• The NSA has been revealed to be collecting data from the communication links used by Google and Yahoo data centers. What does this mean for you and your business? 
    a_smatteson_nsa_spying.png.jpg
    I'll admit I'm not a subscriber to conspiracy theories. I believe Oswald acted alone, 9/11 wasn't an inside job, and the Titanic just plain hit an iceberg and sank. That being said, the revelation by Edward Snowden that the National Security Agency (NSA) has been spying on Google and Yahoo wasn't a particular surprise to me - nor to many other people either. It wasn't a matter of a conspiracy; it was only a matter of time.
    The purpose of the NSA is to gather information that might be vital to United States interests. My goal isn't to discuss whether the NSA should or should not engage in this kind of activity, but rather what it might mean for you or your business if you are a Google user or customer.

    What have they been up to?

    The story was reported in the Washington post on October 30th. "According to a top-secret accounting dated Jan. 9, 2013, the NSA's acquisitions directorate sends millions of records every day from internal Yahoo and Google networks to data warehouses at the agency's headquarters at Fort Meade, Md. In the preceding 30 days, the report said, field collectors had processed and sent back 181,280,466 new records - including 'metadata,' which would indicate who sent or received e-mails and when, as well as content such as text, audio and video."
    Basically, the NSA has been looking at data in motion - network traffic - between Google's data centers. This took place overseas where the NSA is permitted to conduct these operations. The full implications have yet to unfold but Google's past and future may well be divided by this line crossing its history.
    Google has condemned this activity and explicitly stated "We do not provide any government, including the U.S. government, with access to our systems."
    In turn, the NSA has defended their actions (PDF) by stating: "NSA conducts all of its activities in accordance with applicable laws, regulations, and policies." They assert they are looking for "terrorists, weapons proliferators, and other valid foreign intelligence targets" and that "our focus is on targeting the communications of those targets, not on collecting and exploiting a class of communications or services that would sweep up communications that are not of bona fide foreign intelligence interest to us."
    Regardless of intent or results, if you or your business has data on Google's servers – whether in the form of Gmail, documents stored in Drive, or company information kept on private Sites, I'm sure you're wondering exactly what you should do to protect your data from unwanted interception from any third party or agency.

    So, what can I do?

    First I want to state that my advice applies to individuals and businesses engaging in legal activities who are concerned about their privacy. I feel you have less to worry about if you aren't a desirable target for government spying, but I understand we all have different definitions and opinions of what the feds may have planned or what constitutes a "desirable target."
    Now, this may sound shocking or cavalier, but if you're a Google customer and you transmit confidential information to their systems, you shouldn't be doing anything differently - with one special exception which I'll discuss below. Why is that? Because you've had your data in the hands of others all along and safeguarding it to the best of your ability, not to mention your level of comfort, has been a priority from the get-go. Hopefully it's an ingrained habit.
    This means not sending messages through Gmail containing information which might ruin your organization if leaked (such as an announcement about an impending buyout offer).
    b_smatteson_nsa_spying.png

    Yes, your browser connection to Gmail is encrypted via certificate as shown above, but that protects you against someone sniffing traffic between you and Google. In this case the NSA was monitoring data between Google data centers, meaning they were already inside the perimeter.
    Good security practices also mean not storing information on anyone else's servers unless it's protected by strong encryption. For instance, I use TrueCrypt to create virtual encrypted disks (also known as containers) which I can mount as a drive by entering my password (which is over 18 characters). Nothing I don't wish to share with the world is kept online other than within these TrueCrypt containers. This certainly gave me peace of mind when I lost a smartphone in New York City last summer which had copies of my TrueCrypt containers on it.
    c_smatteson_nsa_spying.png
    If you encrypt your data with a long, random 256-bit key (some feel 128-bit is sufficient, but the key to that is the length of the key!) it is virtually impossible for someone to guess the password via "brute force" computation. Upload this encrypted information to Google Drive and you can rest easy. Yes, it may be a pain having to mount and unmount the TrueCrypt container to add or change information - not to mention resynchronizing the saved file up to your Drive account. However, that's simply the price tag for keeping sensitive material off-site.
    As for passwords, you are changing those on a regular basis, right? Same goes for your encryption keys (I realize I just stated it's impossible for someone to guess the password but how many of your ex-employees might know it?). What about ensuring your company workstations are free of malware, keystroke loggers, and other threats which can impact your privacy? How about making sure your wireless networks are locked down and your routers aren't using the default passwords? Hopefully you can see where I'm going with this. Threats will always be present whether inside or outside, and require the same measures.
    Now, I need to talk about that special exception of what you should do differently, which I mentioned above. Be forewarned that encryption isn't necessarily a magical shield. The NSA is working hard to defeat or reduce the complexity of encryption. For instance, not all encryption products are ironclad; the NSA has engaged security vendors to devise back doors which they can exploit. Open source products are your best bet - and TrueCrypt is one such example. Best of all, it's free.
    It should also be noted that in response to this incident Google is encrypting the connections between data centers, meaning that the traffic within their systems will be more difficult to snoop on. Google is making it clear their priority is to maintain the security of their customers.

