Domain Name System (DNS) and Cyber Security Vulnerability

DNS- At the Heart of the Internet

It is safe to say that without the Domain Name System (DNS), the Internet would not be the force it is today.

In the early days of the Internet, users trying to reach another host on the network were required to input lengthy IP number strings (e.g., 74.125.45.105- a listed IP address for Google). As the internet grew number strings became more cumbersome and unworkable as most users could not consistently remember the proper sequencing of random numbers.

To simplify this process, a solution was developed based on a data solution (flat file) that related each IP address to a comparatively easy-to-remember common language address (e.g., Amazon.com, U-Tube.com, and Twitter.com) that was easy to remember and provided ease of use.

By the late 1980s, the flat file had evolved to the Domain Name System (DNS) in use today-a system that is open, distributed, and expands as users, enterprises, Internet Service Providers (ISPs) and domains appear on the network. Ease of use and expandability was the goal but, since cyber security attacks and malware were virtually unknown, DNS security was not a priority.

DNS is very effective and works in the background of search activity. Internet users are assured that when they type in a URL or e-mail address, they will be connected to the correct Web site or e-mail box. Many commercial companies developed brand strategies based on this functionality in order to use the Internet’s reach to develop more customers and increase sales/revenue. Most of these companies adopted a.com or.net extension. The Federal government adopted a.gov or.mil extension.

DNS Brand Implications

The functionality of DNS opened the branding world to the Internet. Common names became commonplace brands (e.g. Google, Bing, Amazon, and E-Bay) and powerful strategies were developed to market brands on the Internet.

An entirely new marketing strategy called Search Engine Marketing (SEM) developed whereby keyword searches and positioning on search pages developed into a major industry. Premier placing on the first page of a search engine gave the recipient an advantage for more business versus the competition.

Google became a multi-billion dollar concern by developing algorithms that enabled effective and powerful key word searches. Web based purchases supported by easy, convenient key word searches now account for 20-30% of all retail business and the web based e-commerce market share continue to enjoy strong growth. DNS is an integral part of this success. But as traffic on the Internet grew, the entire net became vulnerable to Cyber attacks. A good portion of this vulnerability can be attributed to the inherent vulnerability of DNS.

DNS is inherently Insecure

The original design of the Domain Name System (DNS) did not include robust security features; instead it was designed to be a scalable distributed system and attempts to add security, while maintaining backwards compatibility were rudimentary and did not keep pace with the skills of malicious hackers. As a result cyber attacks created Internet chaos.

Security may top the list of enterprise and network administrators, but too often the link between security vulnerability and DNS is not understood. In order to enhance security and defend against cyber attacks, government agencies, commercial enterprises and network administrators must acknowledge the importance of DNS to the secure operation of the Internet.

Consequently, any commercial company that uses the Internet for sales, e-commerce, service, marketing or logistics, as well as Internet Service Providers (ISPs) and large, strategically sensitive government networks need to be aware of DNS vulnerability.

As the Internet expands in terms of users, devices and traffic, so does the opportunity for sophisticated DNS mayhem-whether malicious (hacking), aggravating (spam) or illegal (accessing sites containing content that violates legal and regulatory mandates) or devastating denial of service (DoS) attacks..

It became very evident that enterprises and ISPs must protect their users and networks-sometimes from the amateur hacker but increasingly from organized crime and state sponsored cyber terrorism. One of the most vulnerable, critical areas was DNS. Cyber attacks are expected to increase and have a bigger impact as the Internet grows.

The internet is also growing by an order of magnitude and just about every user of the internet is directly affected by the Domain Name System (DNS). The Domain Name System (DNS) is an essential part of the Internet. Many Internet security mechanisms, including host access control and defenses against spam and phishing, heavily depend on the integrity of the DNS infrastructure and DNS Servers.

DNS Servers

DNS servers running the software known as BIND (for Berkeley Internet Name Daemon, or sometimes Berkeley Internet Name Domain), is one of the most commonly used Domain Name System (DNS) server on the Internet, and still proclaims it to be so.

Presently, BIND is the de facto standard DNS server. It is a free software product and is distributed with most UNIX and Linux platforms. Historically, BIND underwent three major revisions, each with significantly different architectures: BIND4, BIND8, and BIND9. BIND4 and BIND8 are now considered technically obsolete. BIND9 is a ground-up rewrite of BIND featuring complete Domain Name System Security Extensions (DNSSEC) support in addition to other features and enhancements. But even with the rewrite BIND, in all versions, remains vulnerable.

A new version, BIND 10 is under development but the effectiveness of it its security features are untested. Its first release was in April 2010, and is expected to be a five-year project to complete its feature set.

Although BIND is still the de facto DNS software because it is included by most UNIX based server manufacturers at no cost, a number of other developers have produced DNS Server software that addresses the inherent weaknesses of BIND. Ratings of these packages can be found on http://www.kb.cert.org/vuls/

Common Vulnerabilities: Cache Poisoning and Distributed Denial of Service

The DNS vulnerabilities open the affected networks to various types of cyber attacks but cache poisoning and DDoS attacks are usually the most common.

Cache poisoning is arguably the most prominent and dangerous attack on DNS. DNS cache poisoning results in a DNS resolver storing (i.e., caching) invalid or malicious mappings between symbolic names and IP addresses. Because the process of resolving a name depends on authoritative servers located elsewhere on the Internet, the DNS protocol is intrinsically vulnerable to cache poisoning. Cache poisoning allows the perpetrator to gain access to proprietary information like bank records and social security numbers.

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is focused on making computer resources unavailable to its intended users. A DDoS consists of the concerted efforts to prevent an Internet site or service from functioning efficiently or at all.

Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as government agencies, banks, credit card payment gateways, and even root nameservers. The term is generally used with regards to computer networks. Of particular concern are DoS or DDoS attacks on large government networks like the Department of Defense or Veteran’s administration networks.

One way of compromising the network for a DDoS attack is through the vulnerabilities of CNS.

Until effective solutions are developed that reduce DNS vulnerabilities cyber attacks will increase particularly as new protocols expand the reach of the Internet.

Internet Protocol Version 6 (IPv6)

It was inevitable that the Internet capacity would be exhausted and it is near that point now.

The Internet is rapidly running out of capacity and solutions in the form of expanded Internet Protocols for this problem may create additional vulnerability. A phenomenon known as IPv4 address exhaustion results and Internet space disappears.

A new Internet Protocol, Version 6 (IPv6), is a replacement for Internet Protocol version 4 (IPv4), as the primary Internet Protocol in operation since 1981. The driving force for the redesign of Internet Protocol was the foreseeable IPv4 address exhaustion. In effect, without new protocols, the Internet will run out of capacity.

IPv6 has a significantly larger address space than IPv4. IPv6 uses a 128-bit address while the present IPv4 uses 32 bits. This expansion provides flexibility in allocating addresses and routing traffic and eliminates the growing need for network address translation (NAT), which gained widespread deployment as an effort to alleviate IPv4 address exhaustion.

IPv6 protocol expansion however, also opens new vulnerabilities for malicious cyber attacks as more and more users and applications gain access to the Internet.

DNSSEC

Some analysts believe that the Domain Name System Security Extensions (DNSSEC) provides an effective and comprehensive solution for DNS vulnerability issues. This is not the case however.

DNSSEC enables the use of digital signatures that can be used to authenticate DNS data that is returned to query responses. This helps combat attacks such as pharming, cache poisoning, DDoS and DNS redirection that are used to commit fraud, identity theft and the distribution of malware but does not guarantee secure data in the system.

It is widely believed that securing the DNS is critically important for securing the Internet as a whole, but deployment of DNSSEC specifically has been hampered by several procedural difficulties not the least of which is the lack of universal deployment and overcoming the perceived complexity of deployment.

Some of these problems are in the process of being resolved, and deployment in various domains is in progress. This may take an extended period of time however and during the process DNS continues to be vulnerable.

Even with the technical limitations, progress in implementing DNSSEC has been slow particularly in the Federal Government. Although the Federal Office of Management and Budget mandated that all government agencies will adopt DNSSEC by December 2009, nine months after the deadline for federal agencies to implement DNSSEC, only 30-40% of agencies have complied.

Government Network Solutions

Today’s complex government networks must deliver the utmost security and reliability to protect against potential national security threats. A poorly architected DNS service infrastructure poses one of the greatest security vulnerabilities for any government network.

Likewise, choosing the wrong DNS solution can turn an otherwise well-architected service infrastructure into a compromised system capable of undermining data integrity and network stability.

Security against cyber attack is mandatory for government networks. More than any other networks, government networks demand the highest level of monitoring and visibility, security fortification, alerting and blocking to ensure appropriate corrective action. Without this protection, National Security and other nationwide infrastructure can be compromised.

Government Networks Have Unique Needs but Face Cumbersome Solutions

Until recently, federal cyber security efforts have been fragmented and cumbersome. Greater attention was paid to time consuming reporting requirements in order to meet standards. Although standards are important for establishing a baseline of security and meeting standards in order to reduce cyber attack damage, overly restrictive reporting requirements diminish their effectiveness.

In many ways, for government organizations, the information superhighway has become a virtual minefield. Government networks face this new global problem as much, if not more than other networks.

Not only do they have to support their users’ performing the tasks necessary to complete their missions with uninterrupted Internet access, but they also have to ensure that this access remains uncompromised. Network administrators must continuously balance the need for open access for critical users against the need to keep the network secure.

When a user at a government organization goes to a Website (on multiple types of networks), they need to know that the content they receive is exactly what they were expecting. And just like subscribers on a Service Provider network, they need to be protected from known and suspected sites used to break into computers. The critically of very large networks and the drive to interconnect agencies make many federal networks particularly vulnerable.

All of this has to be done with the highest possible level of performance and availability. Government organizations also need to be absolutely certain that they can comply with DNSSEC and IPv6 mandates.

The government recognizes is addressing the needs of cyber security. Recent step include the creation of Cyber Command for DOD and Intelligence Agencies, a streamlining by the Office of Management and Budget of reporting requirements and an elevation of cyber security to a priority effort by the administration.

However, progress has been slow. Officials from key federal agencies, including the departments of Defense, Homeland Security and the Office of Management and Budget say they’re moving too slowly to implement most of the 24 recommendations President Barack Obama outlined in his May 2009 cyber policy review.

How to Troubleshoot DNS Problems

Domain Name System (DNS) is a database system that translates a computer’s fully qualified domain name into an IP address.The DNS makes it possible to assign domain names to organizations independent of the routing of the numerical IP address. In other words, DNS is a system that translates domain names into IP addresses. This is necessary because computers only make use of IP addresses yet we use only human readable names since the names are easier to remember than IP addresses.

Setting up DNS in your network does not necessarily require you to become an expert DNS administrator. Setting up a DNS server typically involves configuring the DNS server with DNS zones to administer the DNS domain names in a network, adding DNS resource records for the hosts in your network to your DNS zones, and delegating administration for these zones by creating a delegation from the parent DNS server previously authoritative for a domain name to the child DNS server that is accepting responsibility for a domain name. Lastly, a DNS server administrator should maintain the integrity of DNS zone data by securing the DNS in the network. You can also set up a DNS server from the command line. For more information

To correct DNS settings and troubleshoot DNS problems, you can

1. Run nslookup from a command line is the default dns server the one you expect.

2. use ipconfig /all on client to make sure the client point to correct DNS server and the the DC server points to only itself for DNS by its actual tcp/ip address, and make sure no any ISP DNS listed in tcp/ip properties of any W2K/XP.

