Security:Firewall Information

What is a firewall?

A term borrowed either from construction—aircraft or automobile design--a firewall is a barrier that segregates two areas to protect one space from the environment of the other. In buildings or airframes, it is designed to prevent fire from spreading from one section to another. In racing, it protects the driver from a possible fuel tank fire. Also in automobiles, the bulkhead separating the engine compartment from the passenger compartment is called a firewall.

In computing terms, a firewall isolates a computer or network from another computer or network. Most often, this creates a so-called "trusted zone" on the inside of the firewall (your local network), which is protected from the untrusted zone outside (the internet). Some network firewalls sit between sections of the network; this creates DMZs, or De-Militarized Zones, referring to the military term for areas that separate two opposing factions to reduce the risk of war. Certain devices, such as public web servers, that need to interface more with untrusted zones will be in the DMZ with a firewall between them and the local network, offering more protection for that network.

As with firewalls in buildings, a certain amount of penetration of the firewall is allowed, but these penetrations, or ports, are controlled and safeguarded against bad stuff trying to get in.

Ports

In networking, one will often hear the term port. Ports, according to the Internet Assigned Numbers Authority (IANA, which coordinates functions for the internet), "name the ends of logical connections which carry long term conversations. For the purpose of providing services to unknown callers, a service contact port is defined." Essentially, this is an addressing scheme that allows the computer to assign meaning to incoming and outgoing information.

Ports fall into three categories:

• Port numbers that range from 0 through 1023 are called Well Known Ports. On most systems, they can only be used by system (or root) processes or by programs executed by privileged users. The IANA has assigned specific uses for most of these ports.
• The Registered Ports are those from 1024 through 49151 and can be used by ordinary user processes or programs executed by ordinary users. Many of these ports are also assigned.
• The Dynamic and/or Private Ports are those from 49152 through 65535. The name is self-explanatory; they are not assigned.

So what firewalls do is filter the data coming into them, allowing information for certain ports to go through and rejecting others, according to preset rules. There are three different ways this is done:

Packet filtering - Packets (small chunks of data) are analyzed against a set of filters

Proxy service - Doesn't accept packets coming in from the untrusted zone unless they were specifically requested by a computer in the trusted zone.

Stateful inspection - Doesn't examine the entire incoming packet, but compares certain key parts of that packet to defining characteristics derived from packets traveling inside the firewall to the outside.

Internet: Internet Radio

Internet radio (aka e-Radio) is an audio broadcasting service transmitted via the Internet. Broadcasting on the Internet is usually referred to as webcasting since it is not transmitted broadly through wireless means but is delivered over the World Wide Web. The term "e-Radio" suggests a streaming medium that presents listeners with a continuous stream of audio to which they have no control much like traditional broadcast media. It is not synonymous with podcasting which involves downloading and therefore copyright issues. Nor does e-Radio suggest "on-demand" file serving. Many Internet "radio stations" are associated with a corresponding traditional "terrestrial" radio station or radio network. Internet-only radio stations are usually independent of such associations.

Internet radio "stations" are usually accessible from anywhere in the world—for example, to listen to an Australian station from Europe or America. This makes it a popular service for expatriates and for listeners with interests not adequately served by local radio stations (such as progressive rock, anime themed music, classical music, 24-hour stand up comedy, and others). Some Internet radio services offer news, sports, talkback, and various genres of music—everything that is on the radio station being simulcast over the internet with a netcast stream.

Freedom of the Airwaves
Radio broadcasting began in the early 20s, but it wasn't until the introduction of the transistor radio in 1954 that radio became available in mobile situations. Internet radio is in much the same place. Until the 21st century, the only way to obtain radio broadcasts over the Internet was through your PC. That will soon change, as wireless connectivity will feed Internet broadcasts to car radios, PDAs and cell phones. The next generation of wireless devices will greatly expand the reach and convenience of Internet radio.

