Institute for Development and Research in Banking Technology
A Project Report on USING DNS TO PROTECT CLIENTS FROM MALICIOUS DOMAINS Submitted by M.L.V.L Akhil Vishnu 3rd year B.Tech, Computer Science and Engineering Indian Institute of Technology (ISM) Dhanbad.
Guide Dr. V. Radha Assistant professor IDRBT, Hyderabad.
1 | P a g e
ACKNOWLEDGEMENT
I would like to express my gratitude to the Institute for Development and Research in Banking Technology (IDRBT) under the guidance of Dr. V. Radha, Assistant Professor, IDRBT, Hyderabad. I would not hesitate to add that this short stint in IDRBT has added a different facet to my life as this is a unique organization being a combination of academics, research, technology, communication service, crucial application etc. and at the same time performing roles as an arm of regulation, spread of technology, and facilitator for implementing technology in banking and non-banking system. I am extremely grateful to Dr. V.Radha for her advice, innovative suggestions and supervision. I thank her for introducing me to different aspects of “CYBER SECURITY AND DOMAIN NAME SYSTEMS”. I am thankful for IDRBT for providing such an amazing platform to work on real application oriented research. I would like to give special thanks to Mrs. Varsha Srivastava, Administrative Executive, IDRBT, Hyderabad for providing resource and motivation in carrying out this project. Finally, I thank one and all who made this project successful either directly or indirectly.
M.L.V.L Akhil Vishnu 3rd year B.Tech, Computer Science and Engineering, Indian Institute of Technology (ISM) Dhanbad.
2 | P a g e
CERTIFICATE
This is to certify that Mr. M.L.V.L Akhil Vishnu, pursuing B.Tech Computer Science and Engineering at Indian Institute of Technology (ISM), Dhanbad, has undertaken a project as a summer internship at the Institute for Development and Research in Banking Technology (IDRBT), Hyderabad May 12, 2017 to July 7, 2017. He was assigned the project entitled “Using DNS to protect clients from malicious domains” under my guidance. During his course of project, he analysed the challenges faced by the clients in phishing and has implemented a solution. He has done excellent work with sincerity. I wish him all the best for all his endeavours.
Dr. V Radha Assistant Professor IDRBT, Hyderabad.
Place: Hyderabad Date: 7th July, 2017
3 | P a g e
ABSTRACT
DNS is a protocol within the set of standards for how computers exchange data on internet, known as IP/TCP protocol suite. A DNS server, also called as name server handles a massive database, which maps domain names to IP addresses. Phishing is the attempt to obtain confidential information such as usernames, passwords and details of credit and debit cards, often for malicious reasons, by tricking the user. There are some approaches to prevent phishing. DNS sinkhole is one among them. DNS sinkhole, also called as black hole DNS, is used to spoof DNS servers to prevent resolving hostnames of specified URLs. A sinkhole is a way of redirecting malicious internet traffic so that it can be captured and analysed by security analysts. This can be achieved by configuring the DNS forwarder to return a false IP address to a particular URL. This can be used to restrict access to specific sites that violate corporate policies, including social networking, abusive content etc. In DNS sinkhole, we create two lists called white list and black list. Malicious URLs can be collected from already known C&C servers, through the open source sites that are providing malicious IP details, malware analysis process etc. The known malicious URLs will be placed in blacklist whereas the white list contains known important URLs. The URLs present in black list can never be accessed. A URL present in white list can never be added to black list. The URLs present in white list are safe for sure. Thus the DNS sinkhole verifies the input DNS query with the elements present in white list. If a match is found, IP of that URL will be returned. Else, it verifies with those present in the blacklist. If a match is found then, the user will be redirected and a customised webpage can be shown. This webpage can be created with information detailing the corporate policy restriction and can be hosted on a local server.
