Monthly Archives: June 2011
There are several security tools from Microsoft to protect the windows environment.Few of them can be use free of cost.It is a good practice to keep update the softwares and OSs from any security loopholes. The Basics is to understand different programs and functions in teams of security.
Spam :-A Spam is a electronic messaging systems to send unsolicited bulk messages indiscriminately.
Malware :-A Malware(malicious software), is a program(code, scripts, active content, and other software) to disrupt/ deny operation / gather information that leads to loss of privacy or exploitation/ gain unauthorized access to system resources, and other abusive behavior.
Trojan :- A Trojan is a destructive program (user prior to installation and/or execution)steals information or harms the system.
Spyware :-A Spyware is a type of malware which collects the information about users without their knowledge(hidden from the user).
Virus :-A Virus is a computer program that can copy itself and infect a computer or spread in a network.
Worm :-A computer worm is a self-replicating malware computer program, which uses a computer network to send copies of itself to other nodes and it may do so without any user intervention.
Rootkit :-A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications. The term rootkit is a concatenation of “root” (the traditional name of the privileged account on Unix operating systems) and the word “kit” (which refers to the software components that implement the tool).
Adware :-Is any software package which automatically plays, displays, or downloads advertisements (This can be in the form of a pop-up)to a computer.
Ad-Aware :-is an anti-spyware and anti-virus program developed by Lavasoft that detects and removes malware, spyware and adware on a user’s computer.
Microsoft Baseline Security Analyzer (MBSA) is a tool to detect common security misconfigurations and missing security updates on computer and networks systems. commandline usages:- ——————– To check for security updates and patches, run the following command from a command-line prompt.
mbsacli /target 192.168.195.137 /n os+iis+sql+password > mbsa.txt
scans all computers in the CONTOSO domain for security updates, but it does not scan for administrative vulnerabilities:
mbsacli /d contoso /n os+iis+sql+password > mbsa.txt
scans all computers in the IP address range 192.168.195.130 to 192.168.195.254 for security updates, but it does not scan for administrative vulnerabilities:
mbsacli /r 192.168.195.130-192.168.195.254 /n os+iis+sql+password
scans all computers listed in the ComputerNames.txt file for security updates, but it does not scan for administrative vulnerabilities:
mbsacli /listfile computernames.txt /n os+iis+sql+password
RootkitRevealer is a rootkit detection utility(rootkit is used to describe the mechanisms and techniques whereby malware, including viruses, spyware, and trojans, attempt to hide their presence from spyware blockers, antivirus, and system management utilities). RootkitRevealer detects rootkits including AFX, Vanquish and HackerDefender. commandline usages:- —————— rootkitrevealer [-a [-c] [-m] [-r] outputfile]
-a : Automatically scan and exit when done.
-c : Format output as CSV
-m : Show NTFS metadata files
-r : Don’t scan the Registry.
Microsoft Forefront is a security software to protect computer networks, network servers and individual devices.It has two components Server security and Client security
* Forefront Endpoint Protection * Forefront Protection 2010 for Exchange Server * Forefront Online Protection for Exchange * Forefront Protection 2010 for SharePoint * Forefront Security for Office Communication Server
* Forefront Identity Manager 2010 * Forefront Protection Server Management Console
Microsoft Security Essentials
Microsoft’s free real-time protection for PC that guards against viruses, spyware, and other malicious software.
Microsoft Safety Scanner
Tool to scan your computer for malicious and potentially unwanted software.
Windows Automatic updates
Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a freeware that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers in a corporate environment.
Read more from below sites
What is a Proxy Server?
Proxy servers do a number of different things, but the basic term proxy means to do something for somebody else, usually in an authorized capacity. There are in fact two types of
proxy servers, a forward proxy and a reverse proxy. A forward proxy is used to support Internet access for a number of clients through a single server for security, caching, or
filtering. A reverse proxy is used to redirect requests for a Web site to a number of servers for a client.
• Security — Because the proxy server can redirect requests, we can use it as a gateway to the Internet. Because it can be a single machine, it can act as an authenticated
gateway through firewalls, while still preventing direct Internet access to clients.
• Caching — If one machine (the proxy server) is being used to access the Internet, it can also act as a cache, storing frequently used and accessed sites, graphics, and
other elements. Even in a relatively modest installation, the use of a caching server can significantly improve the performance of an entire enterprise’s Web access. It can also
help lower bandwidth requirements, enabling organizations to squeeze more performance out of an Internet connection.