    Going forward from here

    I don't believe this issue is sufficient cause for concern to compel companies to opt out of using Google products. In-house systems and services can pose similar risks and you can never guarantee with 100% certainty your data won't fall into the wrong hands. What you can do is tie those hands so your data isn't extractable no matter where it lives.
    In the end, what with Google fighting back against the NSA, this episode may end up meaning little or nothing at all to you, so long as you've been following smart guidelines and safe habits.
    Posted on: Techrepublic


  • CryptoLocker is an especially insidious form of Ransomeware malware that was first detected in the wild in September 2013, restricts access to infected computers and requires victims to pay a ransom in order to regain full access.
    What makes CryptoLocker so bad is the way it encrypts the user data on your hard drive using a strong encryption method. This makes it literally impossible to access your own data without paying the ransom amount to the criminals between $100 and $300 or two Bitcoins, even now more.

    Once affected you will be locked out of your computer and unless you pay the ransom amount in 72 hours , the virus will delete the decryption key to decrypt all the files on your PC .

    The malware lands on PCs the same way other malware does and a few sensible precautions will help minimize the chances of a CrytoLocker attack.

    Yesterday, we reported that - UK's National Crime Agency has given out an urgent national alert that a mass spamming event targeting 10 million UK based email users with CryptoLocker.
    What if your computer gets compromised? Currently there is no option to decrypt the files without the decryption key and brute forcing a file encrypted with 2048 bit encryption is almost impossible. If you don’t pay the ransom, you forever lose access to everything you’ve been working on which is stored on your computer. 

    A few things you can do to prevent your PC from getting infected with the CryptoLocker virus:
    • Most viruses are introduced by opening infected attachments or clicking on links to malware usually contained in spam emails. Avoid opening emails and attachments from unknown sources, especially zip or rar archive files.
    • Most people have some anti-virus program, but how do you know it’s effective? Ensure you have best one active and up-to-date.
    • Also keep your operating system and software up-to-date.
    • Keep a backup. If you have a real-time backup software then make sure that you first clean the computer and then restore the unencrypted version of the files.
    • Create files in the Cloud and upload photos to online accounts like Flickr or Picasa.
    • Windows 7 users should set up the System Restore points or, if you are using Windows 8, configure it to keep the file history.
    • Make sure you have reformatted your hard drive to completely remove the CryptoLocker trojan before you attempt to re-install Windows and/or restore your files from a backup.


    There are many free tools now available in the community, that can help users to protect their systems from this malware.
    1.) CryptoPrevent tool, created by American security expert Nick Shaw.




    This tool applies a number of settings to your installation of Windows that prevents CryptoLocker from ever executing and has been proven to work in Windows XP and Windows 7 environments.

    2.) HitmanPro.Alert 2.5, a free utility that will help you to protect your computer against the CryptoLocker ransomware malware.

    HitmanPro.Alert 2.5 contains a new feature, called CryptoGuard that monitors your file system for suspicious operations. When suspicious behavior is detected, the malicious code is neutralized and your files remain safe from harm.
    3.) BitDefender Anti-CryptoBlocker, an encryption-blocking tool that can detect and block malware from installation.

    Intrusion prevention systems can block the communications protocol send from the Cryptolocker infected system to the remote command-and-control server where the malware retrieves the key to encrypt the files. Blocking the communications can prevent the encryption from taking place.


  • Organizations are still not doing a good job of protecting themselves from social engineers determined to discover information that's valuable for preparing an attack.

    The repercussions are apparent: Out of the past 20 large hacks, 12 of them used social engineering at the penetration, said Chris Hadnagy, chief human hacker at Social-Engineer Inc. and Social-Engineer.org, in an interview. "It's easy," he said. "It's something anyone can do."

    In social engineering, someone tries to get a company employee to disclose information that a hacker could use to attack the organization. Increasingly, the social engineer will use complex scenarios, Hadnagy said.

