AsiaRegistration.net and other Domain Name Registration and Scams

Look-out!!! Someone in China is going to take over our sector online!

At least I think that is the response this email is expecting.

So my company name is allegedly being registered in China and all of the trademarks etc. are in danger dot dot dot.

I have an email here from jim.wang@asiaregistration.net who assures me I need to act fast!

Well first of all, let us look at the email in question:

Dear CEO, Well the CEO is not likely to receive this email but this is a great way of panicking his PA or whoever may receive messages sent to 'info@'

(If you are not the person who is in charge of this, please forward this to your CEO, because this is urgent. If this email affects you, we are very sorry, please ignore this email. Thanks) This is more of the same - panic panic panic - must act now. It is a bit like finding a hotel room online (always phone around as you will pay half the price)

We are a Network Service Company which is the domain name registration center in China. OK
We received an application from Huadu Ltd on July 18, 2017. They want to register " insolvencyit " as their Internet Keyword and " insolvencyit .cn "、" insolvencyit .com.cn " 、" insolvencyit .net.cn "、" insolvencyit .org.cn " 、" insolvencyit .asia " domain names, they are in China and Asia domain names. But after checking it, we find " insolvencyit " conflicts with your company. In order to deal with this matter better, so we send you email and confirm whether this company is your distributor or business partner in China or not? No registration of any domain will affect a company in any other country - there are so many national domain suffixes and other suffixes that registering them all would be a serious drain on your company profits for no reason.

Best Regards,

Jim | Service Manager

Asia Registration (Head Office)I have removed the phone numbers etc. for the purposes of this email.

Web: www(dot)asiaregistration(dot)net This is important as they are trying to stop their email pointing to www.asiaregistration.net in order to disassociate themselves for some reason - this would indicate wrongdoing of some kind and suggests this email is spam and should be ignored.

Do not ever register domains you do not need - they are a waste of time and should not be bought defensively - unless you are an online retailer and want to prevent a specific competitor buying a certain keyword domain. Stick to your single website and invest in that and the quality of your work will be concentrated in one place to get you a good ranking. Everything else is hearsay and happenstance.

Juniper SSG5 to DrayTek Vigor 2860 IPSec VPN

The DrayTek Vigor router range are very straightforward routers with which to configure a VPN and only get really complicated to work on when dealing with multiple firewall rules that may conflict or override each other. The Junipers are highly configurable in a a very ordered manner, but this does mean that there are extra considerations and stages to configuration when programming a VPN.

The Juniper needs to be told to allow traffic through a VPN and also needs a tunnel and an endpoint configured and so let us deal with that first.

We are assuming that you already have access to the Juniper via the web browser and can reach the configuration screens.

Go to the Network menu and select Interfaces and List.

Now with the drop down top right, choose Tunnel IF and then click New.

Set the Zone to be Untrust (trust-vr)

Check the bubble for Unumbered as this is a route-based VPN

Choose the interface to be the internet facing interface with the IP address that you will be pointing the DrayTek Vigor VPN at.

Now click the Tunnel link at the right of the links at the top of your configuration panel.

Once again the destination will be left as 0.0.0.0 as this is a route-based VPN and the Gateway we define in a minute will determine the endpoint for the VPN.

Now we have the tunnel configured we move on to configure the VPN:

Click Autokey IKE and then New:

Rather than configure a gateway in advance we will simply create one in this page. Click the bubble to Create a Simple Gateway and enter a name for the remote gateway. Leave IKE as ver.1 and choose Static IP and enter the Vigor WAN IP or hostname.

Now enter the pre-shared key which is a code that you will enter into the Vigor or share with the admin of the remote Vigor by some secure means. The Outgoing Interface will be the Juniper physical interface on which the WAN IP address resides to which you will be pointing the Vigor VPN.

Now click Advanced:

Here we are choosing the Phase 2 encryption proposal which is simply the encryption types - AES 256-bit in this case with DH Group 14 PFS (Perfect Forward Secrecy) and 3600 seconds time-out, but feel free to simply select a standard choice and simply make a note of the one you are choosing. Is it AES or 3DES or DES? What is the time-out, is it in seconds, minutes or hours? What is the PFS DH group? All of these should be noted as the Vigor must be configured to accept them.

Now enter the local and remote IP / Netmask where the local is the LAN address and teh subnet and the remote is the LAN which resides behind the Vigor which we are going to have remote access to once the VPN is established. In this case both subnets are set at /24 meaning 255.255.255.0 Class-C subnets but you must obviously enter your own details for each network.

Set service to Any which will allow all traffic to pass between the sites via our VPN.

Tick VPN Monitor, Optimised and Rekey  and leave the destination as default whilst choosing the external interface to which you will point the Vigor as the Source Interface.

Now click Return and OK. Now move on to configure the policies. The Gateway settings below are just for reference.

