Tag: –

How to fix unknown error – Security Software (Win XP)

Security software can cause unwanted conflictswith iTunes on a windows pc security software does not always recogniseitunes as a friendly application, and may block it from restoring or updating this article explains how to disable securitysoftware, even if you don't know what you have on your computer. The first step is to click on the …

How to fix unknown error – Security Software (Win 7)

Security software can cause unwanted conflictswith iTunes on a windows pc.

security software does not always recogniseitunes as a friendly application, and may block it from restoring or updating.

this video explains how to disable securitysoftware, even if you do not know what you have on your computer.

the first thing to do is click on the startmenu and in the search box at the bottom type in msconfig.

once the window comes up, we want to go toselective startup, and un-tick load startup items.

we'll then go across to the servicestab, hide all microsoft services, and then disable all.

we'll go across to the startuptab.

and we want to look for anything that represents itunes or apple and enable those.

once your done you can click apply and thenok.

and it should prompt you then to restart the computer.

now that the computer is restarted, we'regoing to go back down to the start menu and type in msconfig one more time.

once the windowcomes up we'll go across to the startup tab.

and we're going to look for anything thatwas unticked previously and has now re-ticked itself.

in my example it is kaspersky anti-virus once we've identified what we need to getrid of we'll go to the control panel.

It's probably simpler if you change the view fromsmall icons in the top right corner to category view, that way we can go down to uninstalla program and once a list of programs loads we'll findthe security software that had re-ticked itself as we just saw.

in my example that was kasperskyanti virus once we uninstall this software, you'll befree to use itunes without any risk of the security software blocking that connection simply follow the prompts provided to uninstallthe software and if you have any questions or queries regarding how to do that, referto the software's website.

Source: Youtube

Chrome Packaged Apps – Security Model

Hello! My name is Adam Barth and I work onthe Chrome team’s packaged apps effort.

I am here to talk to you about the securitymodel of packaged apps.

Packaged apps have access to features andservices that a normal web app would never have access to.

Users need to be confidentthat the apps they install will not behave in unexpected ways that endanger their system.

Chrome has a variety of defenses and protections that make it easier for you to create saferapps.

The first is process and storage isolation.

One of the foundations of the web security model is that a web app or site on one domainis not allowed to affect the data held in another.

This same principle is upheld forpackaged apps too.

 Even though an app is installed, actions inside it should not beable to directly affect data in another.

Each packaged app runs in its own process,so if something goes awry it will not directly affect apps running on the user’s system.

The data stored in each app is also sandboxed and isolated from other packaged applicationsinstalled on the user’s system.

This means that a file saved in the app will only bevisible to the app and the user that created it.

Secondly, Chrome makes use of a technology called Content Security Policy, commonly knownas CSP.

This technology helps protect users and developers from common cross-site scriptingattacks that can be found on the web.

 In fact CSP is enforced by default for everypackaged app.

Because packaged apps have access to evenmore features than a web app, CSP has disabled some features that you might expect as a developersuch as: Inline scripts like click handlers and <script>tags with code inside and ‘eval’ and the ‘new function’methods We know that sometimes you need to use thesefeatures so we’ve introduced a feature called “sandboxed pages”.

 These are pages inyour app that use all the features of the current web such as eval, new Function andinline script tags, but importantly have no direct access to advanced packaged app features.

The third protection in apps is the permissions model.

Apps can’t just use any feature theywant.

The user needs to have granted access to this feature.

 You can easily declareyour apps intent by configuring the permissions that you need in the manifest file.

For exampleyou can declare that your app needs access to the user’s video camera, or access toraw sockets.

Finally another security measure is the <browser>tag for web content.

Imagine you are building an RSS feed readerthat will show news articles in the app experience.

Adding web content directly is dangerous,as you have no control over what external authors are adding to their content.

Howeverthe user experience demands that you show the content.

The <browser> tag is like aniframe in that it will allow you to embed web content into your app from an externalresource but it is entirely isolated from your app.

