Wednesday, October 13, 2010

Apache 2.2.0 bring?


The new Apache 2.2.0 What are the major changes? Must be very concerned about open-source enthusiasts, while certainly do not want to know immediately whether the need to upgrade to new version. Issue Forum on the answers to these questions for you.

Apache 2.2.0 is the Apache httpd server is a major release, it contains a number of significant changes. Many changes are made to improve the existing modules, but there have been many new modules and features many aspects of the operation was improved. The new 2.2.0 version is not just an updated version of existing software. Many of the code is new, or made significant improvements and expansion to provide additional functionality, or extend or simplify existing properties.

Apache2.2.0 changes

Profile

Apache's configuration file so that the user has been a love-hate relationship. Some users like the whole, all the configuration information in a file approach. Others prefer to split into multiple files configuration file, use the import system to insert specific configuration information. Although this does not affect the configuration, but the use of multiple files easier to understand this approach, but also more convenient because it allows you to put a single virtual host configuration information into a single file.

Apache version of the default configuration file is a whole type, often contain many users do not use or do not understand the instructions, and will not change some of the instructions. Some Linux versions (such as Gentoo) has been split in this default configuration file. Now this is the standard version of a standard feature.

Retains the main httpd.conf file. In addition, the configuration file to selectively include the following elements of the standard configuration file: server pool management (multi-processing module (MPM) configuration), multi-language error messages, detailed directory listing, language settings, the user local directory, the user requests / configuration real-time information (/ server-info and / server-status), the virtual host configuration, the use of the Apache manual, Distributed Authoring and Versioning (WebDAV), a variety of default settings, SSL configuration.

Authorization / authentication module

Although the authorization and verification itself has not changed, but offers this feature of the module is rebuilt, and in some cases been re-under the name of the specific requirements in order to load Zu Jian Jian Hua. Also added a new module, through LDAP (mod_authnz_ldap) to provide authorization.

Standard authorization modules have been changed so that the module name and the authorization of these modules to provide some consistency between the type. For example, the original mod_auth module has been split into mod_auth_basic (now earmarked for HTTP authentication) and the mod_authn_file module (provided through the file in order to verify the back-end interface). Module prefix is now recognized that these modules in the authorization / verification process role.

mod_auth_ * indicates that the module for HTTP authentication mechanisms (such as mod_auth_basic and mod_auth_digest so); mod_authn_ * indicates that the module back-end authentication mechanisms (such as the mod_authn_file and mod_authn_dbm); mod_authz_ * indicates that the module authorization mechanisms (such as mod_authz_dbm and mod_authz_host); mod_authnz_ * indicates that the module for authentication and authorization are two mechanisms (including the new mod_authnz_ldap module).

Proxy / cache module

Additional load balancing module: mod_proxy_balancer mod_proxy proxy for the main module provides load balancing services. Load balancer through two ways: the number of requests count and weighted flow meter, so that requests to work process (worker) distributed between. Count count only the number of requests for the request and then distributed to all the work request process, until each process is handling the same amount of work requests.

The number of weighted meter works with a simple count of the same request, but the process can be single weighted, so some of the work process of the implementation process the request more than the other. Can follow the byte, rather than follow the simple request to be configured, so the user can configure a work process to handle the number of bytes that the process of twice the other, despite coming from a more likely number of Shao's actual request.

Cache modules (mod_cache, mod_disk_cache and mod_mem_cache) has never been considered to be a complete module, but there are many organizations already use these modules without any problems. However, these modules are now considered to have a quality of the environment can be used in production. There is also a new procedure called htcacheclean, it can clear the cache of the document database of documents. The program can run independently, can also be run as a daemon, it can provide statistical data on the size of the cache directory.

Filter Module

mod_filter module function has been expanded to allow the criteria to run under conditional filters. This changes the original model: According to the configuration instructions AddOutputFilter, or slightly more flexibility under the AddOutputFilterByType configuration command only to filter the document unconditionally.

Now, we have created a suitable filter chain (filter chain) - the output from the filter chain to deal with each filter, rather than for specific file types to add a specific filter. This requires a statement of available filter types, if necessary, should declare the source needs (file type) and the applicable filters.

In order to give detailed examples of standard documents, the server side include (SSI) directive Yuanyou style filter method from "AddOutputFilter INCLUDES. Shtml" to read:

FilterDeclare SSI

FilterProvider SSI INCLUDES resp = Content-Type $ text / html

FilterChain SSI

Filter chain enabled us in a specific point in the chain to increase the filter can even specify: According to a particular condition, remove a filter. For example, you may want to increase the output for all SSI, unless such output is Common Gateway Interface (CGI). You can be achieved through the following means: for this chain increase the SSI filter, but the request CGI script, remove the filter.

Database Support

Apache module in the database support function previously required to prepare the code to build a wrapper for the code to gain access to the database. For example, if you want to increase by MySQL or PostgreSQL SQL-based authentication mechanism, then the module must provide their own SQL database interface. Programming and performance issues make it into a solution is not ideal.

Apache now provides mod_dbd module, it uses standard interfaces to provide the database connection. The module uses apr_dbd interfaces, which also means that the database connection can be used by providing connection pooling, thread environment. This should help to improve the flexibility of the database environment, and improve the database connection of the modules need to have performance.

Note: This is not applicable to dynamic website database accessible solution, but in the future, we may provide connectivity through the block-based interfaces (such as mod_perl and mod_php) to provide this feature.

Module Development

Used in conjunction with the Apache build custom modules, you need to back-end aspects of the interface some changes in order to develop certain characteristics. Release Notes provide more detailed information, but the basic changes include the following: Connection error log feature simplifies the recording and have access to the error message; be configured test, the test configuration hook provides test results; for thread-based MPM, can change the stack size; protocol processing on the output filter. Order and filter system changes have maintained the same, the filter can now be the correct type of output to 璁剧疆 the responsibility to mod_filter; monitor linked to the module to automatically request periodic 鎵ц or press the implementation of the plan tasks; regular expression interfaces has changed , Perl-compatible regular expressions (PCRE) library has been upgraded to version 5.0, support for regular expression functions header file and regular expression functions have been changed; new DBD framework of the simplified interface, with SQL databases, but should be use their own custom systems to modify the module.

