Tag: with

CrowdStrike Partners with Coverity to Ensure Software Security

Hi, my name is George Kurtz, Chief ExecutiveOfficer at CrowdStrike and one of the co-founders. Formerly, I spent about seven years at McAfee,most recently as their Chief Technology Officer and before that I was the Chief ExecutiveOfficer at a company called, Foundstone, which I founded and I am one of the co-authors ofHacking Exposed. So …

How to delete incompatible software with Kaspersky Small Office Security 3

Before you install the Kaspersky SmallOffice Security 3, it is recommended to delete previouslyinstalled Kaspersky Lab products or other anti-virus programs.

If any other anti-virus software remains onyour PC before the installation, it will be found by the setup wizard andremoved automatically.

If the wizard is unable to remove itautomatically it will ask you to remove such software manually How to remove an incompatible program onWindows 8: right click on the blank space on thehome screen click all apps button on the bar thatwill appear in the bottom left corner of the screen in the app's list find the program andright click on it click Remove on the app bar that appearsnext select the program in the programs andfeatures window double click on the name of the program the on installation wizard will start wait until the process is finished.

To remove an incompatible program onWindows Vista, Windows 7, click the start button in the bottomleft corner of the screen select control panel in the menu select programs in the control panelwindow select programs and components in theprogram's window find and select the program that must beremoved in the programs and components window click Yes in the programs and componentswindow.

The computer will start to removeantivirus software, wait until the process is finished.

If you cannot remove the program bymeans of Windows use the corresponding uninstall utilityprogram.

Source: Youtube

Security is Key with Keyscan K-PROX3, Aurora Software and Suprema Readers

Hi, I'm James Duff, product marketing managerfor Dorma Kaba Electronic Access and Data Group here at the ISC West 2016 show in LasVegas.

Among a great many new products at this year'sshow we are happy to introduce our new K-PROX3 reader.

This 125kHz reader is equipped withnew features that specifically work with Keyscan Access Control systems such as Present3 andFacility Lock Down.

K-PROX3 is expected to be released in Quarter 2 2016.

Our Keyscan Aurora Access Control Managementsoftware continues to evolve.

We've added a new 17 bit credential mode to our softwareto prepare for integration with Kaba's e-Plex product line.

This integration enables bidirectionaluse with one credential throughout your facility with Keyscan and Kaba's e-Plex products.

Bometrics returns to Keyscan with Suprema'sBioEntry W and BioEntry Plus Readers.

Suprema readers having a Wiegand output; they functionseamlessly within your Keyscan Access Control environment.

Enhance security in your facilitywith the reliability of biometric readers.

For more information on Keyscan products,be sure to contact your local Graybar representative.

Source: Youtube

Westfield Insurance: Protecting Business Data with IBM Security Guardium software

Westfield Insurance is a 168-year-old insurancecompany.

We are a commercial and personal insurance company based in Ohio at WestfieldCenter.

So at Westfield’s the biggest challengewe have is all the personal information we can carry.

Being an insurance company youhave their information of where they live, what they do, where – their health insuranceinformation.

That is all critical information that we need to protect and figuring out wherewe’re keeping that.

….

So about a year ago, year and a half ago,with seeing everything that’s going on in the world with the attacks, the numerous attackshitting on the different companies, Westfield took a look at itself and said we need todo something.

And they realized it’s something they just couldn’t manually do themselves.

They had to find a tool, something to help them go through this.

So Guardium is a holistic system and it’s grown.

I’ve been using it myself for aboutseven years.

And it started out where we’re just using it for data monitoring and thenit’s moved down to the part where we can do data classification, data discovery.

One of the best features they have right now is the analytics part where it takes a lookat your data as it’s being collected and it looks at the history of what’s goingon and it gives you an outlier.

It says this something different.

We’re seeing somethingthat’s unusual, it’s an unusual pattern.

And I see that right away.

It’s just a reallygreat product that’s helped me move forward in my job as Data Security Engineer.

It helps a small team deal with the challengeswe have with protecting data, identifying and protecting data.

And it’s fairly easyto set up.

And the support you get from IBM to help you figure out what you need and whereyou need to put it is critical and it’s helped us immensely move forward quickly.

Westfield really likes the outliers feature.

This is something that IBM has really put a lot of time and effort into it and has developedover the last couple of years.

Because we are using Guardium and its monitoring24/7, I sleep a lot better at night and so does my management team.

They know it’sin place.

They know that I’ll get an alert, somebody will get an alert if something happens.

Source: Youtube

Integrating with the Licensing API

Hi, my name is Carl and I am a Software Engineeron the Google Chrome team.

In this video, I will describe how to integrate with theChrome Web Store Licensing API.

Suppose you are creating a web app.

The ChromeWeb Store makes it easy to charge people to use that app wherever it is running.

Userswill purchase access to your app right from the Chrome Web Store.

To check whether a userhas paid for your app, use the Chrome Web Store’s licensing API.

The licensing API takes two inputs: the app ID and the user ID.

The app ID is the id the Chrome Web Store assigns to your app when you first createit in the store.

The user ID is the Google-provided OpenIDURL.

Typically, with OpenID the user ID is not shared unless the user explicitly grantspermission to the application; however, Google Chrome grants this permission automaticallywhen the user installs the application.

Users in other browsers will still see an approvalstep.

A number of OpenID libraries may be used todetermine the OpenID URL.

To see a comprehensive list of libraries justvisit http://wiki.

Openid.

Net/Libraries.

Some specific OpenID libraries you can exploreare the following: For Java you can try OpenID4Java.

For Python try using Google App Engine’s Django OpenID.

You can find more information on how to use OpenID in our documentation.

The Chrome Web Store doesn’t allow just anyone to call the licensing API.

The storewill check that the caller is authorized to make a licensing API check for a given app.

In this way we provide separation among the licensing data for various apps.

The developer that creates a web app in the Chrome Web Store is the only user with permissionto call the licencing API for that app.

In order to securely authenticate the ownerof an application, we use OAuth access tokens.

These tokens prove that you have the rightto call the API.

We automatically provide you with an OAuthaccess token in the developer dashboard for each app you own.

An OAuth access token isreally a token and a token secret, but I just refer to them as an access token.

To create a token, go to the developer dashboard and follow the link labeled “AuthToken”.

The next page explains what you need the token for and at the bottom of the page, you willsee a button to generate the OAuth access token.

When you click that button you will see the values for oauth_token and oauth_token_secretfill in.

Those tokens are scoped so they will onlywork to access the Chrome Web Store licensing API and cannot be used to access other informationfrom Google.

Please note that the Chrome Web Store willnot display these values more than one time for security reasons, so, don’t forget tocopy them to a secure location before you leave the page.

If necessary, you can returnlater to generate a new access token.

Now you should have all the data you needto call the licensing API: An OAuth access tokenA User ID and an App ID.

Let’s look at the details of calling the API using HTTP.

The licensing API endpoint is simply a URL containing the app ID and the user ID.

Theapp and user IDs must be URL-encoded.

To call the licensing API, you need to addOAuth signature parameters.

You can use an OAuth library to sign the HTTP requests.

Visit http://code.

Google.

Com/apis/gdata/docs/client-libraries.

Html for a list of libraries that may be used toperform these API calls in various web development languages.

The signing step needs the following pieces of data:The consumer key: This is always “anonymous”.

The consumer secret: This is also always “anonymous”.

The token and the token secret.

The consumer key and consumer secret are anonymousbecause you, the developer, are granting access to the application you own.

JSON is the default response format for API requests.

This response will indicate whetherthe user should be granted permission to use your app.

If you prefer the ATOM format, you can specify alt=atom in the URL.

To learn more about the Chrome Web Store and how to integrate with our licensing API, justvisit code.

Google.

Com/chrome/webstore.

Source: Youtube

Antivirus with Todd A. White

>> Todd: I'm Todd White from ProServ Softwareand Support, and today we're gonna take a moment to Talk Tech.

This episode is "antivirus".

[music introduction] Okay, I'm always asked about beingprotected online.

The producer of this show thought it'd be a good idea to bring up antivirus,and what would happen if she had two copies of antivirus running on her server or computerat the same time.

Here's my take on antivirus: I think everyoneneeds to have antivirus, and there's a couple different companies out there.

I can't suggestone, because whatever I say, someone else is gonna tell you something different.

We all have our own favorites.

