How to Set Up an IP-Based Camera Surveillance System

Install reasonably priced cameras over ubiquitous networks IP surveillance technology has reached one of those "perfect storm" moments. Today's digital cameras are inexpensive and easy to install. Wired and wireless networks alike are ubiquitous. And the camera-monitoring software is robust, easy-to-use and often free. Demand for security cams is high among both businesses and home users, and system builders stand to capitalize on this surging wave by offering installation services and support. There's even potential for computer and server upgrades, as some companies will be looking to build dedicated systems that have guaranteed bandwidth and quality of service (QoS) over the video network.

Cameras are popping up all over the place. You can find them at retail businesses, factory floors, homes, apartments, landmarks, schools, financial institutions and transportation centers, to name but a few. Applications range from basic security and safety to quality control monitoring.

Although you can use these cameras over the Web, they're not really Webcams, which are those small, low-tech cameras designed for online socializing. Rather, IP-based cameras connect directly to IP networks, record at higher frame rates, and generally have better resolution then Webcams. They can pan, tilt and zoom, and many have one-way or two-way audio capabilities. They also come with monitoring and management software that lets you trigger alarms and e-mail alerts when certain events occur. For example, you can designate motion detection areas within a frame that generate alerts when motion occurs. Or you can set the system to begin recording when certain events occur or timers are set. Examples of motion events might include a person walking into the frame or a car driving across a designated area.

Since these systems are IP-based, you can monitor, store, and archive video, audio and associated application data over the Internet or across private data networks. The video can be carried anywhere the IP network extends, as opposed to closed-circuit television (CCTV) systems that require proprietary equipment and dedicated coaxial cabling. Anyone with the proper security clearance and a standard browser can monitor video, and control and configure the cameras on the network.

You need to have a fairly robust wired or wireless network set up for a successful IP surveillance roll-out. This Recipe assumes that you have a typical 10/100 wired or 802.11g wireless network already set up. We will, however, look at some Power over Ethernet (PoE) networking equipment and discuss the advantages of that type of system as well. PoE allows you to send power over ethernet lines so you don't have to place the cameras near power sources.

Finally, a note on what all this will cost you. Simply put, pricing will depend on several factors you'll need to carefully consider: Labor rates, the camera(s) selected, the structure of the building(s), the location of power outlets, the location of network infrastructure, etc.

Big Benefits

A quick rundown of the main benefits of IP surveillance follows. Use these points when pitching solutions to your customers, and they will quickly recognize the advantages.

• Utilizes existing IP infrastructure.
• Highly scalable.
• Flexible camera placement: PoE eliminates need for local power source; Wi-Fi eliminates need for hard-wired ethernet cable. Wi-Fi stands for Wireless Fidelity, and Wi-Fi is pretty much a noun these days, and has even become synonymous with the more generic term "wireless."
• Remote viewing from anywhere/anytime via a standard Web browser.
• Standards-based, allowing multi-vendor solutions and integration.
• Better image quality than closed circuit TV (CCTV) analog systems.
• Open storage and server systems scale easily and cheaply, with no need for specialized recording equipment or training.
• Secure: Data can be encrypted across the network, so only the cameras and servers know what kind of packets to expect across the system. Without the proper authentication keys, outsiders can't break into the network to steal video data or feed false video into the system. Also, any interruption to the data stream can automatically trigger alarms and alerts.

Ingredients

Let's get into the two main areas of components—the cameras and the network—that we'll need for building out an IP camera surveillance system.

Cameras: Most professionals are deploying products from D-Link of Fountain Valley, California. The company has been around for 20 years, and it offers quality cameras at reasonable prices. I recommend them.

I tested D-Link's DCS-6620G, DCS-5300G, DCS-3220G, DCS-2120 and DCS-950G cameras. I've listed them in order from fully featured to bare-bones. The DSC-6620G is the deluxe model, with all the bells and whistles and the superior Charge-Coupled Device (CCD) technology.

The D-Link DCS-6620G and DCS-5300G are the motorized models; they offer full pan, tilt and zoom features. The 6620G retails for about $775 onAmazon (NSDQ: AMZN). The DCS-5300G sells for about $422. (All prices are subject to change, of course. Watch for deals!)

The DCS-6620G, DCS-5300G and DCS-3220G have microphones and 3.5-mm. audio jacks to connect speakers at the camera source, so you can have remote two-way conversations. The DCS-3220G retails for $323 on Amazon.

The DCS-2120 has a microphone, but no speaker jack, so you can only monitor sound from this camera; you can't speak back to the person on the other end. I won't go into all the features here, but these cameras are quite impressive and take excellent, clear videos. The DCS-2120 retails for just under $320. The low-end DCS-950G is going for a little over $140.

All the cameras I tested operate as both Wi-Fi and wired Ethernet cameras. You can set them up either way depending upon your needs and the locations of your wired ethernet.

Once you've set up a camera, you can just plug the rest in and configure them without having to run the set-up utilities again. You can get a large facility installed really quickly this way. You simply plug the cameras into a power outlet and Ethernet jack, discover them with the D-Link client utility, and then configure the Wi-Fi settings according to your router's settings. Unplug the Ethernet cable(s) from the cameras you want to use in Wi-Fi mode, and you're set. The Wi-Fi cameras can be positioned anywhere in range of your wireless router and anywhere there is a power source. I'll cover the initial software installation in specific detail below.