Any use of these features of the modules should be upgraded accordingly.

Procedural changes

Support the Apache httpd server process has added some small improvements. First, an additional httpd command line option should be to simplify the debugging module availability. Now you can always use the-l command line option list httpd run-time code in the built-in modules.

If the module is added to the configuration file directives, usually by using the-L command lists the supported command line option to determine whether the module has been loaded, but this method is not foolproof.

The new-M command line option lists all the modules, static link to httpd server module and configured to share the LAC set according to the module. Module type (static or shared) will be displayed.

Upgrade or wait?

Today, users still face a common problem: an upgrade to the new version? Or continue to use the current version and install the software?

On the one hand, Apache 2.2.0 only performance is very stable, fully tested patch version of the Apache httpd project. Apache 2.0 branch of the first official version: v2.0.35 is released in April 2002. Despite the many flaws and patches, Apache 2.0 series, and no major problems. So, in theory, version 2.2.0 is actually stable, fully tested version of an updated version.

However, the changes authorized by the module will get some for use without further testing of the 2.2.0 version of the disturbed. Of course, the configuration change means in a production environment before using Apache 2.2.0, its first in the test server (staging server) on the test - if your site relies heavily on Apache authentication and authorization functions driven, but also to test .

If the development and installation of custom modules for use with Apache software, and immediately moved to the new version should also be careful. Regular expression engine and API changes will require some re-development work. If the module uses the SQL interface to connect to MySQL or other database, then the priority should be to use the new mod_dvd interface, rather than their own customized solutions. However, to stress once again: this is only affecting the use of the technology module, will not affect the dynamic driven applications.

Therefore, the current selection is: Apache 2.0.55 is the latest stable 2.2.0 version before, Apache 2.2.0 is the latest official version, Apache 1.3.34 is the latest Apache 1.x version.






相关链接:



Super Effective 99% Sterilization Mouse



Red Hat, JBoss founder and prospects may LEAVE doubt



BenQ-Siemens alliance in name only waveguide waveguide front continued hard



U.S. Export Control Policy Toward China Brewing Adjustment



modesty ASIDE the samsung s3550 shark 3 is really



Modern shipbuilding process



Simple File AND Disk Management



MainMenu> Preprocessor> MaterialProps> Mooney-Rivlin> DefineTable Where?



VOB to Zune



ASF Converter



brief SERVER Applications



High-quality C + + / C Programming Guide - Chapter 11 references the experience of other programming



MAC and IP addresses tied to theft are no longer



Easy to use Printer



VOB to MPG



Tuesday, October 12, 2010

The number of SLM earnings


Implementation of service level agreements (Service Level Agreement) of the process can bring real benefits for the organization. Bearing in mind the following tips can make you from the service level agreements to maximize the benefits of the implementation.

IT services for the management of the organization and its customers manage, service level management deals with how users needs are properly understood and management. Service Level Management covers and planning, monitoring and reporting on a range of services related to management activities. Now, we're going to explore how to evaluate service level management. First, we describe may be required for the effective implementation of the minimum service level management of data and evaluation criteria; then cited the success of data collection and evaluation of key factors; then, the key factors for monitoring and evaluation are discussed. To be able to better cost performance to ensure service quality, IT service organizations must themselves have a better positioning.

1, service level management revenue

Good service level management can give organizations the implementation of great benefits.

- Harmony between users and IT organizations, the relationship - good service-level management of the implementation of the most important benefits brought by IT organizations is that the user has established a good image of the eyes. It sounds like trivial, but in fact is very important. Poor implementation of service level management in IT and erected large barriers between users. A service level agreement is between IT and users, and to obtain the relationship between a given contract, the user should clearly state their needs, IT must use their resources to provide services to meet customer demand, two-up must dutifully Caixing .

-IT operational effectiveness - the implementation of service level agreements have the advantage of IT to assign adequate resources to meet the real needs of our customers. IT service level agreements to remind what is the true business requirements, without wasting resources on unnecessary services, or to customers with too complex or advanced services to customers can not accept. I have seen many IT organizations. Spent a lot of money in technology products, has ignored the real needs of customers.

- Increase customer satisfaction - users of computing resources any acceptable level of service beyond his expectations, he certainly will be very satisfied. With the SLA, IT will have a chance to set the service level can be achieved. IT can improve service for customers more satisfied.

2, data and evaluation needs

For effective service level management is concerned, it needs the most basic data and evaluation requirements what is it? The successful collection of data and evaluation requirements of these key then what is it? Next we will discuss this topic.

- System configuration data. - Constitute a system of such data, including hardware, software and installation of various systems components, the system connection diagram and how to integrate the interaction of various components of the data. This information is a proper understanding of service-level goals to be achieved in the necessary information.

- System operations had cost - including the systems required to do all kinds of transportation cost factors, such as: staff costs, hardware, software and supply costs, maintenance costs and support in terms of class power, air conditioning and other environmental costs.

- Service-level evaluation - and the evaluation of service-level objectives should be clearly stated in the SLA, which includes: industry standards and with the historical data cf.

I suggest the following aspects to evaluate the service level management:

- The ultimate customer satisfaction rate - through the investigation stage approach to ask whether the user satisfaction with the services provided by IT organizations.

- To achieve service level objectives - a model study IT organization can often achieve the SLA service level objectives set forth in the evaluation.






Recommended links:



MKV to MOV



RMVB to MP4



RM to AVI



Why and how to clone windows hard drive



Wednesday, September 29, 2010

How to remove a user's password and then stood back to


Software environment:
1, Windows NT4.0 + ORACLE 8.0.4
2, ORACLE installation path: C: ORANT

Requirements Description:
1,? ? ?