Here's what to think about: are the free onesactually providing enough protection? Are the paid ones costing me money to protectsomething that I don't need? And can I run two on my computer, in case I want to be extrasafe? So here's how it works.

When you're runningtwo antiviruses together, let's just suppose I'm going to use two free versions, when theyinstall they're both doing a thing called "active scanning".

When you download a file,as soon as that file's done, antivirus starts to scan that file; that's active scanning.

You don't have to do anything, it's doing it for you.

If you have two versions of antivirus on yourcomputer, and they're both active scanning, then what happens is once the file is downloadedtwo different softwares try to scan the file at the same time, leaving less-than-desirableresults.

Actually, it could corrupt the file and couldprobably harm the OS, depending on what you're downloading.

Think about it this way: when you get theflu shot, you are getting the flu definitions.

And what that's doing is letting your bodystart to fight against that so that if you do get that virus, your body already knowshow to handle it.

Look at antivirus as the same way.

Antivirus uses definitions to combatthe viruses coming in.

If I install two versions, they should havetheir own definitions.

This virus might think that these definitions are the virus.

So thetwo actually kind of cancel each other out.

You're doing more harm than good.

So stick with one choice of antivirus, whateverit is that you wish, get the full version.

And there's other things you can do to keepsafe.

One, make sure your operating system is alwaysup-to-date.

If you have a Microsoft operating system, Microsoft offers online updates.

Ifyou're running Windows 10, that actually is not an option for you, it does it automatically.

Two, make sure your virus definitions areup-to-date.

'Cause even if you bought the antivirus, your definitions are updated asthe manufacturer finds the new threats.

And three, run a firewall of some sort.

Allof Microsoft operating systems, from XP Service Pack 3 all the way up to the latest release,which currently is 10 in the desktop version, has the firewall protection built in.

If youhave the firewall turned on, your antivirus up-to-date, and your operating system up-to-date,you're gonna be safe on the Internet.

As long as you don't do something silly andsay, "Oh my God, I just got an email saying I've won a million dollars in the Australianlottery!".

Don't click the link! Another tip is to do something to help combatmalware.

These are little tools that get in that antivirus doesn't necessarily hit, becauseit's not a virus, it's more of an advertising network that delivers ads to you, probablyunwanted.

Some tools to think about are ADW Cleaner,Spybot Search & Destroy, and Malwarebytes.

All can be found in the notes in our show.

You can also pick up a handy little tool calledCCleaner that cleans your temporary files where most of your viruses build.

That's just a tip from us at ProServ Softwareand Support.

If you like what you see, please subscribe to our show.

Tell your friends aboutit; the more people that subscribe, the easier it's going to be to bring new content to you.

Leave messages on what you'd like us to talk about.

C'mere Rebecca! How'd I do? All right! Say "bye"! >> Rebecca: "Bye!".

Source: Youtube

Protect your virtual infrastructure with Hytrust Appliance v

If you have a large and complex virtual infrastructure,you want to consider a new way of protecting it from potential harm from your end users.

Hello, I am David Strom and we are looking at VMware's vCenter management screens thatshow you a complex setup of 8 different ESX hosts running dozens of VMs in a test environment.

As a virtual infrastructure administrator, I have extraordinarily powerful capabilitiesat my fingertips that can be used for good, but could also be misused.

For example, withone simple right-click, I can bring down core elements of the infrastructure, includingthe Exchange, Sharepoint, or even the vCenter server itself.

We can prevent this with the Hytrust Appliance version 2.

0, which allows you to set up policies,access rules, and other security measures to segregate your virtual infrastructure fromyour users.

Here we are looking at its main dashboard, and you can see our entire collectionof hypervisors.

The Appliance sits on our network in betweenthe virtual infrastructure and the users of the various VMware software pieces that manageit.

It creates ways to separate individuals' duties who only need to manage the applicationsrunning on each VM, or the network pieces, or to perform compliance audits of our virtualizedhosts.

We create a new policy for this vCenter bygoing to Policies/Resources, expand the tree and find the vCenter and then click on applyon the rulesets to assign it to our vCenter core appliance, then click deploy.

This willsetup a rule that prevents anyone other than a network administrator from removing or poweringdown this virtual machine.

We finish this up by going to Policies, roles,edit the HT Core Appliance Admin, then click view all and we can scroll down to see therule covering powering the VM on and off that is part of this collection.