Uses and Advantages
Traditional radio station broadcasts are limited by two factors:
• The power of the station's transmitter (typically 100 miles)
• The available broadcast spectrum (you might get a couple of dozen radio stations locally)
Internet radio has no geographic limitations, so a broadcaster in Kuala Lumpor can be heard in Kansas on the Internet. The potential for Internet radio is as vast as cyberspace itself.

In comparison to traditional radio, Internet radio is not limited to audio. An Internet radio broadcast can be accompanied by photos or graphics, text and links, as well as interactivity, such as message boards and chat rooms. This advancement allows a listener to do more than listen. In the example at the beginning of this article, a listener who hears an ad for a computer printer ordered that printer through a link on the Internet radio broadcast Web site. The relationship between advertisers and consumers becomes more interactive and intimate on Internet radio broadcasts. This expanded media capability could also be used in other ways. For example, with Internet radio, you could conduct training or education and provide links to documents and payment options. You could also have interactivity with the trainer or educator and other information on the Internet radio broadcast site.

Internet radio programming offers a wide spectrum of broadcast genres, particularly in music. Broadcast radio is increasingly controlled by smaller numbers of media conglomerates. In some ways, this has led to more mainstreaming of the programming on broadcast radio, as stations often try to reach the largest possible audience in order to charge the highest possible rates to advertisers. Internet radio, on the other hand, offers the opportunity to expand the types of available programming. The cost of "getting on the air" is less for an Internet broadcaster and Internet radio can appeal to "micro-communities" of listeners focused on special music or interests.

Unix: The Unix Philosophy

Essentially, UNIX is made up of files. In fact, every aspect of UNIX is looked at as a file. When we write some data to be displayed on screen for example, the data is actually written to a screen file and then a certain device driver in the kernel is activated. This controls a particular device, in our case the screen. And the contents of the screen file are displayed on the screen. Files that relate to hardware are known as "special files".

We have one universal file - unix itself. But this file is broken up into many other smaller file systems. By default, i.e. when we install UNIX, there is one root and two user file systems created. Normally file systems correspond to physical sections of the disk, basically the root file system and many user file systems.

These file systems are again broken up into directories (which are again viewed as files) and files. These directories can further have sub-directories and files giving rise to a hierarchical tree-like structure.

In DOS, we sometimes divide the disk into logical sections like C and D. Each of these logical drives has its own set of directories and files. To move from one drive to another we just need to specify the drive as the DOS prompt and hit enter.

But while we are at one drive we can access a file from another drive. Now both these drives are always available by default. In UNIX there is a slight difference. While the root file system and the two user file systems that are created by default are loaded, access to any other file system is only possible if they are explicitely mounted. Mounting means nothing but loading them into memory. And considering that file systems are viewed by UNIX as files, if a time comes for them to be accessed, they have to be in memory (as like any other file).

For example, the floppy drive. This too is considered by UNIX as a file. And read or write to a floppy drive is first done in a "special file", from which then the contents are transferred to actual floppy. But to be able to access the floppy drive through the file connected to it, the file has to be mounted i.e. in memory.

New Technology:RFID from Microsoft

Executive Summary

Whatever you read about packaging, supply chains, or identification, you will come across an article or advertisement for Radio Frequency Identification (RFID). Why does it seem that this technology is being touted as the best thing since sliced bread? And is it just another piece of hype meant to confuse and make us invest money in another piece of technology?

RFID is evolving as a major technology enabler for identifying and tracking goods and assets around the world. It can help hospitals locate expensive equipment more quickly to improve patient care, pharmaceutical companies to reduce counterfeiting, and logistics providers to improve the management of moveable assets. It also promises to enable new efficiencies in the supply chain by tracking goods from the point of manufacture through to the retail point of sale (POS).

