Seven overlooked network security threats for 2011

Seven overlooked network security threats for 2011: "

No one working in network security can complain that the issue has been ignored by the press. Between Stuxnet, WikiLeaks server attacks and counterattacks, and the steady march of security updates from Microsoft and Adobe, the topic is being discussed everywhere. IT workers who have discovered that consolidation, off-shoring, and cloud computing have reduced job opportunities may be tempted to take heart in comments such as Tom Silver’s (Sr. VP for Dice.com) claim that “there is not a single job position within security that is not in demand today.”This and similar pronouncements by others paint a rosy picture of bottomless security staff funding, pleasant games of network attack chess, and a bevy of state-of-the-art security gadgets to address threats. Maybe.

In these challenging times, separating hype from visionary insight may be a tall order. Yet it’s important to strike a sensible balance, because there are problems both with underestimating the problem as well as in overhyping the value of solutions. This situation became readily apparent when making a list of overlooked threats for the upcoming year. The task of sorting through the hype must not become a cause that only managers will be inspired to take up.

Table A summarizes a modest list of security threats that are likely to be overlooked in the coming year. The list thus adds to the mélange of worry-mongering, but at least the scenarios are plainly labeled as worst case scenarios.

1. Insider threat

Millions of dollars can be spent on perimeter defenses, but a single employee or contractor with sufficient motivation can easily defeat those defenses. With sufficient guile, such an employee could cover his tracks for months or years. Firms such as Symantec Vontu have taken a further step and characterized the insider threat issue as “Data Loss Prevention” (DLP). Also in this category are attacks on intellectual property, which tend to be overlooked in favor of more publicized losses.

2. Tool bloat backlash

Recent TSA changes to airport security demonstrate that the public’s appetite for security measures has limits. The same is true for network security. As demands for more and more tools taking an increasingly larger percent of the IT budget mount, backlash is inevitable. Many tools contribute to a flood of false positives and may never resist an actual attack. There is a network security equivalent of being overinsured.

Threat Area	Worst Case Scenarios
1. Insider Threat	Enterprise data including backups destroyed, valuable secrets lost, and users locked out of systems for days or even weeks.
2. Tool Bloat Backlash	Decision-makers become fed up with endless requests for security products and put a freeze on any further security tools.
3. Mobile Device Security	A key user’s phone containing a password management application is lost. The application itself is not password-protected.
4. Low Tech Threats	A sandbox containing a company’s plan for its next generation of cell phone chips is inadvertently exposed to the public Internet.
5. Risk Management	A firm dedicates considerable resources to successfully defend its brochure-like, ecommerce-less web site from attack, but allows malware to creep into the software of its medical device product.
6. SLA Litigation	Although the network administrator expressed reservations, a major customer was promised an unattainable service level for streaming content. The customer has defected to the competition and filed a lawsuit.
7. Treacheries of Scale	A firm moves from a decentralized server model to a private cloud. When the cloud’s server farm goes offline, all users are affected instead of users in a single region.

Table A. Worst Case Scenarios for Overlooked Network Security Threats

3. Mobile device security

There’s lots of talk about mobile device security, but despite prominent breaches employing wireless vectors, many enterprises haven’t taken necessary precautions.

4. Low-tech threats

Addressing exotic threats is glamorous and challenging. Meeting ordinary, well-understood threats, no matter how widespread, is less interesting and is thus more likely to be overlooked. Sandboxes, “test subnets,” and “test databases” all receive second class attention where security is concerned. Files synchronized to mobile devices, copied to USB sticks, theft of stored credentials, and simple bonehead user behaviors (”Don’t click on that!”) all fit comfortably into this category. Network administrators are unlikely to address low tech threats because more challenging tasks compete for their attention.

5. Risk management

Put backup and disaster recovery in this category, but for many, having servers with only one NIC card or relying upon aging, unmonitored switches and exposed cable routing are equally good use cases. Sadly, most organizations are not prepared to align risks with other business initiatives. To see where your organization stands in this area, consider techniques such as Forrester’s Lean Business Technology maturity for Business Process Management governance matrix.

6. SLA Litigation

Expectations for service levels are on the rise, and competitive pressures will lead some firms to promise service levels that may not be attainable. Meanwhile, expectations for service levels by the public continue to rise.

7. Treacheries of scale

There will be the network management version of the Quantas QF32 near-disaster. Consequences of failure, especially unanticipated failure, increase as network automation is more centralized. Failure points and cascading dependencies are easily overlooked. For instance, do network management tools identify SPOF? A corollary is that economies of scale (read network scalability) lead directly to high efficiency threats - that is, risks of infrequent but much larger scale outages.

What’s a network administrator to do? Address the issues over which some control can be exerted, and be vigilant about the rest. Too much alarm-sounding is likely to weaken credibility.

"

Windows Build Audit, Create Windows System Reports

Windows Build Audit, Create Windows System Reports: "

I sometimes need to get a quick overview of a computer system that I work on for the first time. Windows Build Audit is a free portable application that can generate Windows system reports in HTML format easily making it ideal for that task.

The Open Source software has a size of less than 300 Kilobytes on the hard drive after unpacking and can be started from any location of the system. Reports can be saved into different locations which means it can not only be run from writable storage devices but also CD or DVDs.

The program can be executed with a double-click, or by running it from the command line with optional command line switches. Switches include the option to run a silent audit without user interaction.

Windows Build Audit generates the report and saves it as a HTML file in a selected location on a connected storage device.

