Archive

Archive for the ‘Security’ Category

OpenOffice, Come Modificare il Livello di Sicurezza delle Macro

Esattamente come per Microsoft Excel, anche Calc offre diversi livelli di sicurezza legati all’esecuzione delle Macro. Per scegliere il livello di sicurezza delle Macro più idoneo per la propria postazione di lavoro, basta procedere come indicato di seguito:

  • avviare il programma OpenOffice Calc;
  • aprire il menù Strumenti e selezionare la voce Opzioni
  • andare nella sezione OpenOffice.org  e selezionare la voce Sicurezza
OpenOffice Calc, Sicurezza

OpenOffice Calc, Strumenti, Opzioni, Sicurezza

  • premere il pulsante Sicurezza delle Macro…
OpenOffice Calc, Livello Sicurezza Macro

OpenOffice Calc, Livello Sicurezza Macro

  • scegliere il livello di sicurezza più idoneo per la propria postazioni di lavoro. Si faccia attenzione che se si seleziona il livello Basso tutte le macro presenti nei fogli elettronico verranno eseguite senza alcun avviso, ciò potrebbe comportare anche l’esecuzione di macro potenzialmente indesiderate;
  •  premere il pulsante OK per confermare l’impostazione adottata;
  • premere il pulsante OK per confermare le modifiche apportate alla sezione Sicurezza.

A questo punto il nuovo livello di sicurezza delle Macro di Calc sarà operativo.

Buon lavoro con OpenOffice.

Information about Windows 7 and Windows 2008 R2 Service Pack 1

On February 22, 2011 was released Service Pack 1 of Windows 7 and Windows 2008 R2. To download this Service Pack you must first pass the test Genuine Microsoft Software. To download the Service Pack 1 of Windows 7 and Windows 2008 R2 just go to the Microsoft Download Center and follow these steps:

  • press the button Continue;
  • run the program GenuineCheck.exe;
  • enter the Windows Genuine Advantage code in website proposal;
  • proceed with the download of the version of Service Pack required.

Since the web pages of the Microsoft Download Center does not help much on which version of Service Pack 1 of Windows 7 and Windows 2008 R2 you need to download, you can find a little more detail below:

  • Windows6.1-KB976932-X86.exe: this application installs SP1 to a 32-bit machine running Windows 7 (537,8MB);
  • Windows6.1-KB976932-X64.exe: this application installs Sp1 to a 64-bit machine running Windows 7 or Windows Server 2008 R2 (903,2MB);
  • Windows_Win7SP1.7601.17514.101119-1850.X86FRE.Symbols.msi: standalone debugging symbols (free) for 32-bit machines (330,6MB);
  • Windows_Win7SP1.7601.17514.101119-1850.X86CHK.Symbols.msi: standalone debugging symbols (checked) for 32-bit machines (294,5MB);
  • Windows_Win7SP1.7601.17514.101119-1850.AMD64FRE.Symbols.msi: standalone debugging symbols (free) for 64-bit machines. This contains debugging symbols for both Windows 7 SP1 and Windows Server 2008 R2 SP1 (287,8MB);
  • Windows_Win7SP1.7601.17514.101119-1850.AMD64CHK.Symbols.msi: standalone debugging symbols (checked) for 64-bit machines. This contains debugging symbols for both Windows 7 SP1 and Windows Server 2008 R2 SP1 (262,7MB);
  • 7601.17514.101119-1850_Update_Sp_Wave1-GRMSP1.1_DVD.iso: this DVD image contains standalone update for all architectures (1953,3MB).

To learn how to install the Service Pack 1 of Windows 7 and Windows 2008 R2, you can see the following two guides:

Thank you for your attention.

How to use Symantec Endpoint Recovery Tool CdRom

In their article Anti-Stealth Fighters: RootKit Testing forDetection and Removal (VirusBulletin, April 2008), the authors Andreas Marx and Maik Morgenstern have written:

A step in the right direction could be to focus on providing
bootable rescue media, too: this might be the product
installation CD or a CD or disk that a user can create and
update himself. When the system is started from
this media, the rootkit cannot be activated on the system,
so a scanner would be able to see all fi les and registry
entries which would usually be hidden. This way, the
scanner could detect and delete all rootkit and malware
components as long as the signature database is up to date
and comprehensive.

The Symantec Endpoint Recovery Tool CdRom arises in the direction indicated by Andreas Marx and Maik Morgenstern in their article.

