Wednesday, April 28, 2010

Microsoft Certification: free Second Shot offer

Take a Second Shot at certification and advance your career
Whether you are currently unemployed, looking for a promotion, or trying to become indispensable in your existing role, Microsoft Certifications can help validate that you have the skills needed to work in the top IT professional and developer jobs in the industry.
Take advantage of our Second Shot offer and get a free retake if you do not pass an IT professional or developer Microsoft Certification exam the first time. You must take both the first and (if necessary) the retake exam before June 30, 2010.
Offer details:
• Dates: January 13, 2010 – June 30, 2010.
• Details: You must register, obtain a voucher code, schedule, pay, and take the first and (if necessary) the retake exam before June 30, 2010.
• Applicable exams: This offer applies to all Microsoft Learning IT professional, developer, project management, and Microsoft Dynamics exams, including academic exams.
• Eligible countries and regions: This is a worldwide offer that is available at Prometric test centers only.
Note Only one Second Shot voucher is available per purchased exam.

For vouchers Contact:

Thursday, March 18, 2010

Are You Frustrated The Law of Attraction is Not Working For You Especially in the Area of Attracting Money?

I don’t know about you, but I seem to get the feeling that people are generally frustrated the Law of Attraction is not working consistently for them, ESPECIALLY in the area of wealth.

Sure, people have used the Law of Attraction to help them in many areas of life, from love and relationships to career to health. But wealth seems to be the area of priority for most people, and ironically, it also seems to be the area most people find least success in. It almost feels like there’s a correlation…

I’m curious to see if I’ve somehow hit the nail on the head with this observed correlation, so I’ll be interested to know on a scale of 1-10, how much focus have you put into expanding your wealth by using the Law of Attraction? And, on a scale of 1-10, how successful have you been with the Law of Attraction to attract money into your life?

Just let me know in the comments. Cheers.

Tuesday, February 16, 2010

Information Security Management System (ISMS) – ISO 27001

Information Security Management System (ISMS) is a management system based on a systematic business risk approach, to establish, implement, operate, monitor, review, maintain, and improve information security. It is an organizational approach to information security. ISO/IEC 27001 is a standard for information security that focuses on an organization's ISMS.

Objective of ISMS

Information security is the protection of information to ensure:
• Confidentiality: ensuring that the information is accessible only to those authorised to access it.
• Integrity: ensuring that the information is accurate and complete and that the information is not modified without authorization.
• Availability: ensuring that the information is accessible to authorized users when required.

Why should I implement ISO 27001 ISMS?

• Certification of a management system brings several advantages. It gives an independent assessment of your organization's conformity to an international standard that contains best practices from experts for ISMS.
• Meeting legislative and regulatory requirements
• As a measure and independent evidence that industry best practices are being followed.
• As part of a corporate governance program

Process for implementing ISO 27001
1. Define an information security policy
2. Define scope of the information security management system
3. Perform a security risk assessment
4. Manage the identified risk
5. Select controls to be implemented and applied
6. Prepare as SoA (a "statement of applicability")

The Certification Process
 Guidelines - ISO/IEC 27002:2007
 Certification - ISO/IEC 27001:2005
 Stage 1 : Documentation Review & evaluate client's readiness
 Stage 2 : Implementation audit & evaluate effectiveness of client's systems
 Lead Auditor's recommendation to certify
 Certificate issued by certification/registration body
 Surveillance
 Periodic review audits (6 months interval)
 Re-certification (after 3 years)

Penetration Testing

Penetration testing (also called pen testing) is the practice of testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit.
Pen tests can be automated with software applications or they can be performed manually. Either way, the process includes gathering information about the target before the test (reconnaissance), identifying possible entry points, attempting to break in (either virtually or for real) and reporting back the findings.
The main objective of penetration testing is to determine security weaknesses. A pen test can also be used to test an organization's security policy compliance, its employees' security awareness and the organization's ability to identify and respond to security incidents.
Penetration tests are sometimes called white hat attacks because in a pen test, the good guys are attempting to break in.
Pen test strategies include: -

Targeted testing

Targeted testing is performed by the organization's IT team and the penetration testing team working together. It's sometimes referred to as a "lights-turned-on" approach because everyone can see the test being carried out.

External testing

This type of pen test targets a company's externally visible servers or devices including domain name servers (DNS), e-mail servers, Web servers or firewalls. The objective is to find out if an outside attacker can get in and how far they can get in once they've gained access.

Internal testing

This test mimics an inside attack behind the firewall by an authorized user with standard access privileges. This kind of test is useful for estimating how much damage a disgruntled employee could cause.

