Thursday, October 21, 2010

United States: Symantec President Gary Bloom resigned


Security software vendor Symantec CEO Gary Bloom will step down as president and vice chairman positions. Bloom will be normal by the end of March this year, leaving before the transfer. Ohn Thompson, Symantec chairman and CEO, said, Bloom during the merger is a wonderful partner.

With the end of the integration team to carry out such a transition is natural. Bloom said that Symantec's management capabilities make it easy for me to make this decision. In the high tech industry for 25 years, I can now rest. I still think the merger between Symantec and Veritas are strategic reasons. Bloom is in the Veritas software company after the merger with Symantec, Symantec. Since before the merger, Bloom from 2000 to 2002 served as CEO of Veritas, Veritas since 2002 as Chairman.






Recommended links:



Ten new media future and destiny of the four buildings Television ___



inspiron 9100 backlight problems



Listen to Sounds of nature: APE Music to restore high-quality CD



Zhou Kaixuan: No Sex Woman In Hong Kong



E-cology In The Pan Micro Series 42



Infomation GALLERY And Cataloging Tools



"Fallout 3" The third sense after playing DLC broken steel



Taught you how To DB2 patch



Picked Newsgroup Clients



DAT to MP4



Quality Control in the "Statistics" several concepts



MOD to MPG



Intel Strikes started



MOD Converter



Recommend Tools And Editors



Getting Started with Corel Draw 10 (4) hands to create vector graphics (1)



Tuesday, October 19, 2010

Qingdao Sunshine Chi: calm ahead of climbers



There is no hail of bullets, no artillery smoke, does not appear close combat, flesh and blood flying in the images, it is filled with uncertainties and with the majestic atmosphere of the battlefield, men of insight have preparations underway, ready to let go hard, rushing to board a commanding height.

Here is the management software market, bringing together a large number of corporate R & D personnel, driving forward the cause of China's information technology advances, the rapid development of Chinese enterprises to provide adequate safeguards. Management software manufacturers, service providers of information through a vigorous popular campaign, mushroomed as they stand, all over the country, resulting in a prosperous situation, but also formed the competition and catch up with the situation , while, no one who disagrees, anyone want to beat each other.

Management of competition between software vendors rely on products, competition among service providers rely on service levels. After washing the principle of survival of the fittest market, domestic management software vendors created several brand dominance, a number of small brands travel the edge of the Big Dipper in the market situation. Best Software Group is the day that one of a few dominant brands, the skill level of their professional-class products developed in the clear market definition, the user's favorite to win the small and medium enterprises, access to many service providers support . Qingdao Sunshine Electronic Technology Co., Ltd. Chi and one of the partners thought that day.

Sun Chi, Qingdao IT service provider brands, with an excellent management team and management software implementation services in the professional elite, as a team member of one of the most important, Zhao Zhiguo live reputation!

Sunshine, health, poise, is the biggest feeling Zhao Zhiguo people. He has been struggling in the IT industry, the hardware market all the way from the previous struggle to today's management software market. In the increasingly competitive hardware market had fought for many years, he used keen intuition, experience, sharp vision that the management software market, that its potential. However, its strong character to tell him the opportunities and risks, management software market, there are many variables. After careful research, in December 2002, Zhao Zhiguo was set up in Qingdao Sunshine blogs and electronic technology Co., Ltd. main business is IT services for small and medium enterprises to manage the software from the hardware network integration services.

Services in the information management industry a few years later, Zhao Zhiguo found that information technology managers demand for more rational, common Invoicing, financial management software has been unable to meet their needs, functional and operational increasingly demanding. Sun Zhi and the agents Superdata, in some years and can not be a good customer satisfaction, for some of the issues they raise can not be fully resolved, resulting in many missed opportunities for cooperation. Comply with surging demand in the situation of information, in order to provide better service to customers, Zhao Zhiguo start looking for another more representative of products, functional, cost-effective, simple to use product of its minimum requirements of this .

