Monthly Archives: June 2011

Know security tools from microsoft

There are several security tools from Microsoft to protect the windows environment.Few of them can be use free of cost.It is a good practice to keep update the softwares and OSs from any security loopholes. The Basics is to understand different programs and functions in teams of security.

Spam :-A Spam is a electronic messaging systems to send unsolicited bulk messages indiscriminately.

Malware :-A Malware(malicious software), is a program(code, scripts, active content, and other software) to disrupt/ deny operation / gather information that leads to loss of privacy or exploitation/ gain unauthorized access to system resources, and other abusive behavior.

Trojan :- A Trojan is a destructive program (user prior to installation and/or execution)steals information or harms the system.

Spyware :-A Spyware is a type of malware which collects the information about users without their knowledge(hidden from the user).

Virus :-A Virus is a computer program that can copy itself and infect a computer or spread in a network.

Worm :-A computer worm is a self-replicating malware computer program, which uses a computer network to send copies of itself to other nodes and it may do so without any user intervention.

Rootkit :-A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications. The term rootkit is a concatenation of “root” (the traditional name of the privileged account on Unix operating systems) and the word “kit” (which refers to the software components that implement the tool).

Adware :-Is any software package which automatically plays, displays, or downloads advertisements (This can be in the form of a pop-up)to a computer.

Ad-Aware :-is an anti-spyware and anti-virus program developed by Lavasoft that detects and removes malware, spyware and adware on a user’s computer.

MBSA

Microsoft Baseline Security Analyzer (MBSA) is a tool to detect common security misconfigurations and missing security updates on computer and networks systems. commandline usages:- ——————– To check for security updates and patches, run the following command from a command-line prompt.

mbsacli /target 192.168.195.137 /n os+iis+sql+password > mbsa.txt

scans all computers in the CONTOSO domain for security updates, but it does not scan for administrative vulnerabilities:

mbsacli /d contoso /n os+iis+sql+password > mbsa.txt

scans all computers in the IP address range 192.168.195.130 to 192.168.195.254 for security updates, but it does not scan for administrative vulnerabilities:

mbsacli /r 192.168.195.130-192.168.195.254 /n os+iis+sql+password

scans all computers listed in the ComputerNames.txt file for security updates, but it does not scan for administrative vulnerabilities:

mbsacli /listfile computernames.txt /n os+iis+sql+password

Rootkitreveler

RootkitRevealer is a rootkit detection utility(rootkit is used to describe the mechanisms and techniques whereby malware, including viruses, spyware, and trojans, attempt to hide their presence from spyware blockers, antivirus, and system management utilities). RootkitRevealer detects rootkits including AFX, Vanquish and HackerDefender. commandline usages:- —————— rootkitrevealer [-a [-c] [-m] [-r] outputfile]

-a : Automatically scan and exit when done.

-c : Format output as CSV

-m : Show NTFS metadata files

-r : Don’t scan the Registry.

Forfront

Microsoft Forefront is a security software to protect computer networks, network servers and individual devices.It has two components Server security  and Client security

Protection

* Forefront Endpoint Protection * Forefront Protection 2010 for Exchange Server * Forefront Online Protection for Exchange * Forefront Protection 2010 for SharePoint * Forefront Security for Office Communication Server

Management

* Forefront Identity Manager 2010 * Forefront Protection Server Management Console

Microsoft Security Essentials

Microsoft’s free real-time protection for PC that guards against viruses, spyware, and other malicious software.

Microsoft Safety Scanner

Tool to scan your computer for malicious and potentially unwanted software.

Windows Automatic updates

Windows Server Update Services (WSUS), previously known as Software Update Services (SUS), is a freeware that enables administrators to manage the distribution of updates and hotfixes released for Microsoft products to computers in a corporate environment.

Read more from below sites

http://technet.microsoft.com/en-us/security/cc297183

http://technet.microsoft.com/en-us/library/cc700837.aspx

http://sectools.org/

Advertisements

SquidNT proxy

Proxy Server
____________
What is a Proxy Server?
Proxy servers do a number of different things, but the basic term proxy means to do something for somebody else, usually in an authorized capacity. There are in fact two types of

proxy servers, a forward proxy and a reverse proxy. A forward proxy is used to support Internet access for a number of clients through a single server for security, caching, or

filtering. A reverse proxy is used to redirect requests for a Web site to a number of servers for a client.

•    Security — Because the proxy server can redirect requests, we can use it as a gateway to the Internet. Because it can be a single machine, it can act as an authenticated

gateway through firewalls, while still preventing direct Internet access to clients.
•    Caching — If one machine (the proxy server) is being used to access the Internet, it can also act as a cache, storing frequently used and accessed sites, graphics, and

other elements. Even in a relatively modest installation, the use of a caching server can significantly improve the performance of an entire enterprise’s Web access. It can also

help lower bandwidth requirements, enabling organizations to squeeze more performance out of an Internet connection.
•    Filtering — Because all requests for Web pages go through the proxy server, the proxy server can make decisions about which sites and information clients can view or

access. A proxy server can simply block adverts and pop-ups (providing you can easily identify the site or URL) or entire sites.
Architecturally, the proxy server sits on the network, and may be the same machine that provides the Internet connection and firewall/filtering service. Figure 1 illustrates a

basic network diagram for this.