Here are the configurations for the Gateway but these two pages have been configured already when we configured the VPN but they are included as reference if you need to troubleshoot your Gateway settings:

Now click Advanced:

Now we must configure the policies to allow traffic between the sites. Go to Policy then Policies and at the top select from Trusted to Untrusted and click New.

Give the policy a name and enter the local subnet in the source and the remote subnet in the destination address boxes.

Choose the service type as Any and click OK. There is no need to configure advanced options in this instance.

Now at the top of the policy screen, select from Untrusted to Trusted and New and configure the settings as above but with the Vigor remote LAN subnet as the source and the local Juniper subnet as the destination with the service set as Any.

This completes the Juniper set-up and we can now configure the DrayTek Vigor 2860.

 Log into the admin web page of the DrayTek and go to the VPN and Remote Access section on the right-hand side. Click on LAN to LAN and then click an empty profile so that you can begin to populate the necessary information:

Name the VPN, indicating where it is connecting your local subnet to.

Tick to enable the profile.

Choose which WAN port/interface the VPN will be established through.

We are allowing NetBIOS naming packets as this will be for a Windows computer network and we may wish to enable inter-site computer browser functioning etc.

Multicast via VPN we will leave disabled.

Set the direction to be Both so that either site can initiate the connection.

Set the VPN type to be IPSec and enter the WAN IP or hostname of the Juniper we are connecting to.

Populate the bubble for Pre-Shared Key and click the IKE Pre-Shared Key button. Here you must enter the same key you entered into the Juniper and click OK.

Below that, choose the bubble for High(ESP) and set the dropdown box to be AES with Authentication. Then click the Advanced button:

Here we are selecting Main mode as we did on the Juniper and out phase 1 proposal as AES256_SHA1_G14

Our phase two proposal is set as AES256_SHA1

Timeouts are once again 28800 seconds and 3600 seconds for phase one and two respectively and the Perfect Forward Secret (PFS) is enabled. Now click OK.

Moving down the VPN LAN to LAN page we come to the Dial-In setings:

Tick IPSec Tunnel as the VPN type and untick the others.

Tick the box to Specify Remote VPN Gateway and enter the Juniper WAN IP once more.

Tick the box for the Pre-Share Key and enter it as before by pressing the appropriate button.

Tick the AES button for the IPSec Security Method.

Leave section 4 blank here as we are not using GRE in this example.

Finally section 5 we enter the Vigor WAN IP in My WAN IP. The Juniper WAN IP in Remote Gateway IP.

The Juniper LAN subnet in Remote Network IP such as 192.168.10.0 and the subnet mask below, in this case 255.255.255.0 rather than /24.

The local network IP is the LAN subnet being the Vigor such as 192.168.11.0 and the subnet for the Vigor below.

The RIP direction is set to both and the traversal method is set to Route.

Now click OK.

Go to VPN and Remote Access and Connection Management and see if the VPN is up:

DrayTek Vigor 2830 Dynamic IP to 3900 Static IPSec VPN

There are two main points to bear in mind when configuring the dynamic IP address connections to a static Vigor. The first is that you need to configure the IPsec shared key in two places on the static host DrayTek Vigor VPN router. Firstly under IPSec General Set-up (which is the same place as you configure the IPSec key for L2TP) and then under the VPN Profiles (or LAN to LAN if it is an older model.)

Lets configure the 3900 static IP host router first:

Go to IPSec General Setup

Enter the IPSec shared key you are going to use for your VPN, or if you are already using that shared key for other connections, look up what you are using and make a not of it as we will need to enter that shared key again shortly.

Now go to VPN Profiles and we will configure the IPSec specifics for the host static end of the VPN. To continue, click Add to open a new profile window and choose an IPSec VPN. Leave the 'For remote dial-in user' selection at disabled.

So in the above we use the wan port that the external IP being targeted by the other VPN router.

The local IP/Subnet mask is the IP range used by the internal network of the 3900 with the static external IP. In this case we are using a class C subnet of 192.168.x.0

The local next hop is left as the default to use the wan1 default gateway (in the above we are using wan1 but as stated you must use the external IP that the 2830 is pointed towards)

The remote host remains at 0.0.0.0 as the remote Vigor 2830 is on a static IP

The remote network mask is the internal IP LAN subnet of the 2830 with a dynamic WAN address - in this case we are using another 192.168.x.0 address

For the IKE phase 1 we will stick with Main Mode

The authentication type we will leave as PSK - Pre-Shared Key

The pre-shared key we entered earlier we enter again here...

The security protocol we are choosing is encrypted and so we select ESP

Now we move onto the Advanced tab:

We are sticking with the default time-outs for DrayTek Routers.

We are selecting Perfect Forward Secrecy to be enabled (PFS)

Dead peer detection can be enabled to allow for VPNs to be picked up again quickly after a brief connectivity issue.

