SUBSCRIBE TO UI STREET

NESSUS-3

Nessus-3

The Nessus vulnerability scanner was created by the Nessus Development Team, led by Renaud Deraison. Nessus is one of the greatest tool designed to automate the testing and to discover the known security problems. Nessus is designed to help, identify, and solve known problems before a hacker takes advantage of them. Nessus is a great tool with lots of capabilities. In this article, we shall endeavour to cover the basics of Nessus and Nessus-3 setup and configuration.

WHAT’S NEW IN NESSUS-3

Nessus 3 is the latest version of Nessus. Tenable Network Security, Inc. offers Nessus 3 as a free product for UNIX, Windows, and OS X operating systems. The following are the list of changes between Nessus 2 and Nessus 3:

  • NASL3 is 16 times faster than NASL2 and a full 256 times as fast as NASL1.
  • The IDS-evasion feature is no more.
  • Nessus 3 has more protocol APIs.
  • In Nessus 3, each host is tested in its own individual process and scripts share the same process space.
  • An NASL script can only use 80 Megs of memory.
  • The NASL3 VM is more secure. A poorly written NASL script is not vulnerable to any buffer, stack overflows or memory corruption because the language itself prevents the problem from occurring.
  • There are two kinds of NASL functions such as:
  • “Harmless” functions which cannot interact with the local systems.
  • Functions which can interact with the local system are supported in Nessus 3. However, the script must be signed by Tenable. In this way, tainted scripts cannot interact with the local system and the risk of a script being copied or hacked from system-to-system is reduced.

SCANNING MODE AND NESSUS OS FINGERPRINTING

The ability to detect the operating system of a remote target is always critical. A vulnerability scanner must be able to adapt the different type of environments. One of the initial steps that Nessus takes is, it attempts to identify the remote operating system. This is a highly critical step, as the other Nessus modules will often rely on this information to make intelligent decisions such as whether to scan the target host or not.

DEPLOYING A NESSUS INFRASTRUCTURE

Before deploying a Nessus infrastructure, the user should understand the target network. For instance:

  • Where are the network bottlenecks?
  • Where are the firewalls?
  • Where are the RFC 1918 networks?
  • What routing protocols are used?
  • What network protocols are typically used?

Speed

Nessus 3 is all about its speed. With Nessus 3, the network is the limiting factor. If more speed is required, the user should have multiple Nessus engines running in parallel. Besides speed, the user will also get other benefits from such a configuration. For example, when scanning a local broadcast domain, the user’s Nessus scanner should be able to pick up on things which typically would not be routed to the next-hop router. By having a scanner on each broadcast domain, the user can detect and use broadcast traffic, RFC 1918 addressing and much more. Having separate scanners ensures that the Nessus scanning traffic does not traverse WAN pipes. Nessus 3 runs on UNIX, Windows, and OS X operating systems. Hence, an organization can, deploy the Windows version of Nessus on their Backup Domain Controllers.

Location

It is very important to plan where a scan should begin. Do you want to simulate the “hackers” view and scan from outside the network? Do you want to scan from inside a network? Do you want to scan from a business partner network into your network? There are hundreds of permutations. The first question will be: “which vector of attack do I wish to test for?” Ideally, you want to test all the different permutations.

Time

How often you can scan? If active scanning is the only scanning being done, then the user should scan as often as possible. Most organizations utilize Change Control Procedures. Try to scan after a change control window. Remember, if you are scanning for every 30 days, a change in the network after 2 days of scan will go undetected for 28 days. While outside the scope of this paper, Tenable offers a 24×7 passive vulnerability scanner which detects these changes in real time. With respect to time, Tenable releases dozens of plugins per month. Be sure to have your Nessus scanner set up to automatically retrieve the latest direct feed from Tenable prior to a scan.

The Verdict

Nessus is an excellent tool that will greatly aid your ability to test and discover the security problems. The power that Nessus gives you should be used wisely as it can render production systems unavailable with some of the most dangerous plug-ins. We hope this article has given you a brief knowledge on Nessus and how it tests and discovers the security problems.

