Gadget Tip: Block the bad sites and whitelist the good.

A normal user doesn’t know how to protect their workstation while surfing the Internet. This article will help you to close some of the security hole that you don’t know about.

Objective: To provide a basic security while surfing the Internet.

A normal user doesn’t know how to protect their workstation while surfing the Internet. This article will help you to close some of the security hole that you don’t know about.

What to expect when you buy your new workstation or laptop?
They only sell you the computer (e.g. desktop or laptop) with operating systems, a 30-60 days demo software’s of Anti-Virus and Microsoft Office package. Meaning after the demo period, you need to purchase a license for your computer.

What is needed?
You need to have updated Anti-Virus software e.g. Symantec, McAfee, etc. to protect your computer against new viruses.
You need to purchase a Microsoft Office with Word, Excel, PowerPoint and Outlook. The MS Access database is optional

What basic security you need for your computer?
Check your anti-virus software for latest update, daily update is recommended.
Run Windows Update once a month for security update.
Enable the Firewall security, search our website for a separate document for how to.
Use OpenDNS for Internet content filtering, phishing, adult site blocking, etc.

In this article, I am going to share some information on how to protect your computer while surfing the Internet.

• First visit, http://www.opendns.com/ website and create your own account.
• Click on Dashboard to configure your setup.
• Click on Setting to update your Content Filtering
• In Content Filtering, you can choose your CUSTOM filtering level. For starter here’s how to filter and recommended configuration. Put check to the following categories:

1. Adult Themes
2. Auction
3. Adware
4. Gambling
5. Hate/Discrimination
6. Lingerie/Bikini
7. Music
8. Nudity
9. P2P/File Sharing
10. Parked Domains
11. Phishing
12. Pornography
13. Proxy
14. Radio
15. Sexuality
    You can add more filter if you want.

• From here you should be ok.

Or continue updating your blocklist or whitelist

• In Manage individual domains
• Select “Always block” type the domain for example, websearch.com
• Click on ADD DOMAIN to block the domain.
• Select “Always block” type another domain to block here and click on add domain.

How to apply the content filtering policy to your workstation? Instead of updating your router DNS forwarders, I recommend that you make the changes to your test computer.

If you are using Windows XP, please follow these steps to update your DNS information.

• Click Start, then Control Panel
• Click Network Connections
• Double click on “Local Area Connection”Click on Properties
• Select Internet Protocol (TCP/IP), then click on Properties
• In General tab, select “Use the following DNS server addresses:

Preferred DNS Server: 208.67.220.220
Alternate DNS Server: 208.67.222.222

• Click OK to complete.

Testing:

Open Internet Browser and type http://www.victoriasecret.com/ in the URL address. You should get a notice that “Site blocked. http://www.victoriasecret.com/ is not allowed in this network. This site was categorized as Lingerie/Bikini.

Of course, you can update your Content Filtering anytime you want. Just login using your account and make the necessary adjustment.

If you have question, please post your comments here, send me e-mail or visit the official how to http://www.opendns.com/ website.

Thank you.

EM @ KING.NET, http://www.king.net/

DNS - Cross-Pollination Check

Internet Assigned Number Authority (IANA) provides a web version to check if your DNS name servers are not recursive. Visit http://recursive.iana.org/ to check your website name server. All you need to do is submit your domain for the system to analyze it. For example, king.net then click Submit Query.

You should see a similar results, as depicted below.
Safe.
The servers tested for KING.NET are not vulnerable to cache poisoning.

Name server - IP Address - Results
DNS1.NAME-SERVICES.COM - 69.25.142.42 - Not recursive
DNS2.NAME-SERVICES.COM - 216.52.184.248 - Not recursive
DNS3.NAME-SERVICES.COM - 63.251.92.200 - Not recursive
DNS4.NAME-SERVICES.COM - 69.64.145.225 - Not recursive
DNS5.NAME-SERVICES.COM - 70.42.37.7 - Not recursive

Disclaimer about the tool:
Notes about this tool
This tool has been implemented quickly to assist name server operators. It may have problems as it has not been thoroughly tested, so you should also perform your own tests and use this only as a guide. We appreciate any comments or bug reports on this tool — please drop a note to iana@iana.org. Port entropy results provided by DNS-OARC.

Highly-effective Cache Poisoning Attack

What is the issue?
A method of inserting false data into a name server has been discovered by a security researcher. This method affects recursive name servers, which are usually provided by ISPs and network operators to provide DNS service to their end users. As these types of name servers remember previous lookups in a cache, they are often called caching name servers, caching resolvers or similar.

The attack relies on the fact that an attacker can send fake DNS answers in response to a query and trick it into thinking the wrong data is correct for a given domain. The method is a specific type of cache poisoning attack. It is called cache poisoning because the server remembers the wrong answer in its cache, and then provides that wrong answer in future lookups.
While similar vulnerabilities have been discovered in the past, and have been patched in software, this attack is particularly concerning as it is far more effective. This has significantly raised the level of concern.

The cache poisoning is made much more viable, in part, by the fact that many name servers use the same source port number for every one of their DNS queries. If the source port is easy to guess, an attacker can much more reliably predict how to attack the server. One mitigation technique is to therefore use a randomised source port. This helps reduce the risk of attack, but does not solve the problem entirely.

Why is this issue critical only for some domain operators?
Domains are operated on a name server configuration known as an authoritative name server. Authoritative name servers are not vulnerable to this type of attack. However, a number of domain operators use servers that are configured both as an “authoritative name server” and as a “recursive name server”. The vulnerability in the recursive portion of the name server can infect the data of the authoritative name server, therefore making the authoritative portion vulnerable.

continue reading: http://www.iana.org/reports/2008/cross-pollination-faq.html

DNS at Risk From Multivendor Cache Poisoning

It's not often that multiple vendors are involved in a single security patch.

Then again few technologies are as widely used or as critical as Domain Name System, or DNS (define), the core Internet protocol that translates domain names into IP addresses.

Security researchers today sounded the alarm, warning DNS server users to update to new patched versions from their vendors to protect against a critical security issue.

continue reading: InternetNews

Who's Really at Risk From the DNS Flaw?

With DNS so vital to the operation of the Internet, security threats to it need to be taken seriously. But when it comes to the recent disclosure of a multivendor DNS cache poisoning issue, who really is at risk? And will the Internet collapse if the issue isn't fixed?
Experts say that while the new DNS cache poisoning issue is very serious, DNS has been threatened before -- and the core structure of the Internet name servers remains ready for such challenges.

continue reading: InternetNews