3. When the machine loads it should register itself with the DNS. If not, use ipconfig /regiesterdns command.

4. Check Event Viewer to see whether the event logs contain any error information. On both the client and the server, check the System log for failures during the logon process. Also, check the Directory Service logs on the server and the DNS logs on the DNS server.

5. Use the nltest /dsgetdc: domainname command to verify that a domain controller can be located for a specific domain. The NLTest tool is installed with the Windows XP support tools.

6. If you suspect that a particular domain controller has problems, turn on the Netlogon debug logging. Use the NLTest utility by typing nltest /dbflag:0x2000ffff at a command prompt. The information is logged in the Debug folder in the Netlogon.log file.

7. Use DC Diagnosis tool, dcdiag /v to diagnose any errors. If you still have not isolated the problem, use Network Monitor to monitor network traffic between the client and the domain controller.

Under the following situations you may want to reinstall the DDNS in a Windows 2000 Active Directory:
Some weird DNS errors have occurred and clearing DNS information has been unsuccessful.
Services that depend upon DNS, such as, the File Replication service (FRS) and/or Active Directory are failing. The secondary DNS server doesn’t support dynamic updates.

To reinstall the dynamic DNS in a Windows 2000 Active Directory

1. Clear the DNS information.

2. Clear the Caching Reslover.

3. Point all DNS to the first DNS server under TCP/IP properties.

4. Re-add the zones and configure them to be Active Directory integrated.

5. Register a resource record for DNS as well as your start of authority (SOA).

B K Dash [http://www.techs24x7.com] is dedicated to provide latest NEWS and information on Emerging Technology & also we are updating Latest Technology NEWS on our Technology BLOG [http://www.blog.techs24x7.com] to serve the World 24×7 Online…

How to Troubleshoot DNS Problems

Domain Name System (DNS) is a database system that translates a computer’s fully qualified domain name into an IP address.The DNS makes it possible to assign domain names to organizations independent of the routing of the numerical IP address. In other words, DNS is a system that translates domain names into IP addresses. This is necessary because computers only make use of IP addresses yet we use only human readable names since the names are easier to remember than IP addresses.

Setting up DNS in your network does not necessarily require you to become an expert DNS administrator. Setting up a DNS server typically involves configuring the DNS server with DNS zones to administer the DNS domain names in a network, adding DNS resource records for the hosts in your network to your DNS zones, and delegating administration for these zones by creating a delegation from the parent DNS server previously authoritative for a domain name to the child DNS server that is accepting responsibility for a domain name. Lastly, a DNS server administrator should maintain the integrity of DNS zone data by securing the DNS in the network. You can also set up a DNS server from the command line. For more information

To correct DNS settings and troubleshoot DNS problems, you can

1. Run nslookup from a command line is the default dns server the one you expect.

2. use ipconfig /all on client to make sure the client point to correct DNS server and the the DC server points to only itself for DNS by its actual tcp/ip address, and make sure no any ISP DNS listed in tcp/ip properties of any W2K/XP.

3. When the machine loads it should register itself with the DNS. If not, use ipconfig /regiesterdns command.

4. Check Event Viewer to see whether the event logs contain any error information. On both the client and the server, check the System log for failures during the logon process. Also, check the Directory Service logs on the server and the DNS logs on the DNS server.

5. Use the nltest /dsgetdc: domainname command to verify that a domain controller can be located for a specific domain. The NLTest tool is installed with the Windows XP support tools.

6. If you suspect that a particular domain controller has problems, turn on the Netlogon debug logging. Use the NLTest utility by typing nltest /dbflag:0x2000ffff at a command prompt. The information is logged in the Debug folder in the Netlogon.log file.

7. Use DC Diagnosis tool, dcdiag /v to diagnose any errors. If you still have not isolated the problem, use Network Monitor to monitor network traffic between the client and the domain controller.

Under the following situations you may want to reinstall the DDNS in a Windows 2000 Active Directory:
Some weird DNS errors have occurred and clearing DNS information has been unsuccessful.
Services that depend upon DNS, such as, the File Replication service (FRS) and/or Active Directory are failing. The secondary DNS server doesn’t support dynamic updates.

To reinstall the dynamic DNS in a Windows 2000 Active Directory

1. Clear the DNS information.

2. Clear the Caching Reslover.

3. Point all DNS to the first DNS server under TCP/IP properties.

4. Re-add the zones and configure them to be Active Directory integrated.

5. Register a resource record for DNS as well as your start of authority (SOA).

B K Dash [http://www.techs24x7.com] is dedicated to provide latest NEWS and information on Emerging Technology & also we are updating Latest Technology NEWS on our Technology BLOG [http://www.blog.techs24x7.com] to serve the World 24×7 Online…

Why Is Proper DNS Functionality Essential for Website Uptime and Performance?

Whether you are hosting your website on your own server or with a web hosting service, proper functionality of Domain Name System (DNS) is essential for ensuring uptime and performance of your website. Even if your entire web server infrastructure is working fine, a tricky DNS problem can result in an unresponsive site. Thus, it is important to include DNS monitoring in your website monitoring strategy to protect your online presence as well as to enhance end-user experience.

Role of DNS:
DNS is responsible for translating an easy-to-remember website name into its respective IP address of the web server that hosts the site. When a user requests for your website by typing its name in the browser, the DNS infrastructure points it to the address of the web server. If the site is hosted in multiple locations, it will point to the one closest to the requesting user. Once the browser has the IP address of the web server, it will then issue an HTTP request for the web page. Thus, you can see how DNS is crucial in making your website reach your customer.

