Sixteen Ways How To Secure Your E-mail ID || Mukesh Joon

Hello Friends Now We Can Discuss About How To Secure Our E-mail account.........

1------ Apply Double Verification Method on your gmail account.

2------ Chose a secure security question .

3------ Choose an strong password like as Ranbir@Kapoor now we can say dat type of passwordis known as a strong password .

4------ Prevent yourcomputer from trozon and virus... trozan and virus are the malysious activity which transfer your system information to the attacker.

5------In your computer we can use idps (intrusion detection &prevention  system)& firewall &update anti-virus.

6------Prevent your yahoo account from cookie grabbing .....basically some people create FACEBOOK account from yahoo account ...&due to cookie grabbing .

7------Basically use an secure operating system like as linux is the most secure operating system so frenz use only trusted and secure operating system .for example some-times we use window addition .... the xp-addition has many big vulnerability so use only trusted computer .

8------Convert password in the encrypted form ......which provide us more security .

9------ Safe your public ip address .........&prevent your system from metasploit .

10----- Use only trusted Application :) :D

Simple to implement, these tips can be a good start to making sure your e-mail communication becomes more secure.

11.------ Understand that no e-mail communication is 100% secure. We can do our best to make the percentage close to that, but sometimes - if the information is extremely important - you should consider ditching the e-mail option and deliver it in person (if possible). Avoid sending credit card or social security numbers via e-mail. It's also a good idea not to send user names and passwords for accounts you don't want to see compromised.

12.------ The more your e-mail is present in the confines of the cyberworld, the more spam you'll be likely to receive. Unfortunately, even if you're careful with disclosing your e-mail, chances are people will include you in mass mailings and you eventually your e-mail will be out there. To counteract this, you should definitely set up filters and rules. They will not catch every unwanted e-mail, but they will reduce their number. This is not just a matter of annoyance - basic users and novices are more susceptible to spam and scams. So why give the bad guys the possibility of trying out their angle?

 

 13.------ Tied to the previous advice is this one: choose plain text over full HTML or XHTML rendition to reduce the risk of being targeted by a phishing attack.

14.----- Don't open attachments unless you know who it's coming from and you trust them.15. Use encryption. Check with your ISP to see if they encrypt the authentication process. Encrypt your email message if possible. Are you familiar with the concept of steganography? You can hide messages in images, articles, shopping lists... Ideally, you can use both - first encrypt the message, then use a steganography software to embed it in a recent photograph. There are simple tools out there.

15.------ Don't access your e-mail from an unsecured network or potentially compromised computers. Yes, that particularly includes access from an Internet cafe. There be keyloggers.

16.----- Teach everybody who wants to know about it, especially your children (AND especially if you're using the same computer). 

Be aware of both your virtual and physical surroundings when communicating via e-mail. Be careful. Trust no one that you do not absolutely have to trust, and recognize the dangers and potential consequences of that trust.


Your e-mail security does not just affect you; it affects others, as well, if your e-mail account is compromised. Even if the e-mail account itself is not compromised, your computer may be if you do not take reasonable care with how you deal with e-mails — and that, in turn, can lead to affecting both you and others adversely as well.
Don’t be a victim.

 

 

Read more ...

Mukesh Joon | Intrusion Detection FAQ: What Are The Top Selling IDS/IPS and What Differentiates Them from Each Other?

-------&&&&&****Intrusion Detection FAQ: What Are The Top Selling IDS/IPS and What Differentiates Them from Each Other?  :) :D :P ****-------&&&&&