Route/NAT mode should be: Route

Apply NAT policy should be: Disable

NetBIOS naming packets in this case I am selecting: Enable as this will allow ICMP traffic for Windows client/server communications to behave as if on the same network. 

Multicast via VPN we will leave: Disabled

RIP via VPN we will leave: Disabled to simplify getting the VPN up and running - you may wish to enable this at each end afterwards for router discovery.

Now we proceed to the Proposal Tab as we are not enabling GRE in this example:

#

Now we configure the encryption methods:

We are using AES G5 (Group 5) and AES with authentication as above and leaving the other options as accept all to bring the VPN up reliably and quickly.

To enable compatibility with the 2830 we are sticking to Group 5 but if you are using a 2860 you can use Group 14 (G14) instead as long as you match both ends.

Once all of this has been entered we can click Apply and await the router to confirm that it has accepted our VPN details...

Now we configure the 2830

In this example we are going to stick with using the LAN to LAN or VPN profiles tab as not all models have the VPN client and server wizard options, but either method will work as long as you get all of the encryption, LAN and endpoint data correct:

Below we have already gone to VPN>LAN to LAN and clicked on a profile number to start entering the data:

Give your profile a name and tick the box to enable it.

On this router we are using WAN 2 as it is behind another router (and yes it will still work with or without passthru as this is a dial out only configuration from the dynamic end. There is no point trying to dial back to a router you do not know the WAN IP address of.)

We are selecting the VPN type as Dial-Out only. If you wish the VPN to allow for full time connection so that you can access the remote computers then be sure to tick 'Always On' and Enable Ping to Keep Alive and use the IP address of the remote router LAN port on the other internal network (in this case the LAN port IP of the Vigor 3900.) This will basically make the VPN permanent allowing you to easily administer the computers at the dynamic WAN IP site where the 2830 is located.

Once again we are enabling the NetBIOS packets tick box.

Multicast via VPN is disabled again.

We enter the Vigor 3900 WAN IP/Host name in the server IP/Host Name box.

Click the IKE Pre-Shared and enter the same Pre-Shared key as before and click OK

Leave the dial in boxes empty as nothing can dial into a dynamic WAN router.

Do not specify the other end of the VPN as it is a dynamic IP address.

Leave the IKE authentication box as it is as there is no dial in IKE

My WAN IP should remain 0.0.0.0

The remote VPN gateway is the WAN IP of the 3900 static IP router

The remote Network IP is the subnet of the remote 3900 static IP router, in this case 192.168.x.0 and the remote network mask is a class C of 255.255.255.0 in this case which is the LAN subnet of the 3900

The Local Network IP is the LAN subnet of the router you are configuring and the subnet is once again a class C of 255.255.255.0

We are leaving RIP as disabled and Route as the method of traversal between subnets.

Now we can click OK and go to the VPN connection management page to see how our VPN is getting on:

On the 2830 the HQ VPN has come up and will stay up as we have configured 'always on' and 'ping to remote IP' meaning that when the IP changes at the 2830 WAN it will pickup and stay up allowing us to configure the remote router and PCs securely if we wish.

Now on the 3900 status we see:

Where the VPN is showing happily at the other end also proving that the VPN is encrypting data and sending and receiving successfully.

DrayTek Vigor 2860 to 3900 IPSec VPN

Connecting a VDSL/FTTC satellite office to a Dedicated Ethernet Fibre Hub Office with DrayTek IPSec. Both offices have a static IP in this example.

Firstly we shall configure the hub Vigor 3900 endpoint. Login as normal to see the home screen:

Now go to VPN and Remote Access and choose VPN Server Wizard and select IPSec as your VPN type:

Click to select creating a new VPN profile, choose a name - I have called this one HubOffice -  and click next:

Now we are going to enter the VPN specific information to allow our satellite office to connect:

• Tick the Enable box to enable the VPN
• Choose the WAN port you are using for the internet connection that will carry the VPN and for which we will be using the external IP address of
• Enter the local subnet - this is not provided automatically so enter your local subnet that the satellite office is being provided access to - this may well be the subnet you are using
• Leave the next hop as 0.0.0.0
• The remote host is the external WAN IP of the satellite office Vigor 2860
• The remote host IP/subnet mask is the internal LAN subnet of the Vigor 2860 LAN
• If there are any other subnets hung of the back of the Satellite office - if it is a hub in itself - then you can add the extra subnets here but this can often be a hinderence in getting the VPN to come up so we shall leave it blank for now.
• Auth type is PSK for passphrase/shred secret that we will enter momentarily
• Pre-shared key - enter a long string that you have made a note of, as it is to be entered in the 3900 router later
• Security protocol - leave at ESP
• We are leaving the DPD delay and timeout boxes as default

Click finish to complete the setup...