This was just a quick overview of the security model for packaged apps.

To learn more on how to develop packaged apps visit developer.

Chrome.

Com/apps.

Source: Youtube

VMware and Trend Micro: Security for the Software Defined Datacenter – Trend Micro

Hello, I'm Steve Kwan[sp].

And I'm here with Adim Nahid[sp] And we're excited to do another year of a great partnership between VMware and Trend Micro.

Over the last [xx] years our customer have been moving quickly to adopt cloud.

And security is top of mind for them and I think the relationship has really helped to [xx] [xx] that adoption, Trend Micro has been able to deliver a lot of the security capabilities from an end-point perspective and more within the context of the VMware environment.

Deep Security is a shield around our virtual [xx].

It does anti-malware, it does firewall, it does intrusion prevention log inspection.

It's very easy to deploy and manage.

Deep Security allows companies to scale at a very rapid rate.

Without Deep Security Virtual patching, we would not have been able to bring this project live.

Trying to have the in-depth knowledge of security in a virtual world, and in a the cloud that we needed.

Source: Youtube

SolarWinds Security Software – Log & Event Manager

Hello, I'm Rob Johnson, Sales Engineer here at SolarWinds and today I'd like to introduce you to an important product in SolarWinds' security portfolio: SolarWinds Log & Event Manager or LEM.

Log & Event Manager is a Security Information & Event Management (or SIEM) product designed to make monitoring log data for security easy.

SIEM solutions, like LEM, are built on the principle that centralizing your log data, analyzing it in real-time, and providing you actionable intelligence is critical to keeping your business secure.

Core features of SIEM solutions include: Log & event data centralization, Event correlation historical analysis or search and reporting.

Log & Event Manager has these features and more.

The heart of any SIEM tool is data collection.

Collecting this data is the core of your ability to track, audit, and correlate critical security events.

LEM supports data collection from hundreds of different devices out-of-the-box.

These devices and logs generate messages that include things like authentication, network and security activity, system changes, and more.

Correlation is an important feature of true SIEM tools, and LEM provides real-time event correlation as your events are collected.

Correlation rules can be as simple as "any logon failure" to the more complex "alert on logon failures to my servers from remote desktop.

" Also, time and frequency correlations like "alert me when you see 5 logon failures from the same IP address to my servers from remote desktop" to multiple event correlations like "alert me when you see multiple logon failures followed by a successful logon from the same account.

" LEM also ships with hundreds of predefined correlation rules out-of-the-box to solve your most critical log & event monitoring needs quickly.

Beyond correlation, LEM has the ability to automate remediation steps with dozens of built-in active responses.

Within a correlation rule or manually from your LEM console, if you spot suspicious activity yourself , you can instantly perform actions like disabling a domain user account after repeat suspicious activity, removing a user from a privileged group like local admins, or blocking an attacking IP address.

LEM's visibility extends beyond servers and network devices into endpoint activity as well.

With USB-Defender, you can monitor systems for usage of USB mass storage devices, including what files and processes are being launched.

If you see something you don't like you can detach the USB device or build correlation rules to detach automatically based on what should be allowed.

If you need to extend your USB device policy to laptops that might be regularly disconnected or isolated, USB-Defender includes local policies that will be enforced as if they were.

Once you've started collecting log & event data, it's critical to have extended historical analysis, search, and reporting capabilities as well.

Troubleshoot or perform some basic forensic analysis with LEM's historical search functionality, which includes visual tools to help spot potential issues without combing through text of log records.

Report on historical data to create audit trails using our hundreds of pre-built report templates.

Last but not least, compliance initiatives all but spell out that a SIEM system is critical in establishing and maintaining compliance with requirements like PCI, HIPAA, Sarbanes-Oxley and others, not to mention countless internal audit requirements.

LEM includes content categorized specifically for compliance, making it easy to find various rules and reports applicable to a range of industries.

To learn more or to download a fully-functional 30-day trial of LEM, go to www.

Solarwinds.

