click and you got money

Wednesday, November 30, 2011

How to Make Healthy Eating More Fun




The Party Isn't Over When You Get Healthy
*http://exercise.about.com/od/plateausmotivation/a/enjoyexercise.htm
*http://healthy-diet-guidesntips.blogspot.com/2011_06_01_archive.html
Are you annoyed by people who seem to enjoy exercise? What about people who eat healthfully with little effort? Why is it so easy for them and such a struggle for you? One simple reason could be time.
The longer you follow healthy behaviors, the easier they become and the best part is, you actually start to enjoy them. Your first step in getting to that happy place is to change your attitude.

The Party Isn't Over

What does a healthy lifestyle look like? For some people, it looks like a lifestyle without any kind of fun. You have to slog through boring workouts, avoid going out to restaurants and eat twigs and berries. What kind of fun is that? At first, it may look like you have to give up everything to lose weight, but what you gain from those changes is much more meaningful and satisfying. Not only will your body change, but your mind will change as well.

Can You Enjoy Healthy Foods?

Here's what will happen if you keep maintaining that healthy diet:

Your priorities change. The way your body feels after a healthy meal will become more important to you than the instant pleasure of having something loaded with fat or sugar.
You'll enjoy healthy food. Take it from the Junk Food Queen I used to be, you can live without chips and Cokes and you'll gladly give those things up once you experience how your body feels after healthier meals.
You'll still enjoy your favorite foods. The only difference is the frequency. Now, instead of having it several times a week, you might indulge once or twice a month.
You'll get rid of the guilt. By not indulging every time you want a treat, you'll savor it even more.
You'll see food in a different light. Food becomes fuel rather than something that controls your life. If you exercise, you'll learn very quickly how food affects your workouts. Eating a heavy, fatty meal makes you tired and your workouts suffer. Soon, you'll want better workouts which will motivate you to eat better.
You'll become more adventurous. Eating healthy often opens the door to more options than you usually give yourself. You'll try new vegetables and grains and experiment with herbs and flavors you've never tried.
Your friends and family will benefit. Even if you're the only one eating healthy, those habits rub off on others. Being a good role model for your kids or co-workers is one way to teach them how to live healthy.
You'll have tools to deal with temptation. Healthy eaters are much better at avoiding the usual pitfalls like party foods or overloaded buffets. They make an effort to eat regular meals so they're not starving, fill up on healthy foods first to eat less of the bad stuff, and choose a few quality treats to enjoy instead of everything in front of them.
These changes come over time, sometimes weeks, months or years of slowly working on your habits and choices. Allowing yourself this time is crucial for permanently changing how you look at food and healthy eating.

The positive changes don't just end there. Your feelings and perspective on exercise change as well. Here's how it works.

Thursday, November 24, 2011

Configuring VPN connections with firewalls

The process of setting up connections for a virtual private network has been greatly enhanced and simplified by software solutions for Windows NT/2000, NetWare, and Linux/UNIX, as well as by hardware solutions offered by vendors such as Cisco and CheckPoint.

However, configuring VPN connections to pass through firewalls, proxy servers, and routers continues to bring many network administrators to their knees in exasperation and submission to the gods of the network cloud. Thus, we are going to review how to configure VPN servers to make connections in concert with your stoic network defenders.

VPN server geography
One of the first decisions a network engineer has to make when configuring a VPN server is where to place it in relation to the network’s firewall. As Figure A shows, there are essentially three options for placing a VPN server.

Figure A


The most common approach is to place the VPN server behind the firewall, either on the corporate LAN or as part of the network’s “demilitarized zone” (DMZ) of servers connected to the Internet.

Geography is extremely important when configuring and troubleshooting VPN connections that pass through firewalls. It lets you know which interfaces on the firewall will need filters assigned to them to allow VPN traffic. We’ll talk about filters at length in the next section. The thing to understand about geography and firewalls is that filtering occurs on the firewall’s external interface—the interface that connects to the Internet.

As I mentioned above, the most common place for a VPN Server is behind the firewall, often in a DMZ with mail servers, Web servers, database servers, and so on. The advantage of this placement is that it fits cleanly into the network’s current security infrastructure. Also, the administrator is already familiar with how to route traffic through the firewall and only has to become familiar with the ports needed by the VPN server. However, the other two options have benefits as well.

Placing a VPN server in front of the firewall can lead to greater security in some cases. Remember that a VPN allows users who are external to the network to feel like they are sitting on a machine inside the network. A hacker who hijacks a connection to a VPN server that is inside the firewall will be able to do some serious damage. However, if you have a dedicated VPN box that sits outside the firewall and that is only capable of sending VPN traffic through the firewall, you can limit the damage a hacker can do by hacking the VPN box. This option also allows you to limit the resources authenticated VPN users can access on the local network by filtering their traffic at the firewall. However, one vulnerability with this scenario is that the traffic between the firewall and the VPN server is not encrypted.

The third option is to colocate your VPN server on the same box as your firewall. In this case, the VPN server is still logically behind the firewall, but depending on its capability and utilization, it can complement a firewall very well, since both are essentially performing routing functions. This works nicely, since in most businesses, firewall/proxy services use more resources during the daytime hours, and VPN services use more resources during the evenings. However, keep in mind that having multiple services functioning on one box always involves management and troubleshooting challenges.

Understanding firewall and filter functionality
There are two types of filters and three types of firewalls to be aware of when configuring VPN connections. Filters come in two basic flavors:
Packet filtering
Application filtering

A firewall can engage in packet filtering, application filtering, or both. Filtering involves accepting or denying TCP/IP traffic based on source and destination address of packets, TCP/UPD port utilization and other TCP/IP headers information, and specific user and computer details in advanced firewalls.

Packet filtering
A packet filtering firewall merely examines traffic at the network layer (Layer 3 of the OSI reference model) and accepts or rejects it based mainly on source and destination addresses. Although a packet filtering firewall can do some blocking based on TCP and UDP port numbers, in most cases, it isn’t the best solution. However, packet filtering does provide speed, simplicity, and transparency.

Another important VPN troubleshooting tip deals with network address translation. If the Internet router or any router between the firewall and the VPN server is providing NAT, it will probably break the VPN tunnel and cause your connection to fail. The VPN server should have an Internet IP address on the external interface and not an internal IP address assigned by a DHCP server or hiding behind NAT. Most of the time you will get this Internet IP address from a subnet assigned to you by your ISP.