Blind testing

A blind test strategy simulates the actions and procedures of a real attacker by severely limiting the information given to the person or team that's performing the test beforehand. Typically, they may only be given the name of the company. Because this type of test can require a considerable amount of time for reconnaissance, it can be expensive.

Double blind testing

Double blind testing takes the blind test and carries it a step further. In this type of pen test, only one or two people within the organization might be aware a test is being conducted. Double-blind tests can be useful for testing an organization's security monitoring and incident identification as well as its response procedures.
Penetration Testing Tools
1) Nmap - Worlds Best Port Scanner
2) Nessus - Vulnerability Scanner
3) Metasploit - Exploit framework
4) Pass-The-Hash - Who needs passwords?
5) Hydra - Brute force password guessing
6) Cain & Abel - The ultimate MITM utility
7) Wireshark - network protocol analyzer
8) Snort - traffic analysis and packet logging on IP networks
9) Netcat - reads and writes data across TCP or UDP network connections
10) Nikto - web server scanner which performs comprehensive tests against web servers

Technology Trends 2010

1. Unified Communication
2. Information Security
3. Cloud Computing
4. Virtualisation
5. Mobile application
6. Data Centre Management
7. Mobility & GPS
8. Business Intelligence
9. Gaming Application & Animation
10. Bar-coding & RFID

Wednesday, June 10, 2009

Cyberoam Net-to-Net Connection

Cyberoam UTM device allows configuring IPSec VPN tunnels over ADSL link. The configuration based on DYN DNS service. Both the head office and branch office use ADSL link. Configure a DYN DNS address for both the sites. The configuration is very simple and straight forward.

The advantage of this type of connection is:-
a) Speed
b) Less expensive
c) Easy to get ADSL link
d) Easy of deployment
e) Good for branch office / small office connections
f) Easy to manage

Wednesday, December 19, 2007


As data keeps growing exponentially, the need for more advanced storage technologies has increased. We take a look at the upcoming technologies that will make storage simpler in future

Data growth in any organization is an irreversible process. You can control and manage data, but you can't reduce it. Hence, there will always be the need for efficient ways of storing and managing data. Since data is generated by umpteen types of applications in zillions of formats, some pretty innovative ways are required for storing it. That's why storage has always remained such a hot topic, and it will continue to remain so as long as there's growing data.

Market drivers
The ever increasing amount of data brings with it not only requirements for more storage capacity, but also issues of security, physical space for hosting more storage devices, concerns of managing them, the speed of accessing data, and much more. So much so that storage has become the driver for innovation across so many industries. It has provided an opportunity to the software development world for creating applications to store, back up, retrieve, index, and search data. It has given the security industry an opportunity to find new ways of securing the growing volumes of data. The storage industry itself is coping with the challenge of cramming higher storage capacity in smaller form factors. The growing volume of data is also creating opportunities in the storage management and virtualization space.

Even the consumer electronics industry is banking on storage, because most consumer appliances and even digital gadgets require lots of it.

MP3 players, smartphones, digital cameras and camcorders, Digital Video Recorders, are just a few examples that require storage.Plus, storage is also driving niche markets like IP Surveillance.

Glimpses 2007
1) Hard drive capacities hit the 1 Terabyte mark.
2) Tiny personal NAS boxes became ubiquitous this year. New security standards emerged for encrypting data at rest, like the IEEE 1619.3.
3) Email archival solutions became widespread
4) USB based flash drive capacities exceeded 4 GB.
5) NAS boxes, ILM, Continuous Data Protection, Document and Content Management Systems were on the purchase list.

Hot trends this year
We've had a pretty eventful year as far as storage goes. Several foundation stones have been laid this year that will set the tone for things to come in the future.

While the trend of increasing capacities and reducing costs in hard drives has been around for a long time now, this year they finally hit the 1 TB mark. In fact, the competition to bring out higher capacity drives has become very similar to the GHz wars of the past in microprocessors, which continued until they reached the limit. Thankfully, hard drive capacities have not yet reached their limits. We'll see capacities beyond 1 TB in a single hard drive in the coming years.

Solid State storage drives also hit the market this year, and many laptop vendors launched their models with them. So imagine a laptop with no magnetic hard drive-just a single solid state drive with flash memory inside and a SATA interface. The technology behind high capacity solid state drives is NAND, which stands for 'Not AND'. In the digital world, NAND is a kind of logic gate.

