Archive for the ‘Security’ Category

« Older Entries

Online Transactions Now Require An Additional Layer of Security

Tuesday, July 14th, 2009

verified by visa - mastercard securecode The Reserve Bank of India (RBI) has mandated that from 1st Aug 2009 all online credit card transactions require an extra level of verification. Your credit card issuing banks are therefore, implementing a "Verified by VISA" or "MasterCard SecureCode" password. You will need this password to continue transacting online from 1st Aug 2009.

What is the "Verified by VISA"/"MasterCard SecureCode" password?

This is the password that your credit card issuing Bank provides. For example – ICICI Bank, HDFC Bank, Citibank, HSBC Bank, Axis Bank, SBI etc. This password is the additional layer of security for all your online transactions.

How it Works?how it worksBenefits of "Verified by VISA"/"MasterCard SecureCode" password

Even if you lose / misplace your credit card it cannot be misused online as the password is not present on the card.

Note : Keep your password safe. Do not share your password with anyone.

Tags: , ,
Posted in Internet, Security | 1 Comment »

Mobile Number is Mandatory For Getting A GMail ID

Thursday, July 9th, 2009

Now Google now started asking for mobile number for creating mail id’s in order to prevent spam and reduce abusive mails and for more security reasons, After filling the Gmail Registration Form you will be redirected to new page asking your mobile number for activation purpose. After entering your mobile number you will click “Send Activation Code to my mobile phone” option and they will send activation code to your mobile phone.gmail-mobile-number-verification1

What if you don’t have a mobile phone ?

If you don’t have an mobile phone you cannot able to signup for Gmail account. Instead you may need to ask your friend,s mobile number to receive a code.

Why they made this Feature ?

According to Google this is done as an initiative that to avoid spam and abuse protection.

Is there any limitation for creating Account for a single Phone number

Yes, Each mobile number have a limitation for creating Gmail Account’s. So create Gmail account only when you needed. But they have yet to say the limitation of creating email accounts on a single number.

Update: We can still create a gmail id without mobile verification if we get an invitation from the existing gmail user, But i am not sure how long gmail will accept the invitation registrations.

Tags: ,
Posted in Info, Internet, Security | 5 Comments »

Beware:Phishing Scam Spreading on Twitter

Friday, July 3rd, 2009

Just wanted to tell you guys about a phishing scam going around twitter recently, so be careful on which links you click.

Potential victims of this scam receive a message like this:twitter

Hey! check out this funny blog about you… jannawalitax . blogspot . com

When you click on that link in that message, you’ll be redirected to some Fake Twitter login page (twitter.access-logins.com) that asks your password. That phishing domain seems to be registered in China.

So, be careful! Keep an eye on the address bar and don’t log into your twitter account through any site other than Twitter.com.

Tags: , ,
Posted in Info, Security | No Comments »

Option based IP Address assignment Callout Dll

Thursday, July 2nd, 2009

DHCP administrators would like to manage address assignment in the network, by assigning IP address to DHCP clients based on vendor/user class identifier from distinct address ranges in the subnet. This functionality can be added to the Microsoft DHCP Server, by installing DHCP Server Option Based IP Address Assignment Callout package.

This callout dll allows the administrators to define rules for assigning IP addresses from specific IP address ranges based on the vendor/ user classes of the DHCP clients in the network. The IP address to these DHCP clients will be leased/ renewed based on the rules configured by the administrator. Alternatively, the administrator could also implement a light weight network access control by denying IP addresses based on vendor/ user class of the device.

It can be configured for address assignment based on any one of the below:

* Vendor class identifier (option 60)
* User class identifier (option 77)

This will provide administrator the following advantages:

* Network access control, denial of IP based on vendor/ user class
* Better manageability, as different vendors are assigned IP addresses from different ranges
* Ability to configure options with different values for different DHCP clients, in the same subnet, based on the vendor/ user class.

This callout dll is supported on Windows Server 2008 (Standard or higher, 32 or 64 bit) and above, running DHCP Server (only English builds).

The callout dll can be configured using an MMC snapin. For usage information refer to the setup document present in the zip file attached to the blog.

Download it from DHCP Team blog or click here to download it.

Earlier the dhcpteam blog came up with MAC filtering tool by which we can restrict IP address based on the mac address of the machine.

Tags: , ,
Posted in Security, Windows | No Comments »

How to Filter MAC Address with Windows Server 2003/2008 DHCP Server Callout DLL

Wednesday, June 24th, 2009

As we all know, DHCP Servers are used to assign IP Addresses and other configuration information to client computers running almost any sort of operating system, ranging from regular desktop computers, through laptop computers, up to thin clients and mobile devices. All these require a DHCP server in order to get their TCP/IP configuration settings (unless you manually configure them). One of the major headaches around using DHCP servers was the fact that the moment a computer is connected to your network, it will ask for, and receive, an IP windows2008logo2bz4Address from any available DHCP. This will happen to both trusted and un-trusted computers, causing us, the administrators, a potential security risk.