A packet filtering firewall is usually placed on a router and is managed through basic access control lists, which can be challenging to configure and manage. Here’s a common VPN problem to watch out for: Many administrators set up their VPN servers, configure their firewalls, and discover that they still can’t connect. They eventually realize that the ACL on their Internet router is filtering the VPN traffic and dropping the packets.

Application filtering
An application gateway firewall involves what is commonly known as proxy services and functions at the higher layers of the OSI reference model. This type of firewall offers more extensive, customizable features, such as user-level access control, time-of-day access control, and advanced auditing and logging.

It typically readdresses traffic so that it looks like it's coming from the firewall rather than from the internal machine. In this manner, these firewalls act as a “proxy” on behalf of the internal network instead of providing a direct connection between internal and external networks, as you have with simple packet filtering firewalls. It also focuses on managing and controlling access to TCP/IP applications such as FTP, HTTP, rlogin, and so on.

Packet filtering and application filtering
Stateful inspection firewalls combine packet filtering and application filtering. They also employ a more secure firewall technique called dynamic packet filtering. With regular packet and application filtering, a port such as port 80 for HTTP is opened by the firewall and remains open for incoming and outgoing traffic. This presents a network vulnerability that hackers can exploit.

However, stateful inspection firewalls open and close ports as they are needed for traffic, drastically decreasing vulnerability to external attacks. Most popular firewalls, such as Microsoft Proxy Server 2.0, Network Ice’s ICEpac, and the leading UNIX solutions, use dynamic packet filtering.

Allowing VPN traffic
Now that you can see how various firewalls function, hopefully you can identify several places on your network where your VPN connection could be tripped up. Let’s see what filters you need to set up on these firewalls in order for VPN traffic to pass through them. In terms of protocols, we’ll cover VPN connections made using PPTP or L2TP over IPSec. We will begin with VPN filters at Layer 3 of the OSI reference model and work our way up to Layer 7.

When we look at receiving VPN traffic at Layer 3 we need to examine both the router that provides Internet access and the VPN server’s external interface. In some cases, the VPN server may have an external interface that connects directly to the Internet, such as an ISDN adapter. The router and/or the VPN external interface must be configured to accept TCP/IP connections from the VPN clients and/or VPN servers that will be connecting to it from the Internet. Thus, the access control lists (which manage filters at Layer 3) must be configured to allow incoming traffic from the IP addresses of these clients and servers. For remote VPN servers that are connecting, this will probably be a real IP, which will be easy to configure. However, for remote clients who are probably using a dial-up connection to an ISP and getting a different IP address each time, this is more challenging. If you have a restrictive IP access policy in place, you can get the range of IP addresses this client could use from his or her ISP or figure it out by deduction after a few connections. The other option is to allow access to all IP addresses by default and let upper-level filters accept or deny their packets based on application criteria.

When we get to Layer 7 (the application layer), we need to look at setting up filters to allow PPTP or L2TP with IPSec traffic based on the ports that they use. PPTP uses TCP port 1723, as well as IP protocol ID 47 for GRE (generic route encapsulation) tunnel maintenance. For the most part, if you are using a commercial firewall solution, you’ll only need to worry about setting up the PPTP filter for port 1723. But if you’re working with more complex firewall systems and do-it-yourself servers, such as Linux, you’ll need to be aware of the GRE port. Microsoft solutions such as Proxy Server 2.0 and the forthcoming Internet Security and Acceleration Server 2000 have predefined “PPTP receive” and “PPTP call” filters. These generally work pretty well.

Remember, you will need to be aware of the geography of your VPN server in relation to your firewall. For example, if your VPN server is behind your firewall, which connects to the Internet via a Cisco router, and you are receiving connections only from individual VPN clients (and not remote servers), you’ll set up a firewall filter to accept incoming traffic on port 1723 or simply select the predefined “PPTP receive” with a Microsoft solution. You'll also need to go into the Cisco router and make sure that there are no access control lists filtering the VPN traffic.

As for L2TP with IPSec, the same principles apply, but it uses UDP port 1701 for L2TP and UDP port 500 for IPSec’s IKE (Internet key exchange). IPSec also uses IP Protocol port 50 for ESP (encapsulation security payload)—the equivalent of GRE for PPTP—but it doesn’t require a filter because the ESP header is typically removed by IPSec during routing before it hits the firewall.

Conclusion
Hopefully, the principles we reviewed here will enable you to better understand where your VPN connection could be running into snags in connecting through firewalls, proxy servers, and routers. We didn’t try to provide a step-by-step how-to on configuring firewalls and filters because of the vast configuration differences in the various hardware and software platforms, as well as the myriad different network typologies that are possible. However, you should be able to locate information on configuring filters and access control lists for your specific hardware and software platforms on the vendors’ Web sites. It also wouldn’t hurt to offer a sacrificial NIC or 100baseT cable to the networking gods before attempting your configuration.
*http://www.techrepublic.com/article/configuring-vpn-connections-with-firewalls/1032495

Wednesday, November 23, 2011

manage firewall by APF

akeaway: Vincent Danen shares one option for managing your Linux firewall, the Advanced Policy Firewall (AFP). Here are some tips on installation and configuration.

When it comes to managing a firewall on Linux, there are a number of options. You can use GUI tools that come with your distribution (such as system-config-firewall on Fedora); you can use third-party packages such as Shorewall; or you can write iptables rules yourself, usually in a place like /etc/sysconfig/iptables. For those familiar with iptables and its syntax, the latter is indeed an option, but for those without knowledge of iptables, the former two are the more likely choices.

If you run a server, you can use the text-mode equivalent to system-config-firewall (system-config-firewall-tui, again on Fedora) or you can opt for a third-party package that attempts to make management of the firewall easier. For years, I looked to Shorewall as that third party tool and while it makes understanding the firewall rules easier, it doesn’t really make the configuration of the firewall any simpler.

Lately I have been enjoying the Advanced Policy Firewall (APF), which is similar to Shorewall in many respects, but is easier to configure.

On Debian you can install APF via apt; the package is named apf-firewall. For most other distributions you may need to install it manually, which isn’t difficult. It can be done using:

$ curl -OL http://www.rfxn.com/downloads/apf-current.tar.gz
$ tar xvzf apf-current.tar.gz
$ cd apf-9.7-1
# sudo ./install.sh
You must run the installation as root because configuration files are placed in /etc/. Once this is done, you will have an initscript to start APF in /etc/init.d/ and the configuration files located in /etc/apf/. The primary configuration file is /etc/apf/conf.apf.