Jargon Buster
Storage Terms you should know for next year

1) ILM (Information Lifecycle Management): A comprehensive approach for administering Storage systems on computing devices. The information system's data and associated metadata are effectively managed right from its creation and initial storage, till the time it becomes obsolete and is deleted.
2) CDP (Continuous Data Protection): It is nothing in line with traditional back up or RAID/replication/mirroring. It refers to backup of data in such a manner that every change made to the data is automatically saved. Essentially it captures every version of the data that the user saves. You can restore data to any point in time.
3) Storage Virtualization: Commonly used in Storage Area Network, it is mainly the pooling of all physical storage from various network devices into what appears to be a single storage device which is managed from a central console.
4) VTL (Virtual Tape Library): It's mainly a virtualization technology for data storage used primarily for data backup and recovery purposes. It presents a storage component as a tape drive or library for use with existing backup software.
5) SSD (Solid State Drives): A data storage device which uses solid-state memory to store persistent data. SSDs comprise of NAND flash which is non-volatile or SDRAM which is volatile. They are already available as 32GB SSD and 64GB SSD from various vendors and 128GB will be available soon. Super Computers.

So in effect, storage has become even more ubiquitous than before. Just about every industry demands it today for different applications. In enterprises, branch office automation led to the need for anytime anywhere access to data, which made the concept of Wide Area File Services more popular. Data center consolidation and infrastructure centralization led to greater demands for more storage and backup. The need to standardize and comply led to the popularity of email archival solutions, and even new data encryption technologies.

Network Attached Storage, or NAS for short, saw terrific growth this year. In fact, the interesting thing about this market was that NAS boxes became available for everyone, right from personal users to data centers. Interestingly, 1 TB NAS for personal use or for small offices became commonplace this year.

Information Lifecycle Management solutions were also on top of the storage purchase chart for many enterprises. Likewise, several other storage terms were pretty common place this year. There was a lot of interest in Continuous Data Protection or CDP for instance. With growing amount of content, organizations started considering content and document management solutions.

Key Predictions for the future
Now we come to the exciting part. What all can you expect in the storage arena next year. So here's our list of predictions to help you be prepared for next year:

Storage Virtualization implementations will rise
This is one of the most talked about areas in storage for a long time, and has not been able to take off as well as its cousin in the server world. This year saw some traction in storage virtualization, with vendors introducing many new products and early bird implementations. So the momentum has just started, and we're likely to see a lot more action in storage virtualization next year. While considering storage virtualization, don't get blinded by its benefits. Look at the other side as well. That's because it's not as easy as adding an abstraction layer on top of your existing heterogeneous storage infrastructure and have a virtualized storage environment. Be prepared to add more storage equipment to manage your existing ones. Likewise, there are many different ways of doing storage virtualization, and choosing the right one requires a discussion in itself.
Solid State drives will become more commonplace
We all know that solid state memory is much faster than magnetic memory. It has no moving parts, runs at much higher speed, and is not affected by wear and tear. That's why RAM is faster than a hard drive. However, solid state memory is also much more expensive, which is why we don't see everyone rushing to replace all magnetic storage with it. But there are quite a few interesting developments in this area. Many notebooks vendors this year started shipping their products with solid state drives inside. A race has started amongst memory manufacturers to introduce higher capacity solid state drives, with the latest being A-Data's 128 GB SSD.

Currently, if you were to buy a laptop with a SSD inside, then you have to shell out at least 40-50K extra for it. But the growing competition amongst flash drive manufacturers and economies of scale will eventually bring down prices, and you might find lots of SSD based notebooks in the market next year. The advantages are many. SSDs are thinner, lighter, and faster, which should improve system performance, make notebooks lighter and perhaps more power friendly as well.

A peek into the future
1) Storage virtualization will become widespread.
2) Solid State drives in notebooks will become common place.
3) Hard drive capacities will reach 2 TB+ range for desktops.
4) Virtual Tape Libraries will become more common.
5) Full Disk Encryption or FDE based drives will hit the market for data centers.

Full disk encryption based drives will emerge for storage security
One of the biggest challenges most organizations are facing today is securing their ever growing volumes of data. This is becoming even a bigger concern with so many laptops being used amongst organizations. Plus of course there's all the data being backed up to tape drives. All this data in computers, which is not travelling across a network is known as data at rest. The answer to doing this is to encrypt it. There are many ways of doing this, and we've seen many attempts at it over the past few years with vendors introducing various types of solutions for doing so. There are software programs that encrypt data on the fly, and even appliances that encrypt data before backing it up. This year however, another technology has started gaining ground, which aims to build encryption capabilities within the hard drive itself, a concept known as Full-Disk Encryption or FDE. This is currently being backed up by Seagate, IBM, and LSI, and even IEEE is creating a management standard, called 1619.3, to ensure interoperability.