Selecting an Intrusion Prevention System (IPS) can be a daunting task. While an independent assessment of available solutions is strongly recommended as a best practice before procurement and deployment, a good place to start a research effort is to look at the market leaders and to compare their offerings.
According to Infonetics Research, Cisco ranked highest among six top selling IPS solution providers -- the other five suppliers being McAfee, Juniper, IBM, Sourcefire and TippingPoint -- based on assessments performed by large organizations on eight selection criteria, ranging from value and pricing to technology and the product's roadmap for the future. These same six providers also rank highest in terms of their effectiveness on the latest Gartner report, although CIsco and IBM are considered to be challengers to the market led by the other four vendors.
As IPS systems have evolved in time and grown in maturity, several traits are shared by the various offerings, the primary one being the successful migration from passive IDS monitoring systems to active in-line/in-band IPS choke points. This type of "pre-patch shield" provided by modern IPS systems is a feature made possible from its perimeter location; the vendor's frequent database updates gives their clients network-level protection while they work out a patching and hardening strategy on their internal production nodes. Other improvements generally found in today's IPS systems include attack recognition beyond simple signature matching, dropping of malicious sessions as opposed to simple resetting of connections, and the deployment of dedicated hardware that can operate at "wire speeds".
Cisco has several IPS solution offerings, which can be implemented via its IPS Sensor Software as well as through hardware (with physical add-on modules). A component of the Cisco Self-Defending Network, the Cisco IPS 4200 Series Sensors provide protection against worms, Trojans and exploits against application & operating system vulnerabilities. The IPS 4200 series filters for over 300 signatures and has 30 detection engines, providing protection for over 30,000 known threats. On top of standard signature-base matching capabilities, a globally-managed "reputation analysis" feature can push updates to client systems in a matter of minutes. Adopting a Cisco solution would certainly be attractive to those organizations that exclusively deploy and maintain Cisco network equipment; Cisco IPS solutions can be integrated and managed using existing Cisco network management systems.
IBM, through its acquisition of IDS pioneer Internet Security Systems, inherits a robust inspection engine and deploys their Proventia IPS solution in a variety of deliverables including dedicated hardware. At the core is a "security convergence" strategy that is engineered to provide protection for the wide range of threats that exist today, from web-based attacks to insider threats to standard malware protection, through a single consolidated solution. A key feature is the IBM Protocol Analysis Module (PAM) that supports a deep packet inspection capability. A scaleable solution through its modular product architecture, additional protection modules can be introduced as new threats emerge. Their X-Force research and development team provides 24/7 monitoring of ongoing threat levels in order to provide their customers with prompt updates to their IPS solutions.
Juniper Networks also maintains a portfolio of IPS solutions, ranging from standalone systems to integrated all-in-one security solutions. The Juniper IPS is Implemented as an application that can run collocated with other perimeter functions such as firewalls and rate limiters. Strengths in this solution include a highly-granular Role Based Access Control implementation for administration, a communications protocol validation capability performed against published RFCs, and selective contextual screening of network traffic. Its evolution from Netscreen acquirer to the developer of their next-generation JUNOS platform has helped them maintain their market share in the IDS/IPS market.
McAfee's acquisition of IntruShield makes them a player in the IPS marketplace with the rebranded McAfee Network Security Platform (NSP), also offered in various packages from all-in-one to dedicated solutions. NSP is the only IPS appliance that has the NSS Group's Multi-Gigabit IPS certification, and it supports integration to the McAfee Vulnerability Manager and ePolicy Orchestrator, a management platform that pushes down policy to managed nodes and systems. Centralized management of IPS nodes and policies is implemented through the McAfee Network Security Manager system, a separate appliance that implements a scaleable and intuitive management system that can support up to 1000 sensors.
Sourcefire is perhaps best known as the commercial arm of the Snort IDS project. The product's intrusion detection and protection engine is well-known in the security community due to its maturity and its open-source accessibility to students, although the learning curve associated with this type of offering is considered to be high. The Sourcefire RNA feature recommends which rules to implement based on the type of network being protected. The Sourcefire Vulnerability Research Team (VRT) is complemented by the open source community to provide and maintain updates to the configurations of their product line, which includes hardware and software solutions built on the Snort core. Snort is a highly configurable and expandable IDS/IPS solution, with its rule set built from a library of 14,000 rules that can be readily adapted and expanded by individual security administrators.
TippingPoint, acquired by 3Com in 2005, is a major player in the IPS market, and enjoys a significant market share. Also provided in a variety of flavours, it is able to provide zero-day protection capabilities due to its relationship with an army of independent researchers. Built upon their Threat Suppression Engine (TSE) with custom ASICs at the core, the TippingPoint IPS provides a high-performance solution that can efficiently scan packets at Layers 2-7 of the OSI model. Their research team pushes out emergency updates on top of standard updates twice a week; their Digital Vaccine service delivers filters that are designed to block multiple attack types that can be associated with new exploits. The product line's default settings provide a ready-to-use policy set to greatly facilitate initial commissioning.