    Not quite long ago, Social-Engineer.org released results of its fifth Social Engineer Capture the Flag contest, in which 10 men and 10 women try to socially engineer 10 of the biggest global corporations such as Apple, Boeing, and General Electric. Despite ongoing improvements by participants, not all employees or online information was properly secured. For example, one contestant found an unsecured help desk document that included log-in credentials for a participating company's employee-only online portal, Hadnagy said.
    "It’s disheartening to note that after years of attacks and years of warnings, these valuable pieces of information are still so easily found and exploited," he added.

    Undercover
    In this year's contest, 60 percent of contestants pretended they were fellow employees when they contacted real employees to try and discover information. This created an almost immediate bond, said Hadnagy, and often encouraged the real worker to be helpful.

    "Those who didn't pretext as an employee had to work harder to build rapport," he said.


    (Source: SocialEngineer.org)
    (Source: SocialEngineer.org)


    One reason: It's embarrassing for employees to question whether another caller truly is a colleague, said Hadnagy. If the individual truly is a coworker, there's an immediate loss-of-face. Others ignore protocols. Guidelines may not be in place, and employees don't realize they're being played.

    Some recent contestants, especially females, pretended to be subordinate workers, which garnered more help from sympathetic employees, he said.

    A lot of guys pretexted as someone with authority or power. I can't say that correlates. The women came in as humble. I'm part of the tribe and I'm working for the man. That got information. I love playing the garbage man more than I love playing the manager. When I'm playing the garbage man, no one looks at me.

    Stopping the info flow
    There is nothing like an anti-virus or firewall to install against social engineering. Rather, it comes down to good awareness programs, to ongoing employee education and testing.

    "It needs to be realistic. It needs to be involved. It needs to be personal," Hadnagy told me.

    A company could, for example, send a phishing email to 1,000 employees. If workers open it, the message tells them they were part of the campaign and must take this one or two minute lesson. The business then notifies employees this type of campaign will be occurring regularly. The lesson will include ways employees can identify phishing emails so they become less likely to fall for these scams.

    In only a few months, this approach can cut down the number of successful phishing emails to 18 percent from 80 percent, he noted.
    Employees also should have scripts for phone calls, not word-for-word screenplays, but guidance about what to say if someone starts asking questions about operating systems, training, or other practices. Businesses must implement clearly defined, non-threatening policies for handling any potential breaches so employees can safely self-report, without fear of repercussions for the occasional lapse.
    Organizations also can hire external consultants for penetration testing, Hadnagy said.


    That sounds self-serving, because that's what I do. It's not just self-serving. When you want to find out if here's something wrong with you, you're told at a certain age, "Hey, go to the doctor and get checked out." They poke us, prod us. The one time we go in and find something, they take care of it before it turns into a serious problem.
    Written by Alison Diana
  • Many companies that are proud of their ability to identify and clean machines infected with malware are missing a trick and creating a false sense of security, says a veteran security expert.
    “Many IT security teams are failing to think about how threats work,” said Rodney Joffe, senior technologist at communications and analysis firm Neustar.
    The typical approach in many firms is to simply disinfect machines without looking at what happened from the moment of infection, he told Computer Weekly.
    However, Joffe points out that in many of the so-called advanced persistent threat (APT) attacks his company is seeing, attackers are getting into organisations at a low level by targeting a receptionist’s machine, for example.
    Once inside the network, attackers use the initial target “merely as a stepping stone” to move up the hierarchy until they reach their real target.
    According to Joffe, many IT security teams are failing to recognise that while a receptionist’s machine has no value, it is in a direct path to the company executives.
    “They don’t even begin to understand the importance of doing forensics, to track down infections as they move within corporate networks to machines that hold sensitive data,” he said.
    A failure to track infections means that by the time data breaches are discovered, attackers have had access to the corporate network for months and even years without being detected.
    Organisations within the public sector and defence industry are typically the best at coping with attacks that appear to be low level, but are in fact highly targeted at key information assets.
    “These organisations cope with these attacks by building a group that is tasked with forensics and threat analysis to understand the motivations of attackers and trace where infections have gone or are trying to go,” said Joffe.
    Threat analysts are no longer confined to anti-virus companies, but are becoming increasingly common in organisations that really understand the threat and the risk, he said.
    “These organisations are hiring or training people to work through the process, understand the infection point as the starting point, not the end point; and then they trace all the internal contacts that occurred between that system and the rest of the company to its logical conclusion,” said Joffe.
    The importance of this approach, he said, is underlined by cases where the theft of intellectual property that started with a single low-level compromise, has had a financial impact of hundreds of millions of dollars as happened with US chemical firm DuPont two and a half years ago.
    Cyber security has become a top priority for governments, particularly in the UK and the US, where they recognise the potential threat of intellectual property theft on the economy, said Joffe.
    “Companies need to understand what attackers are really targeting and realise that just because they are not aware of anything, it does not mean it is not happening,” he said.