To configure the firewall, edit /etc/apf/conf.apf. A few important variables to set include:

EGF="1" # enable outbound packet filtering
IFACE_IN="eth0" # inbound interface to filter
IFACE_OUT="eth0" # outbound interface to filter
DEVEL_MODE="1"
The DEVEL_MODE option should only be used during testing. This sets up a cronjob that runs every five minutes to disable the firewall — useful if you muck something up. When the firewall is working, you must set DEVEL_MODE=”0″. Change the IFACE_IN and IFACE_OUT ports to suit your system; on a VPS it might be “venet0″, for instance.

Next, you will need to define which ports are allowed. You can do this for both TCP and UDP:

IG_TCP_CPORTS="20,21,22,25,26,53,80,110,143,443,465,993,995,2077,2078,2082,2083,2086,2087,2095,2096,5666,30000_30100"
IG_UDP_CPORTS="21,53,465,873"
The above might be typical for a cPanel/WHM setup. This allows a number of inbound ports: those necessary for cPanel and WHM, as well as FTP, SSH, SMTP, DNS, HTTP, IMAP(S), POP3(S), and others. Specify port ranges using an underscore delimiter (e.g., “30000_301000″ opens ports 30000 through to and including 301000). To define permitted outbound ports, use EG_TCP_CPORTS and EG_UDP_CPORTS (similar in syntax to the ingress (IG) definitions).

There are a lot of other entries in the configuration file and it’s likely worth reading them over and tweaking as necessary. For the most part, the defined defaults are fine. The only exception is if you are using a kernel with the iptables module compiled into the kernel, rather than available as a loadable module, which is often the case for a VPS. In that case you will need to also set SET_MONOKERN=”1″ in the configuration file as well.

Once this is done, you can use the initscript to start apf, or the apf command itself (typically located in /usr/local/sbin/):

# /etc/init.d/apf start
Use the output of “iptables -L” to judge if the rules are suitable and of course test from a remote computer to ensure that what you want opened is open, and that the rest are closed (nmap is a good way to check for open ports). Also check /var/log/apf_log while you have DEVEL_MODE enabled so you can see what APF is doing.

APF is fairly straightforward and is pretty easy to use for defining a basic firewall. There is also a lot of power under the hood that allows APF to respond dynamically to potential threats and can be easily used by other scripts to block IPs that are making too many connections to the system or are having a lot of failed logins, such as when used with something like fail2ban or other similar scripts.

If you’re looking for a simple yet powerful firewall management system, consider APF. I’ve found it to work extremely well, and definitely find it easier to use than Shorewall.

Get IT Tips, news, and reviews delivered directly to your inbox by subscribing to TechRepublic’s free newsletters.

*http://www.techrepublic.com/blog/opensource/use-apf-to-manage-your-firewall/2302

Monday, November 14, 2011

Use firewall software like PF to protect your desktop systems

*http://www.techrepublic.com/blog/security/use-firewall-software-like-pf-to-protect-your-desktop-systems/4833?tag=content;siu-container
By Chad Perrin
December 13, 2010, 6:00 AM PST

Takeaway: PF is the default firewall software for OpenBSD, and is an excellent example of a powerful, flexible firewall system. Something like it should be used to protect your desktop computer, and a minimal configuration example can help you get started.

Choosing an operating system with care can ensure a certain amount of security right away. At one end of the spectrum we find Microsoft Windows, which installs by default with a myriad of often unnecessary services turned on by default, a largely ineffective privilege separation model, and a vendor attitude toward security patching that could reasonably be described as “lackluster”. At the other end, we find OpenBSD, whose core developers obsessively perform code security reviews, and whose base install comes with pretty much nothing turned on that could be used to access the computer remotely.

Once you have selected an OS, based on whatever criteria you decide are most important, measures can be taken to mitigate some of the problems that might come in a default install. For instances, turning off services in MS Windows is an important step toward reducing the security weaknesses normally found in the operating system. A number of other measures are important for any desktop deployment.

Even if all but the most critical services are shut down, there is always the possibility that one of the remaining services will be vulnerable, or that some bug in the system may allow a supposedly deactivated service to be exploitable anyway — or, in the case of an OS whose updates can change basic configuration settings without the user’s knowledge, as often happens with MS Windows — an intentional “feature” of the system management model might allow previously deactivated services to be turned on again.

Firewalls can help reduce your exposure to remote exploits of vulnerabilities in your system’s services. Some OSs have a firewall installed by default, and some of these firewalls are better than others. In some, that firewall software might be active by default, and in others it may be inactive. Configuration may be adequate to your needs, or it may not. In some cases, the default firewall software may not be the best choice available, and it may even be subject to the same potential for having its configuration silently and unexpectedly changed by system updates. These are all concerns that should be investigated by the conscientious user, and addressed with care.

Open source Unix-like systems tend to come with very well-regarded firewall tools, in terms of the fine-grained control they can provide and their strength and effectiveness. The Linux kernel offers iptables; BSD Unix systems offer options such as ipfilter. One of the most highly regarded suites of firewall software is the OpenBSD project’s PF, which has been ported to every major BSD Unix system available. There is even a Microsoft Windows firewall application that claims to be based on PF source code called Core Force, though it must by necessity be heavily modified to run outside of a BSD Unix environment.

While PF does not by default offer the kind of point-and-click interface that MS Windows users tend to prefer, its flexibility and capability is far beyond what is offered by the Windows Firewall and other MS Windows firewall applications like ZoneAlarm. Amongst firewall software options that compare more directly to PF, it is considered one of the easiest to configure and maintain.

