Tuesday, May 26, 2009

Steps to Maintain and Secure Your Computer

There are some basic steps for Computer Maintenance which helps the users to run computer smoothly:--

1. We should perform the "disk cleanup" task on the regular or weekly basis.

2. We should perform the "defrag" task on the monthly basis.

3. We should un-install all unwanted programs from your computer.

4. We should remove all the unwanted startups items by using the "msconfig" utility.

5. We should always delete all the temporary internet files like "temp, %temp% and prefetch files" from your computer.

6. We should perform "scan disk" task on the monthly basis.

7. We should take the back up of backup of some important files and registries before performing any task on computer.

8. We should keep at least 5% free space on the 'C' drive.

9. We have to use power button to make the computer off in critical conditions.

Now, I am providing some tips related to "Computer Security" that helps the users to run the computer without any virus threats. These are the following steps for the "Computer Security”:--

1. You should scan your computer by using any updated anti virus program.

2. You should install and download any anti-malware program like "Anti-malwarebytes" for the malwares issues.

3. You should update "Anti-malwarebytes" program over the specific time.

4. You should scan computer using the "Anti-malwarebytes" program.

5. You should follow the same procedure for "Superanti-spyware" program as we have done for "Anti-malwarebytes".

6. You should delete all the Internet temporary files like temp, %temp% and prefetch files.

Your computer will run smoothly and properly by following all these above troubleshooting steps. We can conclude that It is very necessary to have knowledge of the "Computer Maintenance and Security" and some support for the computer. These safety guidelines help the user to run the computer smoothly and properly. There are also some good companies which are providing the support like iYogi Technical Services Pvt. Ltd, IBM, Microsoft, Dell, HP and many more. We need to update all the security software on the regular basis.

Tuesday, May 19, 2009

Red5 Media Server and Security

Here are the steps to configure SSL in existing Red5 application.

Software required on machine where Red5 server is installed:-

1: Open SSL //Open source SSL libraries required for compiling Stunnel

2: Stunnel //Open source SSL wrapper software uses open SSL works both on
Windows and Linux.

3: gcc // The GNU C compiler (although it always bundled with Linux

Machine, but I did not find it. Necessary if you are compiling the Open SSL and Stunnel from source. Not required if using RPM

Configuration needed on server machine:-

1:- Install the Open SSL (if windows use exe RPM or source for Linux machine can be downloaded from openssl website).

2:- Install Stunnel (if windows, use exe otherwise RPM or compilation from source is preferred, can be downloaded from stunnel website). Make sure that you already have compiled Open SSL in your machine before proceeding with the installation of Stunnel; otherwise it will fail to compile.

Under Linux the standard command to compile Stunnel from source are described below. For any update please always follow the installation instructions given their website.

machine# gzip -dc stunnel-VERSION.tar.gz tar -xvzf -
machine# cd stunnel-VERSION
machine# ./configure
machine# make
machine# make install

There are several configurations that differ based on your computer and environment. That can be read from the website itself.

3:- Running Stunnel
To run stunnel, you always require a configuration file. The process of making sample configuration file (stunnel.conf) is described below.

The sample configuration file used was like this:

sample.conf

; Sample stunnel configuration file by Sunil Gupta 2007
; Some options used here may not be adequate for your particular configuration

; Certificate/key is needed in server mode and optional in client mode
; The default certificate is provided only for testing and should not
; be used in a production environment

cert = /etc/stunnel/stunnel.pem
;chroot = /var/run/stunnel/
pid = /stunnel.pid
key = /etc/stunnel/stunnel.pem

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS

; Authentication stuff
;verify = 2
; Don't forget to c_rehash CApath
;CApath = certs
; It's often easier to use CAfile
;CAfile = certs.pem
; Don't forget to c_rehash CRLpath
;CRLpath = crls
; Alternatively you can use CRLfile
;CRLfile = crls.pem

; Some debugging stuff useful for troubleshooting
debug = 7
Output = /var/log/stunnel.log
foreground=yes
; Use it for client mode
; client = yes
; Service-level configuration

;[pop3s]
;accept = 995
;connect = 110

;[imaps]
;accept = 993
;connect = 143

;[ssmtp]
;accept = 465
;connect = 25

[rtmps - https]
TIMEOUTconnect=20
accept = 443
connect = 80
TIMEOUTclose = 20

; vim:ft=dosin

Finish

Note: - When you install Stunnel, you get a default sample file, which is not enough in most of the cases to run the flash application. The additions to configuration file I made are as follows.
Also the line having ; in the start denotes the commented portion in file.

cert = /etc/stunnel/stunnel.pem
key = /etc/stunnel/stunnel.pem

pem stands for 'privacy enhanced mail' used as a key format. The above two lines tells the location of pem files need to be generated. This will be configured by user. The above is the best location for Stunnel although you can change it to any desired location.

