Future Touch

It has been said that the Internet Protocol address on a computer is a great deal like a human fingerprint. The IP can easily identify a computer’s location through the Internet service that it is being channeled to the location. In many instances, this is a good thing because it creates a sense of accountability for one’s actions. Then, on the flipside, an IP can also be used to invade an individual’s privacy. So, in order to secure the privacy of an individual or entity, it may be best to employ the use of a hide IP address software program.

Actually, there are scores more vulnerabilities one is placed in when cruising or surfing the Internet. In addition to being traced and identified, there is always the potential of having your computer hacked. The compromising of a computer in this manner is serious business. All sorts of personal information can be absconded with or appropriated. This could lead to theft of personal and financial property in a matter of mere minutes. Yes, you can install as many password protections as you wish. There are even programs that can help boost the security of your password. However, your system is always at risk which is why it would certainly be helpful to look into a hide IP address software program.

How can a solid hide IP address software program properly work? Depending upon the name brand that you purchase from, the transmission of your information will be hidden in an SSH system that is active. This is also known as a secure shell system that is active and encrypted. Once your information is transmitted to the hide IP address software program’s private proxy servers, the data will be effectively hidden prior to it being retransmitted elsewhere. So, any entity that tries to track your information will run into a wall in the form of being redirected to the proxy server. No matter what site you visit, your IP address will remain effectively hidden and secret.

It is best to stick with those hide IP address software program that are banned by foreign countries. Some may wonder why this type of recommendation would be given. The reason is that any program so powerful that entire government agencies cannot circumvent its use must be a supremely beneficial program! If the internal spy networks of certain agencies cannot ***** the software’s security, no hacker is going to be able to either.

Such a hide IP address software program is not even very complicated to install. Simply downloading it and running the installation prompts is all that is needed to achieve the desired effect. With such ease of installation and use, how can it not be recommended?

You privacy should always be kept as safe and secure as possible. That is why it is so highly recommended to stick with those programs that can deliver excellent results with hiding an IP address. Again, your privacy and security is too important to not safeguard. Acquire a strong hide IP address software program today.
wedding blog

One of the most effective methods of preventing SQL injection from being used is to thoroughly validate every input from the user, by identifying all possible meta-characters which could be utilized by the database system and filtering them out. Filters should be in place to remove everything but known good data. An account lockout policy should also be in place to prevent the brute force guessing of passwords.

All validation for security purposes must be carried out within the server side script and not thorough client side authentication – such as JavaScript – as it can easily be bypassed by the user disabling JavaScript in their browser.

When dealing with a numeric input, such as age, telephone number or credit/debit card number the value of the variable should be processed through a specially constructed function to ensure that the data only comprises of numeric characters (and possibly spaces). Similar functions can be constructed to handle other data types such as Dates, Integers and Floats. Alternatively, for some numeric fields such as integers or dates the input method could be through the use of a drop-down selection box. If the input is selected from a dropdown box it would be generated by the source code and no validation will be necessary.

When dealing with string inputs it may be necessary on some occasions to allow the use of specific meta-characters. As an example, the tick should be allowed to be used in the surname filed so names such as O’Conner are accepted. In this case it would be advisable to accept the name and replace the apostrophe with two apostrophes before running it through the query or entering it in the database.

When dealing with all user inputs through text boxes, it is important to restrict the length of the input. All textbox fields should be as short as possible and must be an appropriate length for the data to be entered. By keeping each field as short as possible, the number of characters that an attacker could use to launch a SQL injection is restricted.

One line of defense include the Restriction of Error Messages. Error messages are normally generated in HTML which an attacker will be able to view. The details of all error messages should be logged in database or file on the server and displayed through a dynamically produced error page.

For each query executed within the code of the application, the most limited access rights possible should be attributed to the query itself. As an example, the data from a username and password text box on a login page should be only used in a query configured with code that ensures ‘read only’ permissions are given. This will prevent the attacker from inserting data into the database from the text box.

Stored procedures are an advanced feature provided by various SQL servers. In addition to providing some protection from SQL injection the use of stored procedures also increases the performance of the website by allowing the web application to compile and run SQL statements in the server itself. When stored procedures are used a number of conditions must be met by the injected code to be effective; the malicious SQL must be in specified structured format, with the correct number of parameters to be successful. The structure and number of parameters can vary greatly upon depending upon programming decisions made by the web developer.

In order to test a web site against an attack it is not necessary to be an expert at SQL injection as there are several software based automated tools available – such as the Web Vulnerability Scanner by Acunetix and SOAtest by Parasoft – which can be used to systematically carry out a range of attacks against including SQL Injection. Automated testing should be carried out on a regular basis and after any major changes to the web-site or server.

