Generation Interim

As Internet connections become more permanent with broadband access, software will be able to evolve into a more efficient and personalized medium. Currently, most software run from our hard drives and require installations that alter our system configurations, many times slowing down our computers. Because software occupies space and processing power, there is a limited amount of software that can run in our PCs. On the business side, current software systems require many companies to produce a system of distribution (Compac Discs), customer support, and is usually not compatible with all customers, thus limiting its customer base further.

A software evolution is ocurring and it is going to benefit both customers and businesses immensly. Software will no longer come as a packet that needs to be installed on a PC, but rather it will be completely Web based. Web based software will become the default way of reaching customers. Customers will have advantages such as, using unlimited amount of software, using applications regardless of where the person is or which computer he/she is using, software can be personalized and upgraded to meet specific needs to each individual. Businesses will be able to, reduce costs, reach a larger customer pool, taylor its software to diverse markets, repair bugs more rapidly and easily, understand its customer and the way they use their software, etc.

In order for this software revolution to occur in whole, there needs to be a central point. Like Miscrosoft’s DOS in the 80’s, which became the standard choice of operating system to centralize and organize our computer operations, there needs to be an online operating system. As of now, Microsoft has built an empire because of its vision and their dominance in the OS market. However, now there is a window of opportunity to take a large chunk of that empire and possibly eliminate Microsoft’s monopoly of the Operating System. While there are many companies and organizations (Apple, Linux, Lindows) out there trying to take a bite out of Microsoft by competing on the same turf, PC users are accostumed to Windows and will most likely not switch. The opportunity to eliminate this monopoly is to create an Online Operating System. PC users will inevitably move completely online.

An Online Operating System will be the central point of every user in the future. There are online companies who have an inside advantage to this, such as Yahoo!, Google, and AOL, but it can be anyone’s medal, even to a fairly unknown competitor, as was Microsoft when they introduced DOS to the world. In this new concept of Operating System, there can be a larger space of diversity and can be shared by more companies, unlike the current status.

Rafael Sosa has been in forefront of e-business development and digitizing of documents in Puerto Rico. For the past 5 years, he has worked extensively in the construction of websites and internet systems through the integration of an efficient international team. His articles can be found at www.WebArticles.com/

Many products today require some kind of integration with other products:

• Integration with corporate IT infrastructure.
• Integration with other applications.
• Integration with legacy hardware or software.
• Integration with new or up-and-coming hardware or software.

The ability of a software application to work cohesively with other applications or within different flavours of operating systems with very few integration issues is called application sociability.

When you build your application you need to consider whether integration with any of the above product types would add value to or reduce the complexity of your application. Annexing your application to a larger corporate application would add value to it. Using another application’s functionality provided via an interface can reduce the complexity of your application by making another application perform arduous tasks.

== Brand Application Considerations ==

Let us begin by considering the integration of your applications with each other. Imagine that you have two applications:

• A medical patient history application.
• An inventory application for goods.

Why not allow the two to communicate with each other via:

• A database sharing paradigm.
• COM setup
• TCP connection.
• Library/events interface for each application.

You could make the inter-communication of your software applications a saleable upgrade or addition. With your two applications listed above you could allow a doctor to prescribe a remedy through the “Medical Patient History” application that shows a list of remedies currently available requested from the “Inventory Application” held by an in-house chemist. An order can be sent directly to the chemist so that when the patient arrives their prescription it is ready to go.

Consider when building your application what sort of functionality could be useful to future applications you build.

• Does the application incorporate a major interfacing component to some other application or to a web service?
• Is there some kind of specialised functionality or calculation that could be leveraged by another application?
• What sort of integration would allow the user to create macros or scripts to automate your application?

== Latest Technology ==

Integration with the latest technology is a winning strategy for software sales. Consider how many applications were quickly available to interface with Apple’s iPod. Mobile phone technology is another example of successful application integration utilising the latest technology. Part of your integration strategy with new technology should be to choose a programming language that provides integration libraries fairly rapidly after or before a new technological release. Java is one such language with free compilers, libraries and free IDE’s available for download from Open Source archives. The Python language was incorporated into the Nokia 60’s series mobile phones allowing developers to write scripts to customise Nokia phones.

Many vendors of new technology provide free libraries and specifications to their systems to promote the creation of useful applications for their products thus increasing the their product market value.