DNS related issues – what may go wrong:
DNS configuration and resolution is often complex and tricky. Since a DNS resolution includes a series of steps, a problem during any of the steps can fail the entire process.

•Unavailability of DNS server: The DNS server is like any other technological infrastructure that may go down due to scheduled or unscheduled outages. When the DNS server serving information about your website goes down, the client will be unable to get details of your web server to issue an HTTP request.

•Improper DNS configuration: Improper configuration of a DNS server can occur during initial set up of the domain, or later as needs change and configuration changes become necessary. You may have heard about sites not working for users from specific locations. This is the result of erroneous DNS configuration where the DNS servers will not return IP addresses for requests coming from impacted areas. Other configuration errors may result in lost e-mail or complete inaccessibility of the site.

•Latency in DNS resolution: Latency results in slow loading of the site, though your web hosting infrastructure is working perfectly. If a request cannot be served from DNS cache, it has to recursively query other nameservers, resulting in latency. Overload of a DNS server can also result in latency of DNS requests.

•DNS cache poisoning: Local DNS resolvers with less security can often fall prey to an attacker who can insert a fake address record for your domain name into the DNS. Using this, the attacker can tamper with cache records of the resolver to point your domain name to a phishing site. Such attacks are difficult to detect, especially from data centers.

Continuous monitoring of DNS:
When you opt for a website monitoring service, make sure that it also includes monitoring of DNS resolution of your website. DNS monitoring includes a series of tests like HostName test, MX lookup, Reverse DNS, Blacklist check, etc., to ensure that your website visibility is not impacted because of some DNS error. Conducting these tests from multiple locations will ensure that your site is not impacted due to some erroneous DNS configuration, and is working perfectly for users all across the world.

The vitality of proper DNS management increases as the business grows in terms of online presence. Effective DNS monitoring ensures that your website is not facing outages or degraded performance due to DNS related problems.

Enterprises Are Not Taking DNS Seriously

DNS (Domain Name Service) is the key technology in modern IT infrastructures – without it, your business stops. Every single application now relies on DNS in some way or another.

Want to send an email? Your email program uses DNS to find the IP address of your mail server so it can send the email.

Want to print something? Your PC will use DNS to find the IP address of the printer.

Want to access your company’s corporate database? Your application will use DNS to find the IP address of the database server.

DNS acts as a big electronic phonebook that catalogues all the IP addresses of the servers and printers on your network. Without it your PC will struggle to access these other systems.

So when I visit sites that are still running DNS on an ageing Windows NT server under someone’s desk, I am horrified.

In many cases, DNS servers have been deployed in response to a specific requirement – someone needed a DNS server in order to implement a proxy server or a specific application required a DNS server. But as more applications and services are deployed, the DNS infrastructure is often the last thing that is considered. DNS servers and domains have often been deployed without an overall strategy, leading to an unstructured, non-resilient, and badly configured mess.

Install an Active Directory Domain Controller, and it will attempt to resolve the AD domain name in DNS. If you don’t have a DNS server on your network, or it can’t contact one, it will automatically install one on the DC. “Great” you might think, “it’s doing all the hard work for me”, but this is implementing DNS in an ad-hoc approach that might not best suit the business in the long term. For instance, the DC you just installed might be in a remote location or on a network segment that is not resilient. The fact that DNS is running on a DC means that it is not on dedicated hardware, so other applications may impact performance or the availability of the server. Installation of critical Microsoft security updates is crucial but in many cases requires a reboot that will affect the availability of the DNS service running on that DC.

When your infrastructure has grown to rely on DNS servers co-hosted on Microsoft servers, it soon becomes apparent that applying Microsoft security updates and service packs impacts the availability of not just that single DC, but every application that relies on DNS. Reboots have to be meticulously planned in order to determine which applications will be affected, and to ensure that those applications can reach backup DNS servers. Without adequate planning of the DNS infrastructure, you start to discover incorrectly configured application servers that have no secondary or tertiary DNS servers configured, or have servers configured that no longer run a DNS service. Furthermore, without any monitoring, you may discover servers where the DNS service has stopped or crashed.

These misconfigured systems only become visible when a DNS server fails or is rebooted for maintenance, and the impact can range from a minor inconvenience (the CEO can’t get his email) to disastrous (a bank’s trading floor suddenly incapacitated for 15 minutes while the stock market is falling).

In order to prevent these issues from impacting the availability of the DNS service, some larger enterprises are starting to take their DNS infrastructures seriously by taking a holistic approach. This involves making an individual or team responsible for the entire DNS infrastructure and deploying dedicated DNS server appliances that are managed by that team. Taking this approach enables the “DNS team” to arbitrate between different projects’ DNS requirements and ensure that a structured approach is taking to the configuration of new DNS domains and servers. Quite often, companies will deploy an IP Address Management (IPAM) product to help them manage the assignment of IP addresses and automate updates to the DNS environment.

Unfortunately these companies are in the minority rather than the majority. Too often DNS is seen as a service that belongs neither with the networks team nor the server nor application teams, and so often “falls between the cracks”. For such an important service, it simply isn’t good enough.