;Some performance tunings

socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

The above two lines are for better performance of Stunnel in our case.

; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS

The above line is a bug in a specific platform, since we are running it in Linux; we commented this line, although it could be needed in some case.

; Some debugging stuff useful for troubleshooting
debug = 7
Output = /var/log/stunnel.log
foreground=yes

The above lines are very important, Because Stunnel by default run in background mode. You will never be able to see if it is running. So better to put it in foreground, so that you can make sure that stunnel is running properly. Also the debug = 7 is very important since by default stunnel does not generate any log. You can direct him to generate log, so that you can debug your application by seeing all those log messages. The above mentioned log directory is default Linux directory where all system logs are generated.

; Use it for client mode
; client = yes

In the sample configuration file, you will always find this option un-commented leading to a different architecture, since we are running Stunnel in server mode not client mode, so we will comment this line.

[rtmps - https]
TIMEOUTconnect=20
accept = 443
connect = 80
TIMEOUTclose = 20

And the very last lines are mentioned above. In the sample configuration file, you will never find rtmps and it is not even mentioned anywhere in Stunnel. The default file contains only https, add rtmps like it is added here. Also accept port is 443, which is the default port used for secure communication and it is open like port 80 in all corporate firewalls in general. This port is to accept the connection from flash and to get the encrypted data. The connect port is 80; this is the port where stunnel will forward the decrypted data to red5 server.
The TIMEOUTconnect and TIMEOUTclose can be useful in some cases when the server where the data is being forwarded by Stunnel is delaying the connection. This is to make sure that connection is closed only when server is not responding at all. The value is in seconds (i.e. 20 sec.)

Now in order to run your application under secure connection, you require a certificate to be created on the machine where the Stunnel is installed. The procedure for creating a certificate and the possible directory to put this certificate is described below.

Use of certificate:-

When an SSL client connects to an SSL server, the server presents a certificate, essentially an electronic piece of proof that machine is who it claims to be. This certificate is signed by a 'Certificate Authority' (hereafter a CA) -- usually a trusted third party like Verisign. A client will accept this certificate only if
The certificate presented matches the private key being used by the remote end.
The certificate has been signed correctly by the CA. The client recognizes the CA as trusted.

Every stunnel server has a private key. This is contained in the pem file which stunnel uses to initialize its identity. If we notice above, we have given the reference of this pem file in the start of our configuration file under cert.

This private key is put in /usr/local/ssl/certs/stunnel.pem.

Note:-Under client mode we need not to have certificate in most of the cases, but if we are running it in server mode, we require a certificate. Since we are using server mode, I have generated a self certificate.

To make certificate:-

1: Go to /etc/stunnel directory and
2: Run the following command:-'

openssl req -new -x509 -days 365 -nodes -config stunnel.cnf -out stunnel.pem -keyout stunnel.pem

This creates a private key and self-signed certificate. More information on the options of this can be read from FAQ section of Stunnel website.

While executing the command, it will ask for some questions like Country, City, Company etc., Give the answer of those and it will generate the key and self certificate.

4:- Put your sample.conf file in /etc/stunnel directory where the .pem file was created earlier.

5:- Start Stunnel by issuing the command -

machine# stunnel stunnel.conf

If you are /etc/stunnel directory otherwise complete path of configuration file-

machine# stunnel /etc/stunnel/stunnel.conf

The above command will start the stunnel and you can verify the log from /var/logs/stunnel.log file.

Red5 server side changes:-

6:- Now stunnel is up and running, we need to change the Red5 configuration to accept the connection from Stunnel.

Go to red5 installation directory and search for conf folder where all red5 configuration files exist.