Implementation:
SQL> conn system / manager

SQL> select password from dba_users where username =''USER1''; (user name must use capital letters)

Results: 1F8E5A929B6861AC (this is the user's password)

SQL> alter user USER1 identified by aaa; (change the user's password is aaa)

SQL> conn user1/aaa (connected to the user on the ,???)

SQL> implementation you want to do ...

SQL> conn system / manager

SQL> alter user USER1 identified by values''1F8E5A929B6861AC''; (change back to the original password)






Recommended links:



Report Dictionaries Education



Taiwan's UMC case: killing monkey to scare?



MKV TO MP4



RFID: the area of product security tool



Open-source Framework For Thinking About [2]



Who is "Green Dam" in Pay?



Comment Recreation



"Dragon Century: The Origin Of" Game Of The Background Qunari People



RMVB to MP4



3G2 to MOV



New Personal Interest



h.263 To ac3



CSS Syntax Guide (4) text fill, borders, boundaries and location of the property (2)



XTools provoke the industry division of ADVERTISING on CCTV



The secret of growth



introduction Kids Education



New changes in PMP certification exam



Intrusion Detection Terminology Keys



With the IDS (Intrusion Detection System) is speeding the development of the terminology associated with the rapid evolution of the same. This technology to share with you some IDS terminology, some of which are very basic and relatively common, while others are some uncommon. As the rapid development and a number of IDS IDS manufacturer's market power, different manufacturers may use the same terminology that different meanings, leading to the precise meaning of certain terms out of whack. Therefore, the paper will try to include all the terms are entered.

Alerts (alert)

When an intrusion is occurring, or attempts occurred, IDS alert information system will issue a notification system administrator. If the console with the IDS system with one machine, alert information will be displayed on the monitor may also be accompanied by voice prompts. If the remote console, then the alert will be built into the system through the IDS method (usually encrypted), SNMP (Simple Network Management Protocol, is usually not encrypted), email, SMS (short message) or more of several methods of mixed mode delivery to the administrator.

Anomaly (anomaly)

When there is an event with a signal to match known attacks, most IDS will alarm. One based on anomaly (anomaly) of the IDS activity will then construct a rough outline of the host or network, when there is a profile in this time of the incident outside, IDS will alarm, such as it was done he had not done before the When, for example, a user suddenly get the administrator or root directory permissions. Some IDS vendors as heuristic function this way, but a heuristic IDS should judge their reasoning has more intelligence.

Appliance (IDS hardware)

In addition to those existing systems to be installed up the IDS software, the shelves in the market can also buy a number of existing IDS hardware, just that they can access the network application. Some of the available IDS hardware including CaptIO, Cisco Secure IDS, OpenSnort, Dragon and SecureNetPro.

ArachNIDS

ArachNIDS developed by Max Visi an attack signature database, it is updated dynamically, for a variety of network-based intrusion detection system, and its URL address http://www.whitehats.com/ids/.

ARIS: Attack Registry & Intelligence Service (Registration and intelligence service attacks)

SecurityFocus ARIS is provided an additional service that allows users to anonymously connect to the Internet network to the SecurityFocus submitted to the network security incidents, then the data will SecurityFocus and many other participants in the data, which eventually form a detailed network safety statistical analysis and trend forecasting, publishing on the web. It's URL address http://aris.securityfocus.com/.

Attacks (Attack)

Attacks can be interpreted as trying to infiltrate the system or bypass the system security policy, to obtain the information, modify information, and destroy the target network or system functional behavior. The following lists the IDS can detect the most common types of Internet attacks:

鈼?attack type 1-DOS (Denial Of Service attack, denial of service attacks): DOS attack is not a means to destroy a system by hackers, security, it is only paralyze the system, the system refused to provide services to its users. The categories include buffer overflows, by flood (flooding) run out of system resources and so on.

鈼?attack type 2-DDOS (Distributed Denial of Service, Distributed Denial of Service attack): a standard DOS attacks use a lot of data from a host to attack a remote host, but can not send enough packets to achieve the desired The results, thus gave rise to DDOS, or distributed from the host over a target to attack, run out of the remote system's resources, or failure to connect.

鈼?attack type 3-Smurf: This is an old-style attack, but also occur when an attacker use the target's camouflage the source address of broadcast address to the implementation of a smurf amplifier ping operation, then all activities will be to target the host response to interrupt the network connection. Here are 10 smurf amplifier reference URLhttp: / / www.powertech.no/smurf/.

鈼?attack type 4-Trojans (Trojan): Trojan attacks on the term comes from the ancient Greeks used the Trojan Trojans, Trojans, in the possession of the Greek soldiers, when the Trojans arrived in the city, the soldiers on the Trojans to the city and its emission Residents attack. In computer terminology, it refers to those who had the form of legal process, in fact, those who harbor malicious software software. Thus, when the user runs the legal program, in unknowingly, malicious software was installed. However, because the majority of this form of malicious programs are installed remote control tool, Trojan quickly evolved into the term refers specifically to such tools, such as BackOrifice, SubSeven, NetBus, etc..

Automated Response (automated response)

In addition to sound the alarm on the attack, some IDS can automatically defend against these attacks. There are many ways to resist: First of all, you can re-configure the router and firewall, reject that information flow from the same address; secondly, by sending reset packets off the network connection. But these two methods have the problem, an attacker can in turn use to re-configure the device, which is: by posing as a friendly address to attack, then IDS will configure routers and firewalls to reject these addresses, so was actually "own people" refuse service. Send a reset packet method requires an active network interface, so it will be placed under attack, a remedy is: to make activities within the network interface in the firewall, or use special contracting procedures to avoid the standard IP stack needs .
CERT (Computer Emergency Response Team, Computer Emergency Response Team)

The term is reflected by the first computer emergency response team selection, the team at Carnegie Mellon University to establish their computer security incident response, take action. Many organizations now have a CERT, for example CNCERT / CC (Computer Network Emergency Coordinator in China center). Because some lack of clarity in the word emergency, many organizations use the term Incident to replace it, creating new words Computer Incident Response Team (CIRT), the computer incident response team. response handling the word is sometimes used instead, which means that emergency response action, rather than long-term research.