• Filtering — Because all requests for Web pages go through the proxy server, the proxy server can make decisions about which sites and information clients can view or
access. A proxy server can simply block adverts and pop-ups (providing you can easily identify the site or URL) or entire sites.
Architecturally, the proxy server sits on the network, and may be the same machine that provides the Internet connection and firewall/filtering service. Figure 1 illustrates a
basic network diagram for this.
Squid proxy installations under windows
# Extract the binary archive in the desired directory (default c:\squid)
# Copy squid.conf.default as squid.conf and mime.conf.default as mime.conf
# Edit the squid.conf and change if needed the c:/squid path (use path with ‘/’ char, NOT ‘\’)
# Manually create ALL the directories specified in squid.conf, except the contents of the cache directory
Note:Starting with PRE9 revision, squid.exe was moved from bin to sbin directory.
Please remove and reinstall SquidNT service to reflect the changes.
What to be Edit in Squid.conf
# DNS Configuration
# TAG: dns_nameservers
# Use this if you want to specify
# a list of DNS name servers (IP addresses)
# to use instead of those given in your
# /etc/resolv.conf file.
# Example: dns_nameservers 10.0.0.1 188.8.131.52
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from
# where browsing should be allowed
acl my_networks src 10.1.0/24
http_access allow my_networks
http_access allow manager localhost
http_access deny manager
Create the Squid cache directories for improve browser performance by caching websites locally reducing the need to download each item on the webpage .
Setup SquidNT as a service
Run this command from command prompt: c:\squid\sbin\squid -i
You can start/stop/restart the service called Squid from: Control Panel > Administrative Tools > Services
User Authentication on AD domain
#auth_param basic casesensitive off”.
auth_param ntlm program c:/squid/libexec/mswin_ntlm_auth.exe
auth_param ntlm children 5
acl my_networks proxy_auth REQUIRED src 10.0.0.1/255
acl facebook url_regex facebook.com
acl myspace url_regex myspace.com
acl CONNECT method CONNECT
acl facebook url_regex facebook.com
acl myspace url_regex myspace.com
acl localnet proxy_auth REQUIRED src 10.0.0.1/255
Browser configuraions(client side)
Tools > Options > Advanced > Network tab > Settings.
Click on “Manual proxy configuration” and enter the IP of the machine which SquidNT was installed. For the port use 3128 (the squid default).
Tools > Internet Options > Connections tab > LAN Settings
Under the proxy server section click the “Use a proxy server for your LAN” box. For the server use the IP of the machine SquidNT was installed on and use port 3128 (the default for Squid).
# squid -i [-f configfile] [-n servicename] (installs the servicename Squid service using the configfile configuration file, default configfile is “c:/squid/etc/squid.conf”,default servicename is “SquidNT”)
# squid -z [-f configfile] (creates the cache directories)
# squid -O servicecommandline [-n servicename] (Set in Windows Registry the Squid servicename service command line)
Try another proxy(ccproxy) from http://www.youngzsoft.net
Remote Desktop Management
It is a Software tool enables desktop sharing and accessing remotely in
a Windows computers in the network.
Windows allows two tools to access Remote Desktops are
RDC(Remote Desktop Connection)
RDs(Remote Desktops-A snap in)
Both are using Terminal Services(TS) using protocol RDP
And another way can connect using RD Web connection.
The difference of RDC and RD is you can connect many server at a time using RDC(With TS license else only allow 2 connections),but in RD at a time one connection.It is window having left side your all added servers and right your sessions.once you click from one to another the last open server will be right pan.
Note:Remote Desktops With TS license can connect more sessions for a server else only allow 2 connections
Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft, which concerns providing a user with a graphical interface to another computer. The protocol is an extension of the ITU-T T.128 application sharing protocol.By default the server listens on TCP port 3389.
Clients exist for most versions of Microsoft Windows (including Windows Mobile), Linux, Unix, Mac OS X, Android, and other modern operating systems.
To launch RDC
Start > Programs > Accessories >Communications > Remote Desktop Connection
type mstsc from run window
To launch RDs
Start > Administrative tools > Terminal services > Remote Desktops
Note:Available only in server OS,not Desktops such XP.
Installing Remote Desktop Web Connection
Start > Control Panel > Add/Remove Programs > Add/Remove Windows Components
> Internet Information Services > World Wide Web Service
Select the Remote Desktop Web Connection check box, and then click OK.
Click OK on the Internet Information Services .