As a result of the potential benefits of RFID:

• The automotive industry has been using closed-loop RFID systems to track and control major assemblies within a production plant for over 30 years.
• Many of the world's major retailers have mandated RFID tagging for pallets and cases shipped into their distribution centers to provide better visibility.
• There are moves in the defense and aerospace industry to mandate the use of RFID to improve supply chain visibility and ensure the authenticity of parts.
• Regulatory bodies in the United States are moving to the use of ePedigrees based on RFID to prevent the counterfeiting of prescription drugs.
• Hospitals are using RFID for patient identification and moveable asset tracking.
• RFID tags are being used to track the movement of farm animals to assist with tracking issues when major animal diseases strike.

But while the technology has received more than its fair share of media coverage recently, many are still unfamiliar with RFID and the benefits it can offer. In the face of this need for clear, comprehensive information about RFID and its benefits, this paper defines the opportunities offered by the technology for all organizations involved in the production, movement, or sale of goods. It is equally relevant for organizations wishing to track or locate existing goods, assets, or equipment.

In addition, the paper seeks to outline the business and technical challenges to RFID deployment and demonstrates how these issues can be addressed with technology from Microsoft and its partners. Above all, it explains how Microsoft technology—which provides the software architecture underpinning the solution rather than the tags or readers—can support the deployment of RFID-based solutions.

What Is RFID Really?

But what is RFID? RFID is the reading of physical tags on single products, cases, pallets, or re-usable containers that emit radio signals to be picked up by reader devices. These devices and software must be supported by a sophisticated software architecture that enables the collection and distribution of location-based information in near real time. The complete RFID picture combines the technology of the tags and readers with access to global standardized databases, ensuring real time access to up-to-date information about relevant products at any point in the supply chain. A key component to this RFID vision is the EPC Global Network.

Tags contain a unique identification number called an Electronic Product Code (EPC), and potentially additional information of interest to manufacturers, healthcare organizations, military organizations, logistics providers, and retailers, or others that need to track the physical location of goods or equipment. All information stored on RFID tags accompanies items as they travel through a supply chain or other business process. All information on RFID tags, such as product attributes, physical dimensions, prices, or laundering requirements, can be scanned wirelessly by a reader at high speed and from a distance of several meters.

RFID Bill of Materials

So what is the bill of materials for RFID then? RFID Component parts are:

Tag or Transponder—An RFID tag is a tiny radio device that is also referred to as a transponder, smart tag, smart label, or radio barcode. The tag comprises a simple silicon microchip (typically less than half a millimeter in size) attached to a small flat aerial and mounted on a substrate. The whole device can then be encapsulated in different materials (such as plastic) dependent upon its intended usage. The finished tag can be attached to an object, typically an item, box, or pallet, and read remotely to ascertain its identity, position, or state. For an active tag there will also be a battery.

Reader or Interrogator—The reader—sometimes called an interrogator or scanner—sends and receives RF data to and from the tag via antennas. A reader may have multiple antennas that are responsible for sending and receiving radio waves.

Host Computer—The data acquired by the readers is then passed to a host computer, which may run specialist RFID software or middleware to filter the data and route it to the correct application, to be processed into useful information.


For Demo Click On This

Mobile Computing:Mobile IP-Part-III

Mobile Computing is becoming increasingly important due to the rise in the number of portable computers and the desire to have continuous network connectivity to the Internet irrespective of the physical location of the node. The Internet infrastructure is built on top of a collection of protocols, called the TCP/IP protocol suite. Transmission Control Protocol (TCP) and Internet Protocol (IP) are the core protocols in this suite. IP requires the location of any host connected to the Internet to be uniquely identified by an assigned IP address. This raises one of the most important issues in mobility, because when a host moves to another physical location, it has to change its IP address. However, the higher level protocols require IP address of a host to be fixed for identifying connections. The Mobile Internet Protocol (Mobile IP) is an extension to the Internet Protocol proposed by the Internet Engineering Task Force (IETF) that addresses this issue. It enables mobile computers to stay connected to the Internet regardless of their location and without changing their IP address. More precisely, Mobile IP is a standard protocol that builds on the Internet Protocol by making mobility transparent to applications and higher level protocols like TCP [6]. This article provides an introduction to Mobile IP and discusses its advantages and