Overview

DHCP Administrators would like to control access to their networks, by issuing IP addresses to known clients or denying the same to select machines. This functionality may be added to the MS DHCP Server,   by installing this package, thereby adding an additional lightweight layer of security on the network.

This DHCP Server Callout DLL allows the administrator to filter incoming DHCP Requests to DHCP Server based on the MAC Address of the DHCP client.  When a device or computer tries to connect to the network, it shall first try to obtain an IP address from the DHCP Server.    DHCP Server Callout DLL checks if the MAC address of the machine is present in a known list of MAC addresses (, that has been configured by administrators). The client’s request to obtain an IP address or other configuration information (via DHCP),   shall be forwarded or dropped based on the list configured by administrator.

This callout DLL will help user in solving either of the following problems

1.    Allow machines, whose MAC addresses are configured in a list to get an IP address or

2.    Deny IP addresses to machines, whose MAC addresses are configured in a list.

System Requirements

  • Server: Windows 2003 Server (Enterprise or higher)/Windows 2008 Server (Enterprise or higher, 32 or 64 bit), running DHCP Server

Usage

1.    Run the appropriate installer depending on your processor architecture, (i.e.,   on a 32 bit Windows Server OS, run <executable1.xxx> or run <executable2.xxx> on 64 bit Server OS)

2.    Edit the file (e.g. MACFilter.txt), per the file format, provided in the section “Mac Address List File Format”.

3.    You can customize the setup, in your environment,    by changing the following registry keys:

CalloutErrorLogFile REG_MULTI_SZ Specify the file path for logging errors by this callout dll. If this registry key is not specified, callout dll will output errors %WINDIR%\System32\Log.txt.

Eg: C:\DHCP\LOGS\MacFilterLogError.txt
CalloutInfoLogFile REG_MULTI_SZ Specify the file path for logging information messages by callout dll. If this key is not present, no information messages will be logged.

Eg. C:\DHCP\LOGS\MacFilterLogInfo.txt
CalloutMACAddressListFile REG_MULTI_SZ Specify the complete file path including name of MAC address list file.

Eg. C:\DHCP\MacFilterList.txt

MAC Address List File Format

  • File should contain action followed by MAC address list as show in below

#MACList.txt

MAC_ACTION = {ALLOW / DENY}

#List of MAC Addresses:

000a0c0d1254     #lab-server1

000d0c4a6723     #lab-server2

  • File supports comments. Comments can be entered following a ‘#’ sign. Any text followed by ‘#’ till the end of line is treated as a comment.
  • First line in the file (excluding comments) should specify the action. Action can be either ALLOW or DENY
    • When action is specified as ALLOW, all requests from MAC address present in this list will be served by DHCP servers. All requests originating from MAC address not present in this list will be ignored.
    • When action is specified as DENY, all request from MAC address present in the list will be ignored by DHCP servers. All requests from MAC addresses not present in this list will be severed by DHCP server.
    • Only one action out of ALLOW or DENY can be specified in MAC Address List File
  • MAC address should be specified in format XXXXXXXXXXXX (where X can be hex digit 0 – F).There should not any delimiter such as -, : in MAC address. Each MAC address should be specified in separate line.
  • If there is any error in MAC Address List File, it will be logged into CalloutErrorLogFile or default error log file. Following is expected behavior of dll in cases of errors
    • If the action is not specified correctly, then DHCP server will function as if there is no callout dll i.e. none of the requests will be ignored.
    • If one or more MAC addresses are not specified correctly, then in this case those MAC address entries will be ignored. Error for the same will be logged in error log file.

The installer does the following:

1.    Places the MAC Filter callout dll in your system32 directory.

2.    Creates \ Modifies following  registry keys at location HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DHCPServer\Parameters

Key Name Key Type Description
CalloutDlls REG_MULTI_SZ This key specifies callout dll path for DHCP server e.g. c:\windows\system32\MacFilterCallout.dll
CalloutEnabled DWORD 1 = DHCP Server loads callout.dlls

(Value 0 means DHCP Server does not load callout dlls)
CalloutErrorLogFile REG_MULTI_SZ Specify the file path for logging errors by this callout dll. If this registry key is not specified, callout dll will output errors %WINDIR%\System32\Log.txt
CalloutInfoLogFile REG_MULTI_SZ Specify the file path for logging information messages by callout dll. If this key is not present, no information messages will be logged.
CalloutMACAddressListFile REG_MULTI_SZ Specify the complete file path including name of MAC address list file.

By default the location for the Error Log, Info Log, MACList is initialized to the location of the DHCP Server audit log at the installation time. These values can be changed through regedit.

3.    Stop DHCP server (if it is already running)

4.    Start DHCP server. When DHCP server is started, event 1033 will be logged if Callout DLL is loaded successfully by DHCP server.

You can download the MacFilterCallout application from MacFilterCallout.zip.

Special thanks to Microsoft Windows DHCP Team Blog for providing this tool

Tags: , ,
Posted in Security, Tips & Tricks, Windows | 2 Comments »

« Older Entries