The Network: You need to consider a few existing network variables before installing cameras. Ideally, your network switches and routers should offer a range of speeds from 56 megabits per second (Mbps) to 10 Gbps. For high-quality feeds or large numbers of cameras, consider 100 Mbps attached cameras with backbone network speeds of 1 Gigabit or higher. 10/100 Mbps networks and 54 Mbps or 108 Mbps Wi-Fi networks can be used for applications where high-resolution video quality is not as critical.

If you don't want to run Ethernet cable, 802.11 wireless access points and wireless cameras are an option. The 54-Mbps 802.11g standard is sufficient for many video surveillance applications. Current wireless security standards, like Wi-Fi Protected Access (WPA), offer robust authentication and encryption for the wireless signal to prevent snooping and interception of the video signal.

You should estimate throughput and peak demand requirements that will be placed on the network and examine how those demands may impact other network applications. Also, consider Quality of Service (QoS) mechanisms to provide the desired level of video quality to your IP Surveillance cameras and monitoring applications.

If you have a client that needs a larger installation—with 200 to 300 cameras, for example—you can go with Gigabit and 10-Gigabit Ethernet. Some organizations are easily using more than 1,000 cameras at a time with these high-speed networks.

Article Source: http://www.crn.com/white-box/192202279

Read more »

MULTIMEDIA

The creation of multimedia capabilities for the PC was probably given initial impetus by gamers, and certainly it is the case today that game demands drive graphical innovations. In computer sound capabilities musicians found a whole new means for creating and recording music, with studio technology condensed into their home PC. Quickly, business and education began to utilise the dynamism of sound and vision. Even professional home video editing became a real possibility.

Eventually, broadband Internet opened the doors for digital music, online gaming, movie downloads, Internet TV and more. The PC has since been posited as a home media centre, offering a complete home entertainment hub. There is no doubt, multimedia is a cornerstone of home computers.

Article Source: http://www.pctechguide.com/02Multimedia.htm

Read more »

GRAPHICS CARDS

Video or graphics circuitry, usually fitted to a card but sometimes found on the motherboard itself, is responsible for creating the picture displayed by a monitor. On early text-based PCs this was a fairly mundane task. However, the advent of graphical operating systems dramatically increased the amount of information needing to be displayed to levels where it was impractical for it to be handled by the main processor. The solution was to off-load the handling of all screen activity to a more intelligent generation of graphics card.

As the importance of multimedia and then 3D graphics has increased, the role of the graphics card has become ever more important and it has evolved into a highly efficient processing engine which can really be viewed as a highly specialised co-processor. By the late 1990s the rate of development in the graphics chip arena had reached levels unsurpassed in any other area of PC technology, with the major manufacturers such as 3dfx, ATI, Matrox, nVidia and S3 working to a barely believable six-month product life cycle! One of the consequences of this has been the consolidation of major chip vendors and graphics card manufacturers.

Chip maker 3dfx started the trend in 1998 with the its acquisition of board manufacturer STB systems. This gave 3dfx a more direct route to market with retail product and the ability to manufacture and distribute boards that bearing its own branding. Rival S3 followed suit in the summer of 1999 by buying Diamond Mulitmedia, thereby acquiring its graphics and sound card, modem and MP3 technologies. A matter of weeks later, 16-year veteran Number Nine announced its abandonment of the chip development side of its business in favour of board manufacturing.

The consequence of all this manoeuvring was to leave nVidia as the last of the major graphics chip vendors without its own manufacturing facility - and the inevitable speculation of a tie-up with close partner, Creative Labs. Whilst there'd been no developments on this front by mid-2000, nVidia's position had been significantly strengthened by S3's sale of its graphics business to VIA Technologies in April of that year. The move - which S3 portrayed as an important step in the transformation of the company from a graphics focused semiconductor supplier to a more broadly based Internet appliance company - left nVidia as sole remaining big player in the graphics chip business. In the event, it was not long before S3's move would be seen as a recognition of the inevitable.

In an earnings announcement at the end of 2000, 3dfx announced the transfer of all patents, patents pending, the Voodoo brandname and major assets to bitter rivals nVidia and recommended the dissolution of the company. In hindsight, it could be argued that 3dfx's acquisition of STB in 1998 had simply hastened the company's demise since it was at this point that many of its hitherto board manufacturer partners switched their allegiance to nVidia. At the same time nVidia sought to bring some stability to the graphics arena by making a commitment about future product cycles. They promised to release a new chip out every autumn, and a tweaked and optimised version of that chip each following spring. To date they've delivered on their promise - and deservedly retained their position of dominance!

Article Source: http://www.pctechguide.com/41GraphicsCards.htm

Read more »

Domain Name Registration Is The First Step To Build A Website

n the era of internet, while even the smallest of the business entities thrives for an online presence, it is necessary to understand the starting steps of the process. The online presence of your business is marked by the website that you have and the domain name is the name and address of that website.

Any marketer will emphasize on a good, easy to spell and easy to remember domain name that is similar to your business or nature of business. Domain name is the key to branding your business online.

A popular trend used to be that many business chose a domain name with a prefix ‘I’ or ‘e’ to the nature of shopping. The terminology became so famous over the internet that any body who hears the names ‘e-shopping’, ‘e-travel’, ‘i-ticket’ etc. can easily relate to the online entity without further explanation.

The other important part of domain name is their extension. Domain names are often confused by the customers because of their extensions. A typical extension varies from .com, .net, .biz, .info, .edu etc. etc. Many big business houses make it a practice to book all the extension and map it with each other so that abcd.com and abcd.net will take the visitor to the same page. However this adds to the cost and also the list being increasing daily with country specific extensions like, .au, .us, .co.uk, .asia etc coming in it is not always possible to acquire every possible extension with your name. Hence it is necessary that you promote the entire domain name to your target customers and build a brand around it.