SUBSCRIBE TO UI STREET

SUBSCRIBE TO UI STREET

HOW TCP IS DIFFERENT FROM UDP

How TCP is different from UDP

Unlike TCP, UDP is connectionless and provides no reliability, no windowing and no funtion to ensure data is received in the same order as it was transmitted. However, UDP provides some functionalities as supported by UDP such as data transfer, multiplexing and has fewer bytes of overhead in the data. This fewer bytes in the overhead makes UDP protocol need less time in processing the packet and need less memory. Also absence of acknowledgement field makes it faster as it need not have to wait on ACK or need not have to hold data in memory until they are ACKed.

SUBSCRIBE TO UI STREET

WHAT IS A MAC ADDRESS?

What is a MAC address?

MAC address stands for Medium Access Control Address. MAC address is also referred as physical address or hardware address or Ethernet address.

MAC address is unique to network device wanting to utilize TCPIP network or LAN or WLAN service. It is “burnt into” the device by manufacturer of the device or Card.

MAC address is composed of 48 bit or six hexadecimal digits,separated by colons or dashes.

Example – 00-14-2A-3F-47-D0

Remember Hexadecimal digits can be numbers from 0-9 and letters from A-F.

MAC address represent manufacturer of the card and device number. The first three pairs of digits represent manufacturer (called OUI-Organisationally Unique Identifier) and last three pairs of digits represent number specific to the device(called NIC-Network Interface Controller Specific). ARP,Address Resolution Protocol is used to convert IP address to the MAC address. MAC address is very essential for the IP layer to work. MAC is the foundation for IP address to communicate packet from one system to the other. Similar to IP addresses, there are some MAC addresses defined for special purposes,For example FF:FF:FF:FF:FF:FF is reserved ror broadcast purpose.

SUBSCRIBE TO UI STREET

WHAT IS THE DIFFERENCE BETWEEN NAT AND PAT?

what is the difference between NAT and PAT?

NAT stands for Network Address Translation and PAT stands for Port Address Translation.

A network address translation device obscures all details of the computers connected to the local network. NAT device acts as gateway for all the computers. Behind the NAT device, local network can use any network address space. NAT device acts as proxy for the local network on the internet.

NAT

A NAT device helps in increasing the security as it can prevent an outside attacker even to find the local network. This is because of local addressing scheme is not contiguous with the standard IP address space used worldwide.

PAT

PAT helps in optimum utilization of IP address space by way of allocating one dedicated IP address for the organization and internally uses IP addresses as per the need. PAT is the extension of the NAT.

SUBSCRIBE TO UI STREET

WHAT IS A NETWORKING GATEWAY?

WHAT IS A NETWORKING GATEWAY?

From networking point of view Gateway is a device which provides connectivity between two heterogeneous networks/systems to communicate. This is done using protocol translation. Gateway embeds both protocols of different systems in order to provide interoperability functions. Gateway can provide interconnectivity between more than two different systems also.

There are various gateways designed as per the need of different systems/technologies. These include GSM/CDMA gateway for VOIP, T1(1.544Mbps)/E1(2.048Mbps) gateway, access gateway, GMSC and more.

SUBSCRIBE TO UI STREET

TOP FIVE SUGGESTIONS FOR MOBILE FRIENDLY WEBSITE

Top five suggestions for mobile friendly website

In the past few years’ mobile design has been detonated, but knowing what to do and where to start can be a big task. Mobile website design is not just about choosing between a mobile website or an application but, there is a range of options in between and aspects to take into account, including responsive web design, mobile-friendly web fonts, and much more.

To help you out, we have segregated together top tips on what to be considered while defining your mobile strategy and designing for mobile. So let’s dive deep-in and see the top suggestions for the mobile friendly website.

Mobile_Friendly_Website

USE A RESPONSIVE DESIGN

Responsive design allows the website developers to create a website which is effortlessly viewable on different size devices. This reduces the amount of work the website developers have to do when it comes to creating a website.

The responsive design approach makes use of flexible layouts, flexible images, and cascading stylesheet media queries. When responsive design is used on a website, the web page will be able to detect the user’s screen size and orientation and can change the layout accordingly.