A minimal ruleset for PF on a desktop system can be set up in a handful of lines in a configuration file. On current OpenBSD, NetBSD, and FreeBSD systems, that configuration file is /etc/pf.conf. Such a ruleset might look like this:

tcp_services = "{ ssh }"
block all
pass in proto tcp to any port $tcp_services
pass from lo0 to lo0 keep state
pass out all keep state

Each of these lines serves an important purpose:

tcp_services = "{ ssh }": This is what is called a “macro” in PF parlance. PF macros serve much the same purpose as variables in many programming languages, in that you can use a single term to stand in for a varying value or a more complex value that would take a while to type over and over again. In this example, the SSH protocol has been assigned to the tcp_services command; if you have other services you need to work with in a similar manner, they can be added to that list, the PF shortcut terms for various protocols being separated by spaces.
block all: This is the first actual firewall rule in this ruleset. Because PF evaluates from top to bottom, each rule takes precedence over previous rules, so that earlier rules are treated as “defaults” and later rules as exceptions to those defaults. Taking a “least privilege” approach to security is usually a good idea, so we block all traffic by default and use more specific rules later in the ruleset to identify specific cases where we want to allow network traffic through.
pass in proto tcp to any port $tcp_services: This is the rule that makes use of the tcp_services macro. Because many Unix-like desktop systems are configured with an SSH server so that they can be securely accessed remotely from within the same network, for administrative and troubleshooting purposes, this rule allows any SSH traffic into the system. This assumes that you have some kind of external protection, such as a firewall for the entire network so that random security crackers on the Internet cannot directly access the desktop, and that you have your SSH service configured securely on the system as well; otherwise, you may want to use a more restrictive rule for the SSH protocol.
pass from lo0 to lo0 keep state: This rule allows the desktop system to communicate with itself via the localhost interface, which is important for a lot of common system functionality.
pass out all keep state: This rule has two important parts. The first is pass out all, which ensures it can send out whatever network traffic it needs to send. This can be dangerous on systems that might become infected by malware that then tries to contact the outside world to work mischief. On a firewalled BSD Unix desktop system in a network with good perimeter defense, operated by a tech-savvy user, this risk is so minimal as to be nearly nonexistent; on an MS Windows system, it is much more substantial, regardless of other conditions. Regardless of the OS, however, the risk does still exist.The second part of the rule, keep state, ensures stateful operation of network connections. This means that when the local system attempts to communicate with a remote system, and a connection is established, return communications from the remote system will be able to get through — without affecting whether other remote systems will be able to establish unsolicited connections. In the most recent versions of PF, keep state is default behavior for pass rules, but including the keep state instruction should not cause any problems.

PF may be activated and this ruleset loaded in a single command:

pfctl -ef /etc/pf.conf

Further action may need to be taken to ensure that PF will run every time the system is booted, however. On FreeBSD, for instance, PF is not enabled by default. To ensure that it will start on system startup, and pick up your ruleset, add these lines to the /etc/rc.conf file:

pf_enable="YES"
pflog_enable="YES"

If PF is not already running, the above pfctl command on a default FreeBSD install needs to be preceded by loading the PF kernel module with the kldload command:

kldload pf

As already stated, this PF ruleset is minimal. Its simplicity makes it easy to understand, and easy to employ and extend. It may be sufficient for some needs, but improving on it for your particular needs is always a good idea. Even unchanged, however, this ruleset is a tremendous improvement over no firewall at all.

IPAD Application for enterprise IT

*http://www.techrepublic.com/blog/mac/five-essential-ipad-apps-for-enterprise-it/
By Erik Eckel
April 29, 2010, 6:35 AM PDT

Takeaway: If iPads become as popular as iPhones, they could creep in to enterprise environments. For business users — and the IT department that supports them — here are five essential enterprise apps to consider.

Apple’s iPad is a revolutionary device. Regardless of whether you prefer or dislike Apple technologies and regardless of whether you believe they belong within enterprise environments, they’re coming. Apple sold more than a half million units in the very first week they became available. Enterprise IT administrators would be smart to consider loading/supporting the following iPad applications to help themselves and users make the most of the new computers.
1. MobileIron Sentry

Many ill-informed iPad detractors criticize the new device, stating iPads place enterprise security at risk. That’s simply incorrect. iPads pose no more of a security risk than do smartphones. Using the free MobileIron Sentry iPad app, enterprise IT departments can track iPhones and iPads, view device inventory, block offending or compromised devices, and remotely wipe stolen, lost or compromised units. The application also enables remotely suspending email access for active staff, just-terminated employees, and others.

Paired with the MobileIron Virtual Smartphone Platform, enterprise IT departments can leverage MobileIron Sentry to better manage and secure, not only iPad deployments, but numerous other Smartphone platforms. Among the technologies supported are BlackBerry, Windows Mobile, and Symbian, with Android support forthcoming.
2. Desktop Connect

Enterprise users and administrators needing to remotely connect to other systems can do so using Desktop Connect, an $11.99 application from Antecea Inc. Using 128-bit encryption, Desktop Connect enables iPad users to remotely access and administer Windows XP Professional; Windows Server 2003; Windows Server 2008; Windows Vista Business, Enterprise and Ultimate; Windows 7 Professional, Enterprise and Ultimate; and Mac OS X Leopard and Snow Leopard systems.

Desktop Connect can also be used to connect to secondary systems to view Adobe Flash video, remotely control media players and presentations, access additional files and listen to audio files. The application can also be used to take remote control of a system in order to provide technical support or remote repairs.
3. Apple’s iWork Suite

Apple’s IWork suite includes the Pages word processor, Numbers spreadsheet program, and Keynote presentation application. At $9.99 each, these Multi-Touch-optimized applications are indispensable when needing to create, edit, or share professional documents — spreadsheets and presentations using the iPad. The iWork suite also enables iPad users to work with common Microsoft Office file formats, including .docx, .xlsx and .pptx files, while on the go.
4. PrintCentral for iPad

PrintCentral for iPad is a $9.99 iPad application. The software, sold by EuroSmartz Ltd., enables iPad users to print email messages, documents, spreadsheets, Web pages, photographs, and other files. Files can also be transferred for printing using iTunes synchronization using a cable, but many users will prefer to print directly to printers connected to their Macs or PCs, which PrintCentral for iPad enables.

Travelers will find additional functionality, in that Print Central enables users to print using thumb drives or using an integrated full-featured email client. The application also permits mounting iPads as a network disk from a Mac or PC, moving and printing files using iDisk and WebDAV technology and even copying files using Bluetooth or Wi-Fi technologies.
5. OmniGraffle

Some of the iPad’s biggest strengths, besides its ease of use, are its portability and ability to comprehend intuitive finger movements. If enterprise users are to truly leverage the device’s full capabilities, a simple application is needed that helps organize thoughts, enable freehand drawing, and essentially replace back-of-the-envelope or napkin drawings.