Domain name registration starts with the process of checking the availability of the name you have short listed along with the desired extension. There are a number of domain registration websites that offer you the search function for the availability of your domain name. Once you have checked the availability, you can go forward to the domain name registration procedure from the same company where you checked the availability from a different company. Most domain registration companies offer you the ability to book your domain name online and you can make multiple domain name registration at a single go.

At the process of domain registration you will also need to mention the time for which you want to own the particular name. You need to renew it every time your tenure is near completion. Make sure that you make your domain registration in from a vendor that has a secured, certified online transaction process.

By: Smit

Article Directory: http://www.articledashboard.com

Read more »

Number 1 In Google With A Domain Name Redirect

Hi everyone,

I am glad to see you are doing some reading. That is how I learned most of what I know. Did you know that you can get ranked number 1 in Google just using a simple $10 domain name redirect/mask? That is awesome. I have only been in internet marketing for 2 years and I feel like I am just getting started... really!

So here's the scoop. I got the domain name "AmeriPlanCoverage.com" from GoDaddy... set up fowarding and masking... put in my keywords and website description, and BAM. Maybe a month or so later that website was #1 for the keyword "ameriplan coverage."

There is a video tutorial right on the GoDaddy website to show you EXACTLY how to set this all up. It only takes a couple minutes.

It's funny I use this example since I don't even own the domain name anymore. I am an IBO with AmeriPlan USA and am not allowed to use such domain names... but I forgot to read that part of the rules when I signed up... ha ha ha.

Now don't think that every "masked" domain will rank #1 in Google. I think I must have gotten lucky. I had several other domain names that didn't do nearly as well. The point is, it was only $10... and it worked for a while. Since this was a "corporate regenerated website" there was NO WAY to get visitors through the SE's. If you have a duplicate site, you could do the same thing and steal all the visitors from your competition. Sounds great doesn't it?

Of coarse if you really want to do some serious SEO then you need to have your own ORIGINAL content. I actually just started building my own websites... a few short months ago. I am still in the beginning stages of SEO for my few sites and plan to use article marketing for a good part of my traffic. I just ranked #2 for "ameriplan coverage" with my new "original" site... (Directly under the main corporation website! I don't know where they were before!?!)


You know another good traffic tip? I set up a RSS feed on my websites and since I am still adding content, my feeds keep getting bigger too. Submitting a feed is like submitting your url or posting links back to your site. Nothing bad can come of it. It is all GOOD. A combination of everything is how you will gain mass traffic to your website and make money when others around you are failing.

Good luck with all your work. Hard work pays off. Trust me.

To Your Successs,
Andrew Hittle

By: articlesbyandrew

Article Directory: http://www.articledashboard.com

Read more »

Importance Of Domain Names In Seo

The e-commerce world has seen many start-ups; some made it big, while others floundered into non-existence. More often than not, a brilliant idea gets stifled by the sheer immensity of the Web. Search Engine Optimization (SEO) is an internet marketing strategy that provides online businesses with better search rankings and, ultimately decides the success or failure of an online venture. An SEO company packs an arsenal of tools that can increase organic rankings to generate higher ROI (return on investment). One aspect of the SEO process is choosing the right domain name.

While selecting domain names may be redundant for existing businesses, new arrivals on the web must consider the importance of domain names in SEO. The business and domain names are essential because the anchor tag with its text provides a link from every corner of the net to your site. While linking to a website, webmasters tend to use either the business name (e.g. XYZ Company) or the domain name (www.xyzcompany.com). Having a business name that contains keywords which fit your product or service description is a very effective SEO practice.

The direct SEO effect of a keyword rich domain name is evident across the web, with SEO marketers lapping up numerous combinations of their keyword "SEO". The hyphenated URL is a very effective domain name trick, since Google treats hyphens as spaces. This means that a domain name also holds essential SEO keywords that can help propel a website up the search rankings. Also purchasing a more descriptive domain name is cost effective because longer names are generally priced lower.

Of course, with millions of sites, there are bound to be naming collisions, and working around this factor is probably the hardest. After all, no site wants to appear to be a clone of another. Compromises will have to be made. Branding your business and optimizing your website demands certain trade-offs between a stylish name and a utilitarian one. Thus, a good California SEO company, such as JMD Computer, can help in both these intricate processes; first, sifting through the many permutations available and then, choosing one that has both brand value and search engine optimality.

JMD Computer is an SEO company based in California. It specializes in Search Engine Optimization, PPC Campaign Management and other Internet Advertising services.

By: Mike Smith

Article Directory: http://www.articledashboard.com

Read more »

How To Transfer A Domain Name

Transferring a domain name from one registrar to another can appear a confusing and complex issue. In reality it's really quite simple after you've gathered a few important pieces of information.

The first step is to find the new "home" for your domain name. There are really only two options here: a domain registrar or a web hosting company which is also a domain registrar. Some registrar's do not offer web hosting services - in these cases when someone tries to reach your site the internet directory system (called DNS) will be contacting them to find out where your website is really located. This is a perfectly viable solution but may not be the lowest cost as there are many web hosts that now also offer domain registrar services as well. This second option will allow you to manage the domain name as well as host your website in one place and often comes at a lower price than separating out the two services. You must decide what is best for you thought for simplicity it is probably easier to just have everything managed at one location.

The second step is to visit your old registrar and obtain your authorization code. This code will be required to give your new registrar the ability to request the domain name transfer. On most registrars this code can be obtained directly by navigating to the proper page. You may need to use your registrars search function and look up "authorization code" or "transfer domain name" to find out where the authorization code is stored. In the worst cases you may even need to contact the registrar to request the code. Once you have this code you are almost ready to initiate the transfer.