The report creates item groups which reveal detailed information about the computer system. Included in the report are information about the users of the system, the installed software, plug and play devices, the computer bios, hardware that includes the cpu, computer memory and network adapters as well as the operating system and version.

Reports are offered in one single file and havee a size of less than 100 Kilobytes.

Windows Build Audit is offered at the project’s Sourceforge page. Alternatives to the open source application are PC Audit and Win Audit

---

© Martin for gHacks Technology News, 2010. | Permalink | Add to del.icio.us, digg, facebook, reddit, twitter
Post tags: Open Source, portable software, software, system report, windows build audit, windows software

"

5 ways to recycle or revitalize your old computer

5 ways to recycle or revitalize your old computer: "Christmas is coming, and you're about to have a ton of time off. Some of that time will be spent energetically tearing apart beautifully-wrapped gifts, and eating food is certainly next on the list of priorities. Obviously you have to play with your new gifts (or put on your new socks), but after that... after the postprandial sofa-surfing grunts and burps and farts... well, there isn't a whole lot you can do.



The other big thing about Christmas is the amount of waste it produces. Wrapping paper, cards, ribbons, the plastic packaging of the presents themselves... there's an awful lot of trash on Christmas Day. Then, of course, you need to throw out all of the things that have been replaced by new gifts: old kitchen appliances, clothes, televisions, printers and, most importantly, computers. A new laptop or desktop is incredibly cheap nowadays, which makes them very popular gifts.



But shouldn't we do something with the old stuff, rather than just throwing it out? Of course, you could Freecycle or wade into the Craigslist cesspit, or give your clothes to charity -- but hold onto those old computers! You'd be surprised with how many cool things you can do with an old desktop or laptop computer. You could finally learn how to use Linux, or set up a media center PC so that you can watch downloaded movies on your TV. You could create a locked-down box for your kids to surf the Web on, or a network-attached storage server for your backups. There's almost no end to the list of neat things you can do with an old PC!

Continue reading 5 ways to recycle or revitalize your old computer

5 ways to recycle or revitalize your old computer originally appeared on Download Squad on Fri, 24 Dec 2010 14:30:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments

"

How to Search Just the Site You’re Viewing Using Google Search

How to Search Just the Site You’re Viewing Using Google Search: "

Have you ever wanted to search the site you’re viewing, but the built-in search box is either hard to find, or doesn’t work very well? Here’s how to add a special keyword bookmark that searches the site you’re viewing using Google’s site: search operator.

This technique should work in either Google Chrome or Firefox—in Firefox you’ll want to create a regular bookmark and add the script into the keyword field, and for Google Chrome just follow the steps we’ve provided below

"

Rescue CDs: Tips for fighting malware

http://blogs.techrepublic.com.com/security/?p=3803

Using rescue CDs to ferret out malware is a great idea, in theory at least. Getting them to actually work is another story. Don’t make the same mistakes I did.
—————————————————————————————–
Malware is sophisticated enough to manipulate the host computer’s operating system to help it hide. That’s why rescue CDs are becoming the go-to malware detection and removal technology.

What is a rescue CD

Anti-malware rescue CDs are bootable operating systems that take control of a computer’s hardware. Since the computer’s operating system is inactive, so is any installed malware. That’s where we get the upper hand; malware can’t activate any defense to avoid being detected by the anti-malware program installed on the rescue CD.
A stumbling block
Before I present the rescue CDs I reviewed, I want to point out some mistakes I made when using rescue CDs. One embarrassing mistake happened during a visit to a client. It was the wrong time for me to realize that certain versions of rescue CDs require a new .iso file to get the latest signature definitions.
After that oops, I made sure I used rescue-CD applications that can download and incorporate the latest signature files without needing to rebuild the CD.
That brings me to my next mistake. I typically don’t give much thought to whether the network connection is hard-wired or Wi-Fi. I assumed rescue CDs would be able to update using either. That’s not always true. In some cases, rescue-CD apps will not recognize the wireless network adapter.
Here they are
The following rescue-CD applications always get good reviews and do well in independent testing. And, they are all capable of updating their signature database via an Internet connection:
AVG Rescue CD
Base: Linux (77 MB)
Configured to create either a bootable CD or USB drive
Signature Update: Online update or downloaded signature file
Avira AntiVir Rescue System
Base: Linux (47 MB)
Signature Update: Downloaded signature file
BitDefender Rescue CD
Base: Linux (228 MB)
Signature Update: Online update or downloaded signature file
Dr.Web LiveCD
Base: Linux (65 MB)
Signature Update: Online update
F-Secure Rescue CD
Base: Linux (155 MB)
Signature Update: Online update or downloaded signature file.
Kaspersky Rescue CD
Base: Linux (103 MB)
Signature Update: Online update
Norton Recovery Tool
Base: Windows Vista PE (241 MB)
Signature Update: Online update
Best at detecting malware
Avira’s AntiVir Rescue System is consistently on top when it comes to malware detection. Virus Bulletin is a well-known test house for anti-malware, and they place AntiVir Rescue System first (registration is required).
A close second is BitDefender Rescue CD. To many system admins being second is not an issue. That’s because BitDefender Rescue CD has many attributes that make their job easier.
Most features

BitDefender Rescue CD outclasses the entire group when it comes to features. That’s in large part due to BitDefender using Knoppix, a well-thought-out Linux distro. It has many third-party apps such as ChkRootKit, Nessus Network Scanner, Partition Image, and GtkRecover. One additional convenient feature is the inclusion of the Firefox Web browser.

Create a rescue flash drive
Most rescue CD applications require converting an .iso file to make a bootable CD. If that seems confusing, this link to the Petri Web site will help explain. With netbooks becoming popular, using a rescue CD isn’t an option. One way to resolve that is to use UNetbootin. It is an application that will create a bootable flash drive from any of the above rescue-CD .iso files. I have to admit though, it’s a cumbersome process.
Thankfully, AVG Rescue CD has an alternative answer. Simply download the rescue file specifically developed for flash drives, extract the contents of the file to the flash drive, and click on makeboot.bat. That’s it. You now have an AVG Rescue Flash Drive.
OS boot sequence
One other consideration that needs to be addressed is the boot sequence of the computer being worked on. If you are using a rescue CD, the CD drive has to be moved to the top of the list. If you are using a netbook, more than likely the USB drive will already be first on the list and not a problem.
My rescue-CD wish list
Many things have to go right for rescue CDs to work. It doesn’t have to be that way. All it would take is the following:

• Make it simple to create “rescue flash drives.” Why? They can be easily updated without involving access to the computer’s operating system or having to recreate the CD.
• Make sure the BIOS software recognizes USB drives in their boot sequences.

Final thoughts
Rescue CDs and rescue flash drives will become more important as malware writers figure out better ways to obfuscate their code. Rootkits come to mind as they are the forerunners of deception.
If you prefer a rescue-CD application not listed here, I would appreciate learning about your experience.

Get IT tips, news, and reviews delivered directly to your inbox by subscribing to TechRepublic's free newsletters.

Virtual machine nomenclature strategies

Virtual machine nomenclature strategies: "

When an IT department is trying to determine a server’s nomenclature, the situation can actually become quite contentious; when you roll virtualization into the fold, things can get even more complicated. I’ve settled on several design elements for naming systems, whether they are physical or virtual, servers or storage, printers or I/O devices.

The single guiding theme to a system nomenclature is to be self-documenting either at a basic level or in painful detail. The absolute basic information that I’d like from a system’s name is to be able to determine the following attributes:

• Whether the system is virtual.


• Whether the system is in development or production.


• What application or operating system is running on the system.


• Whether it is the first, second, or third (etc.) of a sequence.

These basic identifiers can create a nomenclature that works for physical and virtual systems. Figure A shows an example that does this for a few types.

Figure A

Click the image to enlarge.

The obvious missing component is location. As I have been around the block a few times, I’ve determined that I am better off not having the location within the name of a server. Virtual machines move around, and I’d prefer that the burden of renaming the virtual machine not be associated with the built-in flexibility of the platform. Windows renames fine enough, but applications can require a bit of manipulation to accommodate name changes. Besides, it is just irritating when the first virtual machine shows up in a location that doesn’t have the site nomenclature.

This framework is also cluster-friendly, hence the triple digit sequencing for instances in positions 8, 9, and 10. Basically, position 8 would indicate a cluster, while leaving positions 9 and 10 for plenty of space to identify each node. As an example using the framework in Figure A, a cluster of five VMware ESXi hosts in a cluster named ESXI101 would be named as follows:

• PMPESXI101: Node one of the cluster (physical, production, ESXi)


• PMPESXI102: Node two of the cluster


• PMPESXI103: Node three of the cluster


• PMPESXI104: Node four of the cluster


• PMPESXI105: Node five of the cluster

This is just one of the ways that I have gone about this task, and I realize there are many ways to approach this topic. How do you name systems now that virtualization is a significant player in the data center? Share your comments in the discussion.

"

Consulting services on free server software: Money to be made.

Consulting services on free server software: Money to be made.: "

I don’t know about you, but I truly think that there is an incredible amount of really good software available for totally free today. Sure, there has always been a strong open source software community; but never before have so many of them been available as refined programs that are rock-solid.

While talking with someone recently who was looking for ideas for opportunities for IT side work, the idea of utilizing these free titles dawned on me. The opportunity would be to make a basic service catalog for your ideal client, whether that would be a home user or a small business. Here are a few software titles that can be used to make a great catalog for your prospective clients:

1. Untangle Appliance:



This Internet appliance is, by far, my favorite, and is a candidate for both the small business and home user. If for no other reason, the web filter and Spyware Blocker applications can be a boon to the small network to protect the browsing experience. Other features such as VPN



2. VMware ESXi:



The free version of the popular hypervisor, now dubbed VMware vSphere Hypervisor, is a very capable platform; even for the free edition. Most operating systems are supported as guests and other features include using shared storage, thin provisioning, and memory overcommit.



3. isyVmon Freeware Edition:



This virtual appliance functions as a monitoring platform, including a Nagios installation for up to 10 hosts. This can be a critical tool to page or otherwise alert when a system is unavailable.



4. VMware vCenter Converter:



This free tools allows administrators to convert physical servers to a virtual machine, including onto the free ESXi hypervisor.



5. Logmein:



For any scenario, Logmein is a great support mechanism for console access. Primarily because the remote assistance tool always works. This can be a backup for a VPN offering, or a simple solution for mobile systems that may need support wherever they are.



6. Openfiler:



This storage software engine can function as a SAN or NAS resource on commodity hardware that you provide. All major storage protocols are supported, including NFS, iSCSI, fibre channel and CIFS.

There are scores more offerings that you can leverage to provide consulting services as side work. The business plan is simple: learn the products and provide good service to install. The value proposition you can make in this situation is to leverage free software, the client will incur a lesser cost to get to the solution they are seeking.