The Omni Group’s OmniGraffle application, a $49.99 program, is an approachable, easy-to-use app users can employ to create freehand drawings, draft diagrams, create tables, record processes, create Web site wireframes, draft page layouts, and more. With numerous included stencils and templates, OmniGraffle quickly makes an enterprise users’ iPad an incredibly powerful and mobile tool that can be used to fuel brainstorming sessions, power what-if conversations, and capture and record critically important notes, all while leveraging the iPad’s Multi-Touch technology.

Thursday, October 20, 2011

Yellow Pages

Does a Yellow Pages Ad Still Work For You?

By Raymund Flandez

Even in the age of paid-search advertising, many local businesses appear to be sticking with the tried-and-true to get new customers. Yep, that’s right, the yellow pages.

yellow pagesAbout six of 10 small businesses continue to advertise in a printed yellow-pages directory, according to a phone survey from AT&T Advertising & Publishing, a yellow-pages publisher. The survey polled 1,000 businesses with 25 or fewer employees, the sample drawn from Dun & Bradstreet’s list of companies in Atlanta, San Francisco, Connecticut, Chicago, Dallas, Detroit, Milwaukee, Oklahoma, San Diego and Charlotte, N.C.

While some of these small businesses have integrated Internet advertising into their marketing, the survey shows the printed yellow pages leads a list of top call generators. About one in five (21%) of respondents cited it as the source that produces the most calls from potential customers. Word-of-mouth is a close second, cited by 19% of respondents, and company Web sites are next, cited by 12%.

An independent survey by the Kelsey Group, a research firm specializing in yellow pages and related advertising, finds that 61% of Americans say they turn to the printed yellow-pages listings to find local business information; 13% say they use search engines.

But the yellow pages are changing with the times. AT&T offers its own Internet Yellow Pages and with video, too. In the AT&T survey, 53% of small businesses say they expect to buy online ads with videos within the next two years. But you don’t need to spend a lot to do online video on your own, especially with YouTube.

Readers, how important is a yellow-pages ad or listing for a local business? And from where are you getting the most interest? The yellow pages or the Internet?

*http://blogs.wsj.com/independentstreet/2007/12/20/does-a-yellow-pages-ad-still-work-for-you/

FIREWALL


Now computers in the world has connect to others so we have to prevent how to make safe to our data. lets go

FIREWALL
A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass.

Many personal computer operating systems include software-based firewalls to protect against threats from the public Internet. Many routers that pass data between networks contain firewall components and, conversely, many firewalls can perform basic


History

The term firewall originally referred to a wall intended to confine a fire or potential fire within a building. Later uses refer to similar structures, such as the metal sheet separating the engine compartment of a vehicle or aircraft from the passenger compartment.

Firewall technology emerged in the late 1980s when the Internet was a fairly new technology in terms of its global use and connectivity. The predecessors to firewalls for network security were the routers used in the late 1980s:[2]

Clifford Stoll's discovery of German spies tampering with his system[2]
Bill Cheswick's "Evening with Berferd" 1992 in which he set up a simple electronic to observe an attacker[2]
In 1988, an employee at the NASA Ames Research Center in California sent a memo by email to his colleagues [3] that read, "We are currently under attack from an Internet VIRUS! It has hit Berkeley, UC San Diego, Lawrence Livermore, Stanford, and NASA Ames."
The Morris Worm spread itself through multiple vulnerabilities in the machines of the time. Although it was not malicious in intent, the Morris Worm was the first large scale attack on Internet security; the online community was neither expecting an attack nor prepared to deal with one.[4]
First generation: packet filters

The first paper published on firewall technology was in 1988, when engineers from Digital Equipment Corporation (DEC) developed filter systems known as packet filter firewalls. This fairly basic system was the first generation of what became a highly involved and technical internet security feature. At AT&T Bell Labs, Bill Cheswick and Steve Bellovin were continuing their research in packet filtering and developed a working model for their own company based on their original first generation architecture.[5]

Packet filters act by inspecting the "packets" which transfer between computers on the Internet. If a packet matches the packet filter's set of rules, the packet filter will drop (silently discard) the packet, or reject it (discard it, and send "error responses" to the source).

This type of packet filtering pays no attention to whether a packet is part of an existing stream of traffic (i.e. it stores no information on connection "state"). Instead, it filters each packet based only on information contained in the packet itself (most commonly using a combination of the packet's source and destination address, its protocol, and, for TCP and UDP traffic, the port number).[6]

TCP and UDP protocols constitute most communication over the Internet, and because TCP and UDP traffic by convention uses well known ports for particular types of traffic, a "stateless" packet filter can distinguish between, and thus control, those types of traffic (such as web browsing, remote printing, email transmission, file transfer), unless the machines on each side of the packet filter are both using the same non-standard ports.[7]

Packet filtering firewalls work mainly on the first three layers of the OSI reference model, which means most of the work is done between the network and physical layers, with a little bit of peeking into the transport layer to figure out source and destination port numbers.[8] When a packet originates from the sender and filters through a firewall, the device checks for matches to any of the packet filtering rules that are configured in the firewall and drops or rejects the packet accordingly. When the packet passes through the firewall, it filters the packet on a protocol/port number basis (GSS). For example, if a rule in the firewall exists to block telnet access, then the firewall will block the TCP protocol for port number 23. [9]
[edit] Second generation: "stateful" filters
Main article: Stateful firewall

From 1989-1990 three colleagues from AT&T Bell Laboratories, Dave Presetto, Janardan Sharma, and Kshitij Nigam, developed the second generation of firewalls, calling them circuit level firewalls.

Second-generation firewalls, in addition to what first-generation look for, work up to layer 4 (transport layer) of the OSI model. Therefore they regard placement of each individual packet within the packet series. This technology is generally referred to as a stateful packet inspection as it maintains records of all connections passing through the firewall and is able to determine whether a packet is the start of a new connection, a part of an existing connection, or is an invalid packet. Though there is still a set of static rules in such a firewall, the state of a connection can itself be one of the criteria which trigger specific rules.

This type of firewall can actually be exploited by certain Denial-of-service attacks which can fill the connection tables with illegitimate connections.
[edit] Third generation: application layer
Main article: Application layer firewall

The key benefit of application layer filtering is that it can "understand" certain applications and protocols (such as File Transfer Protocol, DNS, or web browsing), and it can detect if an unwanted protocol is sneaking through on a non-standard port or if a protocol is being abused in any harmful way.

