Abzetdin Adamov's IT Blog

IT is about doing more with less!

Archive for the ‘Administration and System Design’ Category

IEEE Day 2013 – Leveraging Technology for a Better Tomorrow

Posted by Abzetdin Adamov on September 29, 2013

IEEE Day 2013 - Qafqaz University, Baku, Azerbaijan

IEEE Day 2013 – Qafqaz University, Baku, Azerbaijan

IEEE DAY 2013 EVENT PROGRAM

01 October – IEEE Day 2013 is important anniversary that engineers worldwide celebrate the first time when IEEE members gathered to share their technical ideas in 1884. It is fourth celebration worldwide and first in Azerbaijan will take place at the Qafqaz University.
While the world benefits from what’s new, IEEE is focused on what’s next. Thus, this year the theme of IEEE Day will be “Leveraging Technology for a Better Tomorrow”.
These are full-day hands-on technical seminars on a wide range of Technology topics for IT Professionals and Students to help them become Technologically Updated. All our speakers are high level certified IT and technical professionals with rich experience of applying their knowledge in corporations and businesses.

TECHNICAL SESSION:
Database Administration & Development
Network, Platforms & Supercomputing
Software Development & Frameworks
Cloud Implementations
Workshop & Closing

SPEECH TOPICS:
IEEE Day 2013. IEEE as a Global Professional Platform.
Oracle Database 12c: New Features for Oracle and Java Developers
Best 10 New Features of Oracle Database 12c
IPv6 Planning, Deployment and Operation Considerations
UNIX, Linux and New Features in Solaris 11
Database Machine – EXADATA
Spring Framework Overview and Spring MVC
Groovy on Grails
Reverse Engineering an Android Application
Education in the Cloud
Infrastructure in the Cloud
Leveraging Technology for a Better Tomorrow

IEEE-Day-2013-Baku-Azerbaijan

Advertisements

Posted in Administration and System Design, Meetings with Colleagues | Leave a Comment »

Qafqaz University continue activities directed to raising of Public Awareness on Information Security

Posted by Abzetdin Adamov on June 9, 2012

The 1-st International Information Security Workshop -  Public Awareness on Information Security

Qafqaz University continue activities directed to raising of Public Awareness on Information Security

The 1-st International Information Security Workshop

Azerbaijan, Baku, Qafqaz University
19 – 20 June 2012
http://ce.qu.edu.az/InfoSec

The Organizing Committee would like to invite all interested parties to attend the the 1-st International Information Security Workshop that will be held at the Qafqaz University in June 19 and 20, 2012 and co-organized by the Computer Engineering Department at the Qafqaz University (http://ce.qu.edu.az), BM Technologies (www.bmtech.az), BitDefender (www.bitdefender.com), Lancelot Institute (www.lancelotinstitute.com) and IEEE Computer Society Azerbaijan Chapter (http://chapters.computer.org/azerbaijan).

Workshop Statement:

Today, when cyber infrastructure has affected how we accomplish duties and job, how we get acquainted and communicate, how we teach and learn, how we entertain and spend time, etc. collecting and using personal, financial, governmental information, as well as the importance of protecting that information, is a complex challenge that has legal, business, political and technical ramifications.

The global cyber infrastructure has become the crucial environment for economic prosperity, government efficiency, and national security. At the same time the same environment which provides new inviting opportunities also makes possible new potential risks and threats. Protecting the vital information and critical infrastructure from cyberattacks becomes increasingly difficult and costly mission for governments, corporations, non-profit organizations, and even for citizens. Hacktivism, cyberwar, cyberweapons and their potential threats are becoming a reality.

It’s why high education research institutions, governments, businesses, public and private sector partners all together should work to find effective solutions to protect the confidentiality of sensitive information and resilience of national and global cyber infrastructure. We hope that the 1-st International Information Security Workshop would be successful example of such cooperation and will serve as a booster of public awareness and understanding of information security issues.