The third step in domain transfer is to make sure the domain name is "open" to transfer. Years ago it was really easy to initiate this activity and because of the simple rules domain hijacking was far more common. To help reduce this problem registrars moved to a system which would allow users to set domain names to a "locked" state which would prevent anyone from starting a transfer. If you have a decent registrar this will be the case and you may need to change the "state" of your domain name to allow the transfer to begin. Again this is usually managed right on the same page that you find your domain name but you may need to use their search function and or call the registrar to get help.

Once you have found your new home, found your authorization code, and made sure the domain is "open" for transfer you are ready to initiate the move. The fourth step is to initiate and accept the domain transfer. On your new registrar's site find their domain management or transfer tool. You'll need to enter the name of the domain and then you'll also be asked for the authorization code. Once you've submitted the request you will need to check the email address tied to the domain name - this will most likely be the one you used when you signed up for the domain. If for some reason you no longer have access to that account you are going to have to jump through some hoops to get this step handled.

If you don't have access to that email the fastest way to get this resolved is to call the old registrar and let them know what has happened. If your site isn't a fortune 500 company you'll most likely have an easier time but don't be surprised if resolving this issue takes a bit of time. If you have access to the email things will be simple - you'll most likely just need to click a link in it to "agree" to allow the transfer to begin or possibly you'll receive a code that you'll need to enter somewhere to allow it to begin.

Once you are all done the last thing you'll need to do is make sure everything works after the transfer. The actual transfer will take anywhere from a few hours to many days. If things are done right you won't suffer any downtime for your website but in the worst cases you'll see up to 48 hours of connection issues for some users as their DNS servers are updated with the new information. In our experience there have been very few issues.

In review here are the steps:

1. Find a new registrar or a webhost which offers registrar services
2. Get the authorization code for your domain
3. Make the request
4. Accept the request which was sent to your email
5. Make sure everything works after the transfer

After the domain name is transferred you should be good to go!

By: Ed Grier

Article Directory: http://www.articledashboard.com

Read more »

Choosing And Registering A Domain Name For Your Website

You register a domain name by registering with a domain name services registrar. The domain name industry is regulated and overseen by ICANN, which is an organization responsible for providing standards and procedures for certifying companies as domain name registrars.
The master database domains that are on InterNIC servers can only be accessed and modified by a domain name registrar. The registers have special domain name and they determine the fee for you too.
A domain name is used to establish your identity on the internet, as well as serving to establish a brand. Marketing is influenced by your domain name. You can use your business name as your URL. Try to find an available URL that describes your business if your business name is not available. Purchasing a business name domain name isn't the only way to go, and when a keyword domain name could do just fine.
Use common sense when choosing a domain name because your domain name, or URL, can have an impact in both the online and offline marketing of your website. Long or difficult to spell domain names can make people ignore your web site and it has to be pretty good for them to stick with it. Short domain names register better with people's memory and are easy to remember.
After you choose a domain name, you need to get it registered with a domain name registrar service. Charges are likely to consist of a one-time installation cost to cover the background technical job that has to be done. Then pay your service provider a monthly, semi-annual or annual fee for Web site hosting services.
Many domain registrar services have competent online tools to help you get your domain name and hosting site up and running.
It will be much more better if you purchase a .com domain name instead of a .info, .net, .biz or other. If your chosen domain name is not available in a .com, keep looking until you find one that isn't taken. Having a .net (or another extension) website is not a bad thing. It's just that .com extension sounds like you've been on the net a long time.
Then you might consider looking at the lenght of time your competitors have regstered their domain names, if you want to stay ahead of your competition. If your domain name expires, there's a good chance that someone will register your domain name immediately after it expires. Renewal of domain names regularly is an assurance that you keep it for several years.
Keep in mind that your domain name is an extension of your business. Internet marketing will give you better results as long as you pay attention and practice what I've told you in this article.

If you need a dedicated server, Alojate.com is the best web hosting company in Mexico, offering a range of solutions for all business needs. Servidores dedicados, factura electronica, web hosting & domain registration.

By: Ricardo d Argence

Article Directory: http://www.articledashboard.com

Read more »

Domain Names And Seo

The significance of domain names in Search Engine Optimization (SEO) must not be ignored, nor should it be exaggerated. Relevant, keyword-containing domain names can be helpful in the accomplishment of SEO goals, but are not a replacement for inbound links or search engine friendly web design.

Just as search engines are more likely to return results which have the user's search keyword(s) in their text or titles, they also take each web page's domain name and URL into consideration. This means that such names are among several different SEO elements which contribute to determining the rank/position of each page. It also indicates that content related to the domain name of your site is more likely to rank well.

For example, someone might search on MSN for "250mb Zip disks" they are interested in purchasing. If one website has a related title, good keyword density, and ten relevant inbound links, but another page has all of these positive SEO factors plus an associated domain name (like "zip-disks.com"), it will probably be ranked above the first site. It may even rank ahead of sites with slightly better search optimization.

However, pages can have good domain names but not be competitive with other sites in different SEO categories, causing them to receive poorer rankings. For example, radio.com doesn't have the highest position for "radio" on Yahoo! or Google, and example.com isn't anywhere in the first five pages. On the other hand, shopping.com does have the top position for "shopping" on three of the top four engines.

Basically, it's good to obtain an SEO oriented domain name which is both relevant to the website's subject and contains keywords that people search for, but it isn't everything. Many websites have become quite successful with domain names that don't directly relate to their topic (or match relevant search keywords), such as Amazon, Dogpile, and eBay.