Now when our datacenter admin Ken tries togo into the vSphere client (Inventory, VM, remove from inventory), you will see he can'tremove this host because our policy has prevented him from this action.

We can place further restrictions on how ourVMs are used, such as preventing them from being moved or copied by vMotion's live migrationservice in this screen here in our rule constraints section.

This is something that is uniqueto Hytrust's product.

Let's show another new feature called PassworldVault.

When that is enabled, all the root passwords of our managed hosts are changedby the Hytrust appliance to something very secure and unique.

So what happens if we manuallyneed temporary access to one of our hosts? We go into hosts/hosts and click on one ofour hosts ESXi2 and then choose password and enter the appropriate information.

We havetwo minutes to make a copy of it and then the specified two hours to login and makethe changes.

Another feature is a series of more than 30different hardening procedures that are performed automatically when we want to make sure thatour hosts are under payment card industry compliance guidelines.

We go to Hosts/templatesand click on the PCI entry and you can see the list of the procedures as we scroll down.

Now let's show you how easy it is to do thiscompliance monitoring and remediation with a sample policy that I have set up.

We selectthe hosts that we want check, run the remediate process, and we see that most of them arewithin our guidelines, but one host needs further assessment.

A new feature is the ability to search fora particular host and then perform any necessary actions on it.

Here you see this, which isvery helpful for larger virtual installations.

Getting used to the various collection ofmenus, commands, policies and rules will take some doing, as well as setting up the properaccess controls for each role and tying things all together.

Thanks for watching my screencast review.

This is David Strom, feel free to watch other videos at Web Informant dot tv, check outmy other articles, or book me for an upcoming speaking gig using the links here.

Source: Youtube

Transform, connect, inform and protect your enterprise with Dell Software

Hey.

It's Bill McCartywith Dell Software, here at Dell World2013 in Austin, Texas.

So let's visit the softwarebooth here at the Dell World Solutions Center, to learn howDell Software solutions are helping customerstransform, connect, inform, and protect their enterprises.

Well, there are a lot of waysthat organizations are trying to transformthemselves right now.

Two of the big ways are byadopting new agile platforms like Cloud or Mobile.

And another is they'restarting to want to move at a much higher rate.

What you might callthe speed of Cloud.

Dell Software allowsIT organizations to focus more on the businessesand their internal customers than on just the internaloperations of IT.

That's the future of IT.

So I think Cloud is areally strong possibility and I think everybody'sreally excited about migrating to the Cloud.

What we've got with our EMM– orEnterprise Mobility Management solution– now is theability to manage the devices in different ways.

So if it's a corporate-issueddevice– you own it, manage the whole devicewith our EMM solution.

If it's a personally-owneddevice, then all we're managing is the corporate-issued orliable workspace that's on it.

In the real worldtoday, people are using a littlebit of everything.

IT has that challenge, andthat's how we'd help solve it.

I'm here today to participatein Dell World, but really interested in what youfolks have been doing with your Enterprise MobilityManagement solution primarily.

So that's my interest in DellSoftware is initiatives here.

We're excited about Toad BISuite and the Toad Data Point product, the ToadDecision Point product, and our customers being able touse that to better collaborate across IT and thelines of business– the people that areworking with the data from the IT side of things.

And on the other side of thefence, working with the data to make better decisions,and be able to build a collaborativeenvironment, leveraging what they're doing withtheir other BI systems that they've already spentmillions of dollars with.

And being able to addonto that, complement it, and add more agilityto their business.

My historicrelationship with Dell has been hardware purchases.

And now, I find myselfthinking of them in broader terms ofcomplete IT services.

As customers are talkingto us more and more about protecting their data,protecting their environment– what we're seeing consistentlyis they have this great need to have instant on instantaccess to their data 24 hours a day,seven days a week, exactly like they want it.

Dell's value proposition is webrought together these assets from Quest, from AppAssure,and from Dell Storage is to match backup tobusiness to give customers exactly what they're looking forto meet the needs of this very modern, very active generation.

Data protection isa primary concern for Tarleton State University.

We have an informationsecurity officer who works with my team tryingto find solutions that minimize risk, but aren't cumbersometo our customers.

You can buy securitysolutions from a number of different vendors, butthey don't interact together.