  •  

    Apple unveiled the next-generation iPhone at its headquarters in Cupertino, Calif. on Tuesday. The iPhone 5S — revealed alongside a low-cost iPhone model, the iPhone 5C — keeps the same overall physical design as the previous-generation iPhone 5, but it also has a number of upgrades.
    Calling it the most "forward-looking" iPhone it's ever launched, Apple equipped the iPhone 5S to run 64-bit apps (all previous models ran at 32 bits) thanks to a new processor: the Apple A7. It packs more than 1 billion transistors into a 102mm chip. Apple has re-engineered all the built-in apps — such as Mail, Calendar and iPod — for 64-bit architectures.


    Apple says the new chip makes the iPhone 5S five times faster than the iPhone 5 and 56 times than the original iPhone. The A7 chip supports OpenGL 3.0/ES Version 3.0 for console-level 64-bit graphics. The upcoming Infinity Blade III will be one of the first games to take advantage of the upgrade to deliver improved graphics.

    The iPhone 5S introduces a CoreMotion API for developers, consolidating sensor data from the accelerometer, gyroscope and compass. Apple says it's "optimized for contextual awareness," such as when the user is in a moving vehicle.  

    Apple says the system will empower a new generation of health and fitness apps.
    One of the major additions to the hardware is a fingerprint sensor in the home button, which enables a feature called TouchID. The iPhone 5S scans the fingertip of the person pressing the button, eliminating the need for a lock code. TouchID also means the end of the repeated ritual of entering your Apple ID password every time you download a new app.
    The fingerprint sensor, which has a protective layer of durable sapphire crystal, can store multiple fingerprints and read them from any orientation. They all reside, encrypted, on the A7 chip.


    Major Camera Improvements

    The iPhone's camera is also improved with new sensors that have 15% more area. The Apple-designed lens has five elements with an f/2.2 aperture. The larger sensor translates into bigger pixels that are backed by upgraded image-processing software that automatically sets white balance and exposure level in a dynamic, local tone map of the image
    .
    As predicted, the camera is equipped with a dual-LED flash. The two LEDs have different color temperatures, illuminating a scene with warm and cold light to draw out more natural color. The iPhone's camera also now includes a burst mode that snaps 10 still pictures in one second with automatic image stabilization. (Panorama photos go up to 28 megapixels.)

    Finally, the iPhone 5S camera is capable of capturing HD video at 120 frames per second (fps). The video camera also has a slow-motion mode.


    Gold!

    Battery life is rated as follows: 10 hours 3G talk, 8 hours 3G browsing, 10 hours LTE or Wi-Fi browsing, 10 hours video playback, 40 hours music playback and 250 hours standby.
    Apple is injecting a little more color into its flagship phone as well. The iPhone 5S will be available in white, black and now champagne gold, marking a change from previous generations, which were available only in white and black.

    The iPhone 5S will go on sale Sept. 20 in nine countries: the United States, Canada, China, France, Germany, Japan, Singapore and the UK. Like previous generations, it will come with 16, 32 or 64GB of storage for $199, $299 and $399, respectively — as long as you sign a two-year contract with your wireless carrier (T-Mobile's installment pricing may be a little different).

    By December, Apple plans to sell the iPhone 5S in 100 countries on more than 270 carriers. Apple will also offer dyed leather cases for $39 each.

    Although the iPhone 5S and 5C replace the iPhone 5, Apple will continue to sell the iPhone 4S — albeit with just one storage option, 8GB.

    Rumors have swirled around the iPhone 5S for the past year. Although competition in the smartphone space has heated up considerably in that time, Apple kept to its annual schedule of releasing the new iPhone in the fall.

     The big question is: Will consumers still buy Apple's signature product as they used to?
  • FBSysAdminWeekday2 (3)

    We know how administrators love free tools that make their life easier and, to supplement the list provided on 101 Free Admin Toolshere are 20 of the best free tools for monitoring devices, services, ports or protocols and analysing traffic on your network. Even if you may have heard of some of these tools before, we’re sure you’ll find a gem or two amongst this list – and if you know of any others, leave us a comment below!