Article Source: http://www.articledashboard.com/Article/Domain-Names-and-SEO/664677

Read more »

How to Make Your Very Own Free Website With Your Own Domain

If you have been eager to know how to make your very own free website with your own domain, one suggestion that I will pass along to those who would like to learn how to set up their very own free website with their own domain is to find a service that offers a free blog site. The most popular one around today is located at Google's Blogger, www.blogger.com. The website homepage then opens the set-up page for a free blog with your own domain that can be utilized for your very own website. Within the blog, you can post your own content, buy your content to post, and you can also advertise your goods and services or advertise goods and services for others that redirect traffic to those websites that have something that your audience may be interested in.

The step-by-step instructions on how to set up your very own free website with your own domain by creating your own blog at Blogger are given in three easy steps. Follow the instructions closely, and, when it comes time to pick a name for your blog/website, be sure and try to assert your creativity and look into the future of what your vision for your very own website with your own domain is going to be. There are also many helpful tips on setting up your very own free website with your own domain at the Blogger set-up site, as well as other tips all over the Internet, particularly when you are looking to promote products or services with your own site. Find out how fast and easy it is to make your very own free website with your own domain through utilizing Google's Blogger tools.

Article Source: http://www.articledashboard.com/computers/how-to-make-your-very-own-free-website-with-your-own-domain/

Read more »

How To Select The Most Suitable Domain Name

Selecting and purchasing a domain name is the first step required before you even begin to design your website. Fortunately, there are many companies called domain registrars that can sell you a domain name. Although prices can vary greatly-from $8.95 up to $29.95-we don't recommend spending more than $8.95 for your domain name.

Step 1

You will find many search boxes where you can search for available domain names. If possible, choose a ".com" name containing no dashes for your principal website. Make sure the name is easy to pronounce and spell, and is not too long. Including an essential keyword as a part of your domain name is not necessary, but highly useful. For example, if you own a site related to selling products about dogs, you may want to choose "dogitems.com" as an appropriate name. However, it's better to choose a domain that is short and easy to spell, rather than including a length or awkward keyword.

Step 2

As soon as you have found a suitable name, conduct a search for that particular name in a major search engine such as Yahoo!, MSN or Google. Check to see if your proposed name was ever owned by anyone else. If so, ensure it didn't have any unsavoury connections that may hurt the reputation of your business. For example, if your desired name was previously owned by a gambling, spam or pornography site, I would find another one. Previous site owners who used your domain name may have also resorted to using unethical black hat tactics in their business. Therefore, if your proposed name appears on websites that appear unethical, don't waste your time using it. It is much safer to choose another domain name so you can establish a positive impression right from the start.

Step 3

Once you have confirmed the suitability of your domain name, you need to apply for an account with a domain registrar and purchase the name. Most companies allow you to register your domain name for several years, but this depends on the company. I recommend paying for a domain name that is reserved for a minimum of two years. The reason is that many fraudulent or spam sites remain registered for only one year. Therefore, new sites that are only registered for one year may be viewed negatively by search engines such as Google.

Good luck with your new domain name!

Online business is growing rapidly but there is still such a large number of businesses missing out on this opportunity. Kaplang is a unique design firm that provides quality services for web design, web development, search engine optimization and all other web solutions. Make sure your business stands out from the crowd when adding an online presence to your new or existing business. www.jmdcomputer.110mb.com

By: Michelle Kirkbride

Article Directory: http://www.articledashboard.com

Read more »

Your First Step to a Highly Secure Web Site

Web Application Vulnerability Assessment Essentials: Your First Step to a Highly Secure Web Site If an organization isn't taking a systematic and proactive approach to web security, and to running a web application vulnerability assessment in particular, then that organization isn't defended against the most rapidly increasing class of attacks. Web-based attacks can lead to lost revenue, the theft of customers' personally identifiable financial information, and falling out of regulatory compliance with a multitude of government and industry mandates: the Payment Card Industry Data Security Standard (PCI) for merchants, HIPAA for health care organizations, or Sarbanes-Oxley for publicly traded companies. In fact, the research firm Gartner estimates that 75 percent of attacks on web security today are aimed straight at the application layer.

While they're described with such obscure names as Cross-Site Scripting, SQL Injection, or directory transversal, mitigating the risks associated with web application vulnerabilities and the attack methods that exploit them needn't be beyond the reach of any organization. This article, the first in a three-part series, will provide an overview of what you need to know to perform a vulnerability assessment to check for web security risks. It'll show you what you can reasonably expect a web application security scanner to accomplish, and what types of assessments still require expert eyes. The following two articles will show you how to remedy the web security risks a vulnerability assessment will uncover (and there'll be plenty to do), and the final segment will explain how to instill the proper levels of awareness, policies, and technologies required to keep web application security flaws to a minimum - from an application's conception, design, and coding, to its life in production.

Just What Is a Web Application Vulnerability Assessment?

A web application vulnerability assessment is the way you go about identifying the mistakes in application logic, configurations, and software coding that jeopardize the availability (things like poor input validation errors that can make it possible for an attacker to inflict costly system and application crashes, or worse), confidentiality (SQL Injection attacks, among many other types of attacks that make it possible for attackers to gain access to confidential information), and integrity of your data (certain attacks make it possible for attackers to change pricing information, for example).

The only way to be as certain as you can be that you're not at risk for these types of vulnerabilities in web security is to run a vulnerability assessment on your applications and infrastructure. And to do the job as efficiently, accurately, and comprehensively as possible requires the use of a web application vulnerability scanner, plus an expert savvy in application vulnerabilities and how attackers exploit them.