Com.

Source: Youtube

Introducing Kaspersky Security for Mobile – 2014 – Mobile Device Management (MDM) Software

Transcript | Introducing Kaspersky Securityfor Mobile >>Introduction: Thank you for watching Kaspersky Lab’s video on Security for Mobile >>Text: Introducing Kaspersky Security for Mobile >>Tom Fitzpatrick: Mobile devices have transformedthe way we work and live.

>>Tom Fitzpatrick: And the average personnow uses three or more devices when they're out and about! >>Tom Fitzpatrick: Unfortunately, though,they have also extended the necessary security perimeter beyond your office and out intothe airport lounges and coffee shops of the world.

>>Tom Fitzpatrick: This, along with the BringYour Own Device trend, is creating new and complex security challenges for administratorslike you.

>>Tom Fitzpatrick: Case in point how manyof your employees consider your security polices when they're choosing a mobile devices? >>Tom Fitzpatrick: Probably not many! >>Tom Fitzpatrick: When employees are using mobile devices the business of course sees increased productivity, cost-efficiency andflexibility.

>>Tom Fitzpatrick: But you see something else another attack vector another opportunity for data loss and another bunch of devicesto manage.

>>Tom Fitzpatrick: Suddenly BYOD and mobility has become your problem.

>>Tom Fitzpatrick: Kaspersky Security forMobile combines a mobile security agent with mobile device management capabilities.

>>Tom Fitzpatrick: It gives you increasedvisibility and deeper security for mobile endpoints without the complexity of separate solutions.

>>Tom Fitzpatrick: The key features include support for both tablets and smartphones MDM for the administrator including over the airprovisioning and agent-based mobile security for the device.

>>Text: Mobile device management (MDM) >>Tom Fitzpatrick: MDM allows administrators to securely configure and deploy smartphones and tablets in a similar way to PCs, laptopsand other IT assets.

>>Tom Fitzpatrick: You can extend your wired security strategy and policies to your mobile devices, where ever they happen to be.

>>Tom Fitzpatrick: As the administrator, using our integrated console you can automate management and control tasks such as device configuration software updates and backup and restore.

>>Tom Fitzpatrick: You can define policiesin a granular, flexible way, right down to the device itself.

>>Tom Fitzpatrick: For example, jailbrokenor otherwise compromised devices can be blocked from your network, remotely locked, or even wiped.

>>Tom Fitzpatrick: You'll also receive a notification whenever one of these devices tries to connect, so you can track down rogue devices.

>>Tom Fitzpatrick: And with over the air provisioning, you can configure and control devices remotely, simply by sending a text message or an email.

>>Tom Fitzpatrick: From there, users are directed to a captive portal where your applications and your preconfigured settings are downloaded.

>>Tom Fitzpatrick: This means you don't have to physically handle the device to provision and control it.

>>Text: BYOD made easy >>Tom Fitzpatrick: Because mobility and BYOD can create a gaping hole in your security posture, you should apply tough restrictions on all devices including those that are employee owned.

>>Tom Fitzpatrick: One such technology that you should plan on implementing is Containerization.

>>Tom Fitzpatrick: It's a simple solutionthat completely separates personal and business content on a device.

>>Tom Fitzpatrick: If the phone gets lost,the administrator can enable a remote lock or delete the business content.

>>Tom Fitzpatrick: This is important if theemployee leaves the company and wishes to take their own device with them.

>>Tom Fitzpatrick: For additional security,Kaspersky makes it easy to enable the encryption of sensitive data within the container, which reduces the impact of a lost or stolen device.

>>Text: Kaspersky Lab's Mobile Device Managementand Mobile security >>Tom Fitzpatrick: Because MDM is a managed component of the Kaspersky Security Center, you won't need additional training to beginsecuring your mobile deployments.

>>Tom Fitzpatrick: And because our award-winning anti-malware technology sits at the core you can rest assured that your devices are protected from an ever-growing number of mobile threats.

