From The Technical Mind of Jared

Folks, after a lot of work I am pleased to announce cPanel Web Hosting has now been made available. We have put a tremendous amount of work into this new service and its based on the world’s most popular web hosting platform.

Based on 64-bit Linux servers and located in 11 European countries, this is one of the largest releases we have ever made available in a single release. Effective immediately, the following European countries are available for hosting services:

United Kingdom
The Netherlands
Switzerland
Germany
Ireland
Portugal
Italy
Belgium
Poland
France
Spain

Reseller and Master Reseller accounts are available for those of you interested in re-selling these services. This service is packed so full of hosting options, 128 additional programs designed to enhance and build your website, includes email domain keys to ensure your emails are digitally accepted, tough incoming spam controls, 4 types of website stat programs, and so much more!

The new hosting site has its own purchase area and its own payment types. Accepted payment types on that site are: Pay Pal, Liberty Reserve (digital gold), and Money Bookers. I will add more as they are needed.

Hope you guys like the new design for this blog. I was getting tired of looking at the other design. I have this itch for new designs and new technology that much be appeased from time to time. If any of you have trouble viewing this site and the new design, please let me know. Thank you.

Greetings All,

Thank you for taking the time to read this. I wanted to let all you Mac Snow Leopard users know that we have never forgotten about you and have been working to find a way to get the L2TP protocol to work on your Macs. During this past week, an IAPS client named Carl Langton (name used with express permission) sent me over instructions for what he believed would make L2TP work on the newer Macs. Since IAPS had no Mac computers here in the Control Center, I thought the best course of action would be to pass these instructions on another IAPS client that is a die-hard Mac user and desperately wants to have a solution for this particular problem. He performed the instructions that I sent him and ended up having a bit of difficulty with them. The next best course of action I chose was to obtain permission from both clients to get them working together directly with each other to see if their combined minds and love for the Mac operating system would produce the desired results. So thats where we’re at right now. I have received word via email that both are working together to come up with the best solution for this problem. As soon as I receive word that a possible work-around has been found that will work on all current Mac operating systems, I will make a further announcement regarding that. But credit goes to both IAPS clients for working together to find a cure for this issue.

As for the new IAPS VPN Dialer Programs, I believe this went off very well. It has thus far taken out many of the most common setup issues that many of you have had in the past. With its pre-set security configuration, we have seen dramatically better results, less latency, and very few firewall issues. Overall I am very happy with the results. Again, if you would like to get on the dialer program or just have the curiosity to see what its all about, then please request it.

Lastly, starting from right now and lasting until Monday night at midnight (January 30 – February 1, 2010) all VPN Accounts in our store area for the 3 month time durations are now marked down to $25.00 USD. Thats $25.00 USD for 90 days of service for the country of your choice. Country choices include the following: United States, United Kingdom, Switzerland, Czech Republic, France, Luxembourg, Ireland, Germany, The Netherlands, Belgium, Spain, Italy, Poland, and Portugal. If you have been curious or wanted to try a new country, now is the best time to do that. Combined with the new dialer program, setup can be completed in less than 30 seconds from start to finish! If you have any questions or comments, please let me know. Stay safe on the internet and good day.

Jared T.
IAPS Director of Network Security

https://www.intl-alliance.com/store

The Sunfire server will have a 1-hour maintenance window for today, January 28, 2010. This server will be unavailable while a re-configuration process is completed. We ask for your patience during this process and we will have it back up and operational as soon as humanly possible. Thank you.

Hi Folks,

After long thought and a lot of work, I’m proud to finally offer the first ever IAPS branded VPN dialer programs. These programs can be tailor made to your operating system, whether you prefer 32 or 64 bit versions, or whether you’d like the PPTP or L2TP versions. It doesn’t matter whether you use Windows 2000, XP, Vista, or 7. Sorry Mac users, I could not accomodate you guys in this launch.

If you are a reseller, IAPS can brand our line of vpn dialers to your specifications and your companies name and/or logo.