Web application vulnerability scanners are very good at what they do: identifying technical programming mistakes and oversights that create holes in web security. These are coding errors, such as not checking input strings, or failure to properly filter database queries, that let attackers slip on in, access confidential information, and even crash your applications. Vulnerability scanners automate the process of finding these types of web security issues; they can tirelessly crawl through an application performing a vulnerability assessment, throwing countless variables into input fields in a matter of hours, a process that could take a person weeks to do manually.

Unfortunately, technical errors aren't the only problems you need to address. There is another class of web security vulnerabilities, those that lay within the business logic of application and system flow that still require human eyes and experience to identify successfully. Whether called an ethical hacker or a web security consultant, there are times (especially with newly developed and deployed applications and systems) that you need someone who has the expertise to run a vulnerability assessment in much the way a hacker will.

Just as is the case with technical errors, business logic errors can cause serious problems and weaknesses in web security. Business logic errors can make it possible for shoppers to insert multiple coupons in a shopping cart - when this shouldn't be allowed - or for site visitors to actually guess the usernames of other customers (such as directly in the browser address bar) and bypass authentication processes to access others' accounts. With business logic errors, your business may be losing money, or customer information may be stolen, and you'll find it tough to figure out why; these transactions would appear legitimately conducted to you.

Since business logic errors aren't strict syntactical slip-ups, they often require some creative thought to spot. That's why scanners aren't highly effective at finding such problems, so these problems need to be identified by a knowledgeable expert performing a vulnerability assessment. This can be an in-house web security specialist (someone fully detached from the development process), but an outside consultant would be preferable. You'll want a professional who has been doing this for awhile. And every company can benefit from a third-party audit of its web security. Fresh eyes will find problems your internal team may have overlooked, and since they'll have helped hundreds of other companies, they'll be able to run a vulnerability assessment and quickly identify problems that need to be addressed.

Conducting Your Vulnerability Assessment: The First Steps

There are a number of reasons your organization may need to conduct a vulnerability assessment. It could be simply to conduct a checkup regarding your overall web security risk posture. But if your organization has more than a handful of applications and a number of servers, a vulnerability assessment of such a large scope could be overwhelming. The first thing you need to decide is what applications need to be assessed, and why. It could be part of your PCI DSS requirements, or to meet HIPAA requirements. Or the scope could be the web security of a single, ready-to-be-deployed application.

Once you've figured out the scope, you need to prioritize the applications that need to be assessed. If you're accessing a single, new application, that decision is easy. But if you're on the precipice of accessing every web application in your architecture, you have some decisions to make. Whether you're looking at the web security of applications you own, or only those that take part in online sales transactions, you need to inventory and prioritize the applications to be assessed.

Depending on the scope and purpose of your vulnerability assessment, it makes sense to start looking at the web security of your crucial applications first - for instance, those that conduct the most transactions or dollar volume - and work down from there. Or it could be starting with all applications that touch those that process and store sales transactions.

No matter your scope, or the purpose of your vulnerability assessment, other aspects of your architecture always need to be considered when listing and prioritizing your applications. For instance, any externally facing applications - even those that don't contain sensitive information - need to be given high priority. The same is true for externally hosted applications, whether they are Internet-facing or directly connected to back-end systems. Any applications that are accessible by the Internet, or hosted by others, should be subject to a vulnerability assessment. You can't assume that an application is secure just because it is hosted by a third-party, just as you can't assume that just there is no risk just because a web application, form, or entire site doesn't handle sensitive information. In both cases, any web security vulnerabilities could very likely lead an attacker directly to your most critical network segments and applications.

The Vulnerability Assessment

Now you're ready for the vulnerability assessment. Believe it or not, much of the hard work is already done: deciding the scope, and then classifying and prioritizing your applications. Now, assuming you've already acquired a web security scanner and have identified who will conduct the manual scan for business logic errors, you're ready to take a whack at your application.

The resulting report, based on the security health of the application, will provide you a list of high, medium, and low priority vulnerabilities. At this point, you'll need someone to vet the automated vulnerability assessment results to find any false positives, or vulnerabilities identified by the scanner, but don't actually exist. If it seems overwhelming, don't fret; we'll delve into how to prioritize and remedy these web security vulnerabilities in the next installment. About the same time as your automated vulnerability assessment, the manual assessment will be underway. During the manual assessment, the expert will look for logic errors in the application: Is it possible for users to conduct transactions in ways the developers hadn't anticipated? Such as the ability of someone to tamper with application values that are being passed from the client to the server to alter the price of an item. The manual vulnerability assessment will end with a list of all vulnerabilities to web security found, and the assessor should prioritize the risks posed by each problem - based on the ease of exploiting the vulnerability, and the potential harm that could result if an attacker is successful.

Now you have your list of web security vulnerabilities, both technical and logic. And, if your organization is like most others, you have some remedying work to do. The challenge now is to prioritize what needs to be fixed, so that your existing applications can be hardened, and those being built can be remedied and safely placed into production.

While the list of web security issues may be long, you've completed the first major phase on the road to a highly secure application. Take comfort in the fact that your vulnerability assessment has identified problems in your applications before they were attacked by competitors, lone-hackers, or organized crime. In the next article, Effective Web Application Vulnerability Remediation Strategies, we'll show you how to prioritize your remediation work so that development time isn't prolonged, and existing applications at risk are remedied before they can be attacked.

