Please note this article is for educational purpose only.

What be your reaction if you get a mail in your corporate Inbox with from field as “HR Helpdesk” (assuming that’s how HR mail appears in your organization) with subject as “Best Employee Bonus of Rs. 1,50,000”? The mail reads that you have been awarded the bonus because of your hard work, dedication etc. All you need to do is reply with some of your official & personal details and the bonus is yours. If I were you I would jump on it and reply in matter of 30 seconds.

However, what you would have failed to notice is that the email ID in reply field would not be one of your HR’s corporate email ID’s but some malicious unknown email ID on the public domain. This is what we called Social Engineering.

Social Engineering is a term associated with attacker’s abilities to manipulate the natural human tendency of trust leading to malicious activities like unauthorized access, loss of confidential details, phishing etc. It’s actually an art of luring people in getting them to do what you desire. A child emotional pursuing his parents to buy her a toy, a sales person convincing the customer to buy his products or a phishing attack are all examples of Social Engineering.

Social Engineering can be categorized as Physical & Physiological.

1        Physical – In this case an attacker attempts to circumvent physical security controls.

Amongst many, some of the examples dealing with Physical Social Engineering are:

• Bypassing the physical security checks and gaining unauthorized access to physical premises
• As a visitor entering the cabin of a Top level executive in her / his absence
• Impersonating as a courier agent and dropping off an unchecked parcel to a C-Suite executive’s cabin.
• Entering restricted areas like data center and gain unauthorized access to critical details like network setup
• Tailgating thru main entrance and other entry / exit points (Fire exits, smoking zones etc.)
• Impersonating as a government official / person belonging to an authorized department (Electricity Board, Fire Department etc.) and conducting a site visit to gain critical information related to the facility

2        Psychological – In this case attacker plays with victims trust basically uses a human psychological factor.

Amongst many, some of the examples of psychological social engineering are:

• An email from Public domain ID example ABC@goodsite.com (name in the INBOX could be displayed as HR@corporatenetwork.com / IT@corporatenetwork.com)

The content of the mails could be:

1        “This is an automated employee detail collection form. In the view of current HINI Pandemic and heavy rains we are in process of updating and maintaining an up to date employee database. All the ‘CorporateNetwork’ employees are requested to cooperate and provide the necessary details at the earliest. Please fill in all the details and submit the form. This is an auto generated email, please do not reply to this email.”

2        “Virus Alert Recipient name: This is an automated alert sent by the virus update engine. A new virus which targets IT Services and Software Development organizations has been circulating the Internet. This particular virus requires an immediate software update to prevent infection. Please click the link below to update your workstation with necessary patches”

• Cold Calls to Employee’s impersonating as vendors or media personnel’s inquiring about the internal related details like Applications, IT Infrastructure, Physical Security etc.
• Calls to employees impersonating as IT Helpdesk requesting for login credentials. The imposter could convince the victim by stating that the credentials are required for maintenance activities
• Imposter could obtain employee details from Public domain and call up the organizations IT Helpdesk to reset the victims password and thus gain unauthorized access
• Mails from forged Bank ID’s requesting for Internet Banking login credentials

Don’t want to be victim to Social Engineering attacks, follow some basic thumb rules:

• Never allow people to tailgate with you.
• Verify the identity of the visitor against his/her valid ID Card
• Ensure all Entries / Exit points are secured at all times
• Visitors should not be allowed in the office space without appointments. The could be requested to be at the reception.
• Avoid use of corporate ID’s on public domain, blogs, discussion forums etc.
• Do not share login credentials with anyone. IT Helpdesk or Banks do not need employees / customers login credentials for any of their operations.
• Before replying to mails asking for sensitive / personal information verify the origin and sender’s details
• Never click on unknown links / links contained in the mails of unknown origin. An innocent URL like www.goodsite.com could actually be linked to www.xyz.abc.net etc. which might infest your PC with Malwares, Trojans, Virus and worse Back-Doors giving complete remote access of your PC to attackers
• Avoid accessing confidential and critical online details like corporate mail box, Bank accounts etc. in public places, hotels etc. where Internet security cannot be trusted
• Read and follow the security guidelines dealing with Internet Banking issued by the Banks from time to time
• Verify the SSL certificate of the Bank website before getting into any Internet Banking transaction
• Use a strong and complex password
• Do not note down the user ID & passwords on piece of paper, notepads etc. which could be accessible to others
• Use virtual keyboard where applicable
• Avoid installing software’s / tools of unknown origin because these might open backdoors to your PC

Educational Reference:

• http://www.social-engineer.org
• http://www.phishme.com/

Methodology to Measure the WAN Performance while selecting an optimum location for the Data Center (DC)

Introduction:

Network performance is one of the most critical factors to be considered while selecting the location for Data Centers. There are many factors that influence the network performance. These factors are highly dependent on the type of applications and services being hosted out of the data center. The Wide Area Network (WAN) factors which help in determining the network performance from the perspective of selecting a location for the data center are:

• Round Trip Time (RTT) from source to destination
• Throughput
• Theoretical Network Limit

1        Round Trip Time (RTT):

RTT is the time taken by the IP packet to transverse the path from the source to the destination and back. It is usually measured in milliseconds (ms).

2        Theoretical Network Limit :

As the name suggests, theoretical network limit is the theoretical maximum (ideal) throughput possible on a given network link(s) between source and destination. It is typically expressed in Mbps. This limit is calculated based on RTT, Maximum Segment Size (MSS) and Loss rate in percent.

3        Throughput

It is the amount of data transferred from one place to another or processed in a specified amount of time. Data transfer rates for networks are measured in terms of throughput. Typically, throughput is measured in kbps, Mbps and Gbps.

Methodology to calculate RTT, Theoretical Network Limit and Throughput

Step 1: Calculation of Round trip time (RTT)

RTT can be calculated by sending ICMP Ping messages to the destination. Ping messages need to be sent between the source and destination between which the RTT needs to be calculated. Using Looking Glass utilities, Ping messages can be sent from different locations around the globe.

Looking Glass is a utility available on the internet using which Ping messages can be sent to the required destination from servers (or network devices) located in different locations around the world.

Thus, a very good approximate of RTT can be obtained between the source country * and the destination.

Parameters required for measuring Theoretical Network Limit and Throughput:

• Round trip time (RTT)
• Maximum segment size (MSS) (typ.1460 Byte)
• Loss rate in % (typ. < 10^-6% (< 10^-8))
• TCP window size (typ. 64 Kbyte)

Step 2: Calculation of Theoretical Network limit

The approximate Theoretical Network limit can be calculated using the following formula (based on the Mathis et.al. formula)

Theoretical Network rate < (MSS/RTT)*(C/sqrt(Loss)) [ C=1. Loss is the Loss rate in %. typ. < 10^-6% (< 10^-8)  ]

Step 3: Calculation of Throughput

Throughput can be calculated using the formula

Throughput <= TCP buffer size / RTT

Where, TCP Buffer size > = TCP Window size, Typical TCP window size = 64 Kbyte

The theoretical network limit and throughput are dependent on the RTT. So, a very good approximation of RTT is imperative. RTT analysis should be carried out at different times, during the course of the day and an average should be taken, to get a good approximate.

Note:

1        Many looking glass utilities are available on www.traceroute.org

2        The calculator for theoretical Network limit and Throughput is available on www.switch.ch/network/tools

* The exact location within the source country depends upon the location of the available network device (Looking Glass) from where Ping messages are being sent.