Do you know of any free products that the everyday IT pro can roll into their fold for a robust consulting business on the side? Share your comments below.

"

Monitoring Performance and Availability of Active Directory

Monitoring Performance and Availability of Active Directory: "

You have an important document on your home directory you need to print to make the final review, after that you must email it to a customer.

These things seems pretty easy and people do it every day. All these things rely on one critical component, Microsoft Active Directory (AD).

AD is a Directory Service which contains different resources such as users, groups, computers, printers, group policys (settings / restrictions), DNS and more.

Failure in AD might prevent users from logging in to their computers, accessing files and use critical applications.

If AD is so important, what can you do to protect your environment from critical unplanned outages?

• Make it redundant
  
  
  
  
  • Add multiple Domain Controllers (DC) with Global Catalog and DNS enabled.
    
  
  
  • This will allow computers/servers to be able to login and access resources if a DC is down.
  
  
  • There are many other areas that needs to be addressed in order to have a redundant AD environment but that is out of this scope.
    
    
    
    
    
  
  
  
  


• Monitor performance and availability
  
  
  
  
  • Without monitoring you have no idea how your environment is performing and if it´s available. You rely only on your users to respond when something isn´t working.
  
  
  • I am going to introduce a much better way that is proactive and will detect, diagnose and resolve AD performance and availability issues for you. Interested?
  
  
  
  


• Use Data Protection
  
  
  
  
  • In case of disaster or if some parts of AD is accidently deleted you need to be able to revert to a previous good state.
  
  
  • This can be done by using Native Tools such as NT Backup or by using third-party tools such as Quest vRanger Pro and/or Quest Recovery Manager for AD.
  
  
  • Third party tools comes with a higher price but offer more functionality, restores quicker and have more granular restore capabilities.
  
  
  
  

As mentioned above, monitoring is very important if you want to be proactive and spot problems before they become to critical, that could result in an outage of AD.

What do native tools offer?

Perfmon is a general Windows Performance Monitor tool. It is very basic and is used as realtime monitoring only. It lacks in presentation, no historic data and no alarm capabilities.

Dcdiag is an command-line AD troubleshooting tool that you can run to diagnose your AD. Output is raw text and can be hard to understand if you don´t have deep AD skills.

Both tools are useful when troubleshooting but not very helpful in your daily monitoring process.

Is there an easier option for me?

Yes there is! Quest vFoglight for AD was built with this in mind. To help you detect, diagnose and resolve AD performance and availability problems without requiring any deep AD expertise from you.

It works across physical and virtual environments and has an agentless architecture (VM only, physical requires OS agent) for easier deployment and management.

Once installed and configured (covered later in this blogpost) it will start to collect key performance data from OS (CPU, Mem, Disk, Network), AD (response time, making sure key roles are accessible etc) and map topology (Forests, Domains, Sites, DCs).

Data that are collected are presented in easy understandable dashboards which are color coded Green (Normal), Yellow (Warning) and Red (Critical).

If some value is above a certain threshold or if it deviate from "normal" quickly, it will trigger an alarm. The Rules and thresholds are written by AD proffesionals that know what needs to be monitored and what thresholds to use.

So when an alarm is fired we have detected that something isn´t "normal" anymore, we provide a diagnose to what have happened and also a resolution to the problem. Everything to minimize the time needed to find and troubleshoot problems avoiding AD outage and in the end save your day!

Installing and Configuring vFoglight for AD

Before you start:

• Requires vFoglight 6.1 or later


• AD Cartridge (add-on to vFoglight) can be downloaded from http://portal.vizioncore.com


• Read Release Notes and Installation Guide before you start, there are important prereqs that need to be in place!

1. Install AD cartridge (enable new functionality on FMS)


2. Deploy AD package to FGLAM (enable new functionality on FGLAM)


3. Create Agents for all DCs (configure FGLAM to communicate to DCs)

I have recorded a video on how to install and configure vFoglight for AD cartridge (more in detail) as well show a demo of it.

(Please visit the site to view this media)

"

10 PowerShell commands every Windows admin should know

10 PowerShell commands every Windows admin should know: "

Over the last few years, Microsoft has been trying to make PowerShell the management tool of choice. Almost all the newer Microsoft server products require PowerShell, and there are lots of management tasks that can’t be accomplished without delving into the command line. As a Windows administrator, you need to be familiar with the basics of using PowerShell. Here are 10 commands to get you started.

Note: This article is also available as a PDF download.

1: Get-Help

The first PowerShell cmdlet every administrator should learn is Get-Help. You can use this command to get help with any other command. For example, if you want to know how the Get-Process command works, you can type:

Get-Help -Name Get-Process

and Windows will display the full command syntax.

You can also use Get-Help with individual nouns and verbs. For example, to find out all the commands you can use with the Get verb, type:

Get-Help -Name Get-*

2: Set-ExecutionPolicy

Although you can create and execute PowerShell scripts, Microsoft has disabled scripting by default in an effort to prevent malicious code from executing in a PowerShell environment. You can use the Set-ExecutionPolicy command to control the level of security surrounding PowerShell scripts. Four levels of security are available to you:

• Restricted — Restricted is the default execution policy and locks PowerShell down so that commands can be entered only interactively. PowerShell scripts are not allowed to run.


• All Signed — If the execution policy is set to All Signed then scripts will be allowed to run, but only if they are signed by a trusted publisher.


• Remote Signed — If the execution policy is set to Remote Signed, any PowerShell scripts that have been locally created will be allowed to run. Scripts created remotely are allowed to run only if they are signed by a trusted publisher.