An application firewall is much more secure and reliable compared to packet filter firewalls because it works on all seven layers of the OSI model, from the application down to the physical Layer. This is similar to a packet filter firewall but here we can also filter information on the basis of content. Good examples of application firewalls are MS-ISA (Internet Security and Acceleration) server, McAfee Firewall Enterprise & Palo Alto PS Series firewalls. An application firewall can filter higher-layer protocols such as FTP, Telnet, DNS, DHCP, HTTP, TCP, UDP and TFTP (GSS). For example, if an organization wants to block, all the information related to "foo" then content filtering can be enabled on the firewall to block that particular word. Software-based firewalls (MS-ISA) are much slower than hardware based stateful firewalls but dedicated appliances (McAfee & Palo Alto) provide much higher performance levels for Application Inspection.

In 2009/2010 the focus of the most comprehensive firewall security vendors turned to expanding the list of applications such firewalls are aware of now covering hundreds and in some cases thousands of applications which can be identified automatically. Many of these applications can not only be blocked or allowed but manipulated by the more advanced firewall products to allow only certain functionality enabling network security administrations to give users functionality without enabling unnecessary vulnerabilities. As a consequence these advanced version of the "Third Generation" firewalls are being referred to as "Next Generation" and surpass the "Second Generation" firewall. It is expected that due to the nature of malicious communications this trend will have to continue to enable organizations to be truly secure.
[edit] Subsequent developments

In 1992, Bob Braden and Annette DeSchon at the University of Southern California (USC) were refining the concept of a firewall. The product known as "Visas" was the first system to have a visual integration interface with colors and icons, which could be easily implemented and accessed on a computer operating system such as Microsoft's Windows or Apple's MacOS. In 1994 an Israeli company called Check Point Software Technologies built this into readily available software known as FireWall-1.

The existing deep packet inspection functionality of modern firewalls can be shared by Intrusion-prevention systems (IPS).

Currently, the Middlebox Communication Working Group of the Internet Engineering Task Force (IETF) is working on standardizing protocols for managing firewalls and other middleboxes.

Another axis of development is about integrating identity of users into Firewall rules. Many firewalls provide such features by binding user identities to IP or MAC addresses, which is very approximate and can be easily turned around. The NuFW firewall provides real identity-based firewalling, by requesting the user's signature for each connection. authpf on BSD systems loads firewall rules dynamically per user, after authentication via SSH.
*http://technogeektips.wordpress.com/2011/03/29/is-your-password-hacked-protect-your-computer-from-hackers/
*http://en.wikipedia.org/wiki/Firewall_%28computing%29

The Essential Guide to Firewalls

John Edwards

Firewalls play a central role in IT security, standing between enterprise networks and the outside world to protect computers, applications and other resources from external attack.

While there are several types of firewalls, the technology can be broadly defined as a collection of related security programs that are stored on a network gateway server and collectively safeguard network assets from users on other networks.
Firewall Types

While all firewalls run software, the firewall market itself is split into two general categories: hardware and software. Hardware firewalls are dedicated security appliances on which security software is preinstalled, typical on a proprietary OS. Software firewalls, on the other hand, can usually be installed on any available server that is equipped with a general-purpose network OS such as Windows or Linux.

Businesses usually select firewalls on the basis of needs and preferences that are unique to each company. Common considerations include: the firewall architecture (hardware or software), the number of concurrent firewall sessions required, the range and types of external access required, the type and number of VPN (virtual private network) protocols needed, the number of concurrent VPNs that require protection, the preferred kind of management user interface (command line, graphical or Web-based), and the need for high-availability features.

Firewall prices can range from less than $100 for a basic, no-frills software product that is designed to protect a home or small-business network, to $20,000 and more for an industrial-strength hardware appliance that is engineered to safeguard enterprise resources.
Firewall Operation

Since no two business networks are alike, vendors offer many different types of firewall approaches (both hardware- and software-based) that are designed meet specific customer needs. The fundamental approaches can be separated into packet-filtering, circuit-level and application-level categories.

Packet-Filtering Firewalls: In its most basic form, a firewall does nothing but filter packets. This means that the firewall accepts or rejects IP packets on the basis of predefined rules. With packet filtering, the firewall carefully scrutinizes each packet's protocol and address information; content and context data are not considered. The main advantages of packet-filtering firewalls are their relative simplicity, low cost, and fast and easy deployment attributes. Software-only firewalls for home and small business are typically of this variety, including the firewall that is built in to more recent versions of Windows.

Circuit-Level Firewalls: This type of firewall doesn't simply accept or reject packets, it also decides whether a connection is valid according to a set of configurable rules. If everything checks out, the firewall opens a session and allows traffic to flow in only from the authenticated source. The traffic may also be permitted to proceed for only a limited period of time. In addition, the firewall may perform connection validation on the source IP address and/or port, the destination IP address and/or port, the protocol used, user IDs, passwords, the time of day or, most likely, several of these conditions. In addition, packet-level filtering may also take place.

The big drawback to circuit-level firewalls is that they function at the transport layer and therefore may necessitate a significant modification of the transport-function programming. This can impact the performance or operation of a network. Also, circuit-level firewalls require more expertise to install and maintain.

Application-Level Firewalls: With this approach, the firewall acts as an application proxy, supplying all data exchanges with the remote system. The idea behind this concept is to make the server behind the firewall invisible to the remote system.

An application-level firewall can accept or reject traffic based on a specific set of rules. The firewall may, for example, allow some commands to proceed to a server while rejecting others. The technology can also be used to restrict access to specified file types, as well as to provide different access levels to authenticated and nonauthenticated users. Application-level firewalls tend to be preferred by users who require detailed traffic monitoring and logging on the host, since the addition of these activities is relatively simple and doesn't further impact performance. IT administrators can set an application-level firewall to trigger alarms and notifications in the event that a predefined condition occurs. Application gateways are typically deployed on a separate network-connected computer, commonly called a proxy server

Stateful Multilevel Firewalls: Typically offered by vendors as "best-of-breed" solutions, this approach aims to combine the best attributes of multiple firewall types. Stateful multilevel firewalls are designed to perform network-level packet filtering while recognizing and processing application-level data. These firewalls often provide superior network protection but can be very expensive.
Add-Ons

Most firewall vendors offer an array of add-on features that are designed to provide capabilities that extend well beyond basic firewall services. Such features include anti-virus protection, content filtering, intrusion prevention, and activity and usage reporting. Given the rapidly changing pace of network security, it's a good idea for a business to purchase a product that it can easily upgrade for enhanced performance and to accommodate new capabilities.