    1. Microsoft Network Monitor

    Microsoft Network Monitor is a packet analyser that allows you to capture, view and analyse network traffic. This tool is handy for troubleshooting network problems and applications on the network. Main features include support for over 300 public and Microsoft proprietary protocols, simultaneous capture sessions, a Wireless Monitor Mode and sniffing of promiscuous mode traffic, amongst others.
    MicrosoftNetworkMonitor
    When you launch Microsoft Network Monitor, choose which adapter to bind to from the main window and then click “New Capture” to initiate a new capture tab. Within the Capture tab, click “Capture Settings” to change filter options, adapter options, or global settings accordingly and then hit “Start” to initiate the packet capture process.

    2. Nagios

    Nagios is a powerful network monitoring tool that helps you to ensure that your critical systems, applications and services are always up and running. It provides features such as alerting, event handling and reporting. The Nagios Core is the heart of the application that contains the core monitoring engine and a basic web UI. On top of the Nagios Core, you are able to implement plugins that will allow you to monitor services, applications, and metrics, a chosen frontend as well as add-ons for data visualisation, graphs, load distribution, and MySQL database support, amongst others.
    Tip: If you want to try out Nagios without needing to install and configure it from scratch, download Nagios XI and enable the free version. Nagios XI is the pre-configured enterprise class version built upon Nagios Core and is backed by a commercial company that offers support and additional features such as more plugins and advanced reporting.
    Note: The free version of Nagios XI is ideal for smaller environments and will monitor up to seven nodes.
    NagiosXI
    Once you’ve installed and configured Nagios, launch the Web UI and begin to configure host groups and service groups. Once Nagios has had some time to monitor the status of the specified hosts and services, it can start to paint a picture of what the health of your systems look like.

    3. BandwidthD

    BandwidthD monitors TCP/IP network usage and displays the data it has gathered in the form of graphs and tables over different time periods. Each protocol (HTTP, UDP, ICMP, etc) is color-coded for easier reading. BandwidthD runs discretely as a background service.
    bandwidthD
    Installation is easy. Download and install Winpcap version 3.0 or above (you’ll already have this installed if you have Wireshark on the same box), unzip BandwidthD to a specified folder, edit the ../etc/bandwidthd.conf file accordingly, double click on the “Install Service” batch file and then start the BandwidthD services from the services.msc console. Once the service is running, give it some time to monitor network traffic and load the index.html page to start viewing bandwidth statistics.

    4. EasyNetMonitor

    EasyNetMonitor is a super lightweight tool for monitoring local and remote hosts to determine if they are alive or not. It is useful for monitoring critical servers from your desktop, allowing you to get immediate notification (via a balloon popup and/or log file) if a host does not respond to a periodic ping.
    EasyNetMonitor
    Once you launch EasyNetMonitor, it will appear as an icon in the notification area on your desktop where the IP addresses / host names of the machines you want to monitor can be added. Once you’ve added the machines you wish to monitor, be sure to configure the ping delay time and notification setting.


    5. Capsa Free

    Capsa Free is a network analyzer that allows you to monitor network traffic, troubleshoot network issues and analyze packets. Features include support for over 300 network protocols (including the ability to create and customize protocols), MSN and Yahoo Messenger filters, email monitor and auto-save, and customizable reports and dashboards.
    Capsa
    When you launch Capsa, choose the adapter you want it to bind to and click “Start” to initiate the capture process. Use the tabs in the main window to view the dashboard, a summary of the traffic statistics, the TCP/UDP conversations, as well as packet analysis.


    6. Fiddler

    Fiddler is a web debugging tool that captures HTTP traffic between chosen computers and the Internet. It allows you to analyze incoming and outgoing data to monitor and modify requests and responses before they hit the browser. Fiddler gives you extremely detailed information about HTTP traffic and can be used for testing the performance of your websites or security testing of your web applications (e.g. Fiddler can decrypt HTTPS traffic).
    Fiddler
    When you launch Fiddler, HTTP traffic will start to be captured automatically. To toggle traffic capturing, hit F12. You can choose which processes you wish to capture HTTP traffic for by clicking on “All Processes” in the bottom status bar, or by dragging the “Any Process” icon from the top menu bar onto an open application.


    7. NetworkMiner

    NetworkMiner captures network packets and then parses the data to extract files and images, helping you to reconstruct events that a user has taken on the network – it can also do this by parsing a pre-captured PCAP file. You can enter keywords which will be highlighted as network packets are being captured. NetworkMiner is classed as a Network Forensic Analysis Tool (NFAT) that can obtain information such as hostname, operating system and open ports from hosts.
    NetworkMiner
    In the example above, I set NetworkMiner to capture packets, opened a web browser and searched for “soccer” as a keyword on Google Images. The images displayed in the Images tab are what I saw during my browser session.
    When you load NetworkMiner, choose a network adapter to bind to and hit the “Start” button to initiate the packet capture process.