SQL Injection attacks present a serious threat to the security of dynamic web-sites and it is essential that adequate countermeasures are taken to prevent such an attack from being successful. In theory, if meta-characters were handled 100 percent effectively the risk of this type of attack through web-browser forms would be eliminated. In reality – if this was the only line of defence – it would be extremely easy for a programming mistake to be made leaving the system vulnerable.

The best approach is to take as many precautions as possible, this is known as the ‘defense in depth’ principle. A combination of security measures such as; validation, neutralizing or meta-characters, restricting error messages and limiting access rights to the web server can be used to comprehensively protect a web base application against a SQL injection attack. This approach in conjunction with thorough testing as one of the final stages of web development, together with regular testing and security reviews should be sufficient to protect against this SQL injection.
wedding cameras

A technician, recently called me up to estimate storage capacity for Internet Caching. The technician, is a part of a team that will be responsible for setting up Internet Gateway for an ISP, in a small Middle-East country.

The technician had very limited numbers available, to do the necessary derivation. Thus he could phrase the question very simplistically -

“The ISP will be potentially serving 40,000 users. What should be the provisioned Data Storage Capacity, for content caching?”

Being a part of Team SafeSquid that builds Content Filtering Proxy, we often get this kind of a query, but with one major difference. Mostly queries are phrased like – “We have an Internet Pipe of X Mbps. What is the recommended Data Storage Capacity for most efficient caching?”

A reasonable advice to such a query can be derived, if we allow a few assumptions, and focus on some simple facts.

1. Only the Content that has been fetched over HTTP can be cached.

2. The maximum rate at which content can be fetched depends upon the Internet Pipe.

3. There is a lot of HTTP traffic that is un-cacheable, for example – streaming audio / video, pages that display results of any other SQL driven queries including search engine queries, and even HTML content in Web Mail.

4. Most important content that gets cached are HTML pages, embedded images, style-sheets, java scripts, and other files that you would have to download and execute, on the local desktop, or view with another viewing application, like PDF / Flash (some) files.

5. A simple request to view a web-page, with a normal browser, automatically triggers, downloads of a variety of content like cookies, images and other embedded objects. These are required, by the browser, to display the page, as per the page-design. All the components, that constitute the web-page may NOT necessarily be “sourced” from the web-site that was serving the requested web-page.

6. Modern Internet browsers, provide caching, that is user manageable, and is quite similar to the caching principles involved in the design of caching proxies. So each content or object may not be necessarily requested. But yes these browsers depend upon the availability of local storage, on the client systems, and is usually not over a few hundred Mbytes. And in any case, these local-caches are not shareable between different users.

7. Internet resources could have varying levels of utilization, depending upon time of the day, resulting in peak and off-peak hours.

Therefore if we have an Internet Pipe of 10Mbps, the max data we can transfer (data-throughput)

= 10Mbps x 60 seconds = 600 Mbits of data in a minute

= 600 x 60 = 36000 Mbits of data in an hour

Now suppose the enterprise uses a bandwidth manager, to reserve QoS for each pre-defined application (or protocol). Generally applications like SMTP & VPN are given the lion’s share, almost 50%, and the remaining gets shared between HTTP/HTTPS and others.

But I know of quite a few customers who would invest in pipes meant for exclusively SMTP and/or VPN, and a separate (cheaper) Internet connection for HTTP / HTTPS.

If the enterprise has chosen to host it’s web-server within it’s own business premises, then the entire distribution program, changes completely.

Even in case, the enterprise does not use a bandwidth manager, resulting in “first come, first serve”, we could still be guided by an estimated proportioning of traffic on the basis of applications or protocols.

So to build our algorithm, it might be practical, to coin a term – HTTP_Share, such that – HTTP_Share = x% of Internet Pipe.

Now, HTTP_Share would signify, the max data that would get transferred over HTTP traffic

Therefore, further to our earlier derivation, of 36000 Mbits of data throughput per hour, if we factor the HTTP_Share

HTTP_Traffic = x% of data-throughput

Now, if x = 35 (35% of overall data transfer was for HTTP)

HTTP_Traffic / hour = ( 0.35 x 36000 ) Mbits / hour = 12600 Mbits /hour

Now presuming, the enterprise has off-peak hours and peak-hours of Internet Usage, such that 40% of the day (approximately 9.6 hours) is peak-hours, while 60% of the day is off-peak. Peak hours are the daytime-periods, when we would witness, TOTAL UTILIZATION of our Internet pipe. And if we suppose that the utilization ratio is about 30%, i.e. the load level during non-peak hours is about 25% of peak hours; then we may further estimate, on the basis of above derivation -

HTTP_Traffic / day = ( ( 12600 x 0.4) + ( 12600 x 0.6 x 0.25 ) ) x 24

HTTP_Traffic / day = ( ( 0.4 x 1 ) + ( 0.6 x 0.25 ) ) x 12600 x 24 = 166320 Mbits

This is a rather simplistic looking model. Something more realistic, would require, a proper hourly stepping, that gives a proper distribution pattern over the day.

Now we deal with the toughest, and debatable part!

What would be the ratio of cacheable_content in the HTTP_Traffic?

Based on my experience at various customer premises, I prefer to assume – 30%.

That would mean 166320 x 0.3 = 52617 Mbits of content could be cached per day.

Standard practice is to store content for at least 72 hours (store-age).

That means we would need a storage of at least 49896 Mbits.

So a conventional 8bits = 1byte conversion, tells me, that we need a storage of at least 6237 MBytes

Another interesting picture that should be visible during peak hours is that the HTTP_Traffic when considered as data downloaded by the proxy server, should be less than the data sent to the clients, and the difference would be the caching efficiency. That would signify that the cached content was used to serve the requests made by the clients.

In the overall discussion, we have not considered the performance degradation that would be caused due to factors such as network latencies.

The above methodology however, still doesn’t answer the original question. Because in the original question, the Internet Pipe was not defined. So I was quite skeptical, that such calculation could ever be performed, because it was the number of users (clients) that was defined, rather than my known approach via Internet_Pipe. My arguments and insistence was based on the fact that, the content that can be cached will be an assumable fraction of downloaded HTTP Content. And the maximum content that can be downloaded, will depend on the Internet_Pipe, whether you have one user or a million users. Tushar Dave from Reliance Infocomm, helped me to complete the puzzle with an interesting algorithm, that turned out to be the missing piece of the overall jigsaw puzzle!

Suppose the ISP serves its customers with 256Kbps connections, then for 40,000 users it apparently needs almost 10 Gbps of Internet Pipe.

But actually, that’s generally never true ( in fact, for 40,000 users an ISP would actually commission an Internet Pipe of less than 1 Gbps in most cases! ) . The ISP is never going to receive 1 request from each user concurrently, every moment. This is known as the OFF-time, i.e. the period when a user is viewing the content that has been already fetched. An ISP can safely expect at least 50% of OFF-time.

OFF-time can actually go up to even more than 75% if the ISP is serving more of Home users & small businesses, where the Internet Connection is not shared between multiple users. Secondly most of such user accounts are governed by a bandwidth cap, for example a user can choose for accounts that allow a download of a few Gbs.

In the above derivations we estimated the HTTP_traffic / day from Internet Pipe, now instead we simply need to derive HTTP_traffic / day from expected HTTP_Traffic per month.

So the estimation over-all data throughput can still be derived, without knowing the Internet Pipe! And the above derivation can be still valid!

So let’s see if we can do some calculations now (empirical, of course!)

connections = 40,000

user_connection = 256Kbps

HTTP_Share = 35%

ON_time = 50%

peak_hours = 60%

off_peak_utilisation = 25%

cacheable_content = 35%

store_age = 3 days

PEAK_HTTP_LOAD (in Kbps) = connections x user_connection x HTTP_Share = 3584000

NORMAL_HTTP_LOAD (in Kbps) = PEAK_HTTP_LOAD x ON_time = 1792000

HTTP_Traffic / hour (in Kbits) = NORMAL_HTTP_LOAD x 3600 = 6451200000

Cache_Increment / hour (in Kbits) = cacheable_content x ( HTTP_Traffic / hour ) = 2257920000

Total_Cache_Increment / day = 24 x ( ( 1 – peak_hours x

off_peak_utilisation) + peak_hours ) x ( Cache_Increment / hour ) = 2257920000

Required Storage Capacity ( in Kbits ) = store_age x (Total_Cache_Increment / day) = 6773760000

Required Storage Capacity ( in Mbits ) = 6615000

Required Storage Capacity ( in Gbits ) = 6459.9609375

Considering 8 bits = 1 byte, it looks like we need a little over 800 GB of Storage

However I would Requisition a Storage Capacity that can accommodate for possible increase in downloaded content of 35% (cacheable_content) to sustain at least 3 store_age cycles, i.e. 800 x 1.35^3 = 1968 GB

The above derivation is quite subject to a lot of assumptions. But it should allow deriving by ratio adjustments, quite easily.

For example – if the connections went up by 20% then we would need 20% more storage!

But more importantly, it allows anybody to differ with my assumptions,

and yet approximate the storage required.

Looks so simple now, Thank you Tushar.
bridal shower favors