Just Share everything for everyone

Buying a home is the most important buying decision that most people make in the course of their lives. Most people comparison shop a great deal for a house. You search until you find what you want. When you find it, you make an offer and, if the offer is accepted, apply for a loan.

This order of doing things is a bit backwards. Your efforts to get a good deal on the money you borrow should be as complete as your efforts to get a good deal on the house you buy. Most people put off applying for a loan because it seems so daunting. It also involves the possibility of rejection. Egad!

Your best bet is to prequalify for your loan before you choose your house. Prequalification means you fill out all the forms and get a commitment from a lender that it will lend you a certain amount of money on prescribed terms as long as you pick out your house within a designated period of time. Prequalifying can be a great help for the following reasons:

• You know what you can afford.
• You can tell the seller that you are prequalified, which makes you a more-attractive buyer. The seller doesn’t have to worry about whether you are going to be able to get a loan.
• You get to shop for the loan and fill out the forms without the time pressures involved when you’re afraid someone else will snatch up the house you want.

Going to a bank and asking for a loan is not something most folks enjoy doing. However, the terms on which you borrow money for your home purchase are a significant part of the package. Enter the mortgage loan broker. A mortgage loan broker is a professional person who assists you in finding the right loan for your circumstance and helps you fill out the forms. Generally, these brokers are paid by the lending institution that grants the loan. Read the rest of this entry »

Power-Supply Infrastructure
Often overlooked as part of the infrastructure required for secure VoIP is how power issues will be addressed. PBX and PSTN phones run on a common battery system that provides availability for free in the face of a power outage, but VoIP phones and the infrastructure that powers them must be carefully designed to meet equivalent requirements.

Power-over-Ethernet (IEEE 802.3af )
Like the name implies, Power-over-Ethernet (POE) eliminates the need to run a separate power supply to common networking appliances. POE works by injecting power using a switch or special power injector that pushes Direct Current (DC) voltage into the CAT5 cable. POE can be used directly with devices specifically designed for POE or with other DC-powered devices with a converter installed. This converter, called a picker or a tap, diverts the extra voltage from the CAT5 cable and redirects it to a regular power jack.

The major advantage of POE is that it allows greater flexibility in installing networking equipment. Access points can be set up in remote locations that normally would be limited to its proximity to a power outlet. It?s often easier to route cat5 cable outdoors (on an antenna or in a tree, for instance) when only network cable is required. POE is also very popular with supplementary low-power devices, such as IP telephones and webcams, even computers!

POE is regulated by the IEEE 802.3af standard. This standard dictates the device must provide 48 volts of direct current, split over two pairs of a four-pair cable. The maximum current is limited at 350 mA and a maximum load of 16.8 watts. Several vendors have created proprietary (prestandard) implementations of POE, however in most cases newer equipment from these vendors is now available that is compliant with the IEEE standard (although at least one of these vendors now advertises an ability for the client to request a lower or higher amount of current through a proprietary process of negotiation above and beyond specifications within the standard). Read the rest of this entry »

IP Switches and Routers
Although their position is defined by a standard data network rather than VoIP, a router’s purpose in life is to connect two or more IP subnetworks at layer 3.An IP switch performs a similar function at layer 2. Routers and switches operate on the network and data-link layers, respectively, investigating the IP address or MAC address for each packet to determine its final destination and then forwarding that packet to its recipient. For VoIP, the biggest consideration at these levels are QoS markings and treatment such as DiffServ and RSVP, which should be supported by this infrastructure in a way that allows legitimate voice packets through with high priority and shuts out malicious packets, particularly those aimed at causing DoS attacks. This may be easier said than done in some cases. If an attacker can inject QoS-marked packets into your network, will your QoS scheme create a DoS condition for both voice and data?

Wireless Infrastructure
Wireless access points and associated infrastructure are similarly considered an extension of the data network. However, the increasing use of VoIP clients within this infrastructure creates several unique security considerations (particularly DoS given that wireless is a shared medium). In addition, wireless VoIP devices in the marketplace have lagged in implementation of the most current wireless encryption recommendations. All this should be taken into consideration in the design and operation of wireless VoIP.

Wireless Encryption: WEP
When wireless networking was first designed, its primary focus was ease of implementation, and certainly not security. As any security expert will tell you, it’s extremely difficult to secure a system after the fact. WEP, the Wired Equivalent Privacy encryption scheme, initially was targeted at preventing theft-of-service and eavesdropping attacks. WEP comes in two major varieties, standard 64bit and 128bit encryption. 256bit and 512bit implementations exist, but they are not nearly as supported by most vendors. 64bit WEP uses a 24bit initialization vector that is added to the 40bit key itself; combined, they form an RC4 key. 128bit WEP uses a 104bit key, added to the 24 bit initialization vector. 128bit WEP was implemented by vendors once a U. S. government restriction limiting cryptographic technology was lifted.

In August of 2001, Fluhrer, Mantin, and Shamir released a paper dissecting cryptographic
weaknesses in WEP?s RC4 algorithm. They had discovered that WEP’s 24bit initialization vectors were not long enough, and repetition in the cipher text existed on busy networks. These so-called weak IVs leaked information about the private key. An attacker monitoring encrypted traffic long enough was able to recreate the private key, provided enough packets were gathered. Access Point Vendors responded by releasing hardware that filtered out the weak IVs.
Read the rest of this entry »