CIDF (Common Intrusion Detection Framework; common intrusion detection framework)

CIDF in a bid to standardize to some extent, the intrusion detection, developed a number of protocols and application program interface, so that intrusion detection research projects to share information and resources between the Nenggou, and intrusion detection components can also be reused in other systems. CIDF the URL address is http://www.isi.edu/gost/cidf/.

CIRT (Computer Incident Response Team, Computer Incident Response Team)

CIRT is evolved from the CERT, CIRT represents a security incident in the philosophy of understanding change. CERT was originally a computer specifically for a particular emergency situation, but in terms CIRT incident indicates that not all incidents are necessarily emergencies, and all emergencies can be seen as incidents.

CISL (Common Intrusion Specification Language, Common Intrusion Specification Language)

CISL is CIDF between the components communicate with each other's language. As the agreement is CIDF and interface standardization attempts, so that intrusion detection CISL research attempts to standardize the language.
CVE (Common Vulnerabilities and Exposures, Common Vulnerabilities and Exposures)

On the vulnerability of an old problem is in the design of scanner or coping strategies, different manufacturers on the vulnerability of the title will be completely different. There are some loopholes in the definition of a Chamber of Commerce produced a variety of features and applications to their IDS systems, thus giving a false impression, as if their products more effective. MITRE created CVE, will be standardized vulnerability names, participating manufacturers also logical development of IDS products in accordance with this standard. CVE's URL address is http://cve.mitre.org/.

Crafting Packets (custom data packets)

Create custom packets, you can avoid the usual requirement of some data packet structure, thereby creating a data packet to deceive, or makes the computer receiving it I do not know how to handle it. Create a custom packet program available Nemesis, its URL address is http://jeff.chi.wwti.com/nemesis/.

Desynchronization (synchronization failure)

desynchronization The term originally refers to the sequence number of ways to evade IDS. Some IDS might expect it would have puzzled the serial number, which will lead to re-construct the data. This technology is very popular in 1998, is now obsolete, and some articles to desynchronization this term to mean other IDS evasion method.

Eleet

When hackers write vulnerability development process, they often leave a signature, one of the most notorious one is the elite. If eleet into digital, it is 31,337, and when it refers to their ability, elite = eleet, said the elite. 31337 is often used as a port number or serial number. Popular word "skillz".

Enumeration (list)

After passive research and social engineering work, the attacker will begin to list on network resources. List is the active exploration of a network attacker to found what is and what can be made use of. As the present action is no longer passive, it is likely to be detected. Of course, in order to avoid being detected, they will quietly as possible.

Evasion (dodge)

Evasion is to launch an attack without being detected by IDS successfully. The trick is to let them see only one aspect of the IDS, but the actual attack is another target, the so-called out at large, stealing a march. Evasion is a form of information packages for different set different TTL (effective time) value, so the information through the IDS looks like a harmless bit of information in the sound than the TTL to reach the target host is TTL needs to be short. Once through the IDS and close, friendly part will be lost, leaving only harmful.

Exploits (exploits)

For each vulnerability, have exploited this vulnerability to attack mechanism. In order to attack the system, the attacker exploits the preparation of a code or textbook.

Will exist for each vulnerability exploit the implementation of the mode of attack, this method is the Exploit. In order to attack systems, hackers will write exploits.

Vulnerability used: Zero Day Exploit (zero-day exploits)

Zero-day exploits is not yet understood and is still running amok exploits, that this type of vulnerability has not been found using the current. Once a vulnerability found in use by the network security community, and soon there will be a patch for it, and write the characteristics of IDS identification information, to make use of this loophole is invalid, and effectively capture it.

False Negatives (omitted)

Omission is not an IDS to detect attacks or analysts considered harmless.

False Positives (false positives)

False positive is the actual sound of the issue has been detected as IDS attacks.

Firewalls (Firewall)

Network security firewall is the first hurdle, although it is not IDS, but the firewall logs can provide valuable information for the IDS. The principle is based on the work firewall rules or standards, such as source address, port, etc., will block out dangerous connection.

FIRST (Forum of Incident Response and Security Teams, Incident Response and Security Team Forum)

FIRST is an international government and private organizations together to exchange information and coordinate response actions Alliance, the annual FIRST be a high priority, and its URL address is http://www.first.org/.

Fragmentation (fragment)

If a packet was too large to load, it had to be divided into pieces. Slice based on the network MTU (Maximum Transmission Units, the maximum transmission unit). For example, the tablets ring (token ring) the MTU is 4464, Ethernet (Ethernet) the MTU is 1500, so if a packet from the tablets were transferred to the Ethernet ring network, it will be split into smaller fragment, and then rebuild at the destination. While this deal will result in reduced efficiency, but the effect of fragmentation is still very good. Hackers will slice as a way to evade IDS, and there are some DOS attacks are also used Segmentation.

Heuristics (inspiration)

Heuristics refers to the use of intrusion detection in AI (artificial intelligence, artificial intelligence) thinking. IDS actually use heuristic theory has emerged about 10 years, but they are not enough "smart", an attacker can train it and make it lose sight malicious information flow. Some IDS uses to detect abnormal pattern of invasion, such IDS must be constantly learning what is normal for the event. Some producers think this is very "smart" IDS, so they will be seen as heuristic IDS. But in fact, the real application of AI technology to the analysis of input data is also very little IDS.