*http://www.itsecurity.com/features/essential-guide-firewalls-061208/

Weight loss

At it's most basic, losing weight is about burning more calories than you eat. That seems simple enough, but if were really that simple, none of us would have a weight problem. Too often we take drastic measures to see results -- diets, pills or those weird fitness gadgets on infomercials that promise instant success. Maybe you lose weight but what happens when you go off that diet or stop that crazy workout program? You gain it all back and more. The real secret to weight loss is to make small, lasting changes. The key is to forget about instant results and settle in for the long run.

Rules of Weight Loss
To lose one pound of fat, you must burn approximately 3500 calories over and above what you already burn doing daily activities. That sounds like a lot of calories and you certainly wouldn't want to try to burn 3500 calories in one day. However, by taking it step-by-step, you can determine just what you need to do each day to burn or cut out those extra calories. Below is a step by step process for getting started.

1. Calculate your BMR (basal metabolic rate). Your BMR is the amount of calories your body needs to maintain basic bodily functions like breathing and digestion. This is the minimum number of calories you need to eat each day. Keep in mind that no calculator will be 100% accurate, so you may need to adjust these numbers as you learn more about your own metabolism.

2. Calculate your activity level. For a week or so, keep an activity journal and use a calorie calculator to figure out how many calories you burn while sitting, standing, exercising, lifting weights, etc. throughout the day. Another, easier option is to wear a heart rate monitor that calculates calories burned. After a week, add your totals for each day and average them out to get a general idea of how many calories you burn each day.

3. Keep track of how many calories you eat. For at least a week, enter and track your calories online (e.g., with Calorie Count) or use a food journal to write down what you eat and drink each day. Be as accurate as possible, measuring when you need to or looking up nutritional information for restaurants, if you eat out. After a week, add your totals for each day and average them out to get a general idea of how many calories you eat each day.

4. Add it up. Take your BMR number and add your activity calories. Then subtract your food calories from that total. If you're eating more than your BMR + your activity calories, you're at risk for gaining weight. Example:

Mary's BMR is 1400 calories and she burns 900 calories with regular exercise, walking around and doing household chores. To maintain her weight, she should be eating 2300 calories (1400 + 900= 2300). However, after keeping a food journal, Mary finds that she's eating 2550 calories every day. By eating 250 more calories than her body needs, Mary will gain about a pound every 2-3 weeks.

This example shows how easy it is to gain weight without even knowing it. However, it's also easy to lose weight, even if the process itself can be slow. You can start by making small changes in your diet and activity levels and immediately start burning more calories than you're eating. If you can find a way to burn an extra 200 to 500 calories each day with both exercise and diet, you're on the right track. Try these ideas:
Instead of... Do this...
An afternoon Coke Drink a glass of water. (calories saved: 97)
An Egg McMuffin Eat a small whole wheat bagel +1 Tbsp of peanut butter (calories saved: 185)
Using your break eat sweets Walk up and down a flight of stairs for 10 minutes (calories burned: 100)
Hitting the snooze button Get up 10 minutes early and go for a brisk walk (calories burned: 100)
Watching TV after work Do 10 minutes of yoga (calories burned: 50)

Total Calories Saved: 532 (based on a 140-pound person)

How Much Exercise Do I Need?

Exercise is an important weight loss tool, but how much you need varies from person to person. The guidelines recommend at least 250 minutes per week, which comes out to about 50 minutes, 5 days a week. If you're a beginner, start small, for example with 3 days of cardio for 15-30 minutes, gradually adding time each week to give your body time to adapt. Learn more about getting in shape and getting started with exercise.

Source:

Donnelly, J.; Blair, S.; Jakicic, J.; et al. Appropriate Physical Activity Intervention Strategies for Weight Loss and Prevention of Weight Regain for Adults. Med & Sci in Sports & Ex: Feb, 2009. Vol 41, Issue 2.

Wednesday, October 12, 2011

Heli

May a lot of people have dream to became pilot heli, but no everyone could reach it. Wanna feel like pilot heli. Its perhaps will help you.




more video

Sunday, October 09, 2011

Android App that we should know and use



1. Google Voice

Google Voice is a service that is so useful I consider it one of the top benefits of Android itself, especially since Apple rejected the Google Voice app for the iPhone. It gives you a phone number that can ring to multiple places or devices and it allows you to access all of your voicemail and text messages over the Web. The Android app integrates even deeper. It can make outgoing calls look like they’re coming from your Google Voice number so that you can keep your real mobile number private.

2. Advanced Task Killer

One of the realities of having a multitasking mobile OS in Android is that you have to manage your apps so that they don’t hurt performance or battery life. Advanced Task Killer (or ATK) is my favorite. It even comes with a widget that you can tap once to kill all open apps.

3. Dropbox

Dropbox is a great cloud service that automatically syncs a folder of files between multiple computers (Windows, Mac, or Linux). This app extends Dropbox to Android and interacts with other apps (such as Documents To Go) to open the files.

4. Evernote

Once you get used to typing on a virtual keyboard (and it honestly took me over a year to do it), then these devices are great for note-taking, and Evernote is a great note-taking app. It is similar to Dropbox in that it saves data locally but syncs it across all your machines and devices.

5. DroidAnalytics

For some reason Google doesn’t have an official app (for either Android or iPhone) for Google Analytics. The best one I’ve found on Android is DroidAnalytics. Another good one is mAnalytics.

6. Documents To Go

The free version of Documents To Go offers a great little reader for Word and Excel files. You can upgrade to the full version (for $15) if you want to edit files and add PowerPoint files to the mix. If you do want editing capability, I’d also recommend taking a look at QuickOffice.

7. Amazon Kindle

I never warmed up to the Amazon Kindle e-reader, but I’m a big fan of the Kindle mobile app. Since it was released I’ve read a lot more books simply because my smartphone is always with me and I can pull it and read a few pages anytime I’ve got a couple minutes free.

8. Places Directory

This is an awesome app for finding shops and services near your current location. From restaurants to movie theaters to medical facilities to taxis, this app is very accurate and takes advantage of the business information from Google Local. This app is better than the info you get from a GPS unit (or app) and better than any of the similar apps available on the iPhone.