You will be asked if you wish to proceed to the VPN status page and that is what we shall do:

Now we shall proceed to configure the 2860 which has a pretty much identical interface:

We won't use the VPN Client Wizard so that you can see all of the steps, we will configure the VP manually, click VPN and Remote Access > LAN to LAN:

then select a number corresponding to the profile you wish to configure:

• Fist tick the Enable box to enable the profile
• Give the profile a name
• Choose the WAN1 interface for the VDSL interface if that is what you are using for the VPN external WAN IP address
• Click the pass NetBIOS box to allow ICMP traffic between the offices
• Leave Multicast blocked
• To the right of that leave the call direction as Both
• Below to the left select IPSec as the VPN type
• Below that, enter the IP address or A record host name of the hub office Vigor 3900 WAN
• To the right, click on the IKE Pre-Shred Key button and enter the key as you entered it into the Vigor 3900:

• Now below that enter the IPsec method as High(ESP) AES with Authentication, then click the advanced button
• Click the option to enable PFS - perfect forward secrecy

• Leave the other timeouts as they are and click OK
• Tick the box Specify Remote VPN Gateway and enter the 3900 WAN IP address
• Leave the GRE settings as blank and proceed to the bottom section 5.

• Enter the 2860 WAN IP in the first box
• Enter the 3900 WAN IP in the second box
• Enter the 3900 LAN IP network address in the third box
• Enter the 3900 LAN subnet in the fourth box
• Enter the 2860 LAN network address in the fifth box
• Enter the 2860 LAN subnet in the final box
• Leave the RIP settings as they are.

Now you should be able to go to the connection status on either router and see that the connection is live and be able to ping the other office from each respectively...

Google’s top 10 hidden features

If you’re only using Google to search the web then you are missing out on quite a bit. Have a look at these tips to get the most from the world’s most popular search engine.

We all know that Google is the world’s most advanced search engine, but did you know there are a host of hidden features that make it even more effective to use?

1: The easy way to convert currency

Do you want to find out how much money is in a different currency? Don’t go searching for a dedicated currency converter; you can do it through the Google search box. Just type out your amount – 100 euros, say – followed by ‘in’ and the currency you’d like to change it to, and hey presto, it’ll convert it for you. You can also do the same with number conversions like miles to kilometres and ounces to litres etc., and even translate short phrases from one language into another.

2: Make calculations

Pretty much every computer and mobile device has a calculator built in, but thanks to Google you don’t need to go searching for it. Just type the sum into the Google search bar, and it will perform the calculation for you.

3: See news results

If you are researching something, and want the most up-to-date info available, click the News tab at the top of the results page. This will show recent news articles featuring your search term.

4: Find out what an image is of...

You may know you can search for images online, so if you always wanted to see what someone looks like, now’s your chance. But did you know you can find out what an image is of as well?

Stumble across an interesting picture online, and you can find out more about it by going to images.google.com and clicking the camera icon in the search bar. This brings up two options: either paste the url of the image you’ve found (i.e. what’s in the address bar when the image is the only thing on the screen), or upload an image from your computer to find out what it is.

5: Search a site from Google

Some websites’ own search functions are terrible, but don’t worry, you can also search them direct from the Google home page. Type your search term followed by “site:” and then the address of the website you want to search, so ‘flood warning site:bbc.co.uk’ for example. Then only results from the website you include will show up.

6: Search by file type

Similarly, you can search by the type of file you’re looking for, which is perfect if you’re searching for a specific PowerPoint presentation or PDF. Just type the name of the file, followed by ‘filetype:’ and then the document’s extension, so ‘pptx’ for PowerPoint, ‘docx’ for Word document or xlsx for Excel.

7: Google Doodles

Google regularly changes its logo on its home page to tie in with an occasion. Often to commemerate a famous person, a notable anniversary or a national holiday. Whatever it is, Google always manages to work its logo into the image.

This one pictured celebrates the birth of French architect Eugène Viollet-le-Duc, but they’re always varied, sometimes taking the form of animated films or even playable games. You can find a full archive here and even buy merchandise featuring your favourite doodle.

8: Get results in your locality...

If you choose to let Google know your whereabouts, you can find results in your area without having to specify where you are. Click Search Tools under the search bar and your location is listed on the right, if you are going somewhere new and need to find something, simply enter it on the right.

Search for ‘pizza restaurant’, for example, and it’ll show a list of nearby pizzerias, without you having to enter your postcode. Which is handy if you’re hungry.

9: Search using your voice

What if you don't fancy typing out a search query? No problem – you can just say it. You’ll need to launch Google’s Chrome browser on your computer, then go to google.co.uk and click the microphone icon in the search bar. Say what you want to find, and it’ll speak back to you with the results.

10:  Check flight times

If you’re planning a trip, just go to Google, type ‘flights to’ or ‘flights from’ and the name of your city or airport or three letter airport code. You will see a list of flights complete with flight times, prices, and everything else you could need to know. It’s the only way to fly.

So now we are looking at eBay scams that are interested in hacking your eBay account so that they can get details or account information.

Here is a typical email - the first thing to do is notice that there is a big button with 'dispute this transaction' which is not normally present. Also notice that the email is originating from outlook.com which is unusual for an eBay email:

Also notice that that if we hover over the 'Dispute this transaction' button we see the following:

So the domain name, although having the rover.ebay.com part in, is actually pointing to t.co which is Twitters forwarding domain (Ooops, that's a bit embarrassing) which then forwards you to http://disputetransactionebaycommunicationreview.com/webapps/a3889/websrc 

This page shows up as PayPal:

You can still see the phantom domain at the top though. This is obviously where they are interested in grabbing your PayPal details so do not.

Report this website address as false as soon as you can.

Forward the email to your ISPs spam service email support.

It should be noted that Outlook.com and Twitter.com are both being hijacked for this so beware as it will more than likely pass your anti spam filters!

OK, so you have your new Computer and you are dying to get cracking on the Internet as your ISP has just made live your new broadband connection. Your computer was pre-installed and appears to have everything that you need including your bonus installation of Norton Antivirus or similar and free downloads for a year. You install your modem and are ready to go so lets go...

Antivirus Questions?

But maybe we should hold on a second. Norton Antivirus wins a lot of awards etc but then it would. It is manufactured by Symantec and they are definitely a leader in corporate antivirus technology and a good supplier to deal with on that level but they will charge you for any support as a home user and charge you to update your signature files after your trial period. A better option is to lose the installed antivirus and get AVG Free Edition from Grisoft which picks up as many viruses as any other home edition antivirus package. Grisoft's solution is available from http://free.grisoft.com/doc/1 and I would urge you to pay for the full edition if you are a business as the extra functionality is worth it. Avast Antivir are also perfectly good examples and are also free. Whatever you do, make sure you have a suitable solution before just surfing unknown pages.

You should also equip yourself with a Firewall. Surfing the internet without a firewall is leaving yourself open to attacks so at the very least make sure you have either the Microsoft XPSP2 firewall or one of these free firewalls: Kerio, Sygate, ZoneAlarm

ALSO: Keep Windows Updated! Many Windows updates are to close holes exploited by malicious programs and simply staying updated will keep a lot of infections off your system.

But what about Spy-ware?

What antispyware system should I use? Well first of all, a lot of decent antivirus solutions get spy-ware as well as ad-ware and viruses as they are all basically the same thing. They are all darn annoying and the primary reason new internet users run into trouble. Most of the anti-spy-ware solutions these days use all of the spy-ware and virus hassles to try and sell themselves - I have people calling me asking how to get spy-axe and spy-ware-killer OFF of their machines. These are not solutions being sold to enrich computer use, they are immature, trip-you-up pieces of software designed for a quick buck and some new users will be caught out. In my experience there is no anti-spy-ware solution - even the ones from Microsoft and the like - that catch most of the ad-ware and irritations that can be removed simply by going into Control Panel in Windows and removing everything you do not use or recognise.

If you are determined to use other means or have tried all of the above you can also run these on-line scans. PandaActivescan Housecall Scan although they require an Active X download which your Firewall may object to.

The following examples are all free also, and can happily coexist on the same computer:
Free Anti-Spyware: MS Antispyware AdAwareSE SpybotSD SpywareBlaster
It is important that your computer is run at minimum functionality. Windows is like a pen-knife - it can do almost anything you need it to - but if you are not hosting a website then make sure that the Web-Hosting features are uninstalled. You can do this in Control Panel under add/remove programs and then by clicking add/remove windows components on the left (Windows XP - the others are similar.) Every bit of unnecessary functionality can be used against you so try and run a tight ship. Make sure you have a reason to keep everything you see in this screen. If you don't use network printing then get rid of it. If you don't use Fax services then get rid of them. Every one you can dump frees memory and so decreases the work your computer is doing to swap out the page-file which equals more speed.

Once you have spy-ware/ad-ware or a virus infesting your system it will be taking you to an undesirable website or you will be getting pop-ups of some kind or whatever. Do not go running to the first advert you see. Your friends are the other people who have had the problem. Do a search on the Internet for a description of the symptoms and have a read of some articles that do not get money off of you for your custom. Forums and the like. There will be instructions. If you cannot get to a website other than the one to which you are unwittingly directed, go into control panel and add/remove programs, and get rid of anything with an incomplete name (I mean uninstall it by get rid of) or anything that you do not knowingly use. If you are unsure, then have a look in the documentation for the software name in question. Do not just uninstall everything you do not recognise, check the system again at each uninstall to see if the problem is cured so you know for sure which application was causing the problem.

Many viruses and the like kick-off their processes at boot up. There are many places in the Registry (a set of files that do a lot to tell Windows how it should behave) that these processes can give themselves shortcuts to start-up. If you go to the start button on your task bar and choose run and then type regedit into the box which appears, you will be presented with the registry editor. Beware!!!! The Registry is critical to Windows and if you mess about with it you can stop Windows booting up altogether so do not change anything without verifying the information from at least two sources!!! If you look at HKey_Local_Machine -> Software -> Microsoft -> Windows -> CurrentVersion -> Run and Runonce etc. you will see something like that below:

Many of the processes aggravating you or your computer are to be found here or other similar places in the Windows Registry. Note that in a lot of articles it is common to substitute HKLM for HKey_Local_Machine and that there are as many trouble causers as do-gooders so try and find a good source of information and verify it. Once you have found a source to be good more than a few times you can start to trust the information you find there.

With issues like SpyAxe where the product repeats that you have a virus, remember a few things. If the product it is asking you to install is not already installed then how can the computer know it has a virus? 

Please feel free to submit any other spy-ware problems at http://forum.sircles.net for us to have a look at. If you wish to try an anti-spy-ware application to help clear up your PC, have a look at the anti-spy-ware review site for a decent opinion of which one works best as we prefer companies to be inspired to make a good product rather than just hard-selling via cheap viruses and ad-ware; if they keep trying to hard-sell you things, tell us, and we will find a better link.

Encryption and Security

So what is a VPN and is it useful to me? What is encryption and how does it work? Mystified? Well have a read on for some simple (ish) explanations of some of the more common security terms. A VPN is exactly what is being described. It is a virtually private network. In other words it is information that is sent between two parties who have a shared pre-requisite of knowledge that allows them to decode each others messages. This is referred to as a tunnel because no one on the outside of our pre-shared information can see what is within because the information is encrypted and authenticated, that is each party can be sure of the identity of the sender and that no one was able to understand or change the information since being sent.

A type of tunnelling is in evidence every time you purchase something online or log in to an account with a website such as eBay, and this is called public/private key encryption. In the case of eBay they do not know if the computer you are using is who it says it is - it has no certificate to authenticate with-. The only important thing is that your computer believes eBay are who they say they are and your computer verifies this because eBay use a certificate that is issued by a Certification Authority that Microsoft or Macintosh have verified as authentic, and so your computer trusts the certificate and encrypts the information using the private key included in it. eBay trust you because once the encrypted tunnel between you and eBay is working, they ask you for your password, which is sent as encrypted traffic using the authenticated certificate eBay supplied. This form of encryption is typically used by the Secure Sockets Layer or its successor TLS - Transport Layer Security.

In a VPN, both parties must know who the other is and this is usually achieved with a shared secret combined with a hash algorithm known as a keyed hash algorithm. A hash algorithm takes a message of any length and returns a fixed length hash which is very difficult to fake because it is very very infeasible that you could find two messages that would give the same result. The two parties add an incrementing number to transmissions so that someone trying to decode and fake messages will not be verified as they will not be including the incrementing number in subsequent messages. Once authenticated, further communication is made using symmetric ciphers which rely on encrypting information using a pre-shared secret. The disadvantages being that this means that the two parties must have previously exchanged secure information and that the secret must be constantly changed to prevent the encryption being compromised.

The main thing to bear in mind is that it is all the same. Sure there are different methods of encryption and different methods of authentication, but as long as both are ensured to a sensible level we are more or less talking about the same thing. In the main the difference between VPN and normal use of TLS or SSL communications is tied to the factor of Authentication. VPNs require valid hosts at both or all ends.

How does any of it work though? Lets take a look at Public Key Encryption. SSL and its successor TLS both use Public Key Encryption as does the new IP versions IPV6 which uses IPSEC - Internet Protocol Security to encode all traffic. I must take this opportunity now to warn you now that none of this is necessary knowledge to put a working VPN system in place so don't come back complaining it wasn't in your Microsoft exam.

I want to tell my friend Marc how many apples I have collected from the orchards where we work but I do not want Rob or his competitive friends to know so that they do not deliberately stay longer so as to collect just a few more. I therefore devise a simple coding in advance with Marc that I will give a sign when I am about to say my collected number of apples and that amount will be 'encoded.' For instance I might give a sign to Marc by climbing onto my bike and ringing the bell - a sign that can easily be mistaken by Rob and his friends as we are about to head off home anyway - and then Marc will know that the amount I say will be multiplied by five. Five in this example is sufficient because Rob and his friends will have to spend so long collecting apples to compete that they will give up virtually before they start and still have no real idea how many apples I may have collected. This amount is 'encoded' (in this example by private encryption) because both of us know my private key - that the amount is multiplied by 5 -.

So what we are in effect creating is a private key tunnel. A way of communicating securely as long as we have a secure way of exchanging our private key and we can recognise each other and our own pre-agreed method of encryption - i.e. we can successfully Authenticate and Encrypt. But what if matters were different. What if Marc and I were separated and had no secure means of exchanging our private keys. Well, a method which allows us to achieve this is a relatively simple mathematical function but it is fairly slow to encrypt. It is referred to as Public Key Encryption and was developed at GCHQ in Britain by three men called James Ellis, Clifford Cocks and Malcolm J. Williamson. James Ellis had come up with the idea of Public Key Encryption but had not conceived how to implement it. Clifford Cocks - who was also working at GCHQ - heard of the idea and was intrigued and went home and literally thought up the system in less than half an hour. Cock's system did however work with a specific value for the public exponent (see below) and in 1974 Malcolm J. Williamson proposed using a general public exponent. The system is known as the Diffie-Hellman key exchange because of one very important reason. GCHQ is the British equivalent of the NSA and is responsible for the encryption of secret messages on behalf of the MOD (Ministry of Defence) and also the decoding of any suspicious messages intercepted in the UK. The fact that this method had existed - at least in secret - since the early 1970s was not discovered until 1997 when Cocks was allowed to divulge the information relating to a technology which GCHQ had never found much use for. It was, however, of no consequence by this time as in 1976-7, Ronald Rivest, Adi Shamir and Leonard Adleman discovered and published the same system and soon a real use for the functionality would make RSA one of the most commonly-found pieces of software on the planet. It should be noted that the Military are not so interested in Public Key Cryptography, usually because a pre-shared code can be easily exchanged and the early computers at the time of invention could not perform the math.

So how does it work, how can there be a secure way of knowing that I am really talking to who they say they are and also knowing that no one else will know what we are saying? Firstly, it is not true to say that no one can know what we are saying, just that if we encrypt our messages with sufficiently large values for our formulae that the chance of knowing a single exchange before long after we have stopped talking is very slender.

The system works by the two parties choosing a prime number and a base to create a one way trap door effect. Let us go back to the orchard to see how myself and Marc can use these numbers now we are trying to communicate the totals of apples harvested that working day by email and are wary of Rob and his cohorts reading our clear-text emails. We must therefore exchange some kind of code that we will both know but that is not derivable from our exchanges.

Marc and I are going to choose prime number 11 as our prime so p=11, and our base as 3 so q=3

I am encoding my number of apples harvested for that day, and so I decide upon a secret integer to multiply again just as before and this time I choose S=9, so I encrypt the number as follows. I send Marc our base number qs mod p (q=3 so 3 to the power 9 and mod simply means the remainder left after you divide by, so 39 divided by 11 so 39=19683/11 = 1789.3636 recurring so we remove the integer to be left with 0.3636 recurring and re multiply by 11) which gives us our remainder as 4.

Marc chooses a secret integer too, M=8, and then sends me qm mod p or 38 mod 11 = 5

I compute (qm mod p)s mod p = 59 mod 11 =9

Marc computes (qs mod p)m mod p = 48 mod 11=9

We have both derived the same value because qsm and qms are equal, and bear in mind that m, s, qsm, and qms are the only values transmitted publicly, all of the other values are kept entirely private. Once this exchange has taken place we have arrived at a number (please bear in mind it only turned out to be the number Simon chose by chance and would normally be a number unknown by either party until the calculation was carried out) we can use this number to encrypt our apple harvest. As long as we use sufficiently large values for our secret and prime numbers - i.e. our prime was over 300 figures and our secret numbers for Simon and Marc over 100 figures, it would take even the most efficient algorithms known to humankind more than the lifetime of the universe to crack our system. Our new number derived from performing the above with properly large values becomes Marc and Mines Secret Shared Key and may be used to encrypt future messages.

In reality there are more factors that must be taken into account to verify Authentication so as to make sure that I am talking to Marc and not someone impersonating him, which incorporates assigned certificates and certificate authorities just as those that you use every time your browser tells you that you are entering a secure zone and the http:// at the front of the web address url you are visiting is replaced by https://. This is the most typical use of SSL or TLS - to secure web pages.

A Note on the Truth

There are other variants of encryption used with communicating across the Internet to form VPNs such as Block Ciphers like 3DES and AES/Rijndael which are very commonly used in tunnelling often in partnership with hash algorithms like SHA1 or MD5. In truth it is some or all of these security measures acting together that represents most modern VPN tunnelling systems used in equipment like the Checkpoint NG, Windows Server or Cisco PIX. 3DES is still typically the cipher even though it is 56 bit DES performed 3 times and SHA1 is used as a hash algorithm for authentication. Both of these technologies are being superseded by AES/Rijndael and SHA2.

Oi Windows 10, give me back my PC !!!!