ALWAYS INCLUDE A VIEWPORT META TAG

The viewport is a virtual area used by the browser rendering engine to determine how the content is scaled and sized. Without this viewport, your website will not work perfectly on a mobile device. What the viewport meta tag tells your browser is that the page needs to get fitted into the screen. There are many different configurations that you can specify your viewport to control. Here’s what we recommend in using at the head of the document.

Note: This only needs to be declared once.

FONT SIZES AND BUTTON SIZES ARE ALWAYS MATTERS

Your font size and button sizes always matter a lot for mobile devices. For font size, it should be at least 14px. This may seem big, but instead of users to zoom-in to read the web content, make it easier for them by adjusting the font size for maximum readability. The only time the user should be choosing a smaller to a minimum of 12px, is on labels or forms.

As for buttons, the bigger the button, the better—it reduces the chances that the user will miss or hit the wrong button by mistake. For instance, Apple’s design guidelines recommend button sizes to be at least 44px by 44px. Following these guidelines will help to maximize the user’s experience on their mobile device and increase conversions for e-commerce sites.

USE HIGH-RESOLUTION IMAGES

High-resolution images are very important in responsive websites to ensure the user’s experience in a high standard. The latest models of iOS devices have high-definition screens which requires an image double the resolution of a desktop. Having extremely high-resolution images will help the developers to avoid in having pixelated or even blurry images when viewed on a retina-quality screen.

NEVER STOP TESTING

Once you’ve created your responsive website, test it for a multiple number of times. We don’t just mean “try it on one of your mobile devices multiple times;” test it on an iPhone, an Android, a Windows phone, and on different tablets. Test every page, user action, buttons; and while you’re testing, it’s always important to put yourself in the position of the user, or ask someone who didn’t design it to test it for you.

We hope these tips has provided you the guidance in knowing how to make your website mobile-friendly.

suggestions_for_mobile_friendly_website

SUBSCRIBE TO UI STREET

HOW TO SECURE THE MOBILE APPS?

How to Secure The Mobile Apps?

The use of mobile devices continues to mount at a higher rate. 80% of the world population are already more on Internet-connected mobile devices, such as smartphones and 3G/4G tablets. The use of dedicated mobile applications is also increasing and is completely influencing mobile internet usage. Flurry reports that mobile applications account for 86% of the average U.S. mobile user’s time, which amounts to more than two hours per day.

Mobile apps are available through online by app distributors such as Apple’s App Store and Google’s Play Store are without a doubt the ascendant form of delivering value to the users throughout the world. Organizations have embraced mobile apps as a way to improve employee’s productivity and align with their new agile and mobile lifestyle, but are these mobile applications really secure and protected from malicious data and hackers?

So, explore this article and know how to secure your mobile apps from hackers.

Secure The Mobile Apps

SECURE THE CODE: CONSTRUCTING A SECURE APPLICATION

Mobile malware often taps vulnerabilities or errors in the design and coding of the mobile applications they target. Recent research from Kindsight reported by Infosecurity shows that malignant code is infecting more than 11.6 million mobile devices. Even before a vulnerability is oppressed, hackers can obtain a public copy of an application and can reverse engineer it. Popular applications are repackaged into “rogue apps” containing suspicious code and are posted on third-party application stores to allure and trick unaware users to install them and compromise their devices.

Organizations should look for tools to support their developers to detect and close security vulnerabilities. However, “consumer applications” still produce a threat as they may not undergo the appropriate coagulate process; and if rogue applications, malware and enterprise apps share the same device, the threat is detectable.

SECURE THE DEVICE BY DETECTING COMPROMISED AND VULNERABLE RUN-TIME ENVIRONMENT

As an application, its security always relies on the underlying device security. Organizations should look into the ways to dynamically gauge the security of the underlying device. Firstly, the mobile application sandbox, which is popular in modern mobile operating system design, must be undamaged. Rooting or jailbreaking the device breaks the underlying security model, and it is always recommended to restrict these devices from accessing organizations data. Jailbreak technology is progressing rapidly to elude detection; managing with these mechanisms is essential for keeping up with these threats. Organizations should consider up-to-date intelligence sources and application reputation services to trail the tidal wave of applications and their associated risks. Using this data, application capabilities could be enabled or disabled based on the device risk profile.