9. Tripit

I dig Tripit. It is by far the best app I’ve found for keeping track of all my travel itineraries. It runs on some great backend systems. You simply forward your confirmation emails for your flights, hotels, rental cars, and more to Tripit and it automatically organizes them into trips with all your details and confirmation numbers.

10. Seesmic

Twitter is an amazing instant-intelligence engine and it was made for mobile browsing. Although there’s an official Twitter app for Android now, Seesmic is still the best Android Twitter client.

11. FCC Speedtest

I’m obsessed with running speed tests to check my bandwidth in various places, both to see 3G fluctuations and to check the quality of Wi-Fi. There are a number of really good speedtest apps, but my new favorite is the FCC Test app.

12. Astro File Manager

Another one of the great things about Android (if you’re a geek or a tinkerer) is that you have lower-level access to the system itself. Astro is an app that lets you navigate the Android file system.

13. Got To Do

There are plenty of to-do apps to choose from on Android but I prefer Got To Do because of the solid interface and the fact that it can sync with the online service Toodledo.

14. Gist

Many of us have contact lists scattered across various computers, devices, and online services. Gist is a Web service that can bring them together and even pull in stuff from the Web to help you stay up to date with your most important contacts. There’s an Android app as well as an iPhone app.

15. TED Mobile

TED is a fascinating event that features a meeting of the minds of some of society’s most influential thinkers. You’ll definitely disagree with some of them, because there’s a large diversity of opinions, but many talks are worth listening to. What I love is that they’ve taken the videos from their conference and made them freely available on the Web. This app provides a great way to access the videos. I hope more conferences follow TED’s lead on this.

16. Pandora

Pandora is a streaming “radio station” for the Internet age. You simply search by an artist or song and it will create a running playlist based on that one piece of information. It intersperses an occasional ad between songs but the ads tend to be fairly localized and occasionally even useful.

17. Shazam

If you want to impress your friends with a mobile app, show them Shazam. Ever hear a song being played at a store or on the radio and ask yourself, “Oh, what song is that?” That’s where Shazam comes in. Just hit the button and let it listen for 15 seconds, query its database, and then return the name of artist and the song. It has about an 80% success rate.

18. Dial Zero

Are you one of those people who dials a customer service line and just keeps pressing zero until you get to talk to a real person? Then Dial Zero is your new friend. This app provides a directory of a ton of U.S. businesses and gives you numbers to help you get closer to a real person and instructions for which prompts to hit to speak to a human being as quickly as possible.

19. Google Goggles

This is a fun app that is a little but ahead of its time. It does visual searches. You can take pictures of things and then the app tries to tell you what they are. It’s limited in its scope but it is pretty cool, and it’s definitely a peek into the future. One of the coolest features is the ability to take pictures of text in a foreign language and let that app translate for you. In a foreign country, this can help you read street signs and avoid going into the wrong bathroom. :-)

20. Google Sky Map

Ever look up at the night sky and try to tell your kids the name of that constellation you’re pointing at, or try to remember which planet that is in the southern sky? Google SkyMap lets you point your smartphone at it and get the information. This is part of a new breed of apps called “Augmented Reality” apps that layer digital information on top of real world experiences.

21. Tricorder

A lot of geeks I know like to say that our smartphones are becoming more and more like the Tricorders on Star Trek. Well, here’s a fun app that turns your Android device into a virtual Tricorder. It even offers some useful environmental information, including GPS data, wireless data, and ambient sound measurements.

22. FxCamera

Honestly, the camera software on Android is an area where major improvements are needed, but this app is a great example of what’s possible. It has solid camera controls, full customization options, and offers some great effects for photos.

23. Photoshop Mobile

Photoshop is, of course, the best known photo editor in the world and its mobile app doesn’t do anything to hurt that reputation. But while the desktop version is know for having a zillion features, the mobile app is distinguished by its simplicity. It’s the best Android (and iPhone) photo editing app for simple crops, brightness adjustments, and sharpens, for example.

24. Bump

Bump is a fun (and useful) idea for sharing info between two phones using the accelerometer, and it works across Android and iPhone. You can use it to share contact info (yours and others), photos, and apps. You both simply open the Bump app, choose what you to share, and then hold the phones in your hands and bump your hands together.

25. Barcode Scanner

This app turns the Android camera into a barcode scanner. You simply scan a product’s UPC code and let the app go to work to find it in Google Product Search or a search on the open Web. You’ll be amazed at how fast it works. This is great for when you’re shopping retail and you want to check the price of a product online before buying to make sure you’re paying a fair price.

Android Got Accident (First AID)

First Aid is designed to help you follow the right procedures in a stressful situation or support other people by giving them instructions. It is based on illustrations, videos and short texts that show you how to take the necessary action step by step and in the right order. Features: emergency call, SMS, My kit.

Price: Free

AndroidTapp.com Android App Review:

Pros & Cons:

Pros

  • Test your knowledge of basic to intermediate first aid
  • Learn how-to solutions when situations occur
  • View illustrated tips on how to administer first aid techniques
  • Watch video tutorials for some situations
  • Keep a log of emergency numbers

Cons

  • No section for kids or infants
  • Few spelling errors

Features:

First Aid Android App gives you many tips on what to do in various situations where first aid needs to be implied. When you choose a situation in the tips category, the next page illustrates how to perform the recommended procedure. You can even see videos on YouTube showing tutorial of some first aid procedures. First aid also has a category that tells you if something is a first aid related Myth or fact. If it a myth, first aid gives you the corrected solution.

There is also a section that gives you Tests on first aid solutions and procedures. The last category is Kit. This is the area where it shows you options to include in building your own physical first aid mobile kit. The last option is the “Call” option. In this section you can store emergency numbers that should be called for any emergency that might come up.

Usefulness:

This application is very useful, in today’s society understanding and staying aware of what to do when you aren’t around a clinic or if you’re on the road travelling in rural areas with no hospital in sight in the case of an emergency, this app can be finitely valuable!

Ease of Use:

The app is pretty straight-forward. Once opened all options are divided into 5 sections, Call to access emergency. The next section is Tips; this section is followed by Myths of first aid response. The last two sections are Test and Kit.

Frequently Used:

Whenever an emergency appears, or if you’re just curious of what to do in different situations. Or if you just want to refresh you first aid knowledge.

Interface:

The interface is very simple. All your main categories are at the top of the screen in a row. Poke around to discover first aid tips.