I believe that taking a holistic approach to your DNS infrastructure will help improve application availability:

o Nominate a person or team who is responsible for the DNS and can support and co-ordinate DNS requirements from different projects

o Use dedicated servers or appliances to reduce outages due to maintenance

o Place DNS servers in your data centres or at the core of your network (e.g. make sure they are “well connected”) so everyone knows which servers to use

o Ensure all your WAN links are resilient

o If you have locations where this is not possible, you may need to consider installing a local DNS server

o Ensure the server/appliance hardware you install is resilient

o RAID 1 disk mirroring or solid state storage

o Dual PSU’s (connected to different power feeds)

o UPS

o Ensure the server has out-of-band management capabilities to assist with upgrades and troubleshooting (RILO, DRAC etc.)

o Monitor the DNS servers to ensure they are operating within normal parameters

o Graph CPU and memory utilization, network throughput, DNS availability and DNS queries per second

Following this approach will enable you to reduce DNS outages to a minimum and provide a higher level of service to your business.

Setting Up a Secure Wireless Network (PART 2)

In part one I explained why you need to secure your wireless network. I’m glad you came back to part two. Let’s get started. I am going to use a Buffalo Nfinity wireless router for this demonstration. The thing to remember is that what I am going to show you here can be done on any wireless router. You may have to check your documentation to find where the settings are for what you are trying to accomplish in the web interface of your router.

Note: If this is a used router the first thing you need to do is reset it. Find the documentation for detailed instructions on doing this. It will set your router back to factory defaults. It is usually just a matter of pressing the reset button on the back of the router.

If your router came with a setup disk feel free to use it to set your network up. Once it is complete please continue with this document to make sure it did everything is was suppose to.

DISCLAIMER:
While every reasonable precaution has been taken in the preparation of this document, the author is not responsibLE for errors or omissions, or for damages resulting from the use of the information contained herein. The information contained in this document is believed to be accurate. However, no guarantee is provided. Use this information at your own risk.

The first step is to setup your router. Please follow the getting started documentation that came with your router. If you do not have documentation go to the manufacturer’s web site and download it. If you do not want to do that you basically do this. Set the router up and do not plug it in. Unplug the network cable from your computer going to the modem and move it to the router in the port labeled WAN. There will be five ports on the back of your router. This will be the one that is setting by itself. Next, plug an Ethernet cable from any of the four open ports on your router and connect it to your computer.

Just to make sure there are no issues, reboot the modem. After it completely boots plug in the router and let it boot. After about a minute you should be able to access the Internet.

First we need to configure the router. You will need to find the documentation for your router for this next step. You need to find the IP address of the router. All manufacturers have a default IP address for their series of routers. Linksys uses 192.168.1.1, NetGear uses 192.168.0.1 and the default IP Address of the router I am using is 192.168.11.1. If you cannot find the documentation try this. Click on the Start button and then choose Run. Press the Enter key. A DOS window will open. Type ipconfig and press Enter. The ip address of you computer will be displayed. Normally, the IP address of your router will be the same as the first three octets off your IP address and the final number will be a 1. For example, if your IP address is 192.168.1.2 your router’s IP address will be 192.168.1.1. Some routers have the default IP address that ends in 254. If you can’t find the IP address of your router, in the DOS window type tracert http://www.google.com and press Enter. The first line will show the IP address of your router.

Open Internet Explorer, or better yet FireFox ,and in the address bar enter the IP address of your router and press Enter. You will be asked for a user name and password. Again, this is in your documentation. If you do not know, or cannot find the documentation go to a site that list the default usernames and passwords for popular routers. Those links are available in this article posted on my site. After successfully passing credentials to the router the configuration interface will display. Let’s look at the status of your router. Find a tab or link that shows, your guessed it, the status of your router. The one on my router is labeled System Info. This page shows your IP Address, Subnet Mask, Default Gateway and the DNS servers. Check out my website posted below and find the article labeled “Understanding the Terminology You will find it in Articles” if you would like to know what all those terms mean. You should see something like this.

You are ready to make your first change. You will set a password on your router. You don’t want them to be able to change the settings you are about to make. You should set a fairly strong password, in other words, no words found in the dictionary, a minimum of 8 characters, upper and lower case and at least one number. This will make it secure. To test your password go here and see how strong and see how strong it is. Find the page to set the router password. Mine is Admin Config. You normally cannot change the administrative user name, but you can change the password. Type in your password, then verify it, then press the button to save it.

The next thing you need to do is set the name of your wireless network. This would be changing the field labeled SSID . Mine is in a section labeled Basic Wireless Configuration. Set this to anything you want. You may not want to set it to your last name if you have people around you that may try to crack your network if they know it is yours. I personally do not care about that so I set mine to HAG. Set the name and apply it. The router will reboot and place you back on that screen.

This is the name that will be broadcast to clients looking for a network. If it is secured they will be asked for a key. Without the key they cannot connect to the network. It is more secure to not broadcast your SSID, but that is not part of part one. If you want to strengthen your network just keep reading. For now, just allow the SSID to be broadcast. It will make connecting a client to it much easier if you have not done this before.

The final, but most important, piece of part one. You need to choose an encryption type for your network You will have a large number of choices, way too many to cover here. I will just give you my suggestions, and tell you which ones to not even consider, and why. Find the Wireless Security section of the router web interface. Mine is Wireless Security Settings. Here is where it gets confusing. You may see the terms WEP, WPA, WPA Pre-Shared Key, WPA2, WPA personal, WPA Enterprise, WPA2 Personal, WPA2 Enterprise, TKIP, AES, RADIUS and No Encryption. Which one do you choose? There are going to be a bunch of different opinions on this one. You want to choose the strongest one. This will vary from user to user, and you may have to back the encryption down, but I’ll tell you how and why. First, what do all these acronyms stand for? Here we go:

WEP (Wired Equivelancy Privacy)
WPA (Wi-Fi Protected Access)
WPA2 (Version 2 of WPA)
TKIP (Temporal Key Integrity Prtotcol)
AES (Advanced Encryption Standard)
RADIUS (Remote Authentication Dial-In User Service)

Which one(s) to choose:

No Encryption (Answer that one yourself)
WEP (The lease secure. Avoid using it if possible)
WPA (Good)
WPA2 (Best)
TKIP (Good)
AES (Best)

Sounds pretty cut and dry doesn’t it? WPA2-AES. That is the first one you will want to try. Here is going to be the problem. If the wireless card you are using does not support it then it simply won’t work. If this is the case drop back to WPA2 -TKIP. Does it work? No. Try WPA-AES, then WPA-TKIP, then lastly WEP. You may also see TKIP+AES. This is fine. It will try AES first, if not successful drop back to TKIP automatically. For WPA and WPA2 use the personal settings. Enterprise and RADIUS require other hardware and is meant for what it says, enterprises.