The face of a variety of management software market, Zhao Zhiguo its information technology industry on the full awareness and full investigation, quickly ruled out the small brands, big brands identified and co-operation plan. To be a brand with manufacturers to market quickly, and secondly because the big brands have a more complete channel strategy can reduce the conflicts of interest and increase profits. With several well-known manufacturers in the communication process, Zhao Zhiguo was found days thinking ERP software group manager of production management, outstanding, much better than other software, can improve the management of services to enterprises; and its flexibility is very high , able to adapt to a flexible management model management needs of small and medium enterprises; another for Zhao Zhiguo satisfaction factor is thought to take the whole day channel mode of operation, better support of the agent, often a number of business and technical training and help, and days of thinking did not bureaucracy, a group of relatively simple, and agents who do things together. A comparison of the integrated, Zhao Zhiguo decided to-day thinking cooperation. December 2006, the sun began to blog and official agent days thinking product to really enhance the product line to the level of information management.

Although the cooperation with the days of not thinking for one year, but the sun-chi and the profits so obtained greatly improved, the market share gradually expanding. Because its products not only meet the agency's number one small business management needs of such materials, but also a comprehensive information management to meet business needs, days of thinking from the WBP, OA, PMC, PDM to ERP product line for the perfect sun-chi and offers a comprehensive product support.

Zhao Zhiguo the original was quite happy with this choice, he said: "The days of thinking of the channel is relatively more support, especially in the technology consultants and sales skills to support the above. We think the company and the days often branch in Qingdao together to discuss business issues, and in our company's technology has not reached the top level of the time, day thinking branch sent engineers to help us go and talk business. In addition, the days of thinking time to take sub-register, when customers pay full paragraph, then the permanent registration of solutions to our many worries in the above Sales Outstanding. "" day of Si also assist us in staff training, organizing a number of technical and business training will be above to make our company training several times, and done scenario simulation training. I feel that the effect of simulated training scenario is better, not only to training but also training, but also test, so that it can better results. "In the days of thinking of strong support of the blog, and soon the sun out of the past, hardware, low-end management software sales thinking, but all staff are trained to a professional business management solutions provider for enterprises with a more comprehensive technical support. Sunshine blogs and official from a single product sales into the sales phase of the project type.

Cooperation with the days of thinking the past dozen months, sun-chi and get a great progress, which in addition to full support of one day thinking, but also effective in the sun-chi and a perseverance. Zhao Zhiguo the success of their very modestly said: "We are no shortcuts, no trick, is the continuous accumulation of ongoing efforts to be enough. As long as confidence, perseverance will succeed. We raise primarily for profit good customer service, truly help businesses solve problems. "Speaking of management software, industry competition, Zhao Zhiguo said:" The competition with other suppliers when the main task is to Zuodao know ourselves, focus on day to play competitive thinking Youshi inferior products. day of thinking to help us when playing alone, will provide technology demonstrations of support for progress in the business more difficult to continue when the day thinking of Qingdao branch of the Channel Manager will help us to come forward and customer general manager of communication, and will be approved by the special application. so do day thinking product is indeed a good choice. "

In the management software market, the product is important, can meet customer demand, mainly the product features, adaptability, flexibility, stability, as the channels, the most important thing is to choose a good partner object, Select a good product to agents. Sunshine blogs and in so many software vendors in the selected days of thinking, because the days of products and channels for policy thinking has certain advantages. With the days of thinking in this powerful backing as a support, Sun Zhi, and through its own efforts, to provide high quality services, access to the recognition of many customers, but also created a sun-chi and a great success.







Recommended links:



VOB to Zune



MATROSKA to MPEG



Export xls into outlook contacts without worrying



Flash The Perfect Lover



I have a A4 PAPER give you a high performance [1]



DV To AVI



Audio And Multimedia Specialist



Wizard Games And Entertainment



The "job" into A "job search" strategy



Railway



Work life: makes the most incredible 28 Career Quotations



Report LANGUAGES Education



Easy Remote COMPUTING



Using De EXTERMINATE rabbits annoying ads RMVB movies



"Rise" magician / Swordsman bred Guide



Saturday, October 9, 2010

The basics of intrusion detection rules



Basic knowledge of the rules
Network Intrusion Detection System is a network communication that we need to find a pattern. To give you different types of rules have a basic idea, let's look at the examples that can be used to identify and methods.

Sent from a fixed IP connection requests. This can be in the original IP header address area easily identified.

Mark packets with illegal TCP set. This can be a known set of legal and illegal, and the TCP header tags in the tag comparison and conclusion.

E-mail containing a special virus. IDS can be the title of the message or the attachment name and e-mail-related viruses known to compare the title of the conclusion.