Resources:

NIST Special Publication 800-94: Guide to Intrusion Detection and Prevention Systems (IDPS) http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf
Cisco, McAfee, Juniper top IPS vendors http://www.ciol.com/Technology/Security/News-Reports/Cisco,-McAfee,-Juniper-top-IPS-vendors/16909125093/0/
Cisco, McAfee, and Juniper top intrusion prevention vendor ratings by enterprise IPS users http://www.infonetics.com/pr/2009/User-Plans-Intrusion-Prevention-Systems-Study-Highlights.asp
Magic Quadrant for Network Intrusion Prevention System Appliances http://www.sourcefire.com/products/sfsem/gartnerMQ?semg=USGTR1
Cisco Intrusion Prevention System http://www.cisco.com/en/US/products/sw/secursw/ps2113/index.html
Cisco IPS 4200 Series Sensors http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/index.html
IBM - Proventia Network Intrusion Protection Systems (IPS) http://www-935.ibm.com/services/us/index.wss/offerfamily/iss/a1030570
IBM Proventia Network Intrusion Protection System ftp://ftp.software.ibm.com/common/ssi/pm/sp/n/sed03056usen/SED03056USEN.PDF
Juniper Networks: Intrusion Prevention System (IPS) http://www.juniper.net/us/en/products-services/software/ise-applications/ips/
McAfee Network Security Platform http://www.mcafee.com/us/enterprise/products/network_security/network_security_platform.html
Snort
Sourcefire Intrusion Prevention Systems (IPS)
Sourcefire Vulnerability Research Team (VRT)
TippingPoint Intrusion Prevention Systems

Read more ...

IDS&IPS | Mukesh Joon

IDS & IPS An intrusion detection system (IDS) is software and/or hardware based system that monitors network traffic and monitors for suspicious activity and alerts the system or network administrator. In some cases the IDS may also respond to anomalous or malicious traffic by taking action such as blocking the user or source IP address from accessing the network. Typical locations for an intrusion detection system is as shown in the following figure - Following are the types of intrusion detection systems :- 1) Host-Based Intrusion Detection System (HIDS) :- Host-based intrusion detection systems or HIDS are installed as agents on a host. These intrusion detection systems can look into system and application log files to detect any intruder activity. 2) Network-Based Intrusion Detection System (NIDS) :- These IDSs detect attacks by capturing and analyzing network packets. Listening on a network segment or switch, one network-based IDS can monitor the network traffic affecting multiple hosts that are connected to the network segment, thereby protecting those hosts. Network-based IDSs often consist of a set of single-purpose sensors or hosts placed at various points in a network. These units monitor network traffic, performing local analysis of that traffic and reporting attacks to a central management console. Some important topics comes under intrusion detection are as follows :- 1) Signatures - Signature is the pattern that you look for inside a data packet. A signature is used to detect one or multiple types of attacks. For example, the presence of “scripts/iisadmin” in a packet going to your web server may indicate an intruder activity. Signatures may be present in different parts of a data packet depending upon the nature of the attack. 2) Alerts - Alerts are any sort of user notification of an intruder activity. When an IDS detects an intruder, it has to inform security administrator about this using alerts. Alerts may be in the form of pop-up windows, logging to a console, sending e-mail and so on. Alerts are also stored in log files or databases where they can be viewed later on by security experts. 3) Logs - The log messages are usually saved in file.Log messages can be saved either in text or binary format. 4) False Alarms - False alarms are alerts generated due to an indication that is not an intruder activity. For example, misconfigured internal hosts may sometimes broadcast messages that trigger a rule resulting in generation of a false alert. Some routers, like Linksys home routers, generate lots of UPnP related alerts. To avoid false alarms, you have to modify and tune different default rules. In some cases you may need to disable some of the rules to avoid false alarms. 5) Sensor - The machine on which an intrusion detection system is running is also called the sensor in the literature because it is used to “sense” the network. Snort :- Snort is a very flexible network intrusion detection system that has a large set of pre-configured rules. Snort also allows you to write your own rule set. There are several mailing lists on the internet where people share new snort rules that can counter the latest attacks. Snort is a modern security application that can perform the following three functions : * It can serve as a packet sniffer. * It can work as a packet logger. * It can work as a Network-Based Intrusion Detection System (NIDS). Further details and downloads can be obtained from it's home- http://www.snort.org

Read more ...