4 | P a g e
INDEX
1. Introduction……………………………………………………6 2. Problem Statement…………………………………………….7 3. DNS sinkhole overview……………………………………….7 3.1 DNS sinkhole workflow 3.2 DNS sinkhole setup overview 4. Installation, configuration and partitioning the drive………….10 4.1 DNS sinkhole server installation 4.2 Suggested drive configuration 4.3 Install the software 4.4 Sinkhole Configuration 5. DNS sinkhole web interface…………………………………..20 5.1 Configuring local sinkhole addresses 5.2 Populating the site exclusion list 5.3 Manually adding new sites to sinkhole 5.4 Search domains 6. Remote access…………………………………………………22 7. DNS sinkhole configuration…………………………………...23 7.1 Controlling access to suspicious sites 7.2 Changing MySQL root password 7.3 Configuring PowerDNS as sinkhole 7.4 PowerDNS monitoring webserver 8. Populating sinkhole using sinkhole_parser.sh…………………25 9. PowerDNS database……………………………………………27 10. Bibliography…………………………………………………..28
5 | P a g e
1. Introduction: The domain name system is indisputably one of the most important and overlooked parts of the internet. Since it is difficult to memorize large number of IP addresses, which are strings of numbers, DNS came into existence. Domain name system (DNS) manages a huge database mapping IP addresses against domain names. DNS takes the URLs we enter in our web browsers as input, finds the IP addresses of the web servers hosting those sites and returns those IP addresses.
Phishing is a cybercrime in which a target or targets are attacked to acquire their confidential and sensitive information such as usernames, passwords, credit card details etc. During phishing, the user is tricked by the attacker to submit his/her confidential information into a fraudulent website. Phishing, therefore causes loss to user.
DNS sinkhole is one of the many approaches for the sinkhole problem. DNS sinkhole contains blacklist and whitelist. Most of the techniques for phishing detection are based on blacklist. Blacklist is a file that contains a large number of known fraudulent sites. There are many ways like malware analysis, open source sites providing malicious IP details etc. to find fraudulent sites. Whitelist contains the known safe websites. When a user requests the DNS sinkhole to resolve IP address of a domain present in whitelist, its actual IP is returned. When a user requests a DNS server to resolve IP address of a malicious or fraudulent domain present in blacklist of the sinkhole, the user would be redirected to an internal website indicating that the site is blocked in accordance with corporate policy. In DNS sinkhole, we can also add domains manually into whitelist and blacklist and also remove them. When a new domain is added to the blacklist, the domain completely falls under the control of the sinkhole administrator. After this, it is no longer possible to access the original host. The blacklists must be updated constantly by the administrators of DNS sinkhole. Open source lists of known adware sites, malware sites and information from other sources can be combined with organisation specific information from DNS resource record queries from effected clients, analysis of malware found on compromised clients etc. The mentioned information can be added to the blacklist of sinkhole. The DNS sinkhole can also be used to take control of some domains which are not malicious or fraudulent but contravene the policies. Thus DNS sinkhole can be a part of security.
6 | P a g e
2. Problem Statement: It is the age of bots. Botnet traffic is increasing day by day, exploiting computer systems through a variety of infection vectors and establishing command and control channels for sale or lease to the highest bidder. Attacks are commonly seen in the form of cybercrime, and other illegal activities. Security analysts and administrators must respond daily to malware that forces a user to unknowingly download suspicious files from websites that they have no reason to access. Known applications that are dangerous must also be blocked. The following figure shows that botnet activity has been increasing day by day.
Thus, it is the duty of security analysts and anti-malware engineers to control and prevent bots and other unwanted traffic. This is where DNS sinkhole can play a major role in preventing access to known malware sites as a part of security.
3. DNS Sinkhole overview: DNS sinkhole is simple and hence it is effective at detecting and blocking malware domains and unwanted traffic that try to reach internet. It has the capability to mitigate many types of threats that use DNS resolution. Administrators can add hosts and domains using DNS zone files. There are professionals who maintain lists of known unwanted and malicious domains and this information can used in the sinkhole. DNS sinkhole is inexpensive as it is an open-source software.
The DNS sinkhole server works by impersonating an authoritative DNS server for unwanted and malicious domains and it returns a private address for such host and domain queries. The list of unwanted and malicious domains must be provided to the DNS sinkhole to make it effective. There are many advantages of deploying an internal DNS sinkhole. A sinkhole is scalable, effective,
7 | P a g e inexpensive and easy to maintain. Organisations can easily integrate their own ‘closed-source’ sinkhole entries for hosts or domains. This ability to customize data is a significant differentiator from commercial offerings. DNS sinkholes can not only block domains but also can block entire top level domains. Therefore while adding domains to sinkhole manually, care must be taken.