You can see Symantec Endpoint Recovery Tool CdRom in action in this video:

Unlike other boot cdrom for removing viruses and malware infections, Symantec Endpoint Recovery Tool CdRom give to you the chance to installs the latest virus definitions, even without an Internet connection active, making it possible to recover the definitions directly or from the hard disk of the computer infected or from an USB stick connected to the infected computer.

How to setup Microsoft Standalone Root CA

If you need to create a Microsoft Standalone Root CA, this short paper tries to help you. Before creating the Microsoft Standalone Root CA, you must provide to create a text file called CAPolicy.inf. At a minimum, a file CAPolicy.inf should be done with:

; File %SystemRoot%\CAPolicy.inf
;
; File di configurazione della HomeWorks Root CA (Windows 2003 R2 Standard Server, fa parte di Active Directory)

[Version]
Signature= “$Windows NT$”

[certsrv_server]
renewalkeylength = 2048
RenewalValidityPeriodUnits = 10
RenewalValidtyPeriod = Years
CRLPeriod = Years
CRLPeriodUnits = 1

[AuthorityInformationAccess]

[CRLDistributionPoint]

;Fine file

Once created the file CAPolicy.inf, copy it in the folder %SystemRoot% of your Windows system (in this paper we assume that you are working on a Windows 2008 Standard member of an Active Directory domain). To learn how to install a Microsoft Standalone Root CA you can watch this video:

If you only use the Standalone Root CA to provide your certificates, then it is good that you also install the Certification Authority Web Enrollment role.

Run a post-configuration scripts on Microsoft Standalone Root CA. A simple post-configuration script could be:

@echo off

rem Definiamo l’ambiente locale
setlocal enableextensions

rem Impostiamo le variabili
set Answer=

echo.
echo Questo script ha il compito di personalizzare la configurazione della Root CA.

:QUESTION
echo.
Set _T=%temp%\~tmp
echo Set oFS=CreateObject(“Scripting.FileSystemObject”)>%_T%.vbs
echo oFS.OpenTextFile(“CON”,2).Write “Vuoi proseguire con l’esecuzione dello script [si/no]: “>>%_T%.vbs
echo S=(Trim(oFS.OpenTextFile(“CON”,1).Readline))>>%_T%.vbs
echo Wscript.Echo “set Answer=”+CStr(S)>>%_T%.vbs
cscript.exe //nologo %_T%.vbs > %_T%.bat
for %%v in (%_T%.bat del) do call  %%v %_T%.???
set _T=
goto CONTINUE

:EXEC
rem Controlliamo l’esistenza della cartelle necessarie all’esecuzione dello script
if not exist %SystemDrive%\Logs md %SystemDrive%\Logs
set LOGFILE=%SystemDrive%\Logs\Root_CA_Post_Config.log

rem Intestiamo il file di log
echo FILE DI LOG DEL COMANDO ROOT_CA_POST_CONFIG.CMD  >> %LOGFILE%
echo. >> %LOGFILE%
echo Esecuzione del %DATE% alle %TIME% >> %LOGFILE%
echo. >> %LOGFILE%
echo.

rem Impostiamo le variabili per la gestione dei certificati delle Subordinate CA
set /p myADnamingcontext=”Inserisci il nome del dominio LDAP (ad es: DC=homeworks,DC=it): ”
echo Esempio: http://www.homeworks.it/ca/cert/HomeWorks_Root_CA_Public_Cert.crt
set /p myCACertURL=”Inserisci URL del Certificato della Root CA: ”
echo Esempio: http://www.homeworks.it/ca/crl/HomeWorks_Root_CA_Revocation_List.crl
set /p myCACRLURL=”Inserisci URL della Root CA CRL: ”
echo.