== Corporate Systems ==

Corporate systems are usually behemoths comprised of off-the-shelf products customised to meet the company’s specific needs and smaller departmental applications built to meet each department’s individual needs.

Departmental applications usually require some kind of integration with their corporate databases. Corporate database connection is a simple integration and need not be considered here except to say you need to know the connection string or interfaces to company data repositories.

How do you integrate with corporate applications though? Applications such as Hummingbirds ‘DM5′ document management system and Telelogic’s ‘System Architect’ provide integration ability through COM objects and published object models. In fact both Hummingbird and Telelogic use Microsoft’s VB6 and VBA libraries to incorporate their own applications into the corporate environment. Applications built for the Apple Mac provide both Apple Events and the use of Python, Java and Cocoa to integrate with Apple applications and the Apple OS.

Integrative applications can:

• Increase the marketability of your applications.
• Make use of current company data.
• Reduce the complexity of your applications by leveraging from functionality provided by extant company applications or other applications you have built.
• Utilise the latest technology increasing the value of both the latest technology and the software you build.
• Provide an end-to-end solution option when your applications can integrate with each other.

Before Gertrude Ederle began her historic swim off of Cape Griz-Nez, France, she
underwent extensive training for endurance and techniqueeven though she was
already an accomplished record-breaking swimmer with Olympic medals to her
name. Outsourcing IT may not garner the same attention as being the first woman
to swim the English Channel, but it is no less important to gather as much
experience and knowledge as possible on a small scale before diving in for the big
swim.

The trend toward IT outsourcing is increasing dramatically. According to a report by
Foote Partners, as much as 45% of North American IT work will be outsourced by
2005. And there are good reasons behind this trend. Bruce Caldwell, principal
Gartner analyst believes companies can generate 20-30% savings through
outsourcing. This substantial savings potential isn’t easily overlooked, yet it isn’t the
number one reason companies are choosing to outsource right now. In a recent
survey by The Outsourcing Institute, the primary reason behind outsourcing is to
improve company focus. Other motives include freeing up internal resources,
accessing top-notch capabilities, and accelerating time to market. The survey also
indicated that 55% of firms who outsource do so within ITmore than any other
area.

As more companies begin outsourcing some or all of their IT function, it becomes
difficult to ignore the competitive pressure. With competitors achieving their IT
needs at 20-30% less cost, and getting ahead in the market because of increased
focus within the company, those who ignore the outsourcing trend could potentially
lose ground very quickly.

At the same time, outsourcing horror stories abound. According to Gartner research
firm, half of the current outsourcing projects will not meet the company’s
expectations and will be considered failures. While the vast majority of these failures
are only minor disappointments where the company decides to outsource to another
vendor, certainly a few are major catastrophes. An anonymous case study in IT
Metrics Strategies discusses a CIO who chose to outsource to beat competitors to
market. The outsourcer had promised to meet a deadline his staff had said was
impossible. When the outsourcer failed, the CIO couldn’t rebuild his team fast
enough to finish the job. In the end, the product never got to market at all.

So how do you secure all the benefits of this outsourcing wave without getting
dragged into the undertow? The key is strategic, selective outsourcing. According to
Corey Ferengul, VP of the IT research firm META Group, an increasing number of
companies are choosing to outsource non-core IT tasks. Common responsibilities
going to third-party providers include Web hosting, call centers, data storage, and
database administration.

“There’s a learning curve and a life cycle to outsourcing,” said Caldwell, “and it can
be expensive finding the right vendor, as well as going through the transitions of
taking your operations to that vendor.” Stable, yet customizable IT functions provide
an excellent training ground for outsourcing. Any function with known benchmarks
for performance and results, as well as available, reliable outsourcing partners is a
good place to start.

Ultimately you may want to outsource your entire IT department, but first you need
to get a handle on managing an outsourced process. Some companies may discover
they don’t need to incur the risks and organizational chaos of switching to total IT
outsourcing. By nimbly carving out and outsourcing small pieces of the IT function
that deliver the most cost and quality benefit, companies may find they are already
receiving maximum savings at minimal risk. However, they will have done some
carefully planned and executed experimentation before making that decision.