• Unrestricted — As the name implies, Unrestricted removes all restrictions from the execution policy.

You can set an execution policy by entering the Set-ExecutionPolicy command followed by the name of the policy. For example, if you wanted to allow scripts to run in an unrestricted manner you could type:

Set-ExecutionPolicy Unrestricted

3: Get-ExecutionPolicy

If you’re working on an unfamiliar server, you’ll need to know what execution policy is in use before you attempt to run a script. You can find out by using the Get-ExecutionPolicy command.

4: Get-Service

The Get-Service command provides a list of all of the services that are installed on the system. If you are interested in a specific service you can append the -Name switch and the name of the service (wildcards are permitted) When you do, Windows will show you the service’s state.

5: ConvertTo-HTML

PowerShell can provide a wealth of information about the system, but sometimes you need to do more than just view the information onscreen. Sometimes, it’s helpful to create a report you can send to someone. One way of accomplishing this is by using the ConvertTo-HTML command.

To use this command, simply pipe the output from another command into the ConvertTo-HTML command. You will have to use the -Property switch to control which output properties are included in the HTML file and you will have to provide a filename.

To see how this command might be used, think back to the previous section, where we typed Get-Service to create a list of every service that’s installed on the system. Now imagine that you want to create an HTML report that lists the name of each service along with its status (regardless of whether the service is running). To do so, you could use the following command:

Get-Service | ConvertTo-HTML -Property Name, Status > C:\services.htm

6: Export-CSV

Just as you can create an HTML report based on PowerShell data, you can also export data from PowerShell into a CSV file that you can open using Microsoft Excel. The syntax is similar to that of converting a command’s output to HTML. At a minimum, you must provide an output filename. For example, to export the list of system services to a CSV file, you could use the following command:

Get-Service | Export-CSV c:\service.csv

7: Select-Object

If you tried using the command above, you know that there were numerous properties included in the CSV file. It’s often helpful to narrow things down by including only the properties you are really interested in. This is where the Select-Object command comes into play. The Select-Object command allows you to specify specific properties for inclusion. For example, to create a CSV file containing the name of each system service and its status, you could use the following command:

Get-Service | Select-Object Name, Status | Export-CSV c:\service.csv

8: Get-EventLog

You can actually use PowerShell to parse your computer’s event logs. There are several parameters available, but you can try out the command by simply providing the -Log switch followed by the name of the log file. For example, to see the Application log, you could use the following command:

Get-EventLog -Log 'Application'

Of course, you would rarely use this command in the real world. You’re more likely to use other commands to filter the output and dump it to a CSV or an HTML file.

9: Get-Process

Just as you can use the Get-Service command to display a list of all of the system services, you can use the Get-Process command to display a list of all of the processes that are currently running on the system.

10: Stop-Process

Sometimes, a process will freeze up. When this happens, you can use the Get-Process command to get the name or the process ID for the process that has stopped responding. You can then terminate the process by using the Stop-Process command. You can terminate a process based on its name or on its process ID. For example, you could terminate Notepad by using one of the following commands:

Stop-Process -Name notepad

Stop-Process -ID 2668

Keep in mind that the process ID may change from session to session.

Additional PowerShell resources

• 10 cool things you can do with Windows PowerShell


• Two PowerShell scripts for retrieving user info from Active Directory


• Three PowerShell queries to obtain critical system information


• Quickly find space-hogging files with PowerShell


• 10 reasons why you should learn to use PowerShell


• Update Windows scripts using these handy PowerShell commands


• Simplify PowerShell script creation with PowerGUI

"

XBOOT, Create MultiBoot ISOs On Disk And USB

XBOOT, Create MultiBoot ISOs On Disk And USB: "

Many developers provide ISO images of their release for free download, especially in the antivirus and security niche but also in utility and Linux. An antivirus ISO image can for instance be used to scan a PC by booting from that burned disk which may be the only possible way depending on the state of infection of the PC.

A problem that some users face is that there does not seem to be a way to combine multiple ISO images on an optical disk (like a CD or DVD) or USB device.

That’s why Xboot has been created by its developer. The free application can combine multiple ISO images into one multiboot disk or USB device.

ISO images can be dragged and dropped into the main program interface. Each ISO is listed with its name, size, a category, file path and other information. The program will automatically calculate the combined file size and display it as the total size in the same program window. That’s handy to keep below the maximum storage space of CDs, DVDs or USB sticks.

An option to calculate checksums is provided which may come in handy to verify the integrity of an ISO image. ISO images can be added via the file menu as well which opens a file browser to select ISO images from connected storage devices.

The file menu contains a listing of supported ISO download locations from popular software developers. They do however link to the download page only from where the disk images have to be downloaded separately. An option to download them directly in the program would be a comfortable addition.

A click on Create ISO or Create USB creates the the multiboot ISO image or USB device. Any ISO image created this way needs to be burned to disk before it can be used.

Xboot is a helpful tool to add multiple ISO images to one multiboot ISO image or USB device. The creation process is easy to complete, only the download of the ISO images (if that is needed) is not comfortable enough. Xboot is compatible with 32-bit or 64-bit editions of Windows. The free software requires the Microsoft .NET Framework 4.0 on the computer system.