That is only one part of this. The other is the key strength. In WEP you will have a choice of 64 bits 10 hex digits and 128 bit 26 hex digits. What is a hex digit? These are hex digits 0-9 and A-F. Hexadecimal is base 16. If you add the digits between 0-F you will have 16 digits. I got off track there, but if you didn’t know, now you do. In WPA and WPA2 you will be presented with either a pass phrase, or shared key. Try to use a minimum of 8 digits, letters, upper/lowercase and words not found in the dictionary, but preferably 20 or more. I use WPA-AES with a 25 digit/character password.

Once you do this you have a secure network. You can now attach a wireless client to it to test it. This test will allow you to see if your network card will support the encryption you chose. If it will not connect start backing the encryption down as described above.

I’m going to show you how to connect using Windows Wireless Network Connection tool. If you are using a third party tool, like Broadcom Wireless Lan tool the Windows tool will not be available. To make it available you need to close the third party tool. Right click on it in the system tray (The tray by the clock) and exit the tool. If this is not available try this:

Right click on My Computer and choose Manage.
Click the plus (+) next to Services and Applications.
Highlight (Click) on Services.
To make it easier to see click on the Standard tab.

Look for the service that is handling your wireless connections. Mine is Broadcom Wireless LAN Tray Service. Right click on it and choose Stop.

Now that you have no services managing your wireless connections, while still in the services window, go down to Wireless Zero Configuration . Right click on it and choose Start. You have now enabled the Wireless Network Connections tool.

Note: When you reboot, or log off, these settings will be lost. If you want to keep them you will have to disable the service for the third party tool and make sure Windows Zero Configuration is set to Automatic.

Right click on the wireless icon in the system tray and choose View Available Wireless Networks.

You will now see all the wireless networks with range of your wireless card. If you live in a well populated neighborhood don’t be surprised to see a lot of them. Some of them will probably be unsecured.

Just for the fun of it try to connect to it. You will be informed that you are connecting to an unsecured network. If you click Yes you will be connected to your neighbors network. Disconnect if you do that since we are going to connect you to you secured network. Highlight (Click) on your network and choose Connect.

You will be asked for your network key. Enter the key, press the Tab key, then enter it again. Once you are done click on the Connect button.

You will be connected to your secure network and can now surf the net.

The key word here is You! You are the only one connected to your network.

This concludes PART2 If you would like to strengthen your security please read PART3. I hope to see you there!

A direct link to this article, complete with images and links to the tools mentioned can be found at TechAlternatives

We help you Discover Your Choices

Affordable SEO Quick Fix in Minutes

Have you got a sound business concept but just don’t know how to generate good traffic to your website? If you are in search of an affordable SEO quick fix, simply follow these 7 tips.

1. Checker Your URL

First, type your web address into your browser with and without the “www [dot]”. You should be able to pull up your website with and without the www, however, both versions should take you to the same web address. In other words, if you type in your domain name without the www, you should be redirected to your domain, with the www. Google sees the www version and the non-www version of your site as two different web pages. If they don’t resolve to the same address, you could get hit with a duplicate content penalty.

2. Don’t Use “Home Page”

Once you log into your site, check the title that is listed in the upper left hand corner of your web browser. Make sure it’s an actual title and that it contains your keywords. Hint: “Home Page” is not a very effective title tag.

Many small business owners use their company name as the home page title. And while you can incorporate your company name, your keyword phrase should be given priority. For instance, if you manufacture pillows and mattresses and your company name is Slumberland, a good title would be Pillows and Mattresses by Slumberland instead of just settling for the title Slumberland.

3. Use Keyword Rich Titles

After checking your home page title, click through to the other pages in your website and check their titles in the upper left hand corner of your browser. Each page should have a unique title tag. You also want to incorporate your keywords into each of the interior pages title tags. Google does consider your title tag when determining the subject matter of your web page.

4. Make Sure Your Page Loads Quickly

Next, clear out your browser’s cache (on your browser’s menu bar, click Tools, Clear History). This will take all of your web pages out of your computer’s “storage” and ensure that you load a new, fresh page. Once your history has been cleared, reenter your domain url into your browser, but this time, pay attention to how long it takes for your home page to load. And then visit some of your interior pages and pay very close attention to load times.

Google’s new algorithm takes page load time into account, and if your page loads slowly, it can be penalized. Ask your webmaster to remove any unnecessary images, to consolidate style sheets and reduce DNS calls to speed up your web page. If you’ve designed your site yourself, make sure your images have been reduced to 72dpi and, if you want to change the dimensions of a graphic on your web pages, you’ll need to resize the graphic in your image editor (i.e. Photoshop). If you simply change the height and width measurements in the image tag, the entire image will need to be loaded and then resized by the web browser, which will actually slow down your page load time.

5. Use Image Alt Tags

And while we’re on the topic of images, make sure all of your images utilize ALT tags. Now I’ll admit, this is purely speculation on my part, but since Google’s new algorithm seems to be looking at the “professionalism” of websites, taking advantage of usability techniques can only help. Remember, your image ALT tags are meant to aid in usability and not aid in keyword stuffing.