Gertrude Ederle once said of the sea “I never feel alone when I’m out there.” The
channel became her ally as she swam her way to England in record time. By starting
on a small, strategic scale, you’ll turn IT outsourcing into your ally rather than a
cold, tumultuous, foreboding sea.

Jenne Wason
Jenne works for The Pythian Group, a leading database management firm.

In this day of supercomputers and advanced computer software we can better protect our civilization by using these systems to predict when and where we are in the most danger of catastrophic devastation from a natural disaster. Flood control districts predict where the most dangerous areas are in which regions are most prone to flooding. Knowing this information in advance helps city planners from making mistakes, which could kill many people.

With the supercomputer modeling of hurricanes, we can better protect from loss of life by issuing early warning mandatory evacuation orders. Such advances in technology are getting better and better and one day we may be able to help modified mother nature ever so slightly in order to prevent a natural disaster from happening in the first place. But for now they are doing an excellent job in helping us predict where our most vulnerable places in our civilization are.

With each new devastating event we learn more. And after the 2005 Atlantic tropical hurricane season, the numerous tornadoes that hit the Midwest in 2005 and 2006, as well as the flooding that has been experienced and as bad as all that was it is now helping us to save lives. Since we collected all the data now we can number crunch in our supercomputers to better predict, pin-points and prevent severe devastation from mother nature’s most deadly natural disasters. Consider this in 2006.

“Lance Winslow” - Online Think Tank forum board. If you have innovative thoughts and unique perspectives, come think with Lance; http://www.WorldThinkTank.net/wttbbs/

In the Java and Oracle world offshoring and remote support are very popular, considering mostly multinational corporations as Oracle Applications clientele. In our opinion Oracle Financials remote support conception should be reformed. The emphasis should be shifted to the companies, providing not just pure offshore support: software development, customizations, extensions, reporting, but to the hybrid Oracle partners, who does Oracle E-Business Suite implementation in their respected countries and regions. Consideration should be given to the consulting experience, not just pure offshore software development formalization.

• Oracle E-Business Suite Implementation. Considering OEBS orientation to the Corporate market and complexity of the Oracle Applications verticals, we assume that Oracle E-Business Suite clients expect consultants to travel to their Headquarters and remote location to provide Oracle implementation and user training.

• Oracle Applications Customization. In both cases - Oracle Application Extension or Modifications, the priority should be given to the Oracle customization and development partner who is specializing in the respected market niche, not to just local Oracle partner

• BPO - Business Processes Outsourcing. This is very popular term, coming and coined in India and probably South East Asia and Philippines. It might sound paradoxical and threatening, but we think this is the future and the trend is solid.

• JDeveloper, EJB, J2EE - these tools are very good candidate for outsourced remote support and software development formalization. XML data streams provide excellent solution for heterogeneous ERP/MRP interchange: IBM DB2/lotus Notes Domino, Microsoft Axapta, Navision, Great Plains, Solomon, Small Business Accounting, RMS and CRM - also referred as Microsoft Dynamics GP AX NAV SL CRM or Microsoft Project Green

• ERP Comparison. SAP, Microsoft Business Solutions, Oracle ERP applications should be compared by independent software MRP comparison firm. Corporate ERP is very serious decision and public corporation or multinationals need consultant help in the MRP selection decision making

Give us a call 1-866-528-0577 or help@albaspectrum.com, skype: albaspectrum, if you need additional information or directions.

Andrew Karasev is technical consultant at Alba Spectrum Technologies (http://www.albaspectrum.com http://www.greatplains.com.mx http://www.enterlogix.com.br), serving clients in Illinois, California, Texas, New York, Florida, Louisiana, Georgia, New Jersey, Washington, Pennsylvania, Ohio, Michigan, Wisconsin, Arizona, Nevada, and having locations in Brazil, Colombia, Chile, Argentina, Germany, Mexico

With the many types of anti-virus software, it is helpful to read a brief description of what the different types do and how they can be beneficial to you and your computer.
Norton Anti-virus

Symantec’s Norton AntiVirus software is perhaps the world’s most trusted antivirus solution. It is available for both Windows PC’s, and Macintosh (Symantec Antivirus for Macintosh - S.A.M). Norton AntiVirus is a very reliable and easy-to-use anti-virus product. It’s the best anti-virus product for catching viruses in downloaded files and E-mail. Norton AntiVirus is also more expensive than McAfee VirusScan although not by much, and the added abilities of Norton can easily make up the difference.