These programs take 100% of the manual setup process and make it automatic! Never again will you have to perform a manual vpn setup. IAPS has taken all the guesswork out of the manual setup process and have applied all the correct security settings and maximum performance in our line of vpn dialers.

Once you have installed the IAPS VPN Dialer, all thats needed is your user name and password. That’s it! There’s nothing more to it! For those of you that have multiple accounts in different countries, IAPS can create a custom made dialer for you that includes all your accounts and all assigned servers in one single program. Its as easy as pie and requires literally nothing from you except your assigned username and password!

If you are a current IAPS client and have at least 1 active account on any of our servers, you can request via email a copy of the program. In your emailed request, you must include the following information:

1.) Your registered email account that IAPS has on file from your latest order.
2.) Your current server / username/ password (either its common name or its ip address)
3.) Your preferred connection type. Either PPTP or L2TP.
4.) What version of Windows operating system you have (so we know which version to send you)

It is my sincere hope that automated setups provide a much better and easier experience for all IAPS clients.

Greetings Every One,

I hope all of you have started the new year well and things are going as expected. Things on our side keep developing and our pursuit of better technology never rests. I made an announcement several weeks ago now that our Switzerland services would all be switching over to the L2TP system for performance and security needs. This service is now complete and fully operational. (For you Swiss Zattoo fans boy do we have a treat for you!)

Speaking of Zattoo, IAPS has acquired several French and Spanish Zattoo premium accounts and we can get more on an as-needed base. What does this mean? It means we will be able to properly open up the live streaming channels that the Zattoo High Definition package for France and Spain offers. Currently standard accounts (any one with a French or Spain ip address) that does not have a Zattoo premium account can’t watch anything because Zattoo for those countries went subscription only. So now we can properly offer accounts for these countries. Zattoo Switzerland, Germany, and United Kingdom are still free accounts for streaming with just a normal ip address from those countries. (Zattoo Switzerland offers all their countries combined into one for Swiss subscribers only and its free of charge. So Switzerland ip addresses are your best value any way you look at it.)

As I mention the more secure and data speed friendly L2TP protocol, please be advised that the L2TP system is currently offered for the following countries: United States, United Kingdom, Switzerland, Italy, Germany, The Netherlands, Portugal, Poland, Belgium, Spain, Ireland, Czech Republic, France, and Finland.

I will be formally opening Finland and Lithuania hopefully by the 1st February 2010. IAPS is currently awaiting proper licensing from RIPE, which is the issuing authority for all of Europe.

As a simple matter of pure organization, last month IAPS re-categorized our VPN Services Category and also added a brand new VPN Combo Accounts category. We did this in an effort to offer a better and easier to use category layout for our store area. We hope this has fulfilled the requests we received for that.

For those of you not aware yet, during this past week we have also added Italian TV and Spanish TV to our store area.

IAPS is in beta testing phases for a new auto-dialer system that will take the manual work out of setting up a vpn connection on your local computer. Once beta testing has been completed, we will offer this system publicly. Public beta testing is not yet available but when it is, we will ask for volunteers.

As a parting note, please be advised that our 6 Month VPN Sales in our Store Area will come to an end on January 18, 2010.

Have a great rest of month folks and let us know if you need anything. Many Thanks.

I normally cruise the various Zattoo version from time to time when I have a chance to see whats on. I normally stick with the English channels as that is the main focus of many of our clients. This past evening was quite a shock. I normally ignore the enormous amount of channels in the German language (although I do speak and understand it fluently) and head straight for Euro News, France 24, or BBC News. But I decided for once to cruise the rest of the channels and was shocked to see numerous channels running tv porn.

I was always under the understanding that Zattoo was against that kind of tv. But its there for those of you that enjoy it.

1. Do not use your windows computer to access bank accounts or to store banking passwords on. They are the most popular operating systems thus they will draw the lions share of development of hacking tools by the hackers. The target audience is the greatest with a windows computer. Use Linux or Macs. They are secure systems. Before an application (think malware) can run it needs to get permission from you in the form of a password being entered into a popup screen notifying you of the newly installed software trying to run. This means you can have bad software put into your computer from stupidly clicking on a bad link etc and the software cannot harm you because the computer will not let it run. This is applicable to Mac and Linux and possibly some of the latest versions of Windows.

All this spam you get is sent from bot networks which are the result of windows vulnerabilities allowing the spammers to easily install malware in people computers and take them over in the background and send spam, do DDOS attacks etc. Thank you windows. My guess is over 95% of the hacking is done on windows computers. You can buy a windows computer, reformat the hard drive and install Linux which works like a Mac, very easy, free or cheap, uses less memory and resources, more stable, way more hack resistant (not even a comparison) and overall provides a more pleasurable experience. Just have your local computer store do the installation for you.

Most of the same programs you use will have a Linux version or there will be an equivalent and probably available for free like the Sun Office Systems freeware to replace Excel, Word etc. Macs are every bit as good as Linux just cost more. Their hardware seems to be the best quality out there for mainstream computers. Linux and Mac are related closely. Easiest is go buy a Mac. Cheapest answer and also a good one is to reformat a windows computer and run Linux. Do run ant-virus programs and firewalls anyway even if it is a Mac or Linux.

2. Use obscure brands of browsers and email programs. Do not use the mainstream browsers especially if you are on windows. Try Google Chrome if you are using Windows. Do not use the popular email programs. Use web based email or else use an obscure brand. With an obscure brand the target audience for the hackers is very small and they will not waste a lot of time developing a hack for such a program.

3. Firewalls. Do get and use a software firewall. It should be application based so every application trying to run has to get permission from you to run. A new application (malware) cannot hurt you since it cannot run without this permission. The trick the hackers use is to make the firewall think it is a common program updating like Word or something and get you to click on it. Be careful and read the prompts and if in doubt just deny it the right to run or connect to the Internet. Use an off the beaten path firewall, not the common brands. Read firewall reviews on the net and pay attention to what they call leakage.

4. Wireless Routers. Great protection but should be used in addition to firewalls. Always use the most secure encryption, never run without encryption. An encrypted wireless router with a good software firewall will give you a lot of protection, a whole lot.

5. Anti-Virus programs are great and should be run. Avoid mainstream ones in that the governments can cause them to not detect their malware, not good. Use only open source code programs. Try Clam. Open source means all the code is available for inspection and thus no exclusion rules for government software, it makes this deception impossible. Open source code products are free and you should use them whenever possible.

6. WiFi Networks away from office or home. These can be dangerous. Numerous attack possibilities. Use an encrypted VPN network from a third party provider that provides their own DNS. This will prevent DNS poisoning. The game the hacker’s play is to try to get you to go to a site that looks like a popular bank but is not the bank it is their copycat site and then they get your passwords when you try to enter the site. The site then says problem check back in three hours or something and then they go and hack your account. Avoiding airports, hotels, restaurant Wi-Fi networks on a secure computer is a good idea but by all means sign up for a secure VPN service that has its own DNS if you must use such networks for banking. This will make it far more secure.

7. Password file folders should be encrypted and open source code to ensure the company who made it is not dirty. Keep all secure passwords in this only, nowhere else.

8. Encrypt your whole hard drive. This is for those with special needs or those who want to be very protected. Get True Crypt. It is open source freeware that will encrypt your entire hard drive or portions of it. Not easy to use, not so hard either but very effective and open source so no games being played.

9. Get a hard drive cleaner to overwrite deleted files with X’s and O’s to make deleted data unrecoverable. Overwrite at least twice. Some say seven times but for most of you twice is overkill. If you want overwrite files many times but it takes a lot of time. If you overwrite files twice and free hard drive space, say two or three times a week over time everything except newly deleted files is really buried. So overwrite trash bin files and free hard drive space. Sometimes a hacker looks in your not plainly visible files to see what he can learn like a stored password entry in windows. Do run such hard drive cleaners frequently, like once or twice a week. Delete any data left in browsers, etc also.

10. Flash Drive Games. Keep all vital information on a flash or USB drive. Encrypt the drive with True Crypt, not hard to do. Then you can carry all your secure files with you easily and they are encrypted to guard against loss. Just plug it in when needed.

11. Stay away from trash sites and social networking sites. If you must go to them buy a separate computer only used for this sort of activity. Create a backup and if you get hit with malware just reformat the hard drive and then load up your backup. Keep no vital data on this computer and do not use it for business or banking.

12. Never use any of the software that lets you operate your computer from a separate location over the Internet. These products are very dangerous and leave you open to a lot of attacks. Never allow file sharing with external computers as a rule.

13. I would not use any of these file-sharing networks to download music, video etc. This is a popular way to infect computers.

14. Keep current on the security updates with your software. Let the program tell you the update is available.

15. Use passwords that are at least 8 characters alpha and numeric. Never use just alpha or just numeric. A really secure password is 16 characters alpha, numeric, and case sensitive and of course 32 characters better still. 16 characters is really quite secure, 8 characters is minimal.

16. Consider running full hard drive virus scans before each log in to your bank account. This is a good idea just to double-check everything.

17. Give your bank an email account that is secure, not in a privacy invasive country. Do not give this email to other people or use it for general correspondence. This should take care of phishing emails.

The Internet Protocol Security (IPSec) protocol suite provides a method of setting up a secure channel for protected data exchange between two devices. The devices that share this secure channel can be two servers, two routers, a workstation and a server, or two gateways between different networks. IPSec is a widely accepted standard for providing network layer protection.

IPSec can work in one of two modes: transport mode, in which the payload of the message is protected, and tunnel mode, in which the payload and the routing and header information are protected. ESP in transport mode encrypts the actual message information so it cannot be sniffed and uncovered by an unauthorized entity. Tunnel mode provides a higher level of protection by also protecting the header and trailer data an attacker may find useful. (This is what IAPS uses)

IPSec has strong encryption and authentication methods, and although it can be used to enable tunneled communication between two computers, it is usually employed to establish virtual private networks (VPNs) among networks across the Internet.

IPSec is not a strict protocol that dictates the type of algorithm, keys, and authentication method to use. Rather, it is an open, modular framework that provides a lot of flexibility for companies when they choose to use this type of technology. IPSec uses two basic security protocols: Authentication Header (AH) and Encapsulating Security Payload (ESP). AH is the authenticating protocol, and ESP is an authenticating and encrypting protocol that uses cryptographic mechanisms to provide source authentication, confidentiality, and message integrity.

Each device will have at least one security association (SA) for each VPN it uses. The SA, which is critical to the IPSec architecture, is a record of the configurations the device needs to support an IPSec connection. When two devices complete their handshaking process, which means they have agreed upon a long list of parameters they will use to communicate, these data must be recorded and stored somewhere, which is in the SA.

The SA can contain the authentication and encryption keys, the agreed-upon algorithms, the key lifetime, and the source IP address. When a device receives a packet via the IPSec protocol, it is the SA that tells the device what to do with the packet. So if device B receives a packet from device C via IPSec, device B will look to the corresponding SA to tell it how to decrypt the packet, how to properly authenticate the source of the packet, which key to use, and how to reply to the message if necessary.

SAs are directional, so a device will have one SA for outbound traffic and a different SA for inbound traffic for each individual communication channel. If a device is connecting to three devices, it will have at least six SAs, one for each inbound and outbound connection per remote device. So how can a device keep all of these SAs organized and ensure that the right SA is invoked for the right connection? With the mighty security parameter index (SPI), that’s how. Each device has an SPI that keeps track of the different SAs and tells the device which one is appropriate to invoke for the different packets it receives. The SPI value is in the header of an IPSec packet, and the device reads this value to tell it which SA to consult.

IPSec can authenticate the sending devices of the packet by using MAC. The ESP protocol can provide authentication, integrity, and confidentiality if the devices are configured for this type of functionality.

So if a company just needs to make sure it knows the source of the sender and must be assured of the integrity of the packets, it would choose to use AH. If the company would like to use these services and also have confidentiality, it would use the ESP protocol because it provides encryption functionality. In most cases, the reason ESP is employed is because the company must set up a secure VPN connection.

It may seem odd to have two different protocols that provide overlapping functionality. AH provides authentication and integrity, and ESP can provide those two functions and confidentiality. Why even bother with AH then? In most cases, the reason has to do with whether the environment is using network address translation (NAT). IPSec will generate an integrity check value (ICV), which is really the same thing as a MAC value, over a portion of the packet. Remember that the sender and receiver generate their own values. In IPSec, it is called an ICV value. The receiver compares her ICV value with the one sent by the sender. If the values match, the receiver can be assured the packet has not been modified during transmission. If the values are different, the packet has been altered and the receiver discards the packet.

The AH protocol calculates this ICV over the data payload, transport, and network headers. If the packet then goes through a NAT device, the NAT device changes the IP address of the packet. That is its job. This means a portion of the data (network header) that was included to calculate the ICV value has now changed, and the receiver will generate an ICV value that is different from the one sent with the packet, which means the packet will be discarded automatically.

The ESP protocol follows similar steps, except it does not include the network header portion when calculating its ICV value. When the NAT device changes the IP address, it will not affect the receiver’s ICV value because it does not include the network header when calculating the ICV.

Because IPSec is a framework, it does not dictate which hashing and encryption algorithms are to be used or how keys are to be exchanged between devices. Key management can be handled manually or automated by a key management protocol. The de facto standard for IPSec is to use Internet Key Exchange (IKE), which is a combination of the ISAKMP and OAKLEY protocols.

As you can see, setting up and managing virtual private networks (VPN Services) are not the easiest things in the world.

1 – You should raise the level of your laptop settings. Raise the security settings of software applications like Microsoft Outlook and Internet Explorer. Update them frequently to ensure latest protection from hackers and viruses. You should keep the encryption feature always on to ensure safest browsing with Wi-Fi.

2 – Along with the software, you should also consider updating to better hardware. Hackers have always found 802.11a and 802.11b very easy to hack. However, 802.11g is harder to crack and you should consider upgrading your hardware to a `g` card. An 802.11g is backward compatible with IEEE 802.11b, thus 802.11g can leverage the widespread, international adoption of IEEE 802.11b in products from laptops to PDAs. A personal firewall, such as ZoneAlarm or BlackICE can significantly add up to the security level of your notebook.

3 – Whenever you are using your notebook at a Wi-Fi hotspot, make it a point not to send data. While you are surfing, do not type your credit-card number, expiration date, passwords, bank account numbers, etc. Sensitive data are the goldmines for hackers, and they will swipe your bank account before you can finish saying, ` I have been a victim of online identity theft!`

4 – Consider not staying online while working. If the risks outweigh the benefits, then it would be better to stay offline; at least until the new 802.11i standard is not implemented. Even then, the security can be breached, albeit with difficulty. If you do not need Wi-Fi to implement your work, then stay switched off. If you need the Wi-Fi just to send and receive files, then stay connected for only that period. Rest of the time, stay offline.

Precautions to take at a public Wi-Fi hotspot:

Whenever you are in public domain, you need to take precautions, as it is free for all. The Wi-Fi hotspots are available to any and every person, and anybody can be connected. Besides online thefts, there is also the risk of offline thefts.

While in a public hotspot, do not be so absorbed with your notebook, that you fail to notice the people around you. There are persons who are in the business of stealing notebooks, from public hotspots. And they do not operate as individuals but as a gang.

Also, while you are online at a public hotspot, follow simple rules like encrypting files before transferring or emailing them; making sure you are connected to a legitimate access point; and file sharing is turned off. Basic precautions like password protecting your notebook, updating your system regularly, and using anti-virus software should be strictly followed. For further online security, consider using a personal firewall, a virtual private network (VPN), and web-based email with secure http (https).

Having a good Wi-Fi experience directly translates into a satisfying Internet experience. With the above suggestions being implemented, you are guaranteed to have a pleasant online time with your notebook.