6. Publish Original, High Quality Content

Take an honest, unbiased look at all of the content on all of your web pages. Is it something your target market truly wants to read? Do each of your web pages provide useful, high quality information? Avoid regurgitating the same PLR content you’re your competitors are using. Google’s new algorithm gives preferential treatment to high quality, unique content.

7. Find Relevant Links

Try to build up as many links into your website as possible. But put the vast majority of your link building efforts on getting relevant links. You’ll get a better SEO advantage from 4 incoming links from relevant websites than 40 links from off-topic sites.

And here’s a final bonus tip. Take a look at how your page will display in the Google search results page. It’s easy to do – just copy a complete sentence from your web page and paste it into Google surrounded by quotation marks. With any luck, your site should come up as the first listing. You’ll be able to see exactly how your site is listed in Google. Take a good look at the description. Is it compelling and enticing? Would it make you want to click through and read the rest of the web page? If not, make any necessary changes to your description tag. Then repeat this process for each of your web pages.

Reasons To Purchase Domain Names And How To Do It

Being easily identifiable is important, whether it’s for business or personal reasons. Over the internet, business entities are recognized and known by their domain names. Domain names are identification strings that represent administrative authority or control online and are formed by the rules and procedures of the Domain Name System or DNS.

The purpose of a domain name is mainly to be used for naming and addressing specific applications or used in various networking contexts. Generally, however, a domain name represents an internet protocol resource like a personal computer used to access the internet or a server hosting a website for example. They are organized in subordinate levels, with the first level being the top-level domains or TLDs like .com, .info, .net and.org.

Next in line would be the second and third-level domains that are reserved for those who want to connect to local area networks, create publicly accessible internet resources or run websites on their own. So now that we know what domain names are, why does one need to purchase them and how can we benefit from it? For one, domain names make it easier for browsers to find, access and view websites by simply typing the URL into the search bar. Without a domain name, you may have to type in the websites IP address instead, which is a series of numbers that can be difficult to remember.

Another good reason to purchase a domain name is to improve visibility, as well as help with your marketing efforts. In line with this, you will need to choose a domain name is short, sweet and easy to remember so that customers and search engines can easily find you online. The perfect domain name also gives you credibility and authority online and makes you come off as legitimate and professional and therefore one company customers will want to do business with.

The third reason to purchase domain names is to protect your identity and to establish brand protection. It also prevents your competitors from registering your identity and using it for less than ideal purposes. Before actually purchasing your domain name, run it by a reputable domain name checker online to make sure the domain name you want is available and register it with an accredited domain name registrar to make your purchase official.

It is also recommended that you shop around for your best options since this isn’t exactly something that comes cheap. Domain name registration can cost anywhere from $8.00 to $35.00. Once you’ve decided on the domain names you want to purchase, make sure that you are able to locate and communicate with the owners to save time. You also need to check if the contact details are listed on the site and if they aren’t, you can use the “who is” directory to look them up.

Once you have contacted the owner, ask if the domain name is for sale but don’t make an offer. If you are a first time entrepreneur, you can contact the owner directly but if you’ve gained some semblance of success, it is advisable not to contact them directly since the price will be based on your status. If you can afford it, you can hire a small law or PR firm to negotiate in your behalf.

Remember, a good domain name can bring in more traffic and make it easier for the search engines to find and rank you. Domain names are a solid investment so make it work and invest in the best location you can afford.

Top 6 Tips to Avoid Identity Theft While Shopping Online

Online shoppers are getting savvy these days and they expect the online shopping experience to be seamless. However, malicious programs that steal your personal information have grown from 1 million in 2007 to about 130 million. On top of that, there are almost 12 million identity fraud victims in the US, annually. How can you avoid being a victim? Keep yourself safe online while shopping by using these 6 tips for avoiding identity theft.

Avoid the Lure

Phishing is a term I’m sure you’ve heard before, but what does it really mean? Just as a fisherman will bait his hook with a tasty worm, so will cybercriminals bait e-mails with tempting offers in an attempt to have you divulge sensitive information such as usernames, passwords, and credit card details. The “bait” is a malicious link in an e-mail that leads to a spoofed website. Avoid getting caught by not clicking any links in the suspicious e-mail, by not giving out any sensitive information via e-mail, and by looking in the lower left hand corner of most browsers. There you can find a preview of where the link will take you.

Get Protection for Your Computer

An unprotected computer can be infected by malware in as little as five minutes while connected to the Internet. Protect your computer and yourself by purchasing anti-virus software. Free anti-virus software is better than nothing, but go for a paid product that performs automatic scans and updates its threat database several times per day.

Use OpenDNS

Every website has a human-readable web address (like http://www.google.com ). It also has a computer-readable address, known as an IP address (74.125.30.105). Your ISP’s DNS server does the translation. What it doesn’t do is protect you from phishing. OpenDNS blocks phishing websites from loading on your computer using data from Phishtank, a community site.

Create Strong and Unique Passwords for Every Site

Check out this list of the most hackable passwords on the internet:

password
123456
qwerty
Pet Names
Place of Birth
First Names (of family members or partner)

I am going to show you how to create a very strong password and it will be easy to remember. Create or pick a random sentence, now remove the spaces from the sentence, and then begin to change letters for numbers and change capitalization. In this case, an example is worth a thousand words:

An example is worth a thousand words – My initial sentence
Anexampleisworthathousandwords – I’ve taken the spaces out
An3xample1$worth1oooWurd$ – Now I’m substituting numbers and symbols for letters
N3xmple1$worth1oooWurd$ – Continue the process until you have a strong password
An online password checker rated this as “Best” (the highest rating available).