If you are, like me, a very boring web user who doesn't go to many unknown websites or watch lots of unsubscribed videos etc. then you might be feeling a little annoyed with the new 'compulsory real-time monitor' arrangement that Windows 10 suffers from. It is, of course, a sign that your computer hard disk drive is now performing two or three times the work for many operations compared to how it was functioning on Windows 7. Real-time scanning (as the word real-time is supposed to explain) means that every file your computer needs to open is examined in advance by a proprietary process before the system comes into contact with it. Now there are two reasons why I don't like this thinking. The first is the obvious performance problem (and whether that wastes more time, energy and money than all the viruses in the world put together is another question.) The second is that Windows 10 downloads so many updates of such unbelievable magnitude that they kill the performance of your machine and the internet and so what is the point of Windows Defender anyway? This is further compounded by the fact that Windows Update, like Windows Defender, now appears to be compulsory.

OK so let’ shave a look at all of the components and how we can disable them as Microsoft have recently started to run scheduled tasks to make sure that the most performance hungry Windows processes are restarted and re-enabled at regular intervals such as Sharepoint Sync in Microsoft Office and Defender in Windows 10.

So we will begin by using the simplest and safest way to disable the Windows Defender Components, using the registry editor.

If you press the Windows key and type 'regedit' and press enter you will be presented with the registry editor and you will need to navigate to the following area:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender

This means that under HKEY_LOCAL_MACHINE you expand the folders (called keys in registry editor, even though they lok the same - they are not folders, they are completely different - )

When you find the correct key, you highlight it on the left and then right click on the right hand side, below the (Default) value and select New > DWORD (32-bit) Value 

Give the DWORD the name DisableAntiSpyWare and once it has been created, double click the DWORD and enter the value '1' and press OK so that you have the below:

Now let's try restarting Windows 10....

OK so according to the above view from the taskbar, the Windows Defender application is not running. Let's have a check under the services running by clikcing the start buton and typing services.msc. 

OK excellent, the service has been stopped and is now set to manual. This is going to speed us up nicely. But now how do we stop the automatic updates from hogging all of the bandwidth and disk speed?

Well there are many sites telling me to use metered connections or policies to disable this function, but the Windows update feature can be disabled by opening up the services.msc applet and disabling the service by finding it as follows:

NB This service has already been disabled but your will not have been.

Now double-click the update service and choose the start-up type:

Once it is set to disabled then click OK to confirm.

Now we are back in control of our Windows 10 PC and our Ineternet connection, RAM, Hard Disk and CPU are all our own again.

We are currently looking at some of our domain catalogue as a resource to be invested in rather than hyped up and sold on, and this is where an internet domain name is not so akin to real estate, but more like owning a port, or an exclusive trading agreement. A domain does not suffer from a limited number of rooms or a limited amount of land, and it is always a unique resource, no matter how many other domains are similar (and there are more and more obviously) but in this case we are going to examine a fairly sought after domain in the UK market, and although it is not a single word domain, it is a single phrase which is essentially a single keyword in its own right. 

Travel Information (a co.uk domain in this case) is something that everyone requires whether they are trying to go on holiday, return safely from a business trip, or just point their car in the right direction to get home. In all of these cases there is one phrase that is being seacrehd for on every device in every airport or jam or port- 'travel information.'

Now with all websites there is, of course, the question of content. This is a very important question as content is what your site has to offer and without it no one is going to hang around and so the search engines will quickly evaluate you as pointless. This means that we will have to invest heavily in a great site UI and fill it with huge amounts of information doesn't it? Well possibly that is a good solution but perhaps there is another way to look at this problem before we call the bank manager.

The thing about travel and travel information is that people are always looking for a single source where they can be reading about all sorts of different options rather than swimming around the internet in search of the best options and generally doing all of the work. Perhaps then we can find a way to offer sources of information a chance to publish their material on the site and when there are a reasonable number of guide books and maps etc. included it can be unleashed on the web users. Hopefully they will begin to find it useful.

So what would this site actually take to put up - emails sent out to councils and the national trust, region by region, until you have a number of attractions to visit in Britain and then you can begin assembling information from your readers rather than having to go out and find it. an important part of the site will be to continue to ask readers to point out any errors or overlooked places to visit.

Now what is going to actually persuade the National Trust and friends that the site is worth corresponding with? Well the domain name travelinformation.co.uk itself is a real seller here. The correspondence will have to have a very nicely assembled email and/or written letter with great presentation all-round, as well as a really good 'under-construction' page that may need to heralded as more of a re-design. Either way the prowess of the site is far from proveable at first and so these first impressions are important. Most of the councils/attractions etc. will happily give permission for their leaflets to be reproduced as advertising is what the leaflets were for in the first place. Some sort of OCR software will be needed to give the website search engine readability rather than images being postered all over the pages but this is a tiny detail.

So once we have a small audience then we can encourage by making high-quality, relevant offers to who are hitting certain pages then we can start to build an audience. There is no room for capitlisation at the start - the deals must remain as good as we can make them otherwise we will never begin to have any buying power with our suppliers, and so never build our site. Once we can get 3% where other buyers cannot then we can make a percent on give a percent to the buyer and start to recover our losses so far with that last percent. The most important thing is that our site remains a good place for our small client base to exchange information and look through deals to purchase travel deals.