    8. Pandora FMS

    Pandora FMS is a performance monitoring, network monitoring and availability management tool that keeps an eye on servers, applications and communications. It has an advanced event correlation system that allows you to create alerts based on events from different sources and notify administrators before an issue escalates.
    pandorafms
    When you login to the Pandora FMS Web UI, start by going to the ‘Agent detail’ and ‘Services’ node from the left hand navigation pane. From here, you can configure monitoring agents and services.

    9. Zenoss Core

    Zenoss Core is a powerful open source IT monitoring platform that monitors applications, servers, storage, networking and virtualization to provide availability and performance statistics. It also has a high performance event handling system and an advanced notification system.
    ZenossCore
    Once you login to Zenoss Core Web UI for the first time, you are presented with a two-step wizard that asks you to create user accounts and add your first few devices / hosts to monitor. You are then taken directly to the Dashboard tab. Use the Dashboard, Events, Infrastructure, Reports and Advanced tabs to configure Zenoss Core and review reports and events that need attention.


    10. PRTG Network Monitor Freeware

    PRTG Network Monitor monitors network availability and network usage using a variety of protocols including SNMP, Netflow and WMI. It is a powerful tool that offers an easy to use web-based interface and apps for iOS and Android. Amongst others, PRTG Network Monitor’s key features include:
    (1) Comprehensive Network Monitoring which offers more than 170 sensor types for application monitoring, virtual server monitoring, SLA monitoring, QoS monitoring
    (2) Flexible Alerting, including 9 different notification methods, status alerts, limit alerts, threshold alerts, conditional alerts, and alert scheduling
    (3) In-Depth Reporting, including the ability to create reports in HTML/PDF format, scheduled reports, as well as pre-defined reports (e.g. Top 100 Ping Times) and report templates.
    Note: The Freeware version of PRTG Network Monitor is limited to 10 sensors.
    PRTGNetworkMonitor
    When you launch PRTG Network Monitor, head straight to the configuration wizard to get started. This wizard will run you through the main configuration settings required to get the application up and running, including the adding of servers to monitors and which sensors to use.


    11. The Dude

    The Dude is a network monitoring tool that monitors devices and alerts you when there is a problem. It can also automatically scan all devices on a given subnet and then draw and layout a map of your network.
    TheDude
    When you launch The Dude, you first choose to connect to a local or remote network and specify credentials accordingly. Click ‘Settings’ to configure options for SNMP, Polling, Syslog and Reports.

    12 Splunk

    Splunk is a data collection and analysis platform that allows you to monitor, gather and analyze data from different sources on your network (e.g. event logs, devices, services, TCP/UDP traffic, etc). You can set up alerts to notify you when something is wrong or use Splunk’s extensive search, reporting and dashboard features to make the most of the collected data. Splunk also allows you to install ‘Apps’ to extend system functionality.
    Note: When you first download and install Splunk, it automatically installs the Enterprise version for you to trial for 60 days before switching to the Free version. To switch to the Free version straight away, go to Manager > Licensing.
    Splunk
    When you login to the Splunk web UI for the first time, add a data source and configure your indexes to get started. Once you do this you can then create reports, build dashboards, and search and analyze data.

    13. Angry IP Scanner

    Angry IP Scanner is standalone application that facilitates IP address and port scanning. It is used to scan a range of IP addresses to find hosts that are alive and obtain information about them (including MAC address, open ports, hostname, ping time, NetBios information, etc).
    AngryIpScanner
    When you execute the application, go to Tools > Preferences to configure Scanning and Port options, then go to Tools > Fetchers to choose what information to gather from each scanned IP address.


    14 ntopng

    ntopng (‘ng’ meaning ‘next generation’) is the latest version of the popular network traffic analyzer called ntop. ntopng will sit in the background and gather network traffic, then display network usage information and statistics within a Web UI.
    Note: Although originally aimed for use on Unix-based systems, there is a Windows version available for a small fee, or a demo version limited to 2000 packets. If you are comfortable running ntopng on a Unix-based box then you can get the full version for free.
    ntopng
    The image above shows the ntopng dashboard after a few minutes of network traffic collection. In this example, I am using the Windows version. After installation, I simply executed the redis-server.exe file from ..\Program Files (x86)\Redis and fired up the Web UI (http://127.0.0.1:3000).


