The Internet protocol suite is the set of communications protocols that implement the protocol stack on which the Internet and most commercial networks run. It has also been referred to as the TCP/IP protocol suite, which is named after two of the most important protocols in it: the Transmission Control Protocol (TCP) and the Internet Protocol (IP), which were also the first two networking protocols defined

Today’s IP networking represents a synthesis of two developments that began to evolve in the 1960s and 1970s, namely LANs (Local Area Networks) and the Internet, which, together with the invention of the World Wide Web by Sir Tim Berners-Lee in 1989, have revolutionized computing. The Internet Protocol suite—like many protocol suites—can be viewed as a set of layers. Each layer solves a set of problems involving the transmission of data, and provides a well-defined service to the upper layer protocols based on using services from some lower layers. Upper layers are logically closer to the user and deal with more abstract data, relying on lower layer protocols to translate data into forms that can eventually be physically transmitted. The TCP/IP reference model consists of four layers.

Definition: A network protocol defines rules and conventions for communication between network devices. Protocols for computer networking all generally use packet switching techniques to send and receive messages in the form of packets.

Network protocols include mechanisms for devices to identify and make connections with each other, as well as formatting rules that specify how data is packaged into messages sent and received. Some protocols also support message acknowledgement and data compression designed for reliable and/or high-performance network communication. Hundreds of different computer network protocols have been developed each designed for specific purposes and environments.

Internet Protocols

The Internet Protocol family contains a set of related (and among the most widely used network protocols.

How Network Protocols Are Implemented

Modern operating systems like Microsoft Windows contain built-in services or daemons that implement support for some network protocols. Applications like Web browsers contain software libraries that support the high level protocols necessary for that application to function. For some lower level TCP/IP and routing protocols, support is implemented in directly hardware (silicon chipsets) for improved performance.

Hardware is an aspect of your computer that doesn’t require the need to be changed that often, unlike software. So if your hardware shouldn’t need to be changed that often you want to make sure that when you purchase it you are buying a piece of hardware that will last.

A lot of people overlook the need and responsibility of PC Hardware and instead concentrate primarily on software. Without the correct hardware your PC will fail to function correctly.

The term hardware can be fixed to many aspects of your computer, with the main aspect being your motherboard . The motherboard is classed as the heart of your computer; its main purpose is to provide electrical and logical connections. Without a motherboard your computer will not be able to function. Components such as external storage, controllers for video display and sound are attached to the motherboard via edge connectors and cables.

The (CPU) is also found on the motherboard and acts as another important piece of computer hardware. The CPU performs most of the calculations which enables a computer to function. The CPU and the motherboard are found within the tower of your computer as is the computer fan, needed to keep your computer at a safe temperature and your power supply, which is obviously needed to ensure your computer has power to function. Along with all of these you will also find your computers sound card and graphics card within your computer tower. Your graphics card, also known as a video display controller, is important to your computer as it is what enables you to get a good resolution and without one you would not be able to watch videos, play games or even clearly see flash images on websites.

One last hardware feature of importance that is kept within your computer tower is the computers hard drive. The hard drive is the storage area of your computer system. All your programmes and applications as well as images, music, video and all forms of media that is on your computer are stored within your computers hard drive.

All of the previously mentioned hardware is stored in the tower of your computer but there are aspects of computer hardware that are visible on your computer such as removable media in the form of a  DVD drive, floppy disc and USB ports.

When it comes to buying these pieces of computer hardware most people head straight to the biggest brand store and pay over expensive prices for hardware that you could have got a lot cheaper from another avenue. If you are looking to buy computer hardware there are a number of options open to you rather than just buying new. For example there are computer fairs that are held, which sell all forms of computer hardware at very reasonable prices; if you know what you are looking for you will be able to find a great deal at a computer fair. However if you would prefer buying from a retailer have you considered buying used hardware? Please don’t be put off by the term used what is meant by this is you would be buying new hardware that has been returned by customers and restored by the retailer. Dell is a prime example of a store that frequently sells hardware that has been returned and has been repaired to new standards.

Author: Gale Yocom

Financial Institutions can look to more in-depth examinations this year since the FDIC issued FIL-105-207, which updated the IT Examination Officer’s Questionnaire.

Financial Institutions can look to more in-depth examinations this year since the FDIC issued FIL-105-207, which updated the IT Examination Officer’s Questionnaire. The FDIC wants to make sure that insured depository institutions have security programs that guarantee the confidentiality of customer information in addition to anticipating and protecting against security threats and unauthorized access of customer information.

To ensure that these issues were addressed, there are five sections on the questionnaire, which includes Risk Assessment, Operations Security & Risk Management, Audit/Independent Review Program, Disaster Recovery/ Business Continuity Management and Vendor Management/Service Provider Oversight.