3.1 DNS sinkhole workflow:
8 | P a g e
3.2 DNS sinkhole setup overview: This configuration process is used to deploy DNS sinkhole presented by Slackware Linux (GNU) operating system. This installation was developed to setup either PowerDNS or DNS Bind forwarder and act as DNS sinkhole when the requested site is held either in the database or local table. The full installation requires 800 MB space and does not provide any remote service except through Webmin or secure shell for remote management of the server. Webmin is web management interface which will be useful for remote management of the server through a SSL enabled web browser. Additional information regarding Webmin is present at webmin.com.
A minimum of 2 GB ram will be sufficient but if your DNS sinkhole is required to serve a large enterprise, more will be better. It is important to make sure before you start that you are disconnected from network until the sensor has been securely configured. Make sure you have your PC and installation disks ready. As we install Slackware as a virtual machine we also have to make sure that VM player is configured properly. We must also have Slackware Sinkhole 64 bit ISO file.
9 | P a g e
4. Installation, Configuration and Partitioning the drive: 4.1 DNS Sinkhole server installation: Create a new virtual machine in VM player using Sinkhole 64 bit ISO file. After few seconds you will be prompted to decide what kernel to boot. The Slackware uses a number of kernels, adapted to work with different hardware profiles. We should not be worried about this. In most of the cases, suitable kernels will be automatically selected. At this stage, simply hit Enter to continue.
Next, you will be asked to choose your keyboard. If you are using standard US keyboard, just hit enter. Else choose the appropriate one.
10 | P a g e
A few moments later, you will begin installation. The installation has two separate steps: 1. Preparation of partitions. 2. Setup of the distribution itself. You will first have to create relevant partitions in the hard disk. Normally the partitions will be swap, root and home. This will be done using cfdisk. After the partitions are made, you will begin the standard setup which is similar to what we do in other systems like Ubuntu. To begin the installation, login as root. Type root and hit enter. Login credentials: username: root, password: idrbt@123.
11 | P a g e
After logging in as root, partition of disk must be done.
Type cfdisk and hit enter. If this is not a new drive, delete all the partitions present. You have to decide whether you are going to use DNS bind or PowerDNS before the partitioning itself. The custo m interface required for powerDNS doesn’t require any commandline knowledge to operate and update sinkhole. There is also another
12 | P a g e advantage that it maintains the data about when a domain, TLD or site was added and also by whom.
4.2 Suggested drive configuration: To create a new partition, move the highlight to [ New ] and press Enter.
In the next prompt, select the type [ primary ].
13 | P a g e
Then we need to set size of the partition. Swap 5 GB.
14 | P a g e
The partition created is hda1- first partition on the IDE drive. We need to set its type. By default it will be Linux and we need to change accordingly. Select the partition, select [ Type ] and hit enter.
Then we need to select the type we require the partition to be. Here, we are looking for Linux swap and its number is 82. So, type 82 and press any key to continue.
15 | P a g e
We have our Linux swap successfully configured. Now we need to repeat the same process for root and home. Again, highlight the [ New ] command and create a new partition. Set the necessary parameters as [ Primary ], 25000MB (25GB) and [ Beginning ]. It's the same process as above.After the creation of root partition, it is to be made bootable. This means that our system will know that core files of the partition are located on this partition. Finally we need to create the home partition. This is no different than before. Once finished, we must have the following configuration. / - 25 GB (recommended minimum) swap - 5 GB /usr/local/ - 10 + GB (if planning to use PowerDNS, for MySQL) /LOG - Remainder of the drive (If planning to collect packets) hda2 - 25 GB hda1 - 5 GB hda3 - 10 GB Select write to save the settings to disk Select quit to exit. 4.3 Install the software: You have successfully completed the first part of installation, that is, configuration of drive. Now we have to install the software. Type setup and click Enter.
You will reach the Slackware Linux setup main screen. The setup consists of many options. The layout of the option is chronological, meaning that if you begin with, for instance TARGET, you will also be able to edit all the options below it but not the ones above it. Since we are setting up for the first time and nothing have been implemented yet, we can go through all the options one by one. We can begin set up starting from ADDSWAP as we are using US keyboard. Select ADDSWAP and click Enter.