Honeynet Project (Honeynet Project)

Honeynet is a learning tool, is a security flaw in the network contains. When it is under security threat, the invasion of information will be captured and accepted analysis, so that hackers can learn some things. Honeynet is a professional organization of more than 30 security members, dedicated to the understanding of hacker groups using the tools, tactics and motives as well as share their knowledge of the project. They have established a series of honeypots, provides a seemingly vulnerable Honeynet network, observe the intrusion into the hacking of these systems to study the hacker tactics, motivation and behavior.

Honeypot (Honey Pot)

Honeypot is a system that contains the vulnerability, which simulates one or more of vulnerable hosts, to provide an easy hacker targets. Since honeypots have no other tasks to be done, all connection attempts should be regarded as suspicious. Another use of honeypots is their real goal to delay the attacker attacks allow an attacker to waste time on the honeypot. At the same time, the initial targets are protected, the real value of the content will not be violated.

Honey Pot is one of the original purpose of gathering evidence for the prosecution of malicious hackers, it looks like there are "trapped" feeling. However, in some countries can not use honeypots to collect evidence to prosecute hackers.
IDS Categories (IDS category)

There are many different types of IDS, the following breakdown:

鈼?IDS Category 1-Application IDS (Application IDS): IDS application for some special applications found invasion of the signal, these applications usually refers to the more vulnerable applications such as Web servers, databases and so on. There are many original focus on the operating system host-based IDS, although not for the default application, but can also be trained, used in applications. For example, KSE (a host-based IDS) can tell us in the event log is doing, including the event log report on the application's output. An example of an application IDS is Entercept's Web Server Edition.

鈼?IDS Category 2-Consoles IDS (console IDS): In order to apply collaborative environment IDS, distributed IDS agents need to report information to the center console. Now many of the center console can also receive data from other sources, such as other producers of the IDS, firewalls, routers. The integration of these information can be presented a more complete picture of the attack. Some of the console will also add their own signatures to the agency-level console, and provide remote management capabilities. This IDS product has Intellitactics Network Security Monitor and Open Esecurity Platform.

鈼?IDS Category 3-File Integrity Checkers (File Integrity Checker): When a system's threat of attack, it often will change some of the key files to provide continued access and prevent detection. Additional information for the key documents through summaries (encrypted hash), you can periodically check the file to see if they are to be changed, thus providing a guarantee to some extent. Once such a change is detected, the integrity checker will issue a warning. Moreover, when a system already under attack, the system administrator can also use the same method to determine the extent of the system at risk. File Checker before the incident occurred after a long time to come out to intrusion detection is "hindsight", the recent number of products can be accessed in the document, while on inspection, can be seen as a real-time IDS products. Such products are Tripwire and Intact.

鈼?IDS Category 4-Honeypots (honeypots): on the honeypot, as already introduced. Examples of honeypot Mantrap and Sting.

鈼?IDS Category 5-Host-based IDS (host-based IDS): IDS on multiple sources of such systems and event log monitoring, suspicious activity. Host-based IDS, also known as host IDS, the most suitable for detection of internal staff who can be trusted and have to avoid misuse of the traditional testing methods to infiltrate the network activities. In addition to the completion of a similar event log reader function, host IDS is also on the "event / log / time" for signature analysis. Many products also contain heuristic function. Host IDS for almost real-time work, the system errors can be quickly detected, technicians and security people are very like it. Now, host-based IDS is that based on server / workstation all types of host intrusion detection system. Such products include Kane Secure Enterprise and Dragon Squire.

鈼?IDS Category 6-Hybrid IDS (Hybrid IDS): The structure of modern switched network intrusion detection operation to bring some problems. First, the default state in exchange for network card in promiscuous mode does not allow the work, which makes the installation of traditional network IDS is very difficult. Second, the high speed of the network means that many packets will be discarded by NIDS. Hybrid IDS (Hybrid IDS) is a program to solve these problems, it will raise a level of IDS, a combination of network node IDS and Host IDS (host IDS). Although the coverage of this solution greatly, but taking into account the resulting huge amount of data and costs. Many network servers only critical to retain mixed-IDS. Some manufacturers to complete more than one task are called IDS Hybrid IDS, in fact it is only for advertising effects. Hybrid IDS products CentraxICE and RealSecure Server Sensor.

鈼?IDS Category 7-Network IDS (NIDS, Network IDS): NIDS on all flow through the monitoring agent to monitor network traffic for suspicious activities and unusual features include activities to respond to attacks. NIDS was originally mixed with the IDS filter information packet sniffer, but recently they have become more intelligent and can decipher the agreement and to maintain state. There NIDS products based on the application, just install and can be applied to the host. NIDS attack on the characteristics of each information packet analysis, but under high load in the network, or to discard some packets. Network IDS products are SecureNetPro and Snort.

鈼?IDS Category 8-Network Node IDS (NNIDS, network node IDS): Some network IDS is not reliable at high speed, the load will be discarded after the high proportion of their network information packet, and switching network will often hinder the network IDS to see to the mixed packet transmission. NNIDS the NIDS functions entrusted to a separate host, thus alleviating the high speed and exchange issues. Although NNIDS and personal firewall features similar, but there are differences between them. To be classified as NNIDS personal firewall, an attempt should be made of the connection. For example, unlike many personal firewall found in the "trying to connect to port xxx", a NNIDS would have done any of the probe characteristics. In addition, NNIDS will host the event received is sent to a central console.

NNIDS products BlackICE Agent and Tiny CMDS.

鈼?IDS Category 9-Personal Firewall (Personal Firewall): a personal firewall installed on a separate system, preventing unwanted connection, either incoming or out to protect the host system. Be careful not to confuse it with NNIDS. Personal firewalls are ZoneAlarm and Sybergen.

鈼?IDS Category 10-Target-Based IDS (target-based IDS): This is not a clear one IDS terminology, different people have different meaning. One possible definition file integrity checker, while the other is the definition of the network IDS, which is only for those who are looking for and protected as vulnerable to attack by the characteristics of the network. The purpose behind this definition is to improve the speed of IDS, because it does not search for those unnecessary attacks.