SECURE THE DATA: PREVENTING DATA THEFT AND LEAKAGE

When mobile applications access the organizations data, documents, and unstructured data are often stored on the device. If the device is lost or when the data is shared with non-enterprise applications, the potential for data loss will be increased.

Many organizations are already looking into “remote wipe” capabilities to address stolen or lost devices. Mobile data encryption can be used to secure the data within the application sandbox against suspicious data and other forms of culprit access. To control application data sharing on the device, every individual data element should be encrypted and controlled.

SECURE THE TRANSACTION

Mobile applications enable the users to transact with organization services on the go, the risk tolerance for transactions will vary. Organizations should adapt an approach of risk-aware transaction execution that restricts client-side functionality based on policies that consider mobile risk factors such as device security attributes, user location, and the security of the network connection, among others.

SECURE_THE_TRANSACTION

SUBSCRIBE TO UI STREET

ANGULAR 1 Vs ANGULAR 2

Angular 1 Vs Angular 2

AngularJS is a structural framework for dynamic web apps. It lets the user to use HTML as their template language and extends HTML’s syntax to express their application’s components clearly and concisely.

There are many conceptual and syntactical differences between Angular 1 and Angular 2. In this article, we are going to explain you the major differences between the above frameworks.

1) AngularJS 1 is easy to setup. All you need to do is to add a reference to the library and you are good to go. Whereas AngularJS 2 is dependent on other libraries and it requires some efforts to set up.

2) Angular 2 provides more choice for languages. The developer can use any of the languages from ES5, ES6, TypeScript or Dart to write Angular 2 code. Whereas, Angular 1 supports only ES5, ES6, and Dart.

3) Angular does not have in-built with mobile support, whereas Angular 2 is mobile oriented.

4) In Angular 1 there is no usage of controllers and $scope, whereas in Angular 2 con-trollers has been replaced with components. Angular 2 is component based.

ANGULAR 2 COMPONENTS USING TYPESCRIPT

import { Component } from ‘angular2/core';

@Component({

selector: ‘prodsdata’,

template: `

<h3>{{prods.name}}</h3> `

})

export class ProductComponent {

prods = { name: ‘Prod1′, quantity: 1 };

}

* Angular 1 consists of two ways to bootstrap angular. One is using ng-app attribute and other through code.

<script>

angular.element(document).ready(function() {

angular.bootstrap(document, [‘myApp’]);

});

</script>

SAY GOODBYE TO NG-APP

Angular 2 doesn’t support ng-app. Say goodbye to ng-app. The only way to support angular is through code.

import { bootstrap } from ‘angular2/platform/browser';

import { ProductComponent } from ‘./product.component';

bootstrap(ProductComponent);

The bootstrap is a function; it takes starting component which is also a parent component of the angular application.

* The Structural directives syntax is changed. ng-repeat is replaced with *ngFor in Angular 2.

ANGULAR 1 STRUCTURAL DIRECTIVES

<ul>

<li ng-repeat=”technology in technologies”>

{{technology.name}}

</li>

</ul>

<div *ngIf=”technologies.length”>

<h3>You have {{technologies.length}} technologies.</h3>

</div>

* In Angular .2 local variables are defined using a hash (#) prefix.

* In Angular 1, ng-model is used for two-way data binding, but in Angular 2 it is replaced with [(ngModel)].

* One of the major advantages of Angular is Dependency Injection. Angular 2 consists of DI but, there is a different way to inject dependencies. As everything is a class in Angular, so DI is achieved through a constructor.

THE VERDICT

Though the above two frameworks are similar, there are some essential differences in these two processes. Angular 2 is a really big step forward. And it certainly requires some efforts to migrate from Angular 1 to Angular 2. Both the tools have equal importance when compared with each other on the basis of functionality. The choice is always depends on the need and the requirements of the project.

  1. Pages:
  3. 1
  4. ...
  5. 26
  6. 27
  7. 28
  8. 29
  9. 30
  10. ...
  11. 56