>>Tom Fitzpatrick: There are plenty of otherfeatures that Kaspersky Security for Mobile enables, such as GPS find, forced passwords, and SIM watch, which will notify you if a SIM card has been changed.

>>Tom Fitzpatrick: By simplifying and automating the secure configuration of multiple devices you're not only reduce your administrativeburden, but you're also supporting better mobile security practices.

>>Text: Kaspersky >>Text: Get started now: Free 30 Day Trial>>Text: Register at kas.

Pr/business-trial >>Text: Join the conversation #securebiz.

Source: Youtube

Networking Security Intro – Georgia Tech – Software Defined Networking

To see how see how a DNS cache poisoning attack works, consider a network where a stub resolver issues a query to its recursive resolver, and the recursive resolver in turn sends that A record query to the start of authority for that domain.

Now, in an ideal world, the authoritative name server for that domain Would reply with the correct IP address.

If an attacker guesses that a recursive resolver might eventually need to issue a query for say, www.

Google.

Com.

The attacker can simply reply with multiple, specially crafted.

Replies each with different id's.

Although this query has some query id, the attacker doesn't need to see that query because the attacker can simply flood the recursive resolver with a bunch of bogus replies and one of them, in this case the response with id3 will match.

As long as this bogus response reaches the recursive resolver before the legitimate response does, the recursive resolver will accept this bogus message.

And worse, it caches the bogus message.

And DNS, unfortunately, has no way to expunge.

A message once it has been cached.

So now this reclusive resolver will continue to send bogus A record responses for any query for this particular domain name until that entry expires from the cache.

Now there's several defenses against DNS cache poisoning, and we've already seen one, which is the query ID.

But of course, the query ID can be guessed.

The next defense is to randomize the ID so rather than having a resolver, end queries where the ID's increment in sequence, the resolver can pick a random ID.

This makes the ID tougher to guess, but still, the query ID is only 16 bits, which still makes it possible for an attacker to flood the recursive resolver with many possible responses.

And, it's likely that, with relatively few responses, One of these bogus responses will match the ID for the real query.

Due to the birthday paradox, the success probability for achieving a collision between the query ID of the query ,and of the response actually only requires sending hundreds of replies, not a complete 32,000.

Due to the birthday paradox, The probability that such an attack will succeed, using only a few hundreds of replies, is relatively close to one.

The attacker does not need to send replies with all two to the 16th possible IDs.

The success of a DNS cache poisoning attack not only depends on the ability to reply to a query with a correct matching ID, but it also depends on winning this race.

That is, the attacker must reply to that query before the legitimate authoritative name server replies.

If the bad guy, or the attacker, loses the race, then the attacker has to wait for that correct cached entry to expire, before trying again, however the attacker can generate his own DNS query.

For example, he could query one.

Google.

Com, two.

Google.

Com and so forth.

Each one of these bogus queries will generate a new race.

And eventually the attacker will win one of these races for an A record query.

But who cares? Nobody necessarily cares to own one.

Google.

Com, or google.

Com.

The attacker really wants to own the entire zone.

Well the trick here is that instead of just simply responding with A records in the bogus replies.

The attacker can also respond with NS records for the entire zone of google.

Com.

So by creating one of these races, using an A record query, and then responding not only with the A record response, but also with the authoritative of the NS record,for the entire zone.

The attacker can in fact own the entire zone.

This idea of generating extreme of A record queries to generate a bunch of races and then stuffing the A record responses for each of these with a bogus authoritative NS record for the entire zone.

Is what's called the Kaminsky Attack, after Dan Kaminsky, who discovered the attack.

The defenses of picking a query ID and randomizing the ID, help, but remember the randomization is only 16 bits, so let's think about other possible defenses.

Source: Youtube

Need for Network Security – Georgia Tech – Software Defined Networking

In addition to having query ID and randomization of that ID, the resolver can randomize the source port on which it sends the query, thereby adding an additional 16 bits of entropy to the ID that's associated with the query.