Find the Padlock

Locks are great for protecting valuable items from theft, which is why you should always look for the padlock in your browser while shopping or banking online. Look in the address bar for the padlock and “https:” prefix. Those items mean that your connection to the website is encrypted, usually with 256 bit encryption.

Avoid Public Networks

Public networks don’t encrypt their connection so a cyber criminal could be intercepting your passwords and credit details. Save your online shopping for when you are on your own secured network at home.

Avoid the crowds and hassle by shopping online but be smart. Put these 6 tips into practice to enjoy a seamless shopping experience and avoid becoming a victim of identity theft.

Webmasters Beware – How A Popular Ebook Saved My Website – Be Prepared For This Inevitable Disaster

About eight months ago I bought a website package on eBay for the princely sum of £2. I knew absolutely nothing about websites to the point where the sellers advertisement said that domain was “not included” and I did not even understand what a domain was all about, so I emailed the seller and asked him for more information. I never got a reply, looking back I can now well understand why. No doubt he thought that I am not going to sell anything to this idiot as he is going to be trouble with a capital T!!

Nevertheless I was about to retire and had heard stories of people making millions on the internet so I just thought that I would stick my toe in the water and see what happens, after all what’s 2 quid and who knows I might just hit the jackpot!!.

The offer was a fully functional popular ebook store with 50 ebooks and to make the offer even more attractive there was the offer of free silver hosting included for one year.

Even though the price was so low I must admit that fear and trepidation was making me wonder if I had lost control of my normal common sense approach to anything. None of us like to be conned regardless of the amount of money involved. I suppose that another nagging doubt was the fact that the seller was based in China!! Incidentally the offer also included help with setting up the website.

Anyhow I sent the guy his money and in return very speedily got my popular ebook store. Without much hassle I finally understood that I had to get a domain and that really was no problem including the DNS setup. There were a lot of files from China and the first thing was apparently to set up the database in cpanel. Seemed easy enough but something went a bit wrong somewhere so I decided to take up the offer from Mr China and asked for a bit of help. In no time I had my popular ebook store all set up with instructions how to administer my cpanel and admin pages.

I spent days studying and clicking to find just what did what.

Like all newbies I was now on the infamous internet learning curve. Ftp, html, php, list building, linking, logos, Google rankings, SEO, those people with websites will know exactly what I am talking about.

After a few months of intense study, and I mean intense, things started to come together a bit and my fledgling website was nothing like the basic layout that I started off with. I now had about 200 items displayed with the addition of popular software as well as the popular ebooks. I was quite proud of my website.

THEN!!…..One day I typed in my site url and to my horror I was looking at my basic website layout just as it was when I bought it!! Off went an email to Mr China and I was quite confident that in no time the server would have a backup of my site……Not on your Nellie…..back came the reply that it was my responsibility to undertake backups, apparently they had had a problem with their server and I suspect that I wasn’t the only casualty. That was no consolation however. Two months plus of hard work down the drain, I was as sick as a pig.

I was not going to give in, some of the files were on my computer so off I went again trying to get the website back to its former glory. To cut a long story short I was able to recover, in fact, after a lot more work I managed to get my popular ebook store ranked in Google PR3 (And rising?!?!?) Things were looking really great….Google was sending me traffic……Customers were buying my products……I’ve cracked it I thought!!

WRONG!!……

On another bright and sunny day I logged into the website and was greeted with “syntax error on line 53 unexpected }” I was surprised but not unduly concerned as I had had warnings like this before, usually after I had done some html or php addition. Previously I found the fault and repaired the code. This time was different, I had not done any alterations. And after many hours I could not find the problem. I found what I thought was line 53 but there were no} symbols anywhere in the vicinity!!

Off went another email to Mr China but this time no reply. Strange because normally he comes back to me within 24 hours. For this reason I got the feeling that this wasn’t just my problem, this was a major server problem.

Things got worse. For some unknown reason I typed my site name into Google and there was my page name OK but underneath was a warning saying something like “access to this website site might damage your computer!!! What the hell is going on!!

I clicked on the warning and was informed that there was something malicious on my website. I was totally wrecked. I certainly had not put anything like that on there. I did not know what to do next.

After a lot of thought I accessed my cpanel which fortunately had not been affected and downloaded a backup of all my files. By now I had a good idea what was wrong so I ran the whole lot through my virus checker.

Four files were infected and the nasty virus could not be healed, they had to be binned. They were major files like index.php. Now after my previous disaster I had done cpanel backups but like most things in life you tend to say to yourself I’ll do that tomorrow.

When I checked the backup it was months ago, doesn’t time fly. That would mean again doing hours and hours of work to get things back. As fate would have it I got a reply from Mr China telling me to replace all my files on the server, so he did know what had gone wrong!!

When I sent him another email asking if I could put a virus checker on my website he replied no, only the server can do that but not to worry as the IP addresses of the persons doing the damage had been banned. I thought that’s not very comforting, suppose they use another IP address!!

Anyhow, I then suddenly remembered I had read a copy of a popular ebook about this very situation and I had followed this writers advice, thank god.
I put into effect the recovery, step by step and “voila” my website was back to it’s previous state. Clean and safe.

I contacted Google and a few hours later the nasty warning was removed.

Alls well that ends well…..but if you have a website would you be able to recover a similar situation in the minimum of time? Probably not.

Every website owner should have a copy of that important popular ebook because rest assured it’s not a question of if it happens to you it’s a question of when!!

The name of the popular ebook that saved my website was….”The Insider’s Guide To Website Protection”

I certainly learnt a lot from the unfortunate experience but it will not happen again, I will always be protected in future!! My advice to any webmaster, follow the steps in that popular ebook that saved me.