    Internet——Proxy server—————Clients

Squid proxy installations under windows
_______________________________________

#Download http://squid.acmeconsulting.it/
# Extract the binary archive in the desired directory (default c:\squid)
# Copy squid.conf.default as squid.conf and mime.conf.default as mime.conf
# Edit the squid.conf and change if needed the c:/squid path (use path with ‘/’ char, NOT ‘\’)
# Manually create ALL the directories specified in squid.conf, except the contents of the cache directory

Note:Starting with PRE9 revision, squid.exe was moved from bin to sbin directory.
Please remove and reinstall SquidNT service to reflect the changes.

What to be Edit in Squid.conf
______________________________
# DNS Configuration

# TAG: dns_nameservers
# Use this if you want to specify
# a list of DNS name servers (IP addresses)
# to use instead of those given in your
# /etc/resolv.conf file.
#
# Example: dns_nameservers 10.0.0.1 192.172.0.4
#
#Default:
# none
dns_nameservers 10.1.24.10

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from
# where browsing should be allowed
acl my_networks src 10.1.0/24
http_access allow my_networks
http_access allow manager localhost
http_access deny manager

Create the Squid cache directories for improve browser performance by caching websites locally reducing the need to download each item on the webpage .

C:\squid\sbin>squid -z

Setup SquidNT as a service
__________________________
Run this command from command prompt: c:\squid\sbin\squid -i

You can start/stop/restart the service called Squid from: Control Panel > Administrative Tools > Services

User Authentication on AD domain
_______________________________________

#auth_param basic casesensitive off”.
auth_param ntlm program c:/squid/libexec/mswin_ntlm_auth.exe
auth_param ntlm children 5

acl my_networks proxy_auth REQUIRED src 10.0.0.1/255

Blocking Websites
_________________
acl facebook url_regex facebook.com
acl myspace url_regex myspace.com

acl CONNECT method CONNECT
acl facebook url_regex facebook.com
acl myspace url_regex myspace.com
acl localnet proxy_auth REQUIRED src 10.0.0.1/255

Browser configuraions(client side)
__________________________________
Firefox

Tools > Options > Advanced > Network tab > Settings.

Click on “Manual proxy configuration” and enter the IP of the machine which SquidNT was installed. For the port use 3128 (the squid default).

Internet Explorer

Tools > Internet Options > Connections tab > LAN Settings

Under the proxy server section click the “Use a proxy server for your LAN” box. For the server use the IP of the machine SquidNT was installed on and use port 3128 (the default for Squid).

Squid commands
______________
# squid -i [-f configfile] [-n servicename] (installs the servicename Squid service using the configfile configuration file, default configfile is “c:/squid/etc/squid.conf”,default servicename is “SquidNT”)
# squid -z [-f configfile] (creates the cache directories)
# squid -O servicecommandline [-n servicename] (Set in Windows Registry the Squid servicename service command line)

Try another proxy(ccproxy) from http://www.youngzsoft.net

Remote Desktop Management

Remote Desktop Management

It is a Software tool enables desktop sharing and accessing remotely in  
a Windows computers in the network.

Windows allows two tools to access Remote Desktops are

RDC(Remote Desktop Connection)
RDs(Remote Desktops-A snap in)

Both are using Terminal Services(TS) using protocol RDP

And another way can connect using RD Web connection.

The difference of RDC and RD is you can connect many server at a time using RDC(With TS license else only allow 2 connections),but in RD at a time one connection.It is window having left side your all added servers and right your sessions.once you click from one to another the last open server will be right pan.

Note:Remote Desktops With TS license can connect more sessions for a server else only allow 2 connections

RDP
___
Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft, which concerns providing a user with a graphical interface to another computer. The protocol is an extension of the ITU-T T.128 application sharing protocol.By default the server listens on TCP port 3389.

Clients exist for most versions of Microsoft Windows (including Windows Mobile), Linux, Unix, Mac OS X, Android, and other modern operating systems.

To launch RDC
_____________
Start > Programs > Accessories >Communications > Remote Desktop Connection
type mstsc from run window

To launch RDs
_____________
Start > Administrative tools > Terminal services > Remote Desktops

Note:Available only in server OS,not Desktops such XP.

Installing Remote Desktop Web Connection
_________________________________________
Start > Control Panel > Add/Remove Programs > Add/Remove Windows Components
> Internet Information Services > World Wide Web Service
Select the Remote Desktop Web Connection check box, and then click OK.
Click OK on the Internet Information Services .

%d bloggers like this: