Netwerken | Windu.be Blog

10 tips ter bescherming tegen phishing-aanvallen

april 3rd, 2011 Comments off

Naar aanleiding van de laatste phishing-aanval op Facebook komt Kaspersky Lab met tien praktische tips voor alle internetgebruikers om zich te wapenen tegen de dreiging van cybercriminaliteit. De internetbeveiligingsspecialist waarschuwt dat kwaadaardige code die via sociale netwerken wordt verspreid tien keer effectiever is, althans in termen van besmetting, dan malware die via e-mail wordt verspreid

15 mei jongstleden was Facebook opnieuw het doelwit van een phishing-aanval. Bij dit soort aanvallen hebben cybercriminelen het voorzien op de identiteit van gebruikers en hun persoonlijke gegevens met de intentie hun slachtoffers geld afhandig te maken.

Eddy Willems, Security Evangelist van Kaspersky Lab Benelux, licht toe: “Gezien het fenomenale succes van Facebook, Hyves, Twitter en andere veelgebruikte sociale netwerken, mag het geen verbazing wekken dat deze netwerken de voortdurende aandacht hebben van cybercriminelen, en er zijn geen tekenen dat die dreiging afneemt. Bij een phishing-aanval worden gebruikers in de luren gelegd door iets wat op het eerste gezicht legitiem lijkt. Waakzaamheid en de juiste voorzorgsmaatregelen voorkomen dat gebruikers in die val lopen.”

Aanwijzingen suggereren dat kwaadaardige code die via sociale netwerken wordt verspreid tien keer zo effectief is in termen van succesvolle besmetting als malware die via e-mail wordt verspreid. Internetgebruikers zijn veel eerder geneigd om op een link te klikken die van een bekende afkomstig is dan op een link in een willekeurig spambericht. Kaspersky Lab heeft de laatste tijd een grote toename van phishing-aanvallen geconstateerd op de inlogpagina van Facebook. Cybercriminelen gebruiken het interne berichtensysteem van de site om korte berichten te versturen die bezoekers naar een website doorsturen die een exacte kloon is van het inlogscherm van Facebook.

Tien tips van Kaspersky Lab ter bescherming tegen phishing-aanvallen

1	Maak een bladwijzer voor de inlogpagina van sites zoals Facebook of typ de url direct in de adresregel van de browser.
2	Klik niet op links in e-mailberichten.
3	Voer vertrouwelijke gegevens alleen op vertrouwde websites in.
4	Controleer regelmatig uw bankrekening(en) en neem bij verdachte of onverklaarbare transacties contact op met de bank.
5	Zoek naar kenmerken die een phishing-e-mail verraden: - het bericht is niet aan u persoonlijk gericht; - u bent niet de enige ontvanger; - de aanwezigheid van spelfouten en slecht geconstrueerde zinnen.
6	Installeer internetbeveiligingssoftware en zorg ervoor dat deze up-to-date is.
7	Installeer beveiligings-patches.
8	Wees voorzichtig met ongevraagde e-mail en/of IM-berichten.
9	Wees voorzichtig met inloggen met Administrator-rechten.
10	Maak back-ups van uw gegevens.

Willems sluit af met een waarschuwing:

“Meldingen van zwendel zoals de meest recente aanval op Facebook maken gebruikers bewuster van het risico van cybercriminaliteit, maar hierbij moet wel worden aangetekend dat we het niet hebben over een op zichzelf staand incident: dagelijks ontdekken we meer dan 17.000 nieuwe internetbedreigingen.”

Categories: Anti-Malware, Artikelen, Internet, Netwerken, Systeem Tags:

IPv6 tutorial – Part 6: Site-local addresses & link-local addresses

maart 11th, 2011 Comments off

In this article, you will learn about the syntax of IPv6 site-local addresses and link-local addresses, which are so-called local-use, unicast addresses.

In the last post of this IPv6 tutorial, you learned about the different address types and the new public IP addresses, the global unicast addresses. Today I will introduce the so-called local-use, unicast addresses, which are those IPv6 addresses that are not routed across the public Internet. There are two types of local-use, unicast addresses: site-local addresses and link-local addresses.

Site-local addresses

Site-local addresses are equivalent to private IP addresses in IPv4. The address space reserved for these addresses, which are only routed within an organization and not on the public Internet, is 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. In IPv6, the first 10 bits of a site-local address are set to 1111111011, which is why these addresses always begin with FEC0. The following 54 bits are the subnet ID, which you can use in your organization for hierarchical routing, and the last 64 bits are the interface ID, which is the part that has to be unique on a link (local network on which hosts communicate without intervening routers). Thus, the prefix of a site-local address is FEC0::/10.

Link-local addresses

From IPv4, you might know APIPA (Automatic Private IP Addressing) or AutoNet. Whenever automatic IP configuration through DHCP fails, Windows automatically assigns an autoconfiguration address in the range 169.254.0.1 to 169.254.255.254, which allows the computer to communicate with other machines on the link. In IPv6, link-local addresses always begin with 1111111011 (FE80).

Unlike site-local addresses, link-local addresses are never forwarded by routers and therefore can only be reached on the link. This is the reason why the next 54 bits are set to 0. The last 64 bits are set randomly by the operating system.

There is an important difference between IPv6 link-local addresses and IPv4 APIPA addresses. Once a PC receives an IPv4 address from a DHCP server, the APIPA address is no longer reachable. However, with IPv6, a network interface always has a link-local address no matter if you assigned another IPv6 address manually or if the NIC received an IPv6 address from a DHCP server. This means that computers on a link can always communicate through IPv6 using link-local addresses, which is not the case in IPv4 because APIPA addresses are not in the same subnet as private or public IPv4 addresses. Thus, if the local DHCP is not available, the computers can still access local services through IPv6 but won’t be able to reach the Internet or services in other links.

In the next post of this IPv6 tutorial, I will talk a little about the zone ID and unique local IPv6 unicast addresses.

By Michael Pietroforte

[IPv6 – Part 1] [IPv6 – Part 2] [IPv6 – Part 3] [IPv6 – Part 4] [IPv6 – Part 5] [IPv6 – Part 6]

Categories: Artikelen, Internet, Netwerken, Tutorials Tags:

IPv6 tutorial – Part 5: Address types & global unicast addresses

maart 10th, 2011 Comments off

This part of the IPv6 tutorial discusses the three general IPv6 address types (unicast, multicast, anycast) and introduces the sub type global unicast address.

In my last post in the IPv6 series, you learned the IPv6 address syntax. Today, I will introduce the different types of IPv6 addresses.

IPv6 address types

There are three general types of IPv6 addresses: unicast, multicast, and anycast.

Unicast addresses

You know unicast addresses from IPv4. A unicast address is the most common form of an IP address and is assigned to one network interface.

Multicast addresses

Multicast addresses are also known in IPv4. These addresses identify multiple network interfaces / hosts. A typical use of multicast addresses in a Windows environment is the deployment of OS images to multiple hosts, simultaneously.

Anycast addresses

This is a new address type in IPv6. Like a multicast address, an anycast address identifies multiple interfaces; however, while multicast packets are accepted by multiple machines, anycast packets are delivered only to one interface (host). This address type allows for services that are provided by multiple servers where only one server has to respond. In routing, anycast addresses are used to route packets to the closest routers.

And what about broadcast addresses? They no longer exist in IPv6. Broadcasts are replaced by multicast messages. I will say something about this IPv6 technique in a later post.

IPv6 knows five different unicast address types: global unicast addresses, link-local addresses, site-local addresses, unique local IPv6 unicast addresses, and special addresses.

Global unicast addresses

A global unicast address is simply what we call a public IP address in IPv4—that is, an IP address that is routed across the whole Internet. You can make out a global unicast address easily: The first three bits are set to 001. Thus, the address prefix of a global IPv6 address is 2000::/3 because 0010000000000000 is 2000 in hex. However, in the future, the IANA (Internet Assigned Numbers Authority) might delegate currently unassigned portions of the IPv6 address space. Hence, 2000::/3 won’t always be the prefix for global unicast addresses.

(Note: The diagram is from Microsoft’s “Introduction to IP Version 6.”)

The next 45 bits are the so-called global routing prefix. This is the part that is assigned to organizations. The following 16 bits are for the subnet ID, which you can use for hierarchical addressing in your network. The last 64 bits indicate the interface ID, which is the part of the IPv6 address that must be unique within a subnet. You know what this means, right? You can have 65,536 (=2¹⁶subnets), and each subnet can have 18446744073709551616 (=2⁶⁴) computers. I hope you have an efficient OS deployment tool. ;-)

In my next post, I will cover the site-local addresses and link-local address.

By Michael Pietroforte

[IPv6 – Part 1] [IPv6 – Part 2] [IPv6 – Part 3] [IPv6 – Part 4] [IPv6 – Part 5] [IPv6 – Part 6]

Categories: Artikelen, Internet, Netwerken, Tutorials Tags:

IPv6 tutorial – Part 4: IPv6 address syntax

maart 6th, 2011 Comments off

In this article, you will learn the main concepts of the IPv6 address syntax: colon-hexadecimal representation, leading zero suppression, zero compression, and IPv6 prefix.

Now that you know about the new features of IPv6, it is time to have a closer look at the practical details. In this post, I will give a short summary about the IPv6 address syntax. It is essentially a condensed version of the corresponding part in Microsoft’s white paper “Introduction to IP Version 6.”

Colon-hexadecimal representation

An IPv6 address consists of 128 bits and is presented in eight 16-bit blocks. Each 16-bit block is converted to a four-digit hexadecimal number. Blocks are separated by colons.

Example: 2001:0DB8:0000:2F3B:02AA:00FF:FE28:9C5A

Leading zero suppression

Because IPv6 addresses are quite long, the leading zeroes within a 16-bit block can be removed, but each block must have at least a single digit.

Example: 2001:DB8:0:2F3B:2AA:FF:FE28:9C5A

Zero compression

A contiguous sequence of 16-bit blocks set to 0 can be replaced with the so-called double colon (::). Zero compression can only be applied once in an IP address. To determine how many blocks have been omitted, you just have to count the remaining blocks and subtract this number from 8.

Example: FE80:0:0:0:2AA:FF:FE9A:4CA2 can be zero compressed to FE80::2AA:FF:FE9A:4CA2.

IPv6 prefix

IPv6 prefixes are used to express IPv6 subnets, routes, and address ranges. The syntax of IPv6 prefixes looks like this: address/prefix-length. It is comparable to the Classless Inter-Domain Routing (CIDR) notation for IPv4 (for instance, 192.168.0.0/16 represents a Class B subnet): Subnet masks are no longer used in IPv6.

Example: 21DA:D3:0:2F3B::/64 represents a subnet of 2⁶⁴addresses, where the first 64 bits are fixed and the last 64 bits are variable.

Admittedly, IPv6 addresses look somewhat complicated compared to the relatively simple IPv4 addresses. Rest assured that typos in IPv6 addresses will knock down quite a few systems once IPv6 starts replacing IPv4. But this is the price of the large address space. I guess, we will get used to it. In my next post, I will discuss the different types of IPv6 addresses. I promise that things won’t get easier. :-)