Norton AntiVirus includes many tools that can be run in the background, including watching for suspicious PC activity and automatically checking downloaded files for viruses. Norton AntiVirus is also automatically configured to handle E-mail virus scanning for email messages coming into your computer, as well as those you send. This process automatically scans and cleans both incoming and outgoing email, stopping viruses from infecting your computer or spreading to others. It removes viruses automatically, without interrupting your work and prevents infections during real-time online chats, and also detects viruses in instant-message attachments. Because so many viruses and internet worms are now spread using email and Instant Message Systems, this is extremely valuable and necessary protection.

Norton Installation

Installation is simple. Simply install the CD in your CD drive, and the installer will launch automatically. The installer should ask you if you want to do a pre-install scan of your system for viruses. This is a very good thing to do. Once this is finished, the installation will proceed, and you can accept all the defaults without worry. Once the installation is complete, you’ll be prompted to go online and get up-to-date virus definitions. DO NOT skip this step. Having up-to-date virus definitions is essential to the performance of any antivirus software.

Normal Use

Norton is a very hands-off program. Pretty much it is an install and forget program that looks after itself. It will automatically notify you if there is anything that you need to do. If a virus is found, the software will try to automatically repair the file, if it can’t, it will place the file in a safe ‘quarantine’ zone, and let you know. In addition to looking for known viruses, the Norton Antivirus Bloodhound feature tries to spot new viruses and worms by their behaviour that is common to such nasty programs.

Checking your system and downloading updates are two things you need to do regularly. Norton Antivirus makes them painless by setting up a full system scan once a week and checking for new updates (both to the software, and virus definitions) whenever you’re online. These simple update scans hardly slow down your PC down at all.

Overall, Norton Antivirus is an excellent way to guard against viruses. It is the system that I recommend to my clients most often, and that I use personally.

Learn how to remove blackworm virus and how to easily block trojan horses, spyware, computer viruses, and other malicious software in the future. Growing library of Computer Security Articles

Introduction

The war in Iraq and the War on Terror have changed the focus of all three
levels of government. Federal, state and local government - all three are
seeking better ways to protect themselves, their equipment and data while
working amid pressure-filled and dangerous situations. Of course, security
has been the buzzword on Capitol Hill for some time, but generally speaking, physical security took initial priority, followed by outer system protection through intrusion detection and patch management. Security at the application level hasn’t happened yet and is really the most critical. Attacks are becoming more sophisticated than worms or even viruses, and can shut down entire systems.

There are a lot of ways to monitor and analyze your network traffic and protect it
from Internet intrusions. Organizations commonly use a firewall for network protection.
Although firewall logs often provide a huge information regarding intrusion attempts,
sometimes might be of too much data to sort through when there is a problem you
cannot resolve it quickly. Some organizations also use intrusion detection systems (IDS)
on border routers to analyze incoming traffic for patterns that indicate specific
problems. But firewall or intrusion detection system is used primarily on borders
with the Internet, rather than on internal networks. This is one of reason why
Cisco’s NetFlow came to the rescue.

Netflow Overview
Netflow is a traffic monitoring and analyzing technology developed by Darren Kerr
and Barry Bruins at Cisco Systems. Netflow describes the method for a router
and/or intelligent switch to export statistics about the data flow, and this
built-in feature is found on most Cisco routers (http://www.cisco.com) as well as
Juniper (http://www.juniper.net), Extreme Networks (http://www.extremenetworks.com),
Riverstone (http://www.riverstonenet.com) etc. NetFlow technology
provides the data necessary to effectively analyze trend and baseline application
data as it passes through the network. It can then be exported to a reporting
package and can provide the information necessary to manage critical business
applications.

What is Netflow?
Netflow is defined as a unidirectional sequence of packets between a given source
and destination which means there will be two flows for each connection session,
one from the server to client, one from the client to server. In order to
distinguish flows from one another, the source and destination addresses,
protocol and port numbers are used. The Type of Service and source input
interface index are also used to uniquely identify the flow to which a packet
belongs. A flow is determined to have ended when it has been idle for a specified
length of time, when it has become older than a specified age (30 minutes by
default) or when the flow is a TCP connection a FIN or RST has been sent. The
router may expire flows more aggressively if it is running out of cache space.