IDWG (Intrusion Detection Working Group, Intrusion Detection Working Group)

Intrusion Detection Working Group's goal is to define data format and exchange information on the procedural steps, the information is for intrusion detection systems, response systems, and those who need interaction with their management systems are important. Intrusion Detection Working Group to work with other IETF organizations.

IDWG the URL address is http://www.ietf.org/html.charters/idwg-charter.html.

IETF's URL address is http://www.ietf.org/.

Incident Handling (event processing)

To detect an intrusion is just the beginning. More generally, the situation is, the console operator members will Buduan to receive alerts, with a fundamental Wufa separate the time to personally track every potential incident, the operator will be in the interest of the event Shangzuo Chu Biaozhiyibei future You Response Team to research. After the initial reaction, you need to deal with the incident, that is, such as surveys, debates and issues like the prosecution.

Incident Response (incident response)

On the detection of the initial response of potential events, then these events according to event handling procedures.

Islanding (island)

Island is to the network is completely cut off from the Internet, which is almost a last resort, and no way of approach. An organization only in the large-scale virus outbreaks or security attacks are very obvious when using this tool.

Promiscuous (mixed mode)

By default, IDS can only see out of the host network interface information, which is the so-called non-promiscuous (non-promiscuous mode). If the network interface is a mixed mode, you can see the segment in all of the network traffic, regardless of its source or destination. This is necessary for network IDS, but may be used by packet sniffer to monitor network traffic. Exchange-based HUB can solve this problem, see the place full of traffic, will have a number of cross (span) port.

Routers (router)

Router is used to connect different subnets center, they work in the OSI 7 layer model of the transport layer and network layer. The basic function of the router is a network packet transmitted to their destination. Some routers have access control lists (ACLs), allows packet filtering unwanted information out. Many routers can log information to their injected into the IDS system, providing access to the network blocked attempts to valuable information.

Scanners (Scanner)

Scanner is an automated tool that scans the network and host vulnerability. With intrusion detection systems, they are also divided into many types, the following were described.

鈼?Scanner Type 1-Network Scanners (network scanner): network scanner on the network search to find all the hosts on the network. Traditionally, they use the ICMP ping technology, but this approach can easily be detected. In order to become hidden, there are some new technologies, such as fin ack scan and scan. Use of these scanners is another more subtle advantage: different operating systems on these scans have different reactions, thus providing an attacker with more valuable information. An example of this tool is nmap.

鈼?Scanner Type 2-Network Vulnerability Scanners (network vulnerability scanner): network vulnerabilities scanner network scanner a step forward, it can detect the target host, and highlight all the loopholes for hackers to use. Network vulnerability scanner for attackers and security experts to use, but will allow IDS systems often "tense." Retina of such products and CyberCop.

鈼?Scanner Type 3-Host Vulnerability Scanners (host vulnerability scanners): such tools as a privileged user, from the internal scan host, password strength testing, security policy and file permission and so on. Network IDS, Host IDS particular it can be detected. Such products are SecurityExpressions, it is a remote Windows vulnerability scanners, and can automatically repair vulnerabilities. There are as ISS database scanner, will scan the database vulnerability.

Script Kiddies (script kiddies)

Some are much-vaunted Internet security breaches, such as the February 2000 denial of service attacks against Yahoo, is the number of teenage students dry, they dry the purpose of these bad things seem to fame. Security experts often to these people as script kiddies (Script Kiddies). Script kiddies are usually spontaneous, less skilled cracker, they use the information downloaded from the Internet, software or scripts on the target site for destruction. Hacker organizations or law enforcement authorities have expressed contempt for these script kids, because they are usually unskilled, there are a lot of time to carry out his hand, destroy, their purpose generally is to impress their friends. Script kiddies is like holding a rush of children, they do not understand ballistics, do not have to be able to manufacture firearms, can become a powerful enemy. Therefore, whenever they can not underestimate the strength.

Shunning (hide)

Equipment is configured to avoid the border to reject unwanted packets to all, and some even refuse to escape all the IP addresses from certain countries, the information packets.

Signatures (feature)

IDS is the core of signatures, which allows IDS to trigger when the event occurs. Feature information is too short will always trigger the IDS, leading to false positives or wrongly reported that the work is too long will slow down the rate of IDS. Some features will be supported by the number of IDS IDS as a standard of good or bad, but a feature of some commercial products cover many attacks, and some manufacturers of these features will be listed separately, which would give the impression as if It contains more features, a better IDS. We must be aware of these.

Stealth (hidden)

Hide is the IDS in detecting attacks from outsiders can see, they often use outside in the DMZ, not firewall protection. Some of its shortcomings, such as automatic response.






相关链接:



To expose the fraud: WinRAR to compress 775MB 13.4MB



MKV to MOV



Simulation of snow-CorelDRAW Versus Photoshop



Teach you from complex background using Photoshop cutout dress



MPG To DivX



Digital China to enhance profitability yet ready to fight a protracted war



Cottage IN China



HOW to short-term consultants into your team



Convert to 3gp 3



Guide Calculators And CONVERTERS



3GP to FLV



Who is knocking the Door of opportunity?



Articles about Web Or Video Cams



How to change your personalized JSP EXTENSION



Tuesday, September 14, 2010

Modern shipbuilding process



Modern shipbuilding process

1, Ship Lofting

1. Linear Setting: Setting out points by hand and machine (computer) setting out, manual setting out the general 1:1 ratio of sample units required to occupy a great area, needs greater human and material resources, currently less used; machines, also known as mathematical lofting Lofting , relying on advanced technology software for lofting the hull, the higher the accuracy of mathematical lofting and does not take up space and personnel, now more widely used machine lofting.

2. Structural Setting, expand: Setting out on the structure, expand and draw the appropriate process model, like rods.

3. Blanking sketch: draw the corresponding blanking draft.

Second, hull steel pretreatment: The pretreatment of steel surfaces to eliminate stress.