    15. Total Network Monitor

    Total Network Monitor continuously monitors hosts and services on the local network, notifying you of any issues that require attention via a detailed report of the problem. The result of each probe is classified using green, red, or black colors to quickly show whether the probe was successful, had a negative result or wasn’t able to complete.
    TotalNetworkMonitor
    When you launch Total Network Monitor, go to Tools > Scan Wizard to have the wizard scan a specified network range automatically and assign the discovered hosts to a group. Alternatively, create a new group manually to start adding devices/hosts individually.

    16. NetXMS

    NetXMS is a multi-platform network management and monitoring system that offers event management, performance monitoring, alerting, reporting and graphing for the entire IT infrastructure model. NetXMS’s main features include support for multiple operating systems and database engines, distributed network monitoring, auto-discovery, and business impact analysis tools, amongst others. NetXMS gives you the option to run a web-based interface or a management console.
    NetXMS
    Once you login to NetXMS you need to first go to the “Server Configuration” window to change a few settings that are dependent on your network requirements (e.g. changing the number of data collection handlers or enabling network discovery). You can then run the Network Discovery option for NetXMS to automatically discover devices on your network, or add new nodes by right clicking on “Infrastructure Services” and selecting Tools > Create Node.

    17. Xymon

    Xymon is a web-based system – designed to run on Unix-based systems – that allows you to dive deep into the configuration, performance and real-time statistics of your networking environment. It offers monitoring capabilities with historical data, reporting and performance graphs.
    Xymon
    Once you’ve installed Xymon, the first place you need to go is the hosts.cfg file to add the hosts that you are going to monitor. Here, you add information such as the host IP address, the network services to be monitored, what URLs to check, and so on.
    When you launch the Xymon Web UI, the main page lists the systems and services being monitored by Xymon. Clicking on each system or service allows you to bring up status information about a particular host and then drill down to view specific information such as CPU utilization, memory consumption, RAID status, etc.

    18. WirelessNetView

    WirelessNetView is a lightweight utility (available as a standalone executable or installation package) that monitors the activity of reachable wireless networks and displays information related to them, such as SSID, Signal Quality, MAC Address, Channel Number, Cipher Algorithm, etc.
    WirelessNetView
    As soon as you execute WirelessNetView, it automatically populates a list of all reachable Wi-Fi networks in the area and displays information relevant to them (all columns are enabled by default).
    Note: Wireless Network Watcher is a small utility that goes hand in hand with WirelessNetView. It scans your wireless network and displays a list of all computers and devices that are currently connected, showing information such as IP adddress, MAC address, computer name and NIC card manufacturer – all of which can be exported to a html/xml/csv/txt file.
    WirelessNetworkWatcher

    19. Xirrus Wi-Fi Inspector

    Xirrus Wi-Fi Inspector can be used to search for Wi-Fi networks, manage and troubleshoot connections, verify Wi-Fi coverage, locate Wi-Fi devices and detect rogue Access Points. Xirrus Wi-Fi Inspector comes with built-in connection, quality and speed tests.
    XirrusWiFiInspector
    Once you launch Wi-Fi Inspector and choose an adapter, a list of available Wi-Fi connections is displayed in the “Networks” pane. Details related to your current Wi-Fi connection are displayed in the top right hand corner. Everything pretty much happens from the top ribbon bar – you can run a test, change the layout, edit settings, refresh connections, etc.

    20. WireShark

    This list wouldn’t be complete without the ever popular WireShark. WireShark is an interactive network protocol analyzer and capture utility. It provides for in-depth inspection of hundreds of protocols and runs on multiple platforms.
    WireShark
    When you launch Wireshark, choose which interface you want to bind to and click the green shark fin icon to get going. Packets will immediately start to be captured. Once you’ve collected what you need, you can export the data to a file for analysis in another application or use the in-built filter to drill down and analyze the captured packets at a deeper level from within Wireshark itself.

  • Macs don't get viruses.

    The more megapixels your camera has, the better it is.

    Shelling out more money for expensive cables is worth it.
    These (and more!) are some of the most common myths revolving around the technology we use every day. From battery draining to deleting files off your computer, we've explained and debunked some of these popular beliefs.

    1. You should let your phone's battery drain before recharging.

    Apple
    A common myth surrounding phone and laptop batteries is that it's always best for the life of the battery to let it drain fully before charging it again. 

    This is true in some cases. When a device uses a Nickel-Cadmium battery, for example, you'd want to let your phone fully drain before charging it again. Why? Nickel-Cadmium batteries, unlike Lithium-Ion batteries, suffer from what's known as "memory effect." When they are charged and discharged hundreds of times, they start to lose the ability to charge up to 100%, draining your battery life significantly over time.