DOS(Deniel Of Services) Attack | Mukesh Joon

-: Denial Of Service (DoS) Attacks :- A denial of service (DoS) attack is an attack that clogs up so much memory on the target system that it can not serve it's users, or it causes the target system to crash, reboot, or otherwise deny services to legitimate users.There are several different kinds of dos attacks as discussed below:- 1) Ping Of Death :- The ping of death attack sends oversized ICMP datagrams (encapsulated in IP packets) to the victim.The Ping command makes use of the ICMP echo request and echo reply messages and it's commonly used to determine whether the remote host is alive. In a ping of death attack, however, ping causes the remote system to hang, reboot or crash. To do so the attacker uses, the ping command in conjuction with -l argument (used to specify the size of the packet sent) to ping the target system that exceeds the maximum bytes allowed by TCP/IP (65,536). example:- c:/>ping -l 65540 hostname Fortunately, nearly all operating systems these days are not vulnerable to the ping of death attack. 2) Teardrop Attack :- Whenever data is sent over the internet, it is broken into fragments at the source system and reassembled at the destination system. For example you need to send 3,000 bytes of data from one system to another. Rather than sending the entire chunk in asingle packet, the data is broken down into smaller packets as given below: * packet 1 will carry bytes 1-1000. * packet 2 will carry bytes 1001-2000. * packet 3 will carry bytes 2001-3000. In teardrop attack, however, the data packets sent to the target computer contais bytes that overlaps with each other. (bytes 1-1500) (bytes 1001-2000) (bytes 1500-2500) When the target system receives such a series of packets, it can not reassemble the data and therefore will crash, hang, or reboot. Old Linux systems, Windows NT/95 are vulnerable. 3) SYN - Flood Attack :- In SYN flooding attack, several SYN packets are sent to the target host, all with an invalid source IP address. When the target system receives these SYN packets, it tries to respond to each one with a SYN/ACK packet but as all the source IP addresses are invalid the target system goes into wait state for ACK message to receive from source. Eventually, due to large number of connection requests, the target systems' memory is consumed. In order to actually affect the target system, a large number of SYN packets with invalid IP addresses must be sent. 4) Land Attack :- A land attack is similar to SYN attack, the only difference being that instead of including an invalid IP address, the SYN packet include the IP address of the target sysetm itself. As a result an infinite loop is created within the target system, which ultimately hangs and crashes.Windows NT before Service Pack 4 are vulnerable to this attack. 5) Smurf Attack :- There are 3 players in the smurf attack–the attacker,the intermediary (which can also be a victim) and the victim. In most scenarios the attacker spoofs the IP source address as the IP of the intended victim to the intermediary network broadcast address. Every host on the intermediary network replies, flooding the victim and the intermediary network with network traffic. Result:- Performance may be degraded such that the victim, the victim and intermediary networks become congested and unusable, i.e. clogging the network and preventing legitimate users from obtaining network services. 6) UDP - Flood Attack :- Two UDP services: echo (which echos back any character received) and chargen (which generates character) were used in the past for network testing and are enabled by default on most systems. These services can be used to launch a DOS by connecting the chargen to echo ports on the same or another machine and generating large amounts of network traffic.

Read more ...

XSS(Cross Site Scripting) || Mukesh Joon

Basic XSS Cross Site Scripting

Allot of you guys aren't clear with xss aka cross site scripting and for that many of you were sending me mails on how to do xss attack , etc and that's why i got this video which explains some basic concepts of the Xss attack and how it can be practiced and how can we use it to hack anybody.

This video is controversial by Brial Contos, CISSP from a company named IMPERVA. it takes through each and every step involved to find a xss vulnerability in a webpage . and showcases some of the basic steps that you need to know.

What is XSS

Cross-site scripting ('XSS' or 'CSS') is an attack that takes advantage of a Web site vulnerability in which the site displays content that includes un-sanitized user-provided data. For example, an attacker might place a hyperlink with an embedded malicious script into an online discussion forum….

That purpose of the malicious script is to attack other forum users who happen to select the hyperlink. For example it could copy user cookies and then send those cookies to the attacker. The Script Injection video should be watched before this video for greater understanding.

Conclusion

Now you might be clear with xss attacks it is easy and can be used in man terms to hack anybody or anything else for fun also. Now lets take a look at some of the commonly used xss scripts and code snippets -

Assuming you can only fit in a few characters and it filters against ".js" you can rename your JavaScript file to an image as an XSS vector:

This is most simplest snippet used to find a Xss vulnerability in a webpage.

This is a normal XSS JavaScript injection, and most likely to get caught but I suggest trying it first (the quotes are not required in any modern browser so they are omitted here):

There are many more xss vulnerabilities you can use to bypass the security but they are most useful to find a xss vulnerability in webpage.

Read more ...