If everything goes well, then you should see FDE based drives shipping next year. The logic behind having FDE based drives is also quite strong. If the logic of encrypting all data lies within the hard drive controller itself, it will improve performance. Moreover, even as more drives get added, the performance won't degrade because each drive will be handling its own encryption.

VTLs will grow in popularity
This is one area that's becoming strong competitor to tape based backup. Virtual Tape Libraries will become more popular next year, as vendors gear up with more offerings.

Storage has become so ubiquitous and there have been so many developments around it that one can go on and on talking about them. But we'll end the discussion here and bring you more news on it in our forthcoming issues.

Monday, April 30, 2007

Laptop Security Basics

Laptop security basics

There are some rudimentary steps that you can take to prevent your laptop from being stolen.

Use the features of your operating system

If you have chosen an operating system that has in-built security features (Windows 2000 Professional and Windows XP Professional are examples) then do not be afraid to use them. Features may include secure logon, file level security, and the ability to encrypt data.

Use the BIOS password

It would be unwise not to protect the BIOS. Find out whether the BIOS will also protect the hard disk drive to stop it from being used in another machine. Another tip is to find out what the procedure is for resetting the BIOS password. If it has to be sent back to the manufacturer, so much the better, as that will afford some protection, as a thief is unlikely to do that. Some will offer an in-the-field work around, which might make it attractive to a thief.

Your laptop's serial numbers

It is written down, right? And stored in a safe place? Good. That will help the police return it to you should it ever be recovered by them.

Use some form of permanent marking on the laptop

Engraving your company name on the case of the laptop with an address or contact number, or both, may increase the likelihood of getting the laptop returned to you if it is stolen and recovered (or, if by some accident, you forget it). Commercial asset tags are also a great aid to the police to return the laptop to you. It may also serve as a deterrent to the casual thief if the choice is between stealing a marked laptop or an unmarked laptop. Why? They cannot sell it using an online auction so easily. Also, travelling through airport security means that someone is also less likely to pick up your laptop accidentally. Information freely available on the Web suggests that 97% of stolen laptops are never recovered.

Use the manufacturer's registration scheme

Most people ignore registration because they think that it is likely to lead to spam. However, remembering that thieves are usually not smart, one might be unintelligent enough to send it in for service or to reset the BIOS, so having it registered with the manufacturer might prove valuable if you alert them to the fact that it is stolen.

Cable lock

Most laptops have a Universal Security Slot (USS), also known as a Kensington Security Slot (sometimes referred to as a K-slot or Kensington Slot). Will it stop bolt cutters? Unlikely. Will it stop a casual thief that just happened to be walking past your hotel room while room service had propped the door open, and then gone off to get more towels? Probably. And make sure to secure it around a strong, immovable, indestructible object. Also use it in the office. What percentage of laptop thefts occur in the office? (See below for answer).

Docking station

Use a docking station that is securely fastened to your desk. If it also allows you to lock the laptop in place, so much the better. This is especially important if you are leaving the laptop overnight, or longer. Better still, lock it in a strong cabinet if at all possible.

Personal firewall

Use a third-party firewall to prevent hackers from hacking into your laptop, and maybe into the company network. If you do disable it for any reason, do not forget to turn it back on.


If your laptop has this capability, then familiarize yourself with them and then use them. Your fingerprint can be your logon ID in place of a password.

Tracking software

There are companies that offer tracking software, allowing your laptop to regularly ping a tracking center with a signal that allows it to be traced. If the laptop is stolen the company will work with law enforcement to trace your laptop.

Laptop case

It might look chic to have the latest designer laptop case or manufacturers case, but nothing sends out a better signal to a thief than an ostentatious display, which may include your company logo, elite looking luggage tags, your business card embossed in plastic that gives a thief a clue as to the likely worth of the contents. There are nondescript backpacks that have padded sleeves to hold a laptop safely. A backpack is useful for going to the restroom without having to put your case down. For the ultra-security conscious, buy little padlocks to lock the zips so that no-one can get into the backpack quickly, steal the laptop, and then zip it back up again.


Make them a combination of numbers and letters so that they are harder to crack. Do not leave the password on a Post-It on the laptop (it does happen).


Always encrypt sensitive, personal, confidential data and leave the password with a trusted source if you need to. If you do not know how to encrypt files, then learn.

Back up your hard drive

At the very least, back up your hard disk drive before you travel.