---

© Martin for gHacks Technology News, 2010. | Permalink | Add to del.icio.us, digg, facebook, reddit, twitter
Post tags: iso image, multiboot, multiboot iso, multiboot usb, windows software, xboot

"

10 free anti-malware tools worth checking out

10 free anti-malware tools worth checking out: "

Over the last few years, anti-malware software has become increasingly costly. But believe it or not, there are still ways to protect your computer for free. In this article, I will list 10 free utilities you can use to either prevent malware infections or to help clean up the mess once a PC becomes infected.

Note: This article is also available as a PDF download.

1: AVG Anti-Virus Free Edition 2011

I have been using AVG’s free antivirus product for a few years now, and although it isn’t perfect, it seems to be at least as good as most of the commercial anti-malware products. AVG’s free edition provides basic protection against viruses and spyware, but the company also offers a more comprehensive security suite called AVG Internet Security 2011. This suite offers the same anti-malware protection as the free edition, but it also provides real-time protection against Internet search and social networking sites.

2: Comodo Antivirus

Comodo Antivirus takes a different approach to virus protection than most other antivirus products do. Comodo is based on the idea that it is foolish to allow code to run without first proving itself to be benign. So Comodo implements a default denial until an executable proves itself trustworthy. To keep the software from being too chatty, Comodo executes unknown code in an isolated sandbox where its behavior can be monitored without running the risk of the executable harming the system.

3: PC Tools AntiVirus Free 2011

PC Tools AntiVirus Free 2011 is a basic antivirus / anti-spyware program that is designed to protect Windows desktops against various forms of malware. Besides its basic detection capabilities, PC Tools includes a feature called Search Defender that is designed to warn you about unsafe Web sites (or phishing sites) before you click on them. The software also includes a File Guard component that monitors the file system and blocks attempted malware infections in real time.

4: Avast Free Antivirus

Like AVG, Avast sells comprehensive security suites, but makes its basic antivirus / anti-spyware product available for free to home users. Although I have never used Avast Free Antivirus, I’ve recently noticed posts in various message boards from people who claim that Avast provides better protection than some of the commercial products.

5: Ad-Aware Free Internet Security

Although it was originally designed as a product for detecting adware, Lavasoft’s Ad-Aware has evolved into a complete anti-malware product. Ad-Aware Free Internet Security provides real-time protection against spyware, rootkits, and more. It also includes a utility called The Neutralizer, which you can use to clean a PC that has already been infected.

6: HijackThis

HijackThis is one of my favorite anti-malware utilities, but it’s not for the faint of heart. HijackThis is designed to compile a report of critical file and registry settings that are often prone to viral infections. The thing that makes HijackThis difficult to use is that it makes no distinction between malicious and legitimate entries. As a result, you can end up doing even more damage to a PC unless you know what you are doing. Even so, I consider HijackThis to be a must-have utility.

7: Microsoft Security Essentials

Microsoft provides free antivirus protection for home users through a relatively new application called Microsoft Security Essentials. Microsoft Security Essentials is based on the same ForeFront technology as Microsoft’s enterprise class anti-malware software. The difference is that Microsoft Security Essentials is available solely to home users and businesses with fewer than 10 Windows desktops.

8: Windows Defender

Microsoft’s Windows Defender is a free anti-spyware utility for Windows. It’s not comprehensive, but it does a surprisingly good job of protecting Windows as long as you install it before an infection occurs.

Windows Defender is included with Windows Vista and Windows 7, but you can also download a version for Windows XP. If you are using Windows 7 or Windows Vista, Windows Defender is disabled by default. You can enable Windows Defender by typing the word Defender into the Windows search box and then double-clicking on the Windows Defender option. When you do, Windows will tell you that Windows Defender is turned off and will give you the opportunity to enable it.

9: Malicious Software Removal Tool

Although not a comprehensive antivirus tool by any stretch of the imagination, Microsoft’s Malicious Software Removal Tool does a good job of detecting and removing the most common viruses. The Malicious Software Removal Tool works with Windows 7, Vista, XP, and Server 2003. Microsoft releases updates to this tool on the second Tuesday of each month.

10: McAfee virus removal tools

McAfee makes commercial antivirus products, but it also offers some free tools for removing viruses. Specifically, it offers tools for removing Sasser, Bagle, Zafi, Mydoom, Lovsan / Balster, Klez, and Bugbear. You can download all of these tools here.

"

Add SSL to CentOS web server

Add SSL to CentOS web server: "

CentOS might well be one of the finest Linux distributions for a server environment. It is basically a mimic of Red Hat Enterprise Linux without the proprietary software and the price attached to it. With that in mind, it makes perfect sense to set CentOS up as your go-to Web server. It’s reliable, it’s stable, it’s extensible, and it’s secure.

But setting up a secure web server isn’t complete without the inclusion of SSL and certificates. If you are wanting to serve up sercure web pages you will certainly want your audience to be able to send them to https instead of http. So…with CentOS how do you do that? I will show you how.

Installing all of the packages

I will assume you already have CentOS installed as well as the Apache Web Server. Make sure you are able to go to the default Apache web page (or any web page on your CentOS web server), before you set up SSL. When you have all of that working you will need to install a couple of packages. This is done with the following steps:

1. Open up a terminal window.
2. Su to the root user.
3. Issue the command yum install mod_ssl openssl.
4. Let the installation complete.

With SSL installed and ready, it’s time to create your certificates for usage.

Creating your certificate

You will now have everything on your server to create CAs. You need to generate a private key, a csr, a self-signed key, and then you need to copy these files to the correct location. This is done with the following steps.

