Term Of the Day- "ARP Poisoning"

Address Resolution Protocol poisoning (ARP poisoning) is a form of attack in which an attacker

changes the Media Access Control (MAC) address and attacks an Ethernet LAN by changing the target computer's ARP cache with a forged ARP request and reply packets. This modifies the layer -Ethernet MAC address into the hacker's known MAC address to monitor it. Because the ARP replies are forged, the target computer unintentionally sends the frames to the hacker's computer first instead of sending it to the original destination. As a result, both the user's data and privacy are compromised.

ARP poisoning is very effective against both wireless and wired local networks. By triggering an ARP poisoning attack, hackers can steal sensitive data from the targeted computers, eavesdrop by means of man-in-the-middle techniques, and cause a denial of service on the targeted computer. In addition, if the hacker modifies the MAC address of a computer that enables Internet connection to the network, access to Internet and external networks may be disabled.

An effective ARP poisoning attempt is undetectable to the user. For smaller networks, using static ARP tables and static IP addresses is an effective solution against ARP poisoning. 

Term of the day- "User Threat Quotient"

Cyberoam, a leading global provider of network security appliances has introduced a unique capability – User Threat Quotient (UTQ) – to help IT security managers identify users posing security risks with ease. The User Threat Quotient (UTQ) studies the web behavior of users by analyzing massive data of allowed and denied web traffic for web categories like IP Address, P2P, Phishing and Fraud, Porn, Spam URL, Spyware, URL Translation Sites and more that pose security and legal risks.

UTQ helps administrator to

   • Spot risky users at a glance.

   • Find out malicious insiders.

   • Avoid chances of human oversight in correlating data from various logs and reports.

   • Take appropriate actions like fine-tuning security policies, security awareness training etc.

UTQ report is displayed in the form of bubble graph as well as in a tabular format. The bubble graph is plotted between Relative Risk Ranking and Average Threat Score, where the bubble represents the user and bubble size represents Average Threat posed by the user. Mouse over on the bubble displays details like Average Threat Score, Relative Risk Ranking and Maximum Threat Score along with date.

The bubble graph area is divided into three sections where;

  • Top 10% are marked as High Risk Users

  • Next 40% are marked as Medium Risk                Users

   • Last 50% are marked as Low Risk Users.

Term Of the Day - Gnutella

Gnutella is a file sharing network that allows users to send and receive files over the Internet. The first part of its name comes from the GNU General Public License, which originally allowed the source of the program to be made available to the public. The Gnutella network is a peer-to-peer (P2P) network, which allows users on different networks to share files.

Gnutella is a network protocol, not an actual program. Therefore, to access other computers on the Gnutella network, you must install a P2P program that supports Gnutella. Each user still must connect to an "ultrapeer," which is a server that lists files shared by connected users. This makes it possible to search for files across hundreds or even thousands of other computers connected to the network.

Some popular Gnutella clients include Acquisition for the Mac and BearShare and Morpheus for Windows.

Resource Throttling

Resource throttling refers to the artificial cutting down or lowering of the amount of resources or returns in a system. This term is often used to refer to SharePoint features that allow administrators to narrow the results of heavy queries.

There are times when a full system search or other full operation makes too many demands on the system; in this scenario, IT professionals sometimes resort to resource throttling.This will conserve CPU and other resources. IT professionals can also monitor server activity and look for drains on the system. They can then apply resource throttling in order to control resource use on the system and bring it back to manageable levels .

Network Behaviour Analysis

Network behaviour analysis (NBA) is a network monitoring program that ensures the security of a proprietary network. NBA helps in enhancing network safety by watching traffic and observing unusual activity and departures of a network operation.

Network behaviour analysis monitors the inside happenings of an active network by collecting data from many data points and devices to give a detailed offline analysis. It is constantly watching the network, marking known and unknown activities, new and unusual patterns and indicating potential threats by flagging. The program also checks and accounts for change in bandwidth and protocol being used during communication. This is particularly applicable in finding a potentially dangerous data source or website.

The duty of a network behaviour analysis program is to reduce the labour and time expended by network administrators in detecting and resolving network issues. It is thus an enhancement to protect the network along with firewalls, antivirus software and spyware detection tools. Conventional methods of defending a network against harmful data include packet checking, signature recognition and real-time blocking of malicious sites and data.

Google Penguin

Google Penguin refers to a set of algorithm updates and data refreshes that the Google Search Engine periodically releases, that are aimed at improving the value of search query results for users.

This is done to prevent spamming the page index algorithm ( called spamdexing or Black Hat SEO) to prevent irregularities in search results to prevent from being successfully ranked high among query results. Spamdexing can be done by techniques such as Key-stuffing, invisible text display, link-spamming or even displaying copyright items from high-ranking websites and more.

Google Penguin is different from similar enhancement algorithm such as Google Panda and Google Hummingbird such that it not only aims at preventing companies that attempt to “boost” their search engine ranking index but also “penalizing” them.

The first such algorithm published in April 2012 and was estimated to affect 3% of all English-language website.

Business Intelligence

Business Intelligence is the use of computing technologies for the identification, discovery and

analysis of business data such as sales, revenue, products, costs, income, etc. BI provides historical, present and predictive view of internally structured data for products and departments by more effective decision-making and strategic operational insights. BI software applications make use of Data warehouses or Data marts which are separate yet related BI architectural fragments and are used for preparation and use of data.

BI is used for multiple business purposes, including:

• Measurement of performance and benchmarking progress toward business goals
• Quantitative analysis through predictive analytics, predictive modelling, business process modelling and statistical analysis
• Reporting of departmental/divisional and enterprise perspectives of data visualization, EISs and OLAP
• Collaborative programs that allow internal and external business entities to collaborate through electronic data interchange (EDI) and data sharing
• Use of knowledge management programs to identify and create insights and experiences for learning management and regulatory compliance

BI also involves specific methodologies and procedures for implementing such interactive information gathering techniques, including:

• Identifying interview teams
• Researching organizations
• Selecting and preparing interviewees
• Developing interview questions
• Scheduling and sequencing interviews