16 | P a g e
During partitioning, as swap partition file system is changed to Linux swap, the swap space will be detected automatically. The wizard will format the swap partition. We can also decide to check for bad blocks, which is not a bad idea. Once the swap partition is configured, we will be prompted with a message saying swap space configured. Next, we need to select our root partition. Since our root partition was created second in the partition table, it should have the label hda2. Therefore, the choice should not be difficult. The next prompt window will be asking if we want to format the root partition. Since, it has been created now, we need to format it. If the partition has been used previously,we might do a slow format to check for bad blocks. The best choices are ext2, ext3 and ext4 systems. Select Linux installation partition /dev/hda1(format, ext4 – default) /dev/hda3(format, ext3 – default) /dev/hda4(format, ext4 – default) Select mount point for/dev/hda3:/usr/local -- as we are using PowerDNS, for DB table Select mount point for /dev/hda4:/LOG – Needed to collect packet Select add none to continue with setup Select continue to go to the Source section Select 1 to install from a Slackware CD-ROM Select OK to continue.
17 | P a g e
The wizard will suggest to scan for the right drive containing the source media. It is better to let it auto scan. Now you need to select your installation mode. Your choice will reflect the number of packages that will be installed, the number of prompts during installation and the time needed for the task. The best choice is to install all the packages which is roughly 3 GB. Then the installation will begin.
Install DNS sinkhole from the installation CD which shows 8 packages A, AP, D, L, N, TCL, X and Z. Select OK to continue and go to the install section. Select install everything and OK to start the installation. Insert next disk, select quit. Skip making a boot stick. Install LILO and select expert. Select Begin, at the blank prompt press enter, select no, select ok for default buffer console, install to MBR confirm location to install LILO followed by none. Add Linux and choose the root partition with either /dev/hda1 or hda2 or /dev/ccisss/c0d0p1 which I usually default. Use Linux as partition name. Configure network with static IP settings (select 127.0.0.1 for DNS) Setup DNS sinkhole start up services. BIND requires rc.bind only, whereas PowerDNS requires rc.pdns, rc.pdns_recursor, rc.httpd, rc.mysqld. Select No in setting up hardware clock. Set the password for root.
18 | P a g e
After the completion of setup, select cancel at Slackware Linux screen. Then, remove the CD Reboot at prompt. Manually, eject CD-ROM (if using VMware) Log back into server as root. Delete the residual mail rm/var/spool/mail/root. 4.4 Sinkhole Configuration: Use netconfig if needed, to reconfigure your network. 127.0.0.1 can be used for local DNS Configure NTP. In case of usage of multiple interfaces with PowerDNS, edit /etc/httpd/extra/http-ssl.conf and add Listen Sinkhole_IP:443 to ensure that the PowerDNS webserver listens only on the primary interface. PowerDNS DNS sinkhole setup: Be sure that rc.pdns_recursor and rc.pdns are running. Edit recursor.conf in /usr/etc. Ensure that the network configuration matches your network requirements. If you want to use ISP DNS server list or you are an enterprise that wants to use Split DNS forwarding, uncomment (enable) and update forward-zone-recurse option. Just uncomment, in case you want to use the one that is provided. Save and exit. Edit pdns.conf in /usr/etc if you want to monitor the DNS server statistics. Configure statistical PowerDNS, save and exit. Forwarding configuration of PowerDNS: PowerDNS is not Bind. /usr/etc/pdns.conf and /etc/powerdns/recursor.conf are the two configuration files of powerDNS. If queries should be forwarded to the web by PowerDNS, we have to edit recursor.conf and enable forwarding. Uncomment forward-zones-recurse or change forwarded DNS servers to yours. Testing the PowerDNS service: Restart rc.pdns and rc.pdns_recursor which are present in /etc/rc.d netstat –an | grep 53 must give this as output.
19 | P a g e
You can test the sinkhole using nslookup command. For example, nslookup google.com.
5. DNS Sinkhole web interface:
Sinkhole_parser.sh script is not necessary for web interface. Use https://sinkhole- ip to access the custom website. Default username and password are admin. These can be changed. The following options appear on the top after logging in.
5.1 Configuring local sinkhole addresses: We must change the Web sinkhole lists sinkhole IP to our site weblist sinkhole address before loading weblist update. We must change it under
20 | P a g e
View Sinkhole lists. We can also change it to 127.0.0.1. IPv6 is set to localhost by default. The DNS sinkhole already consists of a list of websites. If we want to populate DNS sinkhole, we have to select listname and sites added force. This is because, we may get error in some cases if the number of sites added in the list is large.