1. Open up a terminal window.
2. Su to the root user.
3. Generate the private key with the command openssl genrsa -out ca.key 1024.
4. Generate the csr with the command openssl req -new -key ca.key -out ca.csr.
5. Generate the self-signed key with the command openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt.
6. Move the self-signed key with the command cp ca.crt /etc/pki/tls/certs.
7. Move the private key with the command cp ca.key /etc/pki/tls/private/ca.key.
8. Move the csr with the command cp ca.csr /etc/pki/tls/private/ca.csr.

Edit the Apache SSL configuration

Open the file /etc/httpd/conf.d/ssl.conf and look for the section SSLCertificateFile. Make sure that line reads:

SSLCertificateFile /etc/pki/tls/certs/ca.crt

Now look for the SSLCertificateKeyFile and make sure that section reads:

SSLCertificateKeyFile /etc/pki/tls/private/ca.key

Save that file and you are ready to restart Apache.

Restart and test

Before you try to test Apache’s new SSL feature, you must restart the daemon. To do this issue the command /etc/rc.d/init.d/httpd restart. Hopefully you will see no warnings or errors. If not, then point your browser to https://ADDRESS_TO_SERVER Where ADDRESS_TO_SERVER is either the IP Address or the domain. You should then see a warning from your browser about the certificate for the site. If you see this warning congratulations, your Apache server is now ready for secure connections.

Remember, though, you created a self-signed certificate. To get the most out of SSL you might want to purchase a CA from a trusted name like Verisign (There are, of course, plenty of other places where you can purchase those certifiacates).

---

© Jack Wallen for gHacks Technology News, 2010. | Permalink | Add to del.icio.us, digg, facebook, reddit, twitter
Post tags: apache, CentOS, ssl

"

Stop providing free IT consulting work

Stop providing free IT consulting work: "

People don’t call electricians and expect free step-by-step instruction regarding how to repair a failed ground or intermittent circuit. So why do they call IT consultants expecting such assistance? I wish I knew the answer to that question, because I can feel my blood pressure rising just recalling some of the requests clients, customers, and other callers have made.

Clients have asked my office to provide free telephone support for a wide variety of topics, which include:

• Can’t you just walk me through this 17-step, 45-minute installation for free over the phone?


• Just tell me the exact steps I need to follow to remove this Trojan infection.


• Provide me with the 23 steps I need to follow to complete a complex, complicated task that requires expertise, experience, and proven knowledge to properly complete, but don’t bill me for it.


• What do I need to click on or select when I get to that 14^th screen, again?


• I’m going to migrate all my old data myself, but what’s a .PST file, where do I find it, how do I reload it, and will it work with my new PC that doesn’t have office productivity installed?

These common calls increase stress and anxiety, but this madness doesn’t need to continue. While all IT consultancies should strive to assist clients, you must guard against providing service without compensation. If employees in my office lose just 15 minutes per day providing free support to callers, my office loses 625 hours (10 engineers times 15 minutes a day times 250 annual workdays) a year that would have otherwise been invested performing constructive tasks and assisting paying clients. That’s unacceptable and a disservice to those clients who do pay for the consultancy’ services.

I encourage your consultancy to incorporate these tips to reduce free consulting:

• Bill for short phone calls. Most accountants, attorneys, and other professional services firms generate invoices for telephone calls lasting 15 minutes or longer. Incorporate that practice in your office. If clients complain, explain that your office fields dozens of 15 or 20 minute telephone calls each day in which you provide expertise, answers, and other information for which the office must charge.


• Charge for telephone support. Set expectations up front with clients. Regardless of whether a client is on retainer, if customers call with problems and the consultancy provides solutions, ensure the client understands that’s a service for which the consultancy is reimbursed. After all, those are sessions in which your engineers are providing expertise and are subsequently unable to assist other clients.


• Encourage on-site service. Clients frequently call requesting quick assistance with what they believe is a simple or easy task. There’s no easy way for your office to know, however, whether the client’s inability to run a program, for example, is due to a failed update, application incompatibility, virus infection, or other issue. Encourage clients to let you schedule an on-site visit (for which most customers have little trouble justifying service fees) to diagnose and troubleshoot the problem.


• Charge for remote assistance. Just because you’re not rolling a truck to provide assistance and correct an issue doesn’t mean you didn’t provide value. If engineers remotely connect to a client machine to diagnose, troubleshoot, or repair an issue, that’s time for which the office should be compensated. Bill it, even if it’s only 15 minutes.


• Smoothly transition from free to paid. Volunteer to try and provide quick, say five or 10 minutes, of assistance via telephone to a client. But if after five or 10 minutes your office realizes the solution is going to take more time, inform the client you’re crossing over from a goodwill gesture to a paid service and let the caller know you’re going on the clock.


• Say no. Occasionally callers will request free assistance for a project, or service for which they don’t wish to be billed. If the answer requires just a minute or two, that’s fine; but if the process or project requires more expertise or time to complete, simply tell the client no and explain that your office is unable to provide services for free.

Other methods

How does your consultancy manage customers who seek free consulting? Post your tips in the discussion.

More IT Consultant resources on TechRepublic

• Know when to bill clients for phone calls


• IT consultants, do you ever give away or discount your services?


• Six reasons why you might work for free


• How to become a better consultant by doing less billable work

"

Use Sysinternals Active Directory Explorer to make a domain snapshot

Use Sysinternals Active Directory Explorer to make a domain snapshot: "

Active Directory is one of Microsoft’s best products ever in my opinion. It allows for an incredible amount of control of computer and user accounts, and there is so much more under the hood.