Dr. Abzetdin Adamov
Qafqaz University
Chair, Computer Engineering Department

Posted in Administration and System Design, Meetings with Colleagues, Uncategorized | Tagged: | Leave a Comment »

Internet Technologies in Depth. The Technique of Spam Recognition Based on Header Investigating

Posted by Abzetdin Adamov on October 4, 2011

Abstract – E-mail is most effective business and personal communication tool. The popularity, openness and wide availability of this Internet service makes it attractive for advertising of products and services by sending unsolicited e-mails (Spam). The goal of paper is to offer a comprehensive and usable technique to recognize spam that helps to detect and protect users from junk email, fraudulent e-mail threats and viruses. While widespread methods are complex and expensive, proposed technique is based on header investigating without additional tools and hard processing.

Keywords – Internet technologies, e-mail architecture, spam, spam recognition

INTERNET MESSAGE AS COMMUNICATION TOOL AND SPAM

The asynchronous nature of e-mail provides convenience and more effective use of time for communication participants. In contrast to immediate communication means like telephone, email is deferred type of communication. So, instead of immediate reaction, recipients now have the comfort to read, interpret and react on received information later, or do nothing if no action is required [1].

Because of mentioned and other advantages of email communication, the popularity of email as the  communication means for business and personal use has risen steadily over the last decade. The following Figure 1. shows rising popularity of the email communication over the last years and some prediction for future.

Email using progress by years

HOW EMAIL DELIVERY WORKS

 The email delivery is a whole process of massage transfer from the source to the destination. The Figure 3. shows this process in detail. Let see the process step by step:

  1. Using email agent the sender is submitted email for smith@b.com.
  2. The SMTP service of the mail server received sender’s message resolves the email domain “b.com”. To do so the mail server using DNS service (see DNS resolving at [4]) asks the NS server of b.com for the MX record. The MX record specifies the mail server, which is destined to gets all emails with domain name b.com.  The name of such a male server is in our example is mail.b.com.
  3. Email is routed to the receiver’s mail server mail.b.com.
  4. The SMTP service of mail.b.com places the email into recipient’s mailbox “smith” in the mail store.
  5. The recipient checks for email for user smith@b.com using the POP3 service of his email agent. To be able to access to mailbox user has to pass authentication process of the POP3 service.
  6. If the authentication module accepts eligibility of the user, the email is downloaded to the user’s email agent.
Detailed structure of email delivery

Detailed structure of email delivery

THE INTERNET MASSAGE (EMAIL) FORMAT

The first Internet message standard was described by [5] in 1977, which was renewed by [6] in 1982 had been using for almost twenty years. The newest email standard is described in [7] was published in 2008.

According to the last standard the Internet message (or email) consists of an envelope and content (for further more information see [8]). This is illustrated in Figure 4. “a”. The envelope, which is part of SMTP protocol, can be viewed as container of message and has information about from whom the message originated (sender) and to whom it is destined (recipient or list of recipients). The existence of sender’s information is necessary to be able to send back the error message if the message delivery is failed. The envelope is a temporary container created by source mail server just before passing the message to the destination mail server, as is shown in Figure 4. “b”. By the time a message has been delivered to a recipient’s mailbox there is no envelope.

Email format and envelope concept

Email format and envelope concept

EMAIL HEADER INVESTIGATING AND SPAM RECOGNITION

The content of email includes header fields and message body. The meaning of the header fields is to provide receiver’s email agent with descriptive information about message, such as sender, receiver, date, subject, etc. The header block contains several textual lines each of which presents syntax: “header title: value” (look at Figure 4. “a”). The body separated from header fields by empty line, contains textual information the sender is sending to the recipient. The primary header fields specified by [7] (RFC 5322) are shown in Table 1.