1. Steel Correction: General mechanical method, namely, multi-folder roller straightening machine, hydraulic machine, steel straightening machine.

2. Surface cleaning: a. mechanical descaling method, such as shot blasting shot blasting rust law and so on, now more widely used; b. pickling descaling method, also called chemical rust removal, through chemical reactions; c. hand-rust law, first-class tool with Lang Percussion rust

Third, component processing

1. Edge processing: cutting, cutting, etc.;

2. Cold and hot processing: elimination of stress, deformation, etc.;

3. Forming: hydraulic bed, frame bending machine.

4, the hull assembly: Hull (parts) assembly, the combination of blending the various components that we need space for a variety of shapes.

5, hull welding: the shape of space after the assembly to become permanent by welding an integral whole.

6, tightness test: test various types of dense, such as the color test, ultrasound, X-ray and so on.

7, the ship into the water: the water after the basic shape and design of all sizes line the following sizes are flooded.

1. Gravity into the water: general method for the slipway into the water, by weight, and sliding speed of ships into the water;

2. Buoyancy into the water: the general form of dock;

3. The machine into the water: for small and medium ships, by dragging or lifting equipment into the water.

8, ship outfitting: a comprehensive system to carry out outfitting, mooring systems, aircraft equipment, electrical equipment, control equipment and other work.

9, the ship pilot: mooring test, tilt test, trials (fully test the performance of the ship).

10, Delivery acceptance.







Recommended links:



News about Office Suites And Tools



Input text input is also on the all-powerful plug



Customize The "Send To" Menu



REALPLAYER iphone



Kabbah: careful tuxedo (TUX)!



Aspect-oriented (AOP) and object-oriented (OOP) [3]



Mkv



Nokia's enemies



Green Dam How unfortunate?



Service in the end after?



Guo Wei, CEO of God Code: I not only more chaos Chuluanbujing also More exciting



CONVERT avi mp4



Youtube Vob



EASY to use Adventure And Roleplay



"Chino conflict" Comment



Tuesday, July 27, 2010

To change the rules of the game change our lives who is lying on P2P?


P2P is a great technology, though many people understand it as the edge of technology, but now was a great application. As a new network computing technology, P2P's purpose is to connect different computer networks together, and make full use of the Internet and the Web site of any place of idle resources. It is user-centered, all users are equal partners. Thousands of kilometers through the P2P users can share files on the hard disk, directory and even the entire hard drive. Everyone shared their view, the most valuable thing on the Internet which will greatly enhance the value of information. This means direct communication between users, the Internet to share and realize the dream of freedom, it changes the Internet of existing rules of the game has changed our lives.

P2P for spiritual inspiration with the world of computer enthusiasts continue to develop new software systems to enhance the flow between people. Success Group or proposed "narrow world, unite humanity" slogan, in its push for Ework system Sheng Li, P2P technology has begun to shine. P2P technology enables the server bandwidth required is very small, all services through the P2P network of many nodes to complete, in this regard to remove the burden on the server, it also makes the transmission of voice as the direct and rapid, greatly improved voice quality and video quality (Ework can be adapted to the 30K minimum bandwidth). Ework鍚屾椂鏁村悎浜嗗嵆鏃剁煭娑堟伅銆佹墜鏈虹煭淇°?鐢靛瓙閭欢銆乸c涓庣數璇濅簰閫氥?PC涓庝紶鐪熸満浜掗?锛岃棰戜細璁?杩滅▼杩炴帴銆佸叕鍛婃澘绛夊姛鑳斤紝鎴愪负涓?釜澶х殑浜ゆ祦骞冲彴銆?br />
銆??P2P鎴愪负涓?釜鍙e彿鍚庯紝璁稿杞欢绯荤粺鍧囧0绉拌嚜宸遍噰鐢ㄤ簡P2P鎶?湳銆傜旱瑙侾2P甯傚満锛岄櫎浜哖OCO銆丱penext涔嬪锛岃繕鏈夊緢澶氳?鐗屽拰鏂板叴鐨勮蒋浠跺叡鍗佸嚑绉嶅潎浜嚭浜哖2P鐨勬棗甯溿?鍏朵腑鍏嶈垂浜у搧涓昏鏈塒OCO銆並uGoo锛堥叿鐙楋級銆乪zPeer锛堟槗杞斤級銆佺櫨瀹濄?QQ Messenger銆丒work 涓汉鐗堛?KDT涓汉鐗堬紱鏀惰垂浜у搧鍒欏寘鎷琄uro銆丱penext銆丳P鐐圭偣閫氥?Ework浼佷笟鐗堛?QQ銆並DT浼佷笟鐗堛?

銆??闅忓悗锛屾洿澶氱殑鏂板叴鐨勫嵆鏃堕?璁骇鍝佷篃寮?澹扮О閲囩敤P2P鎶?湳锛屼笉杩囬偅鍙槸涓?釜鍙e彿锛屼絾鐪熸搴旂敤鐨勫嵈涓嶅銆?br />
銆??鐮旂┒鑰呰涓猴紝P2P鐨勫簲鐢ㄥ簲璇ヤ富鍔ㄩ泦涓湪浠ヤ笅浜斿ぇ鍔熻兘涓婏紝杩欎簲澶у姛鑳芥槸锛氭枃浠跺叡浜?鍗虫椂閫氳銆佸崗鍚屽伐浣溿?瓒呭ぇ瑙勬ā鍗忓悓璁$畻銆佹悳绱㈠紩鎿庛?涓嶇鏄粈涔堣蒋浠剁郴缁燂紝濡傛灉瀹gО閲囩敤P2P鎶?湳锛屽繀椤诲湪涓婅堪鍑犳柟闈㈡湁涓婁匠琛ㄧ幇锛屽惁鍒欎笉瓒充互璁╀汉淇℃湇銆傛湁浜哖2P涔嬪悗锛屼綆鎴愭湰鐨勫崗鍚屽伐浣滄垚涓轰簡鍙兘銆傛垜浠笉鍐嶉渶瑕佹湇鍔″櫒锛屼簰鑱旂綉涓婁换鎰忎袱鍙癙C閮藉彲寤虹珛瀹炴椂鐨勮仈绯伙紝寤虹珛浜嗕竴涓畨鍏ㄣ?鍏变韩鐨勮櫄鎷熺┖闂达紝杩欐牱浜轰滑鍙互杩涜鍚勭鍚勬牱鐨勬椿鍔紝杩欎簺娲诲姩寰堝彲鑳芥槸鍚屾椂杩涜锛屼氦浜掕繘琛岀殑銆傚湪P2P鎶?湳鐨勭郴缁熼噷锛岀悊搴斾笉鑷充簬寮瑰嚭澶氫釜绐楀彛灏辫浜烘墜蹇欒剼涔憋紝涔熺悊搴旀彁渚涘己澶х殑淇℃伅杞彂銆佺兢鍙戝姛鑳姐?