Thursday, April 12, 2007

Web 3.0

Just in case you missed it, the web now has version numbers. Nearly three years ago, amid continued hand-wringing over the dot-com crash, a man named Dale Dougherty dreamed up something called Web 2.0, and the idea soon took on a life of its own. In the beginning, it was little more than a rallying cry, a belief that the Internet would rise again. But as Dougherty's O'Reilly Media put together the first Web 2.0 Conference in late 2005, the term seemed to trumpet a particular kind of online revolution, a World Wide Web of the people.

Web 2.0 came to describe almost any site, service, or technology that promoted sharing and collaboration right down to the Net's grass roots. That includes blogs and wikis, tags and RSS feeds, and Flickr, MySpace and YouTube. Because the concept blankets so many disparate ideas, some have questioned how meaningful—and how useful—it really is, but there's little doubt it owns a spot in our collective consciousness. Whether or not it makes sense, we now break the history of the Web into two distinct stages: Today we have Web 2.0, and before that there was Web 1.0.
Which raises the question: What will Web 3.0 look like?
Yes, it's too early to say for sure. In many ways, even Web 2.0 is a work in progress. But it goes without saying that new Net technologies are always under development—inside universities, think tanks, and big corporations, as much as Silicon Valley start-ups—and blogs are already abuzz with talk of the Web's next generation.
The problem is that a complete reannotation of the Web is a massive undertaking. "The Semantic Web is a good-news, bad-news thing," says R. David Lankes, an associate professor at Syracuse University's School of Information Studies. "You get the ability to do all these very complex queries, but it takes a tremendous amount of time and metadata to make that happen."
To many, Web 3.0 is something called the Semantic Web, a term coined by Tim Berners-Lee, the man who invented the (first) World Wide Web. In essence, the Semantic Web is a place where machines can read Web pages much as we humans read them, a place where search engines and software agents can better troll the Net and find what we're looking for. "It's a set of standards that turns the Web into one big database," says Nova Spivack, CEO of Radar Networks, one of the leading voices of this new-age Internet.
But some are skeptical about whether the Semantic Web—or at least, Berners-Lee's view of it—will actually take hold. They point to other technologies capable of reinventing the online world as we know it, from 3D virtual worlds to Web-connected bathroom mirrors. Web 3.0 could mean many things, and for Netheads, every single one is a breathtaking proposition.

Tim, Lucy, and The Semantic Web The Semantic Web isn't a new idea. This notion of a Web where machines can better read, understand, and process all that data floating through cyberspace—a concept many refer to as Web 3.0—first entered the public consciousness in 2001, when a story appeared in Scientific American. Coauthored by Berners-Lee, the article describes a world in which software "agents" perform Web-based tasks we often struggle to complete on our own.

The article begins with an imaginary girl named Lucy, whose mother has just been told by her doctor that she needs to see a specialist. "At the doctor's office, Lucy instructed her Semantic Web agent through her handheld Web browser," we read. "The agent promptly retrieved information about Mom's prescribed treatment from the doctor's agent, looked up several lists of providers, and checked for the ones in-plan for Mom's insurance within a 20-mile radius of her home and with a rating of excellent on trusted rating services."
That's quite a mouthful, but it only begins to describe Berners-Lee's vision of a future Web. Lucy's Semantic Web agent can also check potential appointment times against her mother's busy schedule, reschedule other appointments if need be, and more—all on its own, without help from Lucy. And Lucy is just one example. A Semantic Web agent could be programmed to do almost anything, from automatically booking your next vacation to researching a term paper.
How will this actually work? In Berners-Lee's view, it involves a reannotation of the Web, adding all sorts of machine-readable metadata to the human-readable Web pages we use today (see "Questions of Semantics," opposite). Six years after the Scientific American article, official standards describing this metadata are in place—including the Recourse Description Framework (RDF) and the Web Ontology Language (OWL)—and they're already trickling into real-world sites, services, and other tools. -Semantic Web metadata underpins Yahoo!'s new food site. Spivack's Radar Networks is building a kind of Semantic Web portal. A development platform, Jena, is in the works at HP. And you'll find Semantic Web structures in Oracle's Spatial database tool.

The problem is that a complete reannotation of the Web is a massive undertaking. "The Semantic Web is a good-news, bad-news thing," says R. David Lankes, an associate professor at Syracuse University's School of Information Studies. "You get the ability to do all these very complex queries, but it takes a tremendous amount of time and metadata to make that happen."

Labels: ,

Monday, March 05, 2007

The Vista brute force keygen

The Vista brute force keygen - Updated by ZDNet's Adrian Kingsley-Hughes -- UPDATED Over on a brute force method for acquiring a usable product key for Microsoft's Vista platform has been released. I can confirm that this method works (for now at any rate), but I don't think that Microsoft has much to worry about.