The free Sysinternals Active Directory Explorer tool allows administrators to quickly look at information for the entire domain, as well as take a snapshot for comparison at a later date. The tool should not replace any of the Active Directory tools for everyday use, but rather supplement them for snapshots or a view into specific configuration.

Once Active Directory Explorer is installed, the basic authentication screen appears to connect to a database (Figure A).

Figure A

Click the image to enlarge.

It’s not ideal, but you can create objects, such as a user account, within the Active Directory Explorer tool (Figure B).

Figure B

Click the image to enlarge.

Creating a snapshot of the Active Directory domain (Figure C) will export the entire directory as a .DAT file on local disk.

Figure C

Click the image to enlarge.

You can then apply the snapshot as a comparison to the live configuration of the domain; this is a great way to see what has changed. This can also be a much more comfortable alternative to investigate what has changed rather than seeking out a wholesale of the domain or even selected objects, which can be very impactful to the state of user and computer accounts. Figure D shows a comparison of the snapshot to a live domain being prepared.

Figure D

Click the image to enlarge.

How have you used Active Directory Explorer? If so, let us know what you think of it.

More Sysinternals tools recommendations

• VMMap Sysinternals tool provides visual memory map


• Identify and remove unnecessary startup tasks with Autoruns


• Process Explorer v12’s new server administration features


• 10 Sysinternals tools you shouldn’t be without

"

SUPERAntiSpyware Professional Review And Giveaway [Ghacks Christmas Giveaway]

SUPERAntiSpyware Professional Review And Giveaway [Ghacks Christmas Giveaway]: "

SUPERAntiSpyware is available as a free and professional edition. Both editions are downloadable directly from the developer website. Lets take a quick look at the differences between SUPERAntiSpyware Professional and SUPERAntiSpyware Free.

Both editions support the detection and removal of all sorts of malicious programs including malware, trojans, worms or keyloggers. Users can add files and folders to a whitelist so that they will not be processed during scans.

SUPERAntiSpyware Professional on top of this offers the following features that are not available, or limited, in the free edition:

• Ability to repair HiJacked web browsers and system settings, e.g. resetting the home page, enabling the task manager, broken network connections or desktop policies.
• A feature called First Chance Prevention which analyzes 50 critical points on system start and shut down to eliminate threats before they have a chance to infect the system.
• Threat realtime blocking by monitoring the Windows PC and processes.
• Registry protection against web browser hi-jackers and other threats.
• Auto-scanning on application startup.
• Automatic update checks and definition updates every 8 hours.
• Daily definition updates.
• System diagnostic to locate new threats on the PC.

SUPERAntiSpyware Professional Review

The security software displays a clean interface on startup. Users can press on buttons to perform manual operations. This includes scanning the system for harmful software, configuring scheduled scans, managing the quarantine, editing the program preferences and checking for updates. Update and license information are displayed there as well.

A click on Scan your computer opens the scan menu with options to scan the whole computer system or just a specific drive for malicious programs. SUPERAntiSpyware Professional users can perform a quick scan of the Windows PC, perform a complete scan or custom scan.

The quick scan scans all running programs and processes, critical Registry locations and the most common places on the connected hard drives for harmful software. The complete scan adds the selected drives to the scan list. Custom scan finally can be used to scan specific areas of the operating system (like the Registry or memory) and selected folders.

A system scan takes a while, depending on the speed of the PC and the selections that have been made. The quick scan took a few minutes to complete and results are displayed in detail on the results page. Each possible file and location found are categorized in groups and listed with their local path on the PC. It is possible to unselected items from being cleared, add items or locations to the list of trusted items, report false positives, manage the trusted items list or explain one of the detected items.

Especially the explain detected item can be helpful considering that it is not always clear why a file is being marked as being malicious. This loads a page on the SUPERAntiSpyware page with additional details about the selected item. It still may take more research to find out about a specific item. It is for instance a good idea to upload files to Virustotal for a second opinion.

All selected items will be removed by SUPERAntiSpyware Professional, and it may take a reboot of the system to clean them completely from the system. If it does a reboot is suggested by the security software to complete the process.

Scans can also be scheduled in specific intervals, for instance daily at a specific time or once a week.

All removed items are added to the program’s quarantine from where they can be restored or completely removed.

The control center offers extensive configuration options. Users should especially pay a visit to scanning control which displays scanning related settings. It is for instance possible to include non-executable files in the scan, files that are larger than 4 Megabytes or to terminate memory threats before quarantining them.

Other control center options include the previously mentioned repair options, real-time protection settings and access to scanner logs.

The program is very light on resources while running in the background. It used just a little over 1 Megabyte of system memory. Memory usage can peak at a few hundred Megabytes however during scans, but that is only temporary.

SUPERAntiSpyware Professional Installation

Users can enter the registration code during installation. Privacy conscious users need to pay attention to the installation dialog as system information may be submitted to developer servers to optimize the software. Disabling the option during installation prevents this from happening. The security program is compatible with 32-bit and 64-bit editions of all Windows operating systems from Windows 2000 on.

400Mhz or Faster Processor with at least 256MB RAM

SUPERAntiSpyware Professional Giveaway

We have ten lifetime licenses for SUPERAntiSpyware Professional. Post a comment in this review for a chance to win one of the licenses.

---

© Martin for gHacks Technology News, 2010. | Permalink | Add to del.icio.us, digg, facebook, reddit, twitter
Post tags: ghacks Christmas giveaway, security-software, Spyware, superantispyware, SUPERAntiSpyware Professional, windows software

"