rem Impostiamo la configurazione dei Certificati Digitali rilasciati dalla Root CA
echo Impostiamo la configurazione della Root CA …
echo Dominio LDAP: %myADnamingcontext%
certutil -setreg CA\DSConfigDN “CN=Configuration,%myADnamingcontext%” >> %LOGFILE%
echo. >> %LOGFILE%
certutil -setreg CA\CRLPublicationURLs “1:%WINDIR%\system32\CertSrv\CertEnroll\%%3%%8%%9.crl\n2:%myCACRLURL%\n10:ldap:///CN=%%7%%8,CN=%%2,CN=CDP,CN=Public Key Services,CN=Services,%%6%%10” >> %LOGFILE%
echo. >> %LOGFILE%
certutil -setreg CA\CACertPublicationURLs “1:%WINDIR%\system32\CertSrv\CertEnroll\%%1_%%3%%4.crt\n2:%myCACertURL%\n2:ldap:///CN=%%7,CN=AIA,CN=Public Key Services,CN=Services,%%6%%11” >> %LOGFILE%
echo. >> %LOGFILE%
certutil -setreg CA\CRLPeriodUnits 1 >> %LOGFILE%
echo. >> %LOGFILE%
certutil -setreg CA\CRLPeriod “Years” >> %LOGFILE%
echo. >> %LOGFILE%
certutil -setreg CA\CRLDeltaPeriodUnits 0 >> %LOGFILE%
echo. >> %LOGFILE%
certutil -setreg CA\CRLOverlapPeriod “Days” >> %LOGFILE%
echo. >> %LOGFILE%
certutil -setreg CA\CRLOverlapUnits 1 >> %LOGFILE%
echo. >> %LOGFILE%
certutil -setreg CA\ValidityPeriodUnits 5 >> %LOGFILE%
echo. >> %LOGFILE%
certutil -setreg CA\ValidityPeriod “Years” >> %LOGFILE%

rem Riavviamo il servizio Certification Authority (Active Directory Certificate Services)
echo Riavviamo il servizio Active Directory Certificate Services …
net stop certsvc & net start certsvc >> %LOGFILE%

rem Attiviamo la Root CA
echo Attiviamo la Root CA …
certutil -vroot >> %LOGFILE%

rem Pubblichiamo la CRL
echo Pubblichiamo la CRL della Root CA …
certutil -CRL >> %LOGFILE%

echo Fine esecuzione dello script ….
echo. >> %LOGFILE%
echo Fine del file di log >> %LOGFILE%

:END
endlocal
exit /b

:CONTINUE
if /i “%Answer%” equ “si” goto EXEC
if /i “%Answer%” equ “no” goto END
goto ERRATA

:ERRATA
echo.
echo La risposta che hai dato non e’ corretta !!!
echo Puoi rispondere solamente con un si o con un no.
goto QUESTION

Run the following commands to register the digital certificate of the Standalone Root CA and its CRL in Active Directory: certutil -f dspublish <CA_Cert_File_Name> RootCA and certutil – f -dspublish <CRL_File_Name>

The files <CA_Cert_File_Name> and <CRL_File_Name> are located in the folder %SystemRoot%\System32\CertSrv\CertEnroll

Assign a digital certificate for HTTPS connection to IIS to access the website where you require your digital certificates. To learn how to do this work, read the article (use the action Create Domain Certificate …Installing an SSL Certificate in Windows Server 2008 (IIS 7.0). Now you’re ready to drop your digital certificates.

For more information, please consult the following article: Designing and Implementing a PKI Part II

The Importance of IPS module of the Symantec Endpoint

Recently I was able to appreciate the importance of the IPS (Intrusion Prevention System) module of Symantec Endpoint Protection (SEP). In the past I have to take care of removing the worm Conficker from several corporate LAN. The main problem that I faced, was the identification of infected workstations. Many of my efforts, could be avoided if I had used the IPS module of the SEP.

I installed the IPS module on a workstation subject to attack by Conficker, the IPS module immediately reported the attack, pointing out the IP address of the attacker and the threat that was trying to exploit: MSRPC Server Service BO detected.

Going to read the web MSRPC Server Service BO in the Symantec web site, I noticed at the bottom of the page, a reference to the Microsoft Security Bulletin MS08-067, the security bulletin on the vulnerability exploited by Conficker. I then took note of the IP address of attackers and using the nmap command I could verify that indeed the workstations that were attacking my computer, had the Conficker worm. I confess that I felt euphoric, for the first time I saw a viral attack stopped and identified. The best!

MSRPC Server Service BO

I believe that every system administrator should seriously consider to install an IPS module on every workstations. Of course, before to deploy massively an IPS module on all workstations of a company, you should always perform an analysis. Nevertheless, I believe that although there is a risk of creating some minor discomfort to personnel  of a company, the gain in security is far more profitable.

Categories: Antivirus, Security

New Version of Symantec Endpoint Protection (SEP)

The Symantec has released a new version of Symantec Endpoint Protection (SEP), the 11.0.6 RU6. The news are so many.

Categories: Antivirus, News, Security Tags: , , ,

News from HomeWorks

Administration of Symantec Endpoint Protection, we have placed the Installazione del SEP Client su Windows 7, updated with the latest Symantec technical support.