About Caleb Sima

Caleb Sima is the co-founder of SPI Dynamics, a web application security products company. He currently serves as the CTO and director of SPI Labs, SPI Dynamics' R&D security team. Prior to co-founding SPI Dynamics, Caleb was a member of the elite X-Force R&D team at Internet Security Systems, and worked as a security engineer for S1 Corporation. Caleb is a regular speaker and press resource on web application security testing methods and has contributed to (IN)Secure Magazine, Baseline Magazine and been featured in the Associated Press.

About Vincent Liu

Vincent Liu, CISSP, CCNA, is the managing director at Stach & Liu, a professional services firm providing advanced IT security solutions. Before founding Stach & Liu, Vincent led the Attack & Penetration and Reverse Engineering teams for the Global Security unit at Honeywell International. Vincent is an experienced speaker and has presented his research at conferences including BlackHat, ToorCon, and Microsoft BlueHat. He has been published in interviews, journals, and books with highlights including: Penetration Tester's Open Source Toolkit; Writing Security Tools and Exploits; Sockets, Shellcode, Porting, and Coding; and the upcoming Hacking Exposed: Wireless.

Article Source: http://www.site-reference.com/articles/Website-Development/Your-First-Step-to-a-Highly-Secure-Web-Site.html

Read more »

Penetration Testing vs. Vulnerability Analysis Tools, Which Is Best?

Over the past several years I have heard people asking the question "should I use vulnerability analysis tools to assess my web based applications or should I look to penetration testing?" I think we, as an industry, may be asking the wrong question. First, let's look at how the web application industry has grown over the years and how penetration testing has scaled to meet that challenge.

Pre-2000

Before the year 2000, some companies had a web site for marketing purposes and a few companies were starting to do a little business on the web. There were of course a lot of DotComs around selling things on the web, but real "brick and mortar" businesses were just using the web as a marketing tool. The brick and mortar businesses who understood security started asking their experts in penetration testing to check out these web applications. Using some simple vulnerability analysis tools, those penetration testing experts did a good job checking for simple web application security issues. There were a few people running around that really knew how to test a web application, but not many. At this time, there were a few open source vulnerability analysis tools in existence, but the market was in its infancy.

Early 2000s

After the DotCom bust, companies actually started to use the web and web-based applications for both internal and external applications. Most applications still existed on non-web-based platforms, but developers started moving their legacy applications into web-based environments. Developers found that creating a web-based application was a bit more complicated, but deploying it via a browser made it all worthwhile. In addition, customers now wanted to transact their business via the web, and as a result, companies started to provide some of their services via a web application.

Security commonly responded to this change in one of two ways. One approach that worked was to hire or contract more penetration testing experts and to try to test all web-based applications before they went live. This worked in some cases, but usually there was not enough support for the penetration testing so only critical applications were tested, leaving non-critical applications open to attack. The other approach was to assess the web-based application with vulnerability analysis tools before it went live. This approach scaled much better than the penetration testing route, but would frequently miss vulnerabilities that really should have been discovered.

Usually, a combination of stand-alone vulnerability analysis tools and penetration testing was used in an attempt to get full application coverage. This yielded good results, but most security organizations were still quickly overwhelmed by the number of web-based applications that needed to be assessed. Also, this approach typically found vulnerabilities after the application had been developed, tested and was ready for production. This frequently caused companies to go live with vulnerable applications or go back to development and fix the issue.

The Right Question (Where we are today)

Today, the problems of the early 2000s have only worsened. The proliferation of web-based interfaces and applications has spread to every part of our lives and businesses. With this growth, we are not only seeing new groups within companies use web-based applications, but we are also seeing that these same groups are using web-based applications for everything they do on the computer. And these applications are also becoming more complex.

When faced with this type of environment, many web application security experts ask the question, "Should I use vulnerability analysis tools or hire more staff for penetration testing?" I think this is the wrong question. What we should be asking is, "If I have so many people developing web-based applications, how do I get them to do it in the secure way?" The people involved in creating the web-based applications will need to become part of the solution, not the cause of the problem. Developers and QA testers will need to understand how to develop a web-based application that is secure, and they will need vulnerability analysis tools to help them verify that they are doing the right thing. And providing developers with an automated way to test their applications can help them find web application security issues much earlier in the process.

Training for QA professionals is also critical. These professionals need to know how to look for web-based security issues and then need to have vulnerability analysis tools that help them test for security issues. They also need a way to integrate these vulnerability analysis tools into their existing defect tracking systems. This integration allows for tracking of issues as well as generating metrics around what type of issues are being created by the developers.

At the enterprise level, we need ways to assess applications that are in production and understand what the enterprise looks like from a web application security perspective. These tests should include issues resulting from development, QA and production, as well as the in-depth data that penetration testing will continue to generate. Having an enterprise view allows executives to understand where their risks are and what an appropriate response to the risks should be.

As for penetration testing, it will continue to be a core part of the web application security landscape. The fact is that there are some web application security issues that vulnerability analysis tools just don't do a great job of finding. These vulnerability analysis tools get better every day but they have a long way to go before they can be considered a "mature" product family. The web application security assessment industry is still quite young and the security landscape is changing quickly.

The fact is, the need for those experienced in penetration testing will continue to increase. We will need them to continue to do more assessments and to do more in-depth assessments that vulnerability analysis tools will not be able to fully execute. We will also need them to train developers and QA professionals in how to test web-based applications. Web application penetration testing is still a rare skill that vulnerability analysis tools cannot replace, and we need the people that are creating the web-based applications to develop applications more securely and to help develop processes to promote and verify the security of applications.