A number of router vendors have implemented their version of netflow, but version
5 is now the most common. For a NDE version 5, every single UDP packet contains
one flow header and thirty flow records at maximum. Every flow record is made up
of several base fields and the rest which include: next hop address, output
interface number, number of packets in the flow, total bytes in the flow, source
and destination AS number, source and destination network length and TCP flags
(cumulative OR of TCP flags).

What is Caligare Flow Inspector?
Caligare Flow Inspector (http://www.caligare.com/netflow/cfi.php)
is a unique network software solution for companies,
who need to plan, build, maintain and manage their network and at the same time
keep their network more secure and efficient. Caligare Flow Inspector is a
web-based bandwidth monitoring tool that uses NetFlow data export to provide
detailed traffic statistics that help answer who, what, when, where of bandwidth
usage.

CFI software was engineered to create a secure network-monitoring platform
based on industry standards that will fit your existing security policies.
The results are the ability to monitor in real time, significantly reducing
the time it takes to identify problem and troubleshoot. CFI keeps track of
what is happening in your corporate network, detecting attacks, and warning
you of problematic network users. All information about network activities
are archived in a central database.

Baseline Analysis
A baseline analysis is a model describing what “normal” network activity is
according to some historical traffic pattern; any other traffic that falls
outside the scope of this traffic pattern will be flagged as malicious.
A trend analysis reports
is the most common and basic method of doing flow-based
analysis. In netflow analysis is main focus on records that have some “special
high traffic volume” attribute, especially the value of those flow fields that
deviate significantly from an established historical baseline. Normally there
are two ways to make use of baseline analysis methods: top sessions and top data.

Top sessions
A top sessions means a single host tries to open an abnormally high volume of
connections to a single node or block of nodes. The most reasons for these
activities are worms, denial of service attacks and network scans.

Common clients connecting to the Internet should keep a relatively normal connection
frequency. But if a host is infected with a worm, it will absolutely act different.
It will mostly open a huge number of connections to the destination for its attempts

to infect the next batch of victims.
For the same reason, when a lesser-skilled “script kiddies” is scanning a large block
of addresses for certain vulnerable services, we will see especially high volume
sessions sent out by that single IP address.

We can also use top sessions method to detect many kinds of network abuses, such as
checking the flow records for port 25 connection requests sent out by every single
host in real time. In a given duration, for any host, if the statistics of port 25
requests are above a ‘normal’ value, it could be considered to be a spammer or someone
infected with some kinds of email worm. It would be better for the Internet as a whole
if service providers started using this technology and shut down the spammers upon
detection.

Top data streams
A second method of using baseline analysis is top data. This can be defined as a large
amount of network data transferred in a certain period of time from a single host to a
single destination or block of destinations.

The Top hosts that transfer traffic data to or from the outside in an enterprise should
be ranked into relatively fixed groups. If this pattern changes, and a new host suddenly
appears in the Top hosts matrix, an alert should be triggered.

How to find out if I am being attacked?
Traffic inspection and analysis is a very complex problem. On the market there are many
tools as IDS, network traffic dump or network probes, but lack of them can process big
traffic volume (e.g. 10TB/hour). We decided to use netflow data export (NDE) that is
widely available on most high-end routers for user tracking and real time data flow
analysis. Netflow brings transparent view what is happening in your network. There are
several methods how to detect if “your” network is under attack.

1. Packet size distribution. Many short packets (more than 60%) may signify suspicious traffic.
2. Many connections from single host to considerable destinations.
3. Using reserved or private IP address on the Internet.
4. Excessive number of ICMP messages.

In the latest version of Caligare Flow Inspector software there is implemented packet
distribution statistic. In our company we are using small honey pot network (without any
real stations) for attack analyzing. You can use the following steps to locate the source
of the problem and some tips on how to filter suspicious traffic.

Finding infected stations in your network
NetFlow Inspector software is the ideal tool for detecting worm sources (infected stations)
in your network. Trends menu may be used for this type of analysis. The following example
gives you information on how to find infected stations in your local network.

Log into Caligare Flow Inspector and run the following steps:

1. Select collector that stores netflow data exports (in our case: router R01).
2. In the table selector choose current hourly table.
3. Select statistic: source host distributions.
4. Set source interface (Gigabit Ethernet 1/1).
5. Set destination interface (not Gigabit Ethernet 1/1).
6. Run search query.