5.2 Populating the Sinkhole exclusion list: DNS sinkhole can be populated in another way such that those sites can never be added to DNS sinkhole. There will be no sites present in Sinkhole by default. It can be viewed using webmin, exclusions table or PDNS. 5.3 Manually adding new sites to sinkhole: We can add new sites to sinkhole manually apart through weblist. For this, we have to select add site to sinkhole, fill the domains box with individual or multiple websites, select the list you want to enter into and add a comment in comment box. 5.4 Search Domains: Search domains tab can be used to find the details of a domain present in the sinkhole. Enter the domain name in the box and hit Enter. We will know whether it is present or not and either in weblist or exclusion if it is present.
21 | P a g e
6. Remote Access: In order to access DNS sinkhole via SSH, some minor configuration changes are to be made. Configuring SSH TCP Wrappers: vi/etc/hosts.allow (or can also use Webmin, servers, TCP wrappers) In TCP wrappers file, add the IPC workstations that are allowed to connect to the DNS server. Sshd: 192.168.14. \ 172.16.2. The hosts.deny present in /etc denies ALL by default. Webmin configuration: Webmin is web-based interface. It can be used to manage PowerDNS server. Webmin can be used very easily. MySQL and Apache can be managed through the servers section present in Webmin. The default username and password are admin and admin respectively. We can change the Webmin password in the following way: /usr/local/webmin/changepass.pl /etc/webmin admin new password We can start and stop Webmin service in this way:
22 | P a g e etc/webmin/start etc/webmin/stop We must enter https://IPaddress:10000 as URL to access Webmin. 7. DNS Sinkhole configuration: DNS sinkhole can be setup using ISC Bind or PowerDNS. These both use a single shell script to parse the DNS records which the sinkhole uses. The major difference between Bind and PowerDNS is that, Bind uses command line to view and manage everything whereas PowerDNS uses MySQL database to store records. A domain can be controlled through a system host file (in Windows C:\WINDOWS\ system32\drivers\etc\hosts or in Unix /etc/hosts) or with a DNS server controlled by an organisation. The script sinkhole_parser.sh will be useful to populate DNS server with sinkhole records. Using this script we can either insert the records into Bind server in /var/named/ or into PowerDNS database. Irrespective of your using PowerDNS or bind to sinkhole site, a minimal configuration must be done in order to load the database of PowerDNS with list of malicious domains. 7.1 Controlling access to suspicious sites: Hosts file model is complex and difficult to maintain. If the number of hosts on the network is large, it will be difficult to update all the computers with a controlled DNS list. Another method is centralised. When an update is applied to the DNS server, the hosts asking the corporate DNS server where is malware.com and if answer is not present locally, it will be forwarded to next server to resolve. For a domain present in the sinkhole, the address that will be returned will be configured by the administrator in order to avoid the host from reaching the known sites which break corporate policy. In this process of redirection, the host will be redirected to a webpage that indicates the attempt to access a malware site. 7.2 Changing MySQL root password: Using the startup script, MySQL database will only listen on 127.0.0.1. This will also prevent direct external connections to port 3306. There is no default password for MySQL database and can be changed using the following command. /usr/local/mysql/bin/mysqladmin –u root password ‘new-password’
23 | P a g e
The account and password of PowerDNS are powerdns and password respectively. The password can also be left as it is because the database can only be accessed using 127.0.0.1. If it is decided to change the default password, then PowerDNS configuration file must also be edited and change must be made there as well. In order to change password, edit config.inc.php in var/www/htdocs/inc and save the file. 7.3 Configuring PowerDNS as Sinkhole: When using the installation CD of sinkhole, all the configuration files are set to have DNS sinkhole ready to respond to the DNS queries. If any is not managed by the sinkhole, it will be forwarded for response. At the end, if Apache and MySQL are selected to start a service, the server will now be working. In case you forgot, start the services by activating the startup scripts. We need to restart to activate the service. Some performance related settings for PowerDNS are present in /usr/etc/pdns.conf. To have 1 or more backends, we have to edit distributor-threads. The default value is set to 3. If the value is set to 1, it becomes unthreaded which may be a lot faster in some systems. The default setting for CNAME should be kept as the sinkhole must respond to query. The default wildcards value is no which cannot be used for sinkhole. So sinkhole will respond to wildcard requests. 7.4 PowerDNS monitoring webserver: A built in web server is present in PowerDNS to monitor the server. By editing pdns.conf, the server can be configured. The following parameters must be configured. Webserver must be started for monitoring. webserver = yes For web server to listen, an IP address is required. webserver-address = IP For accessing web server, a password is required. webserver-password = password webserver-port = 8081
24 | P a g e
If you made any changes, restart the server using /etc/rc.d/rc.pdns restart. The server can be accessed with default port 8081 by http://webserver:8081 Username : admin and password : password
8. Populating sinkhole using sinkhole_parser.sh: When we run sinkhole_parser.sh script, it shows 5 options which can be used to populate DNS sinkhole.The first thing the script does when it is executed is downloading malicious domains from the sites present in the script. More than 20,000 domains will be downloaded in to the sinkhole by the script. Checked_sites: checked_sites is a list of domains present in scripts directory. If a site is present in scripts directory, it can never be added into sinkhole. Thus, we can add safe sites to the checked_sites so that even though if any of these gets added into sinkhole by the script, they will automatically get removed. This list can also be controlled through webmin i.e; addition and removal of sites can be done.