Included in the payload of the DNS queue buffer overflow attempt. Through the analysis of DNS domains and check the length of each queue, so that IDS can identify the existence of a domain in DNS buffer overflow attempt. Or another way is to look at the payload queue overflow procedure exists.

By submitting thousands of times the same command to carry on the POP3 server denial of service attacks. Way to deal with this attack is to set the number of orders submitted, once more than the number of times the system will set the alarm.

By submitting a file or directory tried to skip the login process prior to access files on the FTP server attacks. Can develop a tracking system to monitor the successful landing of the FTP communication, if we find someone trying to enter in pre-certified through the system, it will sound the alarm.

As you can see from the above, a wide range of rules, from the simplest check header files to highly complex, such as Zhenzhenggenzong Lianjiezhuangtai or extensive protocol analysis Deng. In this article, we will focus on some simple rules and discuss their complexity in development. Please note that the rules of IDS in a different capacity to change, so the technology described in this article may be used in your firewall may not be applicable. For example, some network IDS products to the customers to write their own rules or configure the capacity of the existing rules is weak, and some products allow you to customize almost all the existing rules and to all the rules you can think of the definition into the system. Also to be considered an important factor in some IDS products can only check a specific payload Zhu Xing header files, and some products can be given in any part of Renhe package Shu Ju.

Rules which features services

The purpose of intrusion detection rules so? The answer is, different rules is not the same purpose. The result we need is that when the invasion occurred, the system alerts. But let us think about why we need to customize or modify their own rules? Maybe you see some single network communication, and you want the next warning is given when such communications occur. You may have noticed, it has a special header symbol, you want to define a rule to match this known mark; Perhaps you want to configure the IDS to detect unusual or suspicious that the communication, not just Detection of attacks and detection. Some rules can tell you which way a particular attack or an attacker trying to attempt an attack against which vulnerabilities, while others rule is that there are no abnormal behavior, rather than point out a specific kind of attack. The former is bound to spend more time and resources, but give you more information, such as why you would be the purpose of attack or the attacker is.

Header file attributes

We have fast rules about the type, and then let us focus on the characteristics of a simple rule: header file attributes. Some header file attributes is obviously not normal, so we need to develop a lot of options in the rules. Classic example of this rule is marked with a TCP SYN and FIN packets set. In RFC793 (the standard used to define the TCP) a vulnerability, so many tools are trying through this loophole to try to bypass firewalls, routers and intrusion detection systems. Many exploits, including the header file attributes aimed against the RFCs, because many of the operating system and applications are based on the assumption that compliance with RFCs written, and on this basis of communication in error not be corrected. There are many tools contain errors or incomplete code, so these tools are made by the package which contains the header files against the RFCs property. Those who write very bad invasion of technology tools and a variety of written rules for identifiable property.

It sounds good, but please note that not all operating systems and applications are fully inherited RFCs's. In fact, many systems or procedures are at least partly against the RFC's. So, over time, the agreement may be given not included in the RFC in the new property, then the new standards there would be unlawful prior to the standard into a now legal. RFC3168 is a good example. Therefore, IDS rules rely on the RFC may lead to many positive error occurs. Of course, RFC still in the development of accounting rules is very important position, because many malicious attacks are directed RFCs come. As the RFC upgrades and other factors (such that we'll discuss that later), so need to periodically review and upgrade of existing rules.

While illegal file attributes is the first part of the rule base, the first legal but suspicious file attributes are also important. For example, for connecting the port such as 31337 or 27374 suspicious (these are often related to the port and the horse), if issued a warning on these connections, you can quickly identify the actions Trojan. Unfortunately, some normal healthy communication may also use the same port. If you do not use the more detailed rules to define the communications of the other features, you will be difficult to determine the true properties of communication. Suspicious but legitimate property, such as the number of port number, preferably comprehensive consideration of other properties.