Parts 1 and 4, namely Risk Management and Disaster Recovery are much the same as the 2005 questionnaire, with some minor changes. The other sections have a number of significant changes; one of the most important is that the 2007 questionnaire has included an entirely new section that focuses on questions about Vendor Management. One particular topic of concern addresses the FIL, because most institutions do not have standard security awareness training programs in place.

Training Awareness Using Non-Conventional Methods

With so many new complex threats going beyond the standard pharming, phishing and vishing attacks, assaults are now focusing on the end user or client side exploits. These attacks are exploiting and affecting mail readers, Internet browsers and third party applications such as Adobe Reader. Because of these more sophisticated attacks, it is more important than ever to educate users/employees about these risks, which can be achieved by making sure IT Managers have compliant training sessions in place.

What we at Covetrix discovered is that most security awareness training programs are simply not enough. They are usually done annually or only when the employee is initially hired. Even with extensive training, the level of absorption of these topics is often forgotten in just a matter of weeks, usually because of a lack of interest or because of the approach of the material presentation.

After a while, employees almost get the feeling of someone crying wolf when it comes to phishing / pharming / vishing attacks, which for future reference we will refer to social engineering. The training programs must be adapted so that the critical level of importance remains high. We believe by providing non-conventional, educational and real world examples, a financial institution will not only be able to educate employees with increased absorption, but they will also be able to understand how these scams work thereby being able to spot a scam and then quickly catching it before it impedes on the customer’s privacy.

Tracking Employee Review is Critical to Retention

As our clients are eager to improve on their security levels, we believe it is vitally important to build strong teams, teams that can provide a quick response to potential threats, keeping security risks from causing havoc in the financial institution. At Covetrix, we see a need to track employee reviews of the security training material. The reason? It has been proven that more often then not, an individual may watch security awareness training videos, read e-mail messages, or review computer use handbooks with the best of intentions, yet their level of retention and absorption of the security knowledge is often limited. Covetrix has designed IT training videos that keep interest high and retention longer.

The way they work is the video pauses and asks the viewer questions about the previously viewed content before continuing. This information is also reported to IT staff for compliance during examinations. Trained individuals must be ready and prepared to make quick decisions so that nothing threatens the security of the financial institution. Yet even with willing participants, individuals are sometimes overwhelmed with too much information.

Despite the idea of ensuring that videos are watched and questioned and then asked about their understanding of content, we need the information to stick. To ensure that training methods stay in the minds of the users/employees, new ways of implementing the information must be enforced, which means it is necessary to implement non-conventional techniques.

How Non-Conventional Methods Work

In the event of identity theft scams, placing untrained people in security roles is not going to keep security risks away! What will keep them away is giving individuals the proper training, continually expanding on knowledge through effective training programs. As a well-qualified technology expert and experienced security specialist, it has become very obvious that when individuals are properly trained, they retain and absorb information more readily. And based on my years of experience, one of the best ways to help retain and absorb information is through non-conventional strategies.

What do I mean by non-conventional strategies? In most training programs, the user is given a direction of lists which may include things like the following:

1. Don’t open bad mail
2. Don’t go to a bad website
3. Report all phishing emails

The problem stems from the user’s actual understanding of this information. Our videos are using non-conventional training by actually showing a user exactly what is a bad mail, how they are created, or how a hacker creates a phishing site and attacks their institution. Combined with the employee’s review of the information and non-conventional training, the knowledge transfers information in a far more effective manner.

The Outcome

As a result of implementing these innovative awareness training video strategies, we have seen a high level of success during our third party penetration testing and audits. Equally important are the individuals who are able to understand and retain information more efficiently.

It’s very clear that even the most effective training program requires periodic testing to ensure that the training program is serving the ever-changing needs of the financial institution. And just as technological challenges continue to change and grow, so too must training programs grow and change as well.

With non-conventional training strategies, financial institutions have a far better chance of keeping customers safe from scams and unauthorized access to private information.

Basic Registry Editing in Windows XP/Vista

Editing registry key can be very complicated and highly risky. Please do NOT try this unless you are absolutely positive that you might mess up the system, and as always, it’s highly recommended that you do a backup of the registry (or whole system) before making any modifications.

Since it would take hours to talk about the registry, I am just going through the very basic steps. You can always refer to the Microsoft website or books for full details. Here’s the most common steps you might ever need to know for basic troubleshooting:

For Windows XP:

1. In Windows XP, from Start, and then click on Run.
2. Type “regedit“, then click on OK.
3. Now it opens the Registry Editor.
4. You can easily navigate through the subkey if you know what you are looking for. Or, you can press “Ctrl + F” to locate the subkey that contains the value you want to edit. (F3 to Find Next)

For Windows Vista:

1. From Start, then type “regedit“.
2. Click on “regedit” on the search result to open the registry editor in Windows Vista.
3. Step 3 & 4 are the same as Windows XP (see above).

That’s all you need to know for basic editing such as removing spyware or troubleshooting a basic Windows problem. Please digg it if you find this helpful. Good luck!