銆??P2P鎶?湳杩樺湪閫氫俊棰嗗煙宕湶澶磋锛屽?鍔╁彲P2P鎶?湳锛岄?杩囦簰鑱旂綉缁滃拰褰兼鐨勭數璇濈嚎锛屽彲浠ュ皢鍥介檯鐢佃瘽鍙樻垚甯傚唴鐢佃瘽锛屽苟鍦ㄩ?璇濈殑鍚屾椂鐪嬪埌瀵规柟鐨勫浘鍍忥紝寰堟湁鍚稿紩鍔涖?鎹倝锛屽箍鑱旈泦鍥㈢殑Ework鍗虫椂绯荤粺杩涘叆杩愯惀鏈熷悗锛屽緢澶氱敤鎴风珵鐩搁噰鐢ㄨ骞冲彴浜彈鍙戠煭淇°?鎵揑P鐢佃瘽銆佸彂浼犵湡鍙婂彫寮?瀵瑰鐨勮棰戜細璁瓑绛夌數淇′笟鍔°?鐢变簬璧勮垂璇变汉锛孍work寰堝揩杩庢潵浜嗕竴涓娇鐢ㄩ珮宄帮紝鍦ㄤ换浣曞箍鍛婅垂閮芥病鏈夋姇鍏ョ殑鎯呭喌涓嬶紝姣忓ぉ鏂板鐢ㄦ埛鏁扮獊鐮村洓浣嶆暟锛堝叾浜у搧鍙互浠巜ww.konlink.net涓婂厤璐硅幏寰楋級銆?br />





相关链接:



30-year-old Professional women's achievements in 10 puzzle 10



Converter mp4 to 3gp free



MySAP Human Resources



mkv



SPECIALIST File Compression



.mkv files



Digital BOARD reshuffle: Chairman Guo Wei



WHEN faced with salesman salesman



Vob To Mkv



Gateway Bank Of China Has Become The Odds



Peng Yi Qing Years Harvest



Review Flash TOOLS



Beijing Grand Century OCEAN Ka Hei signed real estate brokerage industry Co., Ltd.



Evaluate Business Databases And Tools



Wednesday, July 21, 2010

Photoshop pumping effect of the new line of thinking


Photoshop in the mixed-mode is its understanding difficult, it is essentially a special form of choice is a choice of invisible ants southbound. By mixed mode, you can decide which to determine the gradation of the pixels are shielded or changed, therefore, to understand the mechanism of mixed-mode, use the PS targeted to the users achieve their goals is very important. Here an example of how to use PS in the Color Dodge mode lines drawn in the image, and will lead to thinking.

1. Open the image.



2. Pumping line results generally do not need to retain color. Use the "image" "adjust" menu "to color" command, then copy a layer.



3. Use the "image" "adjust" menu "RP" command.



4. About the effects of the above modification. Double-click the background copy layer, bring up the Layer Styles dialog box, split the black slider to the next layer, the background layer of the most dark pixels into the final image fusion, so that results appear more natural.

5. The "background copy" layer mixed-mode from normal to "Color Dodge", the document seems to have become empty, but the careful reader will find the image there are some miscellaneous points black.



6. On the "Background copy" layer using the "minimum" filter, with a radius of 1 pixel, that is, small changes in the two layers created pixel Levels nuances out of the strong contrast between the edge of the image, while contrast is not Big strong had ignored the rest.
Tip: Need to point out that the traditional effect of this step pumping line using the "Gaussian blur" filter, the effect is not satisfactory.



7. About the effects of the above modification. Double-click the background copy layer, bring up the Layer Styles dialog box, split the black slider to the next layer, the background layer of the most dark pixels into the final image fusion, so that results appear more natural.





8. The final result.



Although the results interesting, but I am afraid not many friends willing to bother pondering about how the story mixed-mode. Posted about boring fringes and the "Color Dodge" model diagram, for like-minded friends refer to it.





If you know how the hybrid model is going on, you will from realm of necessity into the realm of freedom.

In the "chosen Art - Photoshop CS image processing in-depth analysis," a book, I quote the words of an American master Photoshop, indicating the importance of choice (mixed-mode is a special form of selection). Masters had this to say: Photoshop is a choice the essence of the art.








Recommended links:



Development Shop



mkv



MP4 converter to avi



The Massive Open-source Can Not Be Stopped



2 Strokes are not easy to input text font



convert .avi to .wmv



e-cology In the Pan Micro Series 22



Shanghai foreign manager of the HIGHEST pay levels in the national income of over 200 000



f4v CONVERTER



Easy Search Or Lookup Tools



Michael Dell back the first three fire burning



Wendfloware Zune Movie/Video Converter



Huang Guangyu speculation exposure details



Facebook registration. Cn domain name eagerly want to move into China