And that leaves silosbetween the solutions, and those silos or securitygaps that the bad guys can take advantage of andget into your system.

Connected securityis about integrating.

It's about integrating all yoursecurity solutions together to close those silos,to limit those gaps, so that the exposure toAPT's malware, bad guys, whether they'reinside or outside is limited, mitigated, andperhaps even eliminated.

There are probablythree big initiatives that I've been thinking about.

Managing our virtualinfrastructure, mobility, and security.

It's been really goodto come in and get some one-on-one conversationswith some product and/or marketingspecialists to really get some clarity as tohow that Dell product offering mightapply to Barnhardt.

So, a lot of great solutionsbehind me at the Dell Software booth here at Dell World 2013.

To learn how you can simplifyIT management with integrated IT solutions from Dell Software,visit Software.

Dell.

Com.

Source: Youtube

Protect your critical data with a ZeroIMPACT migration from Dell Software

Migrations are anongoing fact of life, especially for IT organizations.

Whether upgradingLegacy platforms, moving to new platforms,supporting mergers and acquisitions, ormoving to the Cloud, it's a good betthere's a migration of some kind in your future.

Without proper planning,though, migrations can be far more complex andexpensive than necessary, Interrupt the continuityof your business, and put critical data at risk.

Poor planning can also leaveyou with a post migration environment that is inefficientand difficult to manage, but you can dramaticallyreduce migration issues and maintain thecontinuity of your business with ZeroIMPACTMigration Solutions from Dell Software and DellSoftware ZeroIMPACT Migration Methodology.

The ZeroIMPACT Methodologydescribes the four pillars of a solid migration plan,prepare, migrate, coexist, and manage, and helps ensurea worry-free migration, and Dell Software Solutionshave helped migrate more than 50 million mailboxes toExchange, many from platforms such as Notes,GroupWise, and Google.

We've migrated morethan 65 million users to Active Directory andover 600 terabytes of data to SharePoint.

Dell Software Solutions helpyou prepare for your migration by letting you perform detailedanalysis of your current data, generate reports oncurrent inventory, and form a better planfor the architecture of your new environment.

You can also migrateto your new environment faster and with feweruser disruptions by scheduling migration tasks,automating user and site provisioning, and generatingdetailed migration status reports.

During your migration, you canenable complete coexistence by synchronizing directory,calendar, and email content, enabling free/busylookup between systems and keeping Legacyapplications working as your new environmentcomes online, and you can better manageyour new environment after the migration iscomplete with enhanced problem detection, diagnostics,and resolution capabilities that far exceed thoseof native tool sets.

So with Migration Solutionsfrom Dell Software and the ZeroIMPACTmethodology, you really can mitigate the risk ofmigrating, consolidating, and restructuring data withfewer resources and little or no impact to end users.

To learn how, visitDellSoftware.

Com/ZeroIMPACT.

Source: Youtube

Protect company email with GFI MailEssentials

GFI MailEssentials, our award-winningemail security product for on promise email servers comes in twoeditions the anti-spam addition which offersanti-spam technologies to block email spam and the email security editionwhich blocks malware and other email threats, combine botheditions in the unified protection edition and this gives you protection on allfronts, with several plugins including our spam razor technology Bazian, DNS BL, purbl and more GFI MailEssentials helps you blockmore than 99 percent of spam with zero false positives.

Users evenhave the ability to whitelist or blacklist emails from within theirown Outlook client using our new spam tag add-on.

Our Email Securityversion comes with up to five anti-virus engines to blockany viruses or malware from your email, Vipre and BitDefenderare enabled by default Norton, McAfee and Kasperskycan be purchased separately with the powerful content filteringengine emails can be blocked based on keywords in the subject line or in the body copy, it even blockscontent based on the attachment types GFI MailEssentials givesyou the option to stop emails containing information such as,credit card numbers and social security numbers with the further added benefitof offering data loss protection all blocked emails are either deleted orredirected to the secure quarantine.

The spam quarantine is managedby the individual users where a digest can be sentperiodically via email to them for malware and other serious threatemails would go to the malware quarantine which is managed bythe admin.

GFI MailEssentials also comes with a built-in reportingengine which enables you to detect any issues attacks and troubleshoot mail flowissues for free 30-day trial got www.

Gfi.

Com/mailessentials.

Source: Youtube