Open red5.properties file and under rtmps.host_port property put 443. The sample file can be like below.

rtmp.host_port = 0.0.0.0:1935
rtmp.threadcount = 4
debug_proxy.host_port = 0.0.0.0:1936
proxy_forward.host_port = 127.0.0.1:1935
rtmps.host_port = 127.0.0.1:443
http.host=0.0.0.0
http.port=5080
rtmpt.host=0.0.0.0
rtmpt.port=80

Flash client side changes:-

7:-Now we are done with server side, In order to run application under SSL, we need to change the client side protocol from rtmp to rtmps like below. And compile the flash client and run it on browser, a certificate will pop up, accept it and the application will run under SSL.

nc.connect ("rtmps://yourip/applicationname"); //used rtmps in place of rtmp

Source:http://ezinearticles.com/?Red5-Media-Server-and-Security&id=1226458

Wednesday, May 13, 2009

How to Extract IDs and Security Policy from Windows Servers?

Windows server security is main concern because server is the heart of a small business. So its better to provide good server security. So we have to review in short span of time all server security.

Check password policy set in the Windows Operating System i.e. password is required, no expiration, minimum password length. Weak or IDs without passwords are an open invitation for intruder to hack into your computer systems.

Step 1 How to extract IDs and Security Policies From the Windows Server.

a) I use a neat free tool called Somarsoft ACL.

b) Install the tool and Run DumpSec program.

c) Extract the permissions of user, group, file system, registry, password policy and other information you find useful.

Step 2 Cross check the IDs with the Administrator

a) Once you have extracted these information, cross check with the administrator if all the IDs and password policy extracted from the tool are valid and necessary.

b) Delete or disable the unnecessary IDs and enforce the stronger password policy.

c) Further ensure that only IDs that are absolutely required are active and enforce a strong password policy using Windows Active Directory. e.g. complex alphanumeric password, 180 days password expiration. As for PC make sure the administrator password is changed and only known by yourself/office administrator.

d) Everyone else should use basic IDs.

e) Activate password for the screen saver to lock the PC screen when there is no activity for say 10 minutes.

f) Educate all users on the importance of computer security.

g) One of the reminders I usually highlight is do not share passwords and do not stick the password in front of the computer monitor for all to view.

Source: Ezine

Thursday, May 7, 2009

New Version of Security System by TrendMicro

Trend Micro, a provider of internet content security, has launched version 5.1 of its Worry-Free Business Security for small businesses that require integrated defense and automatic web threat protection against emerging web threats with minimal administrative requirements.

According to Trend Micro, Worry-Free Business Security 5.1, a single, all-in-one suite, now protects businesses running the new windows essential server solutions: Microsoft Small Business Server 2008; and Microsoft Essential Business Server 2008. It also protects Microsoft Exchange 2007 on Windows Server 2008 users. With Worry-Free Business Security 5.1, viruses, spyware, spam and emerging Web threats are blocked before they reach a company's network.

Supported by the Trend Micro smart protection network, a next-generation cloud-client content security infrastructure designed to protect customers from web threats, Trend Micro Worry-Free Business Security 5.1 offers small and medium sized businesses safer, smarter and simpler security to protect themselves from the dramatic increase in cyber crime and web threats.

For Detail Info: http://security.cbronline.com/news/trend_micro_launches_new_version_of_security_system_240409

Monday, May 4, 2009

Adobe Releases Update for Server-Side Security Flaw

Adobe has released an update to address a potential vulnerability in versions of its Flash Media Server.

Specifically, the newest vulnerability exists in Flash Media Server version 3.5.1 (and earlier) and Adobe Flash Media Interactive Server 3.5.1 and earlier. The update resolves a remote procedure call (RPC) execution issue that could enable an attacker to “execute remote procedures within a server-side ActionScript file running on Flash Media Server,” according to a security bulletin on its support site.

The release notes for the update say further that the fix “updated the server with the OpenSSL Security Advisory recommendations for the vulnerability tracked as CVE-2008-5077 by OpenSSL.” According to the description of the vulnerability, a way to exploit it would be for a hacker "who uses a 'man in the middle' attack to present a malformed SSL/TLS signature from a certificate chain to a vulnerable client, bypassing validation.”

Adobe categorizes this as an important issue, and recommends users update now.

Source: scmagazineus.com/Adobe-releases-update-for-server-side-security-flaw/article/136044/