Unfortunately, picking a random source port can be resource intensive and also a network address translator or a NAT, could derandomize the port.

Another defense is called the 0x20 or the zero x20 encoding, which is based on the intuition that DNS matching and resolution is entirely case insensitive.

So capitalization of individual letters in the domain name do not affect the answer that the resolver will return.

This 0x20 bit, or the bit that affects whether a particular character is capitalized or in lower case can also be used to introduce additional entropy.

When generating a response to a query such as this one, the query is copied from the DNS query into the response exactly as it was in the query.

The mixed pattern of upper and lower case letters thus constitutes a channel.

If the resolver and the authoritative server can agree on a shared key, then the resolver and the authoritative are the only ones who know the appropriate pattern of upper and lower case letters for a particular domain name.

Because no attacker would know the appropriate combination of upper and lower case letters for a particular domain.

It becomes even more difficult for the attacker to inject a bogus reply, because not only would the attacker have to guess the ID, but the attacker would also have to guess the capitalization sequence for any particular domain name.

Source: Youtube

Routing Security – Georgia Tech – Software Defined Networking

The first worm was designed by Robert Morris, Jr.

in 1988.

The worm itself had no malicious payload but, it ended up bogging down the machines that it infected by spawning new processes uncontrollably and exhausting resources.

And at the time it was released, it affect ten percent of all Internet hosts.

It spread, through three different propagation vectors.

The worm tried to crack passwords ,using a small dictionary and a publicly readable password file and also targeted hosts.

That were already listed in a trusted host file, on the machine that was already infected.

This ability to perform remote execution was one way, that the worm was allowed to spread.

The second way that it spread ,was in a buffer overflow vulnerability, In the finger demon.

This was a standard buffer overflow exploid.

And ,if you don't know about buffer overflows, I would urge you to take a computer security coarse.

But essentially, this is a very common attack that makes remote exploits possible, effectively resulting in the ability to run arbitrary code.

At the root level privilege.

The third way that worm spread, was via the debug command in send mail, which is a mail sending service.

In early send mail versions, it was possible to execute a command on a remote machine by sending an SMTP message.

The worm used this, capability to spread automatically.

A key theme that we'll see In the design of other worms, is this use of multiple vectors.

Now any particular worm, may end up using, a different set of vectors depending on the remote vulnerabilities that it's trying to exploit.

But the idea that any worm should be able to exploit multiple weaknesses in a system gives it more ways to spread.

And often also speeds up the propagation of the worm.

This worm design also followed the following general approach, which we see showing up over and over again in worm designs.

First, the worm needs to scan other hosts to find potentially vulnerable hosts.

In the second step, it needs to spread.

By infecting, other vulnerable hosts.

And in the third step, it needs to remain undiscoverable and undiscovered so that it can continue to operate and spread without being removed from systems.

Source: Youtube

DNS Security Quiz Answer – Georgia Tech – Software Defined Networking

Let's talk about how to infer denial of service activity using a technique called backscatter.

The idea behind backscatter is that when an attacker spoofs a source IP address, say on a TCP SYN flood attack, that the replies to that initial TCP SYN from the victim will go to the location of the source IP address.

This replies to forged attack messages are called" backscatter".

Now the interesting thing about backscatter is that if we can assume that the source IP addresses are selected by the attacker at random, and we could set up a portion of the network where we could monitor this back scatter traffic, coming back as SYN-ACK replies to forged source IP addresses.

If we assume that these source IP addresses are picked uniformly at random, then the amount of traffic that we see as back scatter.

Represents exactly a fraction that's proportional to the size of the overall attack.

So for example, if we monitor N IP addresses and we see M attack packets, then we expect to see here N over two to the 32 of the total back scatter packets and hence of the total attack rate.

If we want to compute the total attack rate, we simply invert this fraction.

So for example, in this case, if our telescope were a slash eight, or two to the 24th IP addresses, we would simply multiply our observed attack rate x by two to the 32 divided by two to the 24 or 255.

Source: Youtube