Dennis Hurst is a Developer Security Evangelist for SPI Dynamics where he works with development organizations evangelizing the need to integrate web application security into their Web development processes. A Microsoft Developer Security MVP, Dennis has more than 15 years experience in the Information Systems/Application Development industry, and he is an expert in computer applications and networks.

Article Source: http://www.site-reference.com/articles/General/Penetration-Testing-vs-Vulnerability-Analysis-Tools-Which-Is-Best.html

Read more »

Apache, MySQL & PHP for Windows

Apache, MysQL and PHP for Windows could be a nice nice thing to have on your Windows workstation. You could try and experiment with all kinds of nice PHP and MySQL based applications right on your Windows desktop running Apache, instead of having to access a full-featured server.

Most people have Windows as their workstation and it can be sometimes difficult to switch to another operating system. So, you may have always wanted to run PHP applications on your Windows machine but wondered if it is too difficult to install or if the hassle will be worth it.

This article gives you the essential information to get started right away. Even if you are a seasoned PHP, MySQL and Apache guru, the checklist below will still be helpful in your installation process.

There are lots of 3rd party software that bundles Apache, MySQL & PHP in one package and installs them on our computer. We do not recommend this and suggest that you directly get Apache, MySQL & PHP from their official sites.

Apache
1. Get Apache 1.3.33 from here: http://httpd.apache.org/download.cgi.
2. Choose a mirror close to you and in the same page, look for the Win32 Binary (Self extracting) file: apache_1.3.33-win32-x86-no_src.exe.
3. Download the file and save it on your hard disk. Run the installer and the self-extracting wizard will guide you through the rest of the steps. Choose all the default settings and run Apache as a service.
4. Remember to put "localhost" when asked for a Server name/Domain name. Use "administrator@localhost" when asked for the administrative email account.
5. Now point your browser to: http://localhost and you should see an Apache Test Page.
6. You can change this page by creating an "index.html" page here "C:Program FilesApache GroupApachehtdocs".
7. You can manually start and stop the Apache server. In a Windows command prompt, type "net stop apache" or "net start apache".

MySQL
1. Get MySQL 4.1.7 from here: http://dev.mysql.com/downloads/mysql/4.1.html
2. Under the Windows downloads section, choose Windows Essentials (x86) and click on the Pick a Mirror link.
3. Download the file mysql-4.1.7-essential-win.msi and save it on your hard disk. Run the installer and the self-extracting wizard will guide you through the rest of the steps. Remember the root password when prompted for it in the installation process.
4. Once the installation is done, on your Windows toolbar, go to "Start->Programs->MySQL->MySQL Server 4.1->MySQL Command Line Client".
5. Type the root password and you should be logged in to the MySQL shell.
6. Type "show databases;" to see the list of databases. Type "quit" when you are done.

PHP
1. Get PHP 4.3.10 from here: http://www.php.net/downloads.php
2. Under the Windows Binaries section, choose the file: PHP 4.3.10 zip package size 7,405Kb dated 15 Dec 2004.
3. Download the file and save it on your hard disk. Unzip the file and rename the extracted folder to "php". Now move this folder "php" and place it under "C:Program Files".
4. Move all the files under "C:Program Filesphpdlls" and "C:Program Filesphpsapi" to here: "C:Program Filesphp".
5. Copy the file php.ini-recommended to "C:WINDOWS" and rename it to php.ini
6. Edit your Apache "httpd.conf" configuration file located here: "C:Program FilesApache GroupApacheconf".
7. Add the following lines in httpd.conf:

LoadModule php4_module "C:/Program Files/php/php4apache.dll"
AddModule mod_php4.c
AddType application/x-httpd-php .php

8. Now stop your server by issuing the following command in Windows command prompt: "net stop apache". Then type "net start apache" to start your server. We are now going to test the PHP installation.
9. Go to "C:Program FilesApache GroupApachehtdocs" and create a file test.php
10. Edit test.php and add the following code:
phpinfo();
?>
11. Point your browser to http://localhost/test.php and you should see a lot of PHP configuration information.

Congratulations! You now have Apache, MySQL and PHP installed in your computer. Now you can install your favorite script right on your Windows workstation.
About the Author
Sanjib Ahmad, Freelance Writer and Product Consultant for Business.Marc8.com - Top 10 Business Best Selling Books. You are free to use this article in its entirety as long as you leave all links in place, do not modify the content, and include the resource box listed above.

Article Source: http://www.site-reference.com/articles/Website-Development/Apache-MySQL-PHP-for-Windows.html

Read more »

Apache, Mysql

"Even if you are a seasoned PHP, MySQL and Apache guru, the checklist below will still be helpful in your installation process."

Apache, MysQL and PHP for Windows could be a nice nice thing to have on your Windows workstation. You could try and experiment with all kinds of nice PHP and MySQL based applications right on your Windows desktop running Apache, instead of having to access a full-featured server.

Most people have Windows as their workstation and it can be sometimes difficult to switch to another operating system. So, you may have always wanted to run PHP applications on your Windows machine but wondered if it is too difficult to install or if the hassle will be worth it.

This article gives you the essential information to get started right away. Even if you are a seasoned PHP, MySQL and Apache guru, the checklist below will still be helpful in your installation process.

There are lots of 3rd party software that bundles Apache, MySQL

Sanjib Ahmad, Freelance Writer and Product Consultant for Business.Marc8.com (http://business.marc8.com/). You are free to use this article in its entirety as long as you leave all links in place, do not modify the content, and include the resource box listed above.

Article Source: http://www.site-reference.com/articles/General/Apache-Mysql.html

Read more »