco Blog and Cisco Support Forum which is about defending an SQL injection using IPS, ASA or IOS firewall. I will concentrate on the ASA here to show you what you can do with this great device. Ofcourse what I will show works only for specific SQL attacks and is not an “ALL IN ONE” mechanism for preventing all SQL attacks. You should have a web application firewall in addition to ASA in my opinion if you want to have a full blown SQL and Web Application protection.

So basically the ASA uses regular expressions (regex) together with Modular Policy Framework to inspect specific HTTP data patterns in order to detect the SQL injection attack. It will basically check for the SQL command “UNION ALL SELECT”.

Below is the configuration as described on the Cisco support forum:

regex SQL_regex_1 “[uU][nN][iI][oO][nN]([%]2[0bB]|[+])([aA][lL][lL]([%]2[0bB]|[+]))?[sS][eE][lL][eE][cC][tT]“
regex SQL_regex_2 “[Ss][Ee][Ll][Ee][Cc][Tt](%2[0bB]|+)[^\r\x00-\x19\x7f-\xff]+(%2[0bB]|+)[Ff][Rr][Oo][Mm](%2[0bB]|+)”
!
class-map WebServers
match port tcp eq www
class-map type inspect http match-any SQL-map
match request body regex SQL_regex_1
match request body regex SQL_regex_2
!
policy-map type inspect http drop-SQL
parameters
body-match-maximum 3000
class SQL-map
drop-connection log
policy-map SQL-traffic
class WebServers
inspect http drop-SQL
!
service-policy SQL-traffic interface outside

We assume that our webserver is protected on a DMZ zone on the ASA. Traffic is coming from the outside so the service policy (SQL-traffic) is applied on the outside. Upon a regular expression match, the ASA will drop the HTTP connection and generate a log. The above is a just a starting point for SQL attack protection and can not defend against all attacks. For example if the SQL statement is Hex encoded or url encoded by the attacker, the regex will not detect it. Here is the link from Cisco forum for more information:

https://supportforums.cisco.com/docs/DOC-14890

Below I will show you the steps to transfer music or video from your iPod, iPhone or iPad to computer with the help of cucusoft:

One of the toughest things to do on an iPod, iPhone or any Apple device is to transfer media files from one device to another or to a desktop/laptop computer. The process is so complex that even the so called “tech gurus” find it hard to transfer their media files such as songs and videos from an ipod/iPhone to their computer. Actually, you can easily synchronize music and video using iTunes but it’s only one way transfer (i.e from computer to iPod). If you want the other way around (i.e from iPod to your PC) then iTunes does not allow you to do this.

One of the important reasons for users not being able to transfer songs from ipod/iPhone to the computer directly is related to the software with which the Apple devices are run and also has to do with some copyright issues. As we said, itunes can sync your Apple devices which act like a middle man between the device and the user helping them to edit, update and reset the apple device. However, this software from apple has its own disadvantages as its lacks some of the basic functions that an average user likes to have.

Cucusoft technologies, a well renowned manufacturer of video tools for youtube and and developer of several enhancement tools for Apple devices (such as video converters, DVD rippers, iPhone-iPod transfer software etc) has now come up with a great and effective tool called Cucusoft iPad/iPhone/iPod to Computer Transfer software.

With the help of this easy to use tool, you will be able to backup all your media files and other files in your apple ipod device to your computer in no time. It can be used also to transfer any file from iPhone and iPad to your PC.

Below I’m giving you the steps on how to download, install and use this wonderful software.

Type in http://cucusoft.com in your browser bar and hit the return/enter key.
Scroll down a bit and go to the Cucusoft ipad/iphone/ipod to computer transfer box.

If you are willing to buy the software and then use it, click on Buy now! Button or click the Free Trial link to try the software for free.

Click on the Buy Now! Button if you want to pay or click on Free Download to directly download the software to your computer.
Follow the simple instructions on the screen that shows up and the Cucusoft ipod to computer software will be installed to your computer in less than 5 minutes time.
If you have bought the software, you will not be coming across the screen on the left. However, if you want to try the free trial, you can click on continue to Evaluate button to use the software.

Once you have launched the software and connected your iPod device to your PC, the software will automatically load all the media files and other files from your Apple device. You will be able to do all the things mentioned in the menu on the left side.

You will also be able to edit the media file, play the media file using the Cucusoft software, move files from one folder to another, set special rules for the back folder and many more.

One of the best things about the cucusoft ipod to computer transfer software is that it support all the Apple devices in the market and the steps followed to do things on the media files is pretty much the same for all apple devices. The software costs around $29, which makes it one of the cheapest ipod to computer software in the market.

The picture below shows you the full GUI interface of the Cucusoft program. As you can see, the tool has recognized and scanned the iPod device and found all available files (music, photos etc). From there you can select any file you want and transfer it to your computer with a few clicks.

TRIAL DOWNLOAD BELOW

trial download

 Page 8 of 40  « First  ... « 6  7  8  9  10 » ...  Last »