Identify the rules of composition may

Header file attributes based on the best way to develop the rules is by example. Synscan is a widely used tool for scanning and detection system. Interconnection line in early 2001, it frequently activity, because its code is often used to make Ramen worm, the first stage. This event provides a good example, because it's package includes a large number of identifiable characteristics. Here are some of the early spread of the worm exists in the Ramen worm in the IP and TCP packet header file attributes. (Note that my IDS is configured as the default has not been requested cancellation of communication, so I can only see the first packet of each attempt)
A variety of different source IP address
2 TCP source port 21, destination port 21
3 type of service is 0
4 IP identification number 39426
5 SYN and FIN flag set
6 serial number to set the various
Set all the confirmation number 7
8 TCP windows size is 1028

Now we know Synscan package contains the header files which features, we can begin to consider how to develop a good rule. Let us Zhao Zhao those illegal, abnormal, suspicious property, in many cases, these features are corresponding to the attacker trying to exploit loopholes or correspond to the attacker used a special technique. Although the normal package properties often include restrictions on some communication, but such restrictions can not be the characteristics of a good rule. For example, we will deal in properties of the normal IP protocol is defined as 6, this way we can view the TCP packet. However, some other completely normal characteristics, such as the service type is set to 0, the rule of development is very negative.

Synscan package some of the unusual features can be identified using the following rules:
1 only SYN and FIN flag set is a clear sign of malicious behavior.
2 Another feature is the confirmation number of these packages have a variety of different properties but the ACK flag is not set. If the ACK flag is not set, the confirmation number should be set to 0.
3 there is a suspicious feature is that the source port and destination port are set to 21, which is a normal FTP server does not associate. If both of the same port number, which we call reflexive. In addition to some special communication (such as a specific NetBIOS communication), usually such a situation should not exist. Anti-body against the TCP port is not standard, but in most cases is not normal. In the normal FTP communications, we will see a high port (greater than 1023) as the source port, destination port is 21.

Thus, we identified three characteristics can be used to make rules: SYN and FIN flag set, the confirmation number is not set to 0 and no ACK tag, and anti-body port is set to 21. There are also two points to note: TCP windows size of the regular set to 1028, IP identification number is 39426 set all the packages. In general, we expected TCP windows size is greater than 1028, although this value is not very normal, but should also draw attention. Similarly, IP RFC defines IP identification number in a different package should have different values, so a fixed value is highly questionable.

Select a rule

As we have found five to be the rule of the elements, So we have the option to develop many different based on head Wenjian rules and a good rule should include more than one of Te Zheng. If you just want to set the most simple rules, you can use packet marking to set the SYN and FIN. While this is a kind of good identification methods of malignant behavior, but behavior can not be given why this would happen. Remember, SYN and FIN are usually used to bypass firewalls and other equipment, so they can play the role of the scanner, the implementation of information gathering or attacks. Therefore, a SYN and FIN only rule for our purposes is too simple.

However, if a rule includes all of the above five suspicious features, although they could provide more detailed information, but compared with the detection of a property rule only, the utility or much worse. Rules of relevance and accuracy of development are always trade-off between the two. In many cases, the relatively simple rules is easier than the complex identification of positive error, because the relatively simple rules in general for the overall concept. And complex than the simple rule of rules is easier to recognize passive error because the characteristics of some tools and algorithms will change over time.

We assume that a rule intended to determine what kind of tool used. In addition to other markers SYN and FIN, what attributes are most appropriate? Let us look at the anti-body port is very suspicious, but many tools have this feature even with some lawful existence of such communications will feature, it can not provide enough detailed information to Zhidingguize. ACK ACK value is set but no tags, it is clearly illegal, it can and SYN, FIN together to make rules. Windows-1028 size, a little suspicious but can also be considered within the normal range. The IP identification number 39426 then? We can combine the above properties, the development of several different rules. But still can not determine which is the best, because the best rules should change with time and environment at any time adjustments.

Summary

In the next period, we will use to determine which properties SYNSCAN rules, and rules for more SYNSCAN assess the effectiveness of communication. We will further study the general rules relative to the merits of specific rules. We will also continue to focus on discussion of IP protocol header file attributes in the rule development role.







Recommended links:



Vertical Market Apps Specialist



Flash MX features tours of the three



Sichuan Instrument flow Meters: precision production of personalized quote



To work time "to steal food," the employee SETTINGS, "Health Model"



comments Text Or DOCUMENT Editors



Articles about Audio Players



Psychosomatic SYNDROME after holiday revelry



WMV to MPEG



Stealing "technology" Take "clever" With CorelDraw



TOD TO WMV



Baidu to "PPC" rectification and apology



sttray exe entry point not found stlang dll fix



AVI to MOV



SSL works