25 | P a g e
Manually add single domain to sinkhole (A): By choosing this option, we can add a single domain to sinkhole. You must test (T) the domain list for sure after adding the domain to sinkhole, to ensure that the newly added domain is previously not present in the sinkhole and then select P or B to load the update. Download sinkhole updates (D): By selecting this option, we can download updates from a list of sites present in the script. Testing new zone file for errors (T): This option is used to test DNS records for any errors. Always select this option before loading either into PowerDNS or Bind. If you are using Bind and the test fails, select option R such that it restores the backup file and then exits. The only reason this could happen is when the /var/named/site_specific_sinkhole.conf or /var/named/custom_domain_ sinkhole .conf has been populated with a site that is now listed in site_specific_sinkhole.conf. To open a new terminal or another SSH session you can use Alt F2 at the console and remove the duplicate. You can run the test again if it gets passed, you can then load the updates into PowerDNS or Bind. Empty PowerDNS database of all its records (F): This option is used to remove everything from the database and both the servers are restarted. This must be done once or twice a month before inserting the sinkhole records again. When you empty the database, the domains in the sinkhole will be no longer present. It can take less than some minutes to load records into database depending on the speed of your server. Zone check failed, restore and exit (R): Only the bind users can use this option to restore the backup sinkhole records to the location in /var/named/entire_domain_sinkhole.conf. The backup will be stored in /tmp. Zone file is good, load it in Bind and exit (B): When this option is selected, the new sinkhole list gets loaded into the Bind server. It automatically reloads the zone once the loading is done and exit the script.
26 | P a g e
Zone file is good, load PowerDNS and exit (P): When this option is selected, it deletes from the database all the old records and loads the new sinkhole list into the PowerDNS database. In this section, a binary named zone2sql is used by the script which helps in translation of domain list into SQL text that can be imported into the database. The script compares the information present in the database against that downloaded from internet and remove them that are no longer dangerous and adds the news ones. When loading is done, new zones get refreshed automatically and then exit the script. 9. PowerDNS Database: Go to scripts directory and open the file pdns.sh using the command vim pdns.sh. In this, you can find a mysql command showing a path to database. Enter that command. Hit Enter.
You can see all the tables in the database using show tables; command. There are 13 tables present in the database. The domains table contains the sinkholed domains. The exclusions table contains the domains that never enter into sinkhole. Lists table contains the websites from which the malware domains are getting downloaded.
The changelog table shows all the activities performed with database.
27 | P a g e
10. Bibliography
[1]. Venkata Prasad Reddy, Vedala Radha, Manik Jindal, “Client Side Protection from Phishing attack”, January 2011, ResearchGate. [2]. Guy Bruneau, “Build Securely a DNS Sinkhole Step-by-Step Powered by Slackware Linux”, Version-2.1, 23 October 2016. [3]. Guy Bruneau, “DNS Sinkhole”, GIAC (GCIH) Gold Certification, August 7 2010. [4]. Melissa Muth, “Using DNS to protect clients from malicious domains”, 2015. [5]. Domain Name System (DNS), http://searchnetworking.techtarget.com.
28 | P a g e