Overview of the Protocol

Mobile IP supports mobility by transparently binding the home address of the mobile node with its care-of address. This mobility binding is maintained by some specialized routers known as mobility agents. Mobility agents are of two types - home agents and foreign agents. The home agent, a designated router in the home network of the mobile node, maintains the mobility binding in a mobility binding table where each entry is identified by the tuple . Figure 1 shows a mobility binding table. The purpose of this table is to map a mobile node's home address with its care-of address and forward packets accordingly.
Foreign agents are specialized routers on the foreign network where the mobile node is currently visiting. The foreign agent maintains a visitor list which contains information about the mobile nodes currently visiting that network. Each entry in the visitor list is identified by the tuple: <>. Figure 2 shows an instance of a visitor list.
In a typical scenario, the care-of address of a mobile node is the foreign agent's IP address. There can be another kind of care-of address, known as colocated care-of address, which is usually obtained by some external address assignment mechanism.

The basic Mobile IP protocol has four distinct stages [2]. These are:

1. Agent Discovery: Agent Discovery consists of the following steps:
   1. Mobility agents advertise their presence by periodically broadcasting Agent Advertisement messages. An Agent Advertisement message lists one or more care-of addresses and a flag indicating whether it is a home agent or a foreign agent.
   2. The mobile node receiving the Agent Advertisement message observes whether the message is from its own home agent and determines whether it is on the home network or a foreign network.

   3. If a mobile node does not wish to wait for the periodic advertisement, it can send out Agent Solicitation messages that will be responded by a mobility agent.
2. Registration: Registration consists of the following steps:
   1. If a mobile node discovers that it is on the home network, it operates without any mobility services.

   2. If the mobile node is on a new network, it registers with the foreign agent by sending a Registration Request message which includes the permanent IP address of the mobile host and the IP address of its home agent.

   3. The foreign agent in turn performs the registration process on behalf of the mobile host by sending a Registration Request containing the permanent IP address of the mobile node and the IP address of the foreign agent to the home agent.

   4. When the home agent receives the Registration Request, it updates the mobility binding by associating the care-of address of the mobile node with its home address.

   5. The home agent then sends an acknowledgement to the foreign agent.

   6. The foreign agent in turn updates its visitor list by inserting the entry for the mobile node and relays the reply to the mobile node.

   Figure 3 illustrates the registration process.

3.In Service: This stage can be subdivided into the following steps:

1. When a correspondent node wants to communicate with the mobile node, it sends an IP packet addressed to the permanent IP address of the mobile node.

2. The home agent intercepts this packet and consults the mobility binding table to find out if the mobile node is currently visiting any other network.

3. The home agent finds out the mobile node's care-of address and constructs a new IP header that contains the mobile node's care-of address as the destination IP address. The original IP packet is put into the payload of this IP packet. It then sends the packet. This process of encapsulating one IP packet into the payload of another is known as IP-within-IP encapsulation [11], or tunneling.

4. When the encapsulated packet reaches the mobile node's current network, the foreign agent decapsulates the packet and finds out the mobile node's home address. It then consults the visitor list to see if it has an entry for that mobile node.

5. If there is an entry for the mobile node on the visitor list, the foreign agent retrieves the corresponding media address and relays it to the mobile node.

6. When the mobile node wants to send a message to a correspondent node, it forwards the packet to the foreign agent, which in turn relays the packet to the correspondent node using normal IP routing.

7. The foreign agent continues serving the mobile node until the granted lifetime expires. If the mobile node wants to continue the service, it has to reissue the Registration Request.

Figure 4 illustrates the tunneling operation.
4.Deregistration: If a mobile node wants to drop its care-of address, it has to deregister with its home agent. It achieves this by sending a Registration Request with the lifetime set to zero. There is no need for deregistering with the foreign agent as registration automatically expires when lifetime becomes zero. However if the mobile node visits a new network, the old foreign network does not know the new care-of address of the mobile node. Thus datagrams already forwarded by the home agent to the old foreign agent of the mobile node are lost.