Skip navigation

Category Archives: Encryption


Techcorp IT Solutions Logo
As I have said in previous post on encryption over the Internet that in order for encryption to work it has to be a two-way communications model.

This means that not only does the client computer require a digitally signed encryption algorithm, this includes business servers right up to the Root Zone involving the DNS (Domain Name Server).

The DNS is responsible for translating web addresses such as www.bigpond.com into a binary language that the computer can understand and has been exploited by hackers through DNS Poisoning.

In it’s simplest form the DNS is what allows Internet traffic to freely move around the Internet, a handshake between the client computer and the server.

As I have said in the past, encryption needs to be implemented on both sides and really should be military grade encryption though some people would beg to differ and call this overkill.

This is what DNSSEC (Domain Name Server Security Extensions) does it encrypts data from the higher hierarchy of the Root Zone and is what the US Government is trying to implement in order to make the Internet a more reliable and safe environment for people to use for online commerce.

If you want to know more about this, Carolyn Duffy Marsan of Network World wrote an article on DNSSEC which can be found at PC World Australia http://www.pcworld.idg.com.au/article/277677/techies_bypass_feds_dns_security?pp=1&fp=4&fpid=762453.

According to the article while the US Government works out DNSSEC, ICANN  (Internet Corporation for Assigned Names and Numbers) has come up with an alternative approach to allow for DNSSEC deployment without the need for the DNS Root Server being digitally signed through an alternative approach called the ICANN Interim Trust Anchor Repository (ITAR) which allows for a fully functioning DNSSEC deployment without the need to wait for the root zone to be digitally signed.

Steve Gibson at www.grc.com has done several Security Now! podcast on DNS and encryption over the past twelve months which some of you blog readers might find interesting.

I often check the status of my computer’s security and have found that Shields Up always reports I am fully stealthed which is a good thing.

My Internet connection is through a D-Link DSL-G604T Wireless G ADSL Modem Router with UPnP disabled.

I  have Denial of Service (DoS) enabled which also enables SYN Flooding Checking and ICMP Redirection checking.

Under Port Scan Protection I have FIN/URG/PSH attack, Xmas Tree attack, Null Scan attack, SYN/RST attack and SYN/FIN attack all enabled.

Also under Service Filtering I have all these services enabled in the modem router’s firewall, Ping from External Network, Telnet from External Network, FTP from External Network, DNS from External Network, IKE from External Network, RIP from External Network and DHCP from External Network.

This is how I get a stealth on every port in my computer I also use the Windows Vista Firewall but even when I disable the Windows Vista Firewall I still get a stealth on every port.

Basically I am totally invisible on the Internet, the way to be I believe though it is possible to create total anonymity over the Internet by going through a proxy server such as TOR (The Onion Router).

What is questionable is what are your motives for total anonymity on the Internet are you being unethical or acting in a manner which could be seen as illegal.

Black hat hackers are sometimes caught because of their carelessness on covering their tracks I don’t condone this behavior nor am I interested in becoming a black hat hacker though I am interested in becoming an ethical hacker and assist clients in locating security vulnerabilities in misconfigured firewalls.

My background is in marketing with emphasis on e-marketing and online security this should be part of any organizational strategic marketing plan.

I look forward to hearing your comments and thoughts on this blog so please feel free to leave your comments as always.

Advertisements