TABLE I

INTERNET MESSAGE HEADER FIELDS

Header Description
From: The name and email address of the message originator
Date: The local date and time when the message was written or sent
Message-ID: Machine readable unique identifier generated by mail server; designated to prevent multiple delivery, and to use as reference in In-Reply-To
In-Reply-To: Used for reply messages only, and contain Message-ID of the  original message(s), creating relational tree of messages
To: Email address(es) of the primary recipient(s)
Cc: Email address(es) of the secondary recipient(s). Generally, used to indicate recipients whose don’t have immediate relation to the matter, however should be informed
Bcc: Same as Cc, but hidden from recipients. SMTP removes this header field before delivering of the message
Subject: Textual human readable summary of message
Content Type: MIME type of the message content, designed for email agent to display message properly
Received: Contain information about all mail servers that were involved in the message delivery
References: Like In-Reply-To uses Message-ID(s), but designed to identify a thread of correspondence
Keywords: Keywords specified by sender
Reply-To: Email address should be used when recipient replies to message
Return-Path: This header indicates the email address of message’s sender. The value of this header has to be same as “From” address of the SMTP Envelope
Delivered-To: The email address of recipient
Sender: Actual sender of the message (generally, used address listed in the From)

The level of importance of each header field in message formation is different. For example, any internet message must include From: and Date: fields, and should include Message-ID: and In-Reply-To:. The rest of fields are optional or are managed automatically by mail servers. The one of the most important headers Received: is deserved to be reviewed in more detailed way. This header significantly simplifies the fight against spam and spammers. When we receive unsolicited bulk email, our email agent program normally shows only the standard To:, From:, Subject:, and Date: headers, as for any other email. At the same time, the From: address may appear to be from someone we well know, or from some organization whose name we respect or trust. In reality these spoofed messages do not originate from the address that appears in the From: header. To see the real address message was sent from, it is necessary to control Received: filed, which tells us the route the message took when it was sent to us.

Now we will try to understand how to find original source of the suspicion email through investigating the email header. To do so, firstly we need to be able to see the full email header. Generally, all email client programs (even webmail services like Gmail, Yahoo, etc.) have appropriate function to display full header of any message in your inbox. Let see the header of message I have received recently is shown in Figure 5.

Delivered-To: my.address@gmail.com
Return-Path: <SRS0=M78ycc=RT=p3slh174.shr.phx3.secureserver.net= lindaadleen2@qafqaz.edu.az>
Received: ……………………
Received: by 10.220.162.197 with SMTP id w5cs344529vcx;Sun, 17 Oct 2010 05:24:20 -0700 (PDT)
Received: from bosmailscan05.eigbox.net ([10.20.15.5])by bosmailout03.eigbox.net with esmtp (Exim) id 1P7SHj-0007rH-Qyfor http://www.adamov@gmail.com; Sun, 17 Oct 2010 08:24:19 -0400
Received: from p3slh174.shr.phx3.secureserver.net (localhost.localdomain [127.0.0.1])by p3slh174.shr.phx3.secureserver.net (8.12.11.20060308/8.12.11) with ESMTP id o9HCOF7n030063for <aict2011@qafqaz.edu.az>; Sun, 17 Oct 2010 05:24:15 -0700
Received: (from lindaadleen2@localhost)by p3slh174.shr.phx3.secureserver.net (8.12.11.20060308/8.12.11/Submit) id o9HCOEvK030054; Sun, 17 Oct 2010 05:24:14 -0700 Date: Sun, 17 Oct 2010 05:24:14 -0700
Message-Id: <201010171224.o9HCOEvK030054@p3slh174.shr.phx3. secureserver.net>
To: aict2011@qafqaz.edu.az
Subject: xxxxxxxxxxxxxxxxx!!!!!
From: vangelis@mail.ru

The header has been slightly modified by removing most eleven Receive: fields. The Receive: headers appear in reverse order. So, the first Receive: header from bottom (see line 7) presents the original source of the message. The line “from lindaadleen2@localhost” shows information about computer the message was sent from. Probably, spammer uses SMTP service installed on his computer in order to send bulk mail. The next line shows the name of the first mail server involved in delivery process “p3slh174.shr.phx3.secureserver.net”, the exact date and time of receiving, and unique id assigned by server to this message. The id is unique for particular mail server and can be used for tracking of the message. The two headers To: (see line 9) indicates to whom the message is sent and Delivered-To: (see line 1) indicates by who it is received, are supposed to be same. Furthermore, other two headers From: (see line 11) and Return-Path: (see line 2) are also supposed to be same. The fact that they are not same testifies the spam nature of the message.

Posted in Administration and System Design | Leave a Comment »

Neglected point of Internet performance. How to choose the right DNS service

Posted by Abzetdin Adamov on May 12, 2011

DNS Functioning, Secondary Nameserver and Resource Records

DNS Functioning, Secondary Nameserver and Resource Records

In order to make website or any other web-based service available 24/7 it is crucial to have reliable DNS service. It is because of DNS resolving is starting point of any potential visit of website, mapping human-friendly text-based domain like “www.qu.edu.az” name into computer-friendly IP address like “85.132.19.200”. So, if DNS is failed or too slaw, it may become the bottleneck of the important project. Generally, all web hosting providers, as well as some of domain name registrars, recommend customers to use freely their DNS servers but most of them are not enough reliable. Outsourcing of DNS service to professional DNS hosting provider with multiple DNS servers in multiple geographic locations can be one of the key factors in maintaining of the uptime critical web-projects.

There are several evidential properties of any Internet-based service like DNS service. These properties affirm in general that service is reliable.

Performance – short time of DNS resolving – high performance servers, geographically distributed (most close server responds to client’s request), implement load balancing and redundancy with anycast addressing
Security – protect from DNS specific attacks such as Denial-of-service (DoS) or cache poisoning – encrypt transfers between a primary and a secondary DNS server, forbid recursive DNS servers, use anycast, …
Manageability – provide user-friendly interface – web-based control panel enables management your DNS zone’s all DNS records
Reliability – provide service available 24/7 – all features above will guarantee 100% SLA

Actually all DNS providers decisively claim that their DNS service responds to all mentioned requirements. However, DNS service is too complex and these features are not enough, DNS service should also be useful, flexible and herewith cheap.

Here I will try to specify some additional DNS specific criteria of service which should be kept in mind in order to choose the right DNS service:

Existing of free/trial service (Free/Trial) – possibility to use service for free with restricted options (forever or just a trial term)
Minimal TTL value (TTL) – Time-of-Live, indicates how long resource records information will be stored in cache of the DNS server (critical, if your IP address is changed frequently)
Records per zone (RPZ) – indicate how many resource records (A, NS, CNAME, MX, …) you can add to your zone
Number of hosts/domains per account (Hosts/Domains) – number of A records you can specify for the different hosts of the same domain / how many domains you can add to your account without additional payment
Number of DNS queries per month (DNS queries) – indicates how many resolves per month are allowed for your zone (resolving occurs each time when somebody access to your website, sends email to your domain, …)
Minimal plan price (Min Price) – most cheap DNS service plan
Price of additional queries (+ Queries) – if the number queries provided by your plan is not enough, usually, you can request more
Price of additional domain (+ Domain) – in order to be able to collect all your domains within the same account and manage them all from one point.

The DNS Hosting Service Providers and their estimation in accordance to the mentioned criteria:

Company Free/Trial TTL RPZ Hosts/Domains DNS Queries Min Price + Queries + Domain
zoneedit.com Yes (5 custom domain) 20 min 1000 unlimited/1 3000.000 12 1 11
dyndns.com Yes (hostname in one of 18 domains) 20 sec 75 30/1 600.000 15 15 15
everydns.com Yes (custom domain) any unlimited 20/1 600.000 15
dnspark.net Yes (trial) any unlimited unlimited/1 5000.000 14 5.5 14
easydns.com 20 sec 1 1000.000 20 2 20
dnsmadeeasy.com Yes (trial) 5 sec 40 10/3 5000.000 30 1.6 2

Just in case, it’s third year I’m using dnspark.net DNS service for corporate website and my own need and really happy with it.

Don’t forget DNS service is backbone of your Internet presence and think before entrusting your business to company, which doing this work for free, so offer zero guarantee for service reliability

Posted in Administration and System Design | Tagged: , , , | Leave a Comment »

Google Apps Better Administration Proposal

Posted by Abzetdin Adamov on September 20, 2010

Abzetdin Adamov's proposal on google apps effective administration

Google Apps Effective Administration

Google really does great work providing more services and better administration of users for Google Apps for Education. These are very useful new options:

  1. To define organization structure in Google Apps and assign users to appropriate units;
  2. Assign to users tools they really need;
  3. Create through domains and make possible for users from different domains to communicate and share their documents.
But, at the same time, if you will try to implement all of these options in the large organization, it undoubtedly will increase the workload of administrator and his responsibility. So, as a solution for large organization Google Apps Manager has to assign several persons who can administer the system. Since, each of them has the same access to all users’ and services’ settings, the probability of mistake which can affect whole system is quite high. At the same time, if organization has moved to Google Apps it’s vitally important for them to guarantee uninterrupted operation of all services. So, organization needs to be safe from any kind of interruption due to mistakes or carelessness.
I believe, it would be greatly appreciated by administrators’ community if Google provides us in the nearest future with new options that makes possible to define several administrators and grant them access to different units, to different services with different accessibility.
Any feedbacks from administrator’s community on this issue would be greatly appreciated…

Dr. Abzetdin Adamov
CIO at Qafqaz University

Posted in Administration and System Design | Leave a Comment »

Qafqaz University has gone Google Apps for Education

Posted by Abzetdin Adamov on September 2, 2010

Dr. Abzetdin Adamov about Google Apps implementation in Qafqaz University

Google Apps implementation in Qafqaz University

This Summer Qafqaz University has started campus-wide project of migration Google Apps for Education for all faculty, staff and students.

In 2006 we decided to create common collaboration and communication framework for faculty and students through implementation of the Campus Mail System. But because of high cost of the maintenance this initiative was converted to the hosting email solution assigned for faculty and staff, but unfortunately not for students. At the same time we have noticed that our students knew Google tools and already used them to meet common needs. From the end of 2008 we started to observe the possibility of adoption of the Google Apps in Qafqaz University.

This summer, our Computing & Information Services team was in the process of migrating everyone to our new Google Apps – Qafqaz University system. The positive experience of other Universities as well as experience our faculty have had using the Apps suite helped us decide that the change would bring significant benefits and cost savings to the university as a whole. In fact, we predict this change could save us considerable amount of money could be invested to meet other needs.

Many academicians as well as students widely use regular Gmail for communication needs. But what most of them don’t know is that Gmail can be configured so that they can use Google Apps through custom university domain. For instance, if my university domain is qu.edu.az, I can set up accounts for all my faculty and even for students, so they get Gmail, Celendar, Sites, Docs, and chat all with usernames like name1@qu.edu.az, name2@qu.edu.az, … My users log in to a Google hosted control panel (which is customized with a Qafqaz University logo, look at http://qmail.qu.edu.az), and all their email would get sent with their custom domain email as the From, as well as they receive email to the same email boxes.

In such a way Qafqaz University has enhanced its communication and collaboration infrastucture. Now Google Apps at @qu.edu.az has opened to any QU faculty, staff and student who would like to move. With just a Qafqaz ID and password, a Qafqaz University’s student can instantly use the full set of Google Applications for Education:

Qafqaz University has gone Google Apps for Education

Qafqaz University has gone Google Apps for Education

Dr. Abzetdin Adamov
Cheif Information Oficcer
Qafqaz University

Posted in Administration and System Design, Uncategorized | Leave a Comment »

Google Apps for Education – Upload many users at once

Posted by Abzetdin Adamov on June 24, 2010

Generally it’s problematical to prepare CSV format file with data to upload many users at once to GMail server for Google Apps. Here I’ll try to share a slight experience on how to do this…
  1. Select users information from appropriate database/table (see more details below)
    1. username
    2. first name
    3. last name
    4. password (how to generate automatically)
  2. Export data to Excel
  3. Delete the First colunm order number
  4. Save as Unicode Text or
  5. Open and Save as UTF-8 with BOA and .CSV extention
  6. Replace all Tab characters with Comma
  7. Upload File to Google
How to generate passwords? Keep in mind that the minimal length of password in Google is 6 symbols…


select t.username as "username",
t.first_name as "first name",
t.last_name as "last name",
round(p.str) as "password"
from table t, (select dbms_random.value(100000, 999999) str from dual) p
where .... -- if it's necessary

--dbms_random.string('L', 6) you can use this function instead of .value if you would like to generate character password

Posted in Administration and System Design | Leave a Comment »