After displaying source host distributions you can view top ten source IP addresses
sorted by number of used unique destination IP addresses. These source
IP addresses are candidates on the infected stations.

Check result and select possible infected stations (infected station pool more than
500 unique destinations in most cases). Ignore your servers that are normally heavy
used. Web or application servers normally generate many connections to many destinations.

Write top 5 sources to notebook and then continue to infected station confirmation step.
For each candidate IP address run the following query:

1. Set statistic: destination ports by packet.
2. Source IP address:
3. Run search query.

Check destination ports that are in use by potentially infected station. In most case
(when station is infected) you will see some of following ports: netbios (137, 138, 139),
microsoft-ds (445), ms-sql-s (1433), www (80, 3128) etc (see picture 4).

Now, is a good time to consider if your candidate is infected or not. Decision is
yours, because only you know “your” network and servers. If a station opens more
than 500 unique destination connections to port 1433, this seems like very
suspicious activity.

How to find out who attacked my network?
The infected station tries to open a
connection to all the servers in your network. You can simply locate this attack
by finding the source host that is trying to open a connection to various
destinations in your local network.

Check caption “Finding worm sources in your network” and how to find these source
hosts. Sophisticated worm sources do NOT pool your whole network, but instead
randomly or pseudo-randomly try to open from time to time a single host connection.
Locating these attackers is difficult but NOT impossible! You can use TCP flags and
ICMP tracking. When the attacker tries to open the TCP connection to an unused
destination IP address the TCP SYN flag is set. If the connection is successful
you will see cumulative TCP flags SYN and ACK, if the connection is unsuccessful
you will see only flows with SYN flag. You can count the unsuccessful connections
for every source IP address outside your network and source, the one with the most
of connections found is your attacker candidate. If attacker is using UDP protocol
and pools your whole network, an excessive number of ICMP messages will then be
generated.

How to find out who attacked me?
If you suspect (or know) that your station is victim to an attack, then you probably
want to know who is the attacker. Locating the attacker is simple if source IP address
is NOT spoofed. Select “Trends” menu and use “Source host by packet” statistic. Type in
your IP address (victim) into destination host field and run search query. Result is a
list of source hosts who communicated with you sorted by number of packets. Often the
first host located is the attacker. In case source IP address is spoofed (often used
reserved or private IP address) you can only locate source interface through that
malicious traffic going into your station. You can not filter this attacker if he uses
random source IP address, you can only contact provider or your ISP peer operator.

Protection and Prevention
You can use many protection mechanisms, these are widely available through access
lists on Cisco routers.

1. Create new access list: ip access-list extended
2. Add block rule: deny ip any
3. Repeat step 2 for each attacker
4. Permit any other traffic
5. Check access list rules: show ip access-list
6. Apply access list on source interface: ip access-group in

Example:

 configure terminal
 ip access-list extended block_attacker

deny   ip 10.0.0.0 0.255.255.255 any

deny   ip 192.168.0.0 0.0.255.255 any

deny   ip 80.95.102.33 0.0.0.0 any

permit ip any any

permit pim any any

permit igmp any any

exit
 interface GigabitEthernet 1/1

ip access-group block_attacker in

exit
 

Be very careful before updating access list! On many routers the default rule is drop
any traffic if access list exists. We recommend removing access list from interface then
creating a new access list and reassign it to interface. On picture 3 is the result of
applying access list on our router R01 that was applied at 10:03.

Summary
This attack detection manual has discussed the flow-based analysis of malicious traffic
and abnormal activities. With top sessions and top data methods, network administrators
can simply detect network anomalies in real time more effectively. There is no universal
process on how to find source of attack, but with Caligare Flow Inspector software we may
make your corporate network run better.

Full story with images and examples is on the: http://www.caligare.com/articles/worms.php

Caligare delivers the most intelligent and secure networking solutions in the industry,
and we back the program with our commitment to making our partners successful. We measure
success in terms of customer satisfaction, as well as partner profitability. Caligare is
providing the Linux based software, to provide a solution that dramatically reduces the
cost of providing security, for the midsize and large businesses or agencies. Our goal
is to help our customers get an efficient software tool at a reasonable price.