    There was a time when most electronics ran on Nickel-Cadmium batteries. Cordless telephones and answering machines all ran on Nickel-Cadmium. In 2006, most NiCd batteries were replaced with technology that used Lithium-ion batteries. These can be found in all Apple devices and do not suffer from "memory effect" the way NiCd batteries do.

    "Lithium-ion polymer batteries have a high power density," Apple says on its website, "and you can recharge a lithium-ion polymer battery whenever convenient, without requiring a full charge or discharge cycle."

    Apple does advise, however, that you should let the device go through at least one charge cycle each month to help keep the electrons moving (as opposed to a NiCd battery which needs to go through a full charge cycle every few days). Letting the device drain from 100% to fully shutting off at 0% helps to maintain the life of the battery.

    2. Jailbreaking is illegal.

    luccawithcheese/Flickr
    It's important to note that "jailbreaking" and "unlocking" a device mean different things. Unlocking a device means you've freed your device to work on any carrier, not just the one you bought it from, while jailbreaking refers to bypassing Apple's security to install modifications that are not allowed in the App store.

    The U.S. Library of Congress deemed it illegal to unlock any phone purchased after January 26, 2013 using a third-party vendor, but jailbreaking your iPhone is still legal until at least 2015 under an exemption in the Digital Millennium Copyright Act (DMCA). Note thatjailbreaking your iPad is illegal. Some catch, right?

    3. More bars means more service.

    DeadZones.com
    Bars on your smartphone actually indicate your signal strength to the cell phone tower closest to you. Your service depends on how many devices those towers are serving at a given time.

    Metropolitan areas are equipped to handle the dense population of people trying to use their phones in one confined space. In unexpected situations (say, a music festival where there are a lot of people in a small area), your phone can be showing lots of bars, but service will be impossible to find; everyone's trying to tap into that one cell tower.


    4. The higher the megapixels, the better the camera.

    Gord McKenna/Flickr
    Every year, the number of megapixels on the latest digital cameras seems to increase, with ad campaigns sending the frantic message that you need to be upgrading for the bigger and better version of your perfectly functional camera.

    More megapixels mean clearer photos to a certain extent, but there is often a misconception of just how many megapixels are needed to produce a quality photo you can enjoy on your phone or computer screen. For those, just three megapixels will do the trick, and even allow room for cropping. With seven megapixels, you can blow a photo up to the size of a poster with no issue.

    For the amateur photographer using a point-and-shoot device to capture casual moments, more megapixels does not translate into a better camera, or better photos.


    5. Emptying the trash or recycle bin means your files are permanently deleted.

    Surat Lozowick/Flickr
    Drag a file to the trash, then empty the trash can and your files are permanently deleted, right?

    Not so fast. Deleting something, and then deleting it again from trash, just frees up the space it had taken up on the hard drive, leaving fragments behind that could theoretically be revived. 

    On a Mac, choose "Secure Empty Trash" as a final step in the deletion process. On a PC, download a program like SDelete, which helps to securely wipe all free space. 



    6. Private browsing keeps you anonymous.



    Setting your browser to incognito tells your browser not to save any information about where you've visited or what you've typed while you were there, but it does not keep you anonymous. Your visits can still be recorded, and files you download while incognito will still live in your computer, phone, or tablet. 




    7. Improperly removing a USB drive will delete all your data.


    sandiskBetter to be safe than sorry.

    If you're working with a USB Drive and have removed it after all of the files have transferred, you should be fine. You might also be okay if you accidentally remove the USB while it's in the middle of transferring, but you run the risk of losing your data or experience software clashes.

    It's best to go through the short steps to remove the USB safely, taking all of the precautions to protect your work and workstation. 



    8. Macs don't get viruses.


    IntelFreePress/Flickr
    Macs can be infected by viruses. Up until a few years ago, Windows was the most common operating system. Now that Macs are becoming more and more prevalent in homes and offices alike, they're becoming a more vulnerable target.

    "The OS X operating system isn’t susceptible to the thousands of viruses plaguing Windows-based computers," Apple says on its website. 

    But Macs are still susceptible to viruses created to target Apple products and operating systems.



    9. Expensive cables are better than cheap ones.



    Last year, MythBusters Jamie and Adam determined there was no difference between a cheap cable and an expensive cable. 

    As should be abundantly clear, expensive HDMI cables are simply not worth purchasing for normal use. In the case that you are running cable in a permanent fashion through walls or ceilings, it may be prudent to spend a little extra for heavier-duty cables for the sake of longevity, but if you’re spending extra on gold-plated connectors and the like, you are doing little more than embedding hard-earned cash in the walls of your home.