Security for Corporate Networks

Hi
I requested for Skype to be made available on my corporate network. But I received the push-back to say that Skype opens up the corporate network to security vulnerabilities. I was referred to third party studies that have highlighted the security vulnerabilities of Skype. How accurate is this concept? Does Skype really add security risk to an average corporate network? If the Skype vulnerabilties are no more than the current risk exposure of a corporate network, how can I go about proving it.
Look forward to hearing from the experts

Thank, Ian!
I find this log
The process 'C:\Program  Files\ABBYY Lingvo 12\LvAgent.exe' (as user ToX1c1986) attempted to insert  code ('C:\Program Files\ABBYY Lingvo 12\LvHook.dll') into another process. All  processes were targeted. The operation was denied.
I find rule  " 1300 Untrusted Apps (not White List), Inject code into every application" In White List I add "$Directories - Program Files [V6.0.1 r98]"
But! In my company CSA now in Audit Mode only my computer not, I`am testing and when I try generate rules I see
"Modify application class Administrator defined - White List Applications [W, V6.0.1 r98] (read-only override)"
read-only override -  does it mean that all computers which in Audit Mode after generate this rule will not in Audit Mode anymore?

Similar Messages

  • Kismac worked on 10.6 and not on 10.7, how can i reload the driver that works, the whole reason i have a Mac is for corporate network security testing?

    With the upgrade to Lion Kismac has stopped working. The application worked fine with Snow Leopard, is there a driver patch to correct this behavior or revert the driver to one that worked?
    Thank you

    "The very frst step in upgrading to a new major OS version is checking with the developers of all your essential software to make sure they've updated it for full compatibility with the new OS version. Did you do that?" by eww.
    Yes OS X was updated. Now you need to make sure you have a version of the software tha'll work with it. Check with the vendor, follow QuickTimeKirks' link.

  • Network diagnostics asks for password for wireless network with no security

    hi
    I am trying to connect my Mac Pro to a wireless network which has no security settings. Other Macs in the house connect to the network with no problem, but the Mac Pro doesn't. I am setting up a new network as I have moved house. In the previous house the wireless worked fine on the Mac Pro.
    When I click on the Airport Icon in the menu bar, the search wheel shows and it finds the network, but when I click on the name of the network typically it doesn't connect. Occasionally it does connect, and I briefly have internet access, but then the number of bars on the Airport Icon gradually reduce and then I can't connect again.
    When I run Network Diagnostics from Safari, it finds the network also, but then typically asks for a WEP password for the Wireless Network when I haven't added any security to the network (occasionally it doesn't ask for a password and I can connect briefly)
    I have tried resetting my Time Capsule and creating a new wireless network with a different name, but still experience the same issues.
    I wonder if someone has any ideas as to what might be going on, and how I might be able to troubleshoot this.
    Thanks
    Nick

    It is one of mine. Yes. It connects to it no problem, just doesn't connect to the actual internet. Network diagnostics has all green lights until the ISP and/or Internet point. If I walk through diagnostics, it will get to the point where it says that the network requires a WEP password. I don't know why it does that because my network is not password-protected (husband claims it doesn't work well with his VPN system to get into work network). If I leave it blank, the connection will work. Eventually, after the computer is put to sleep, I will have the same problem upon waking up. I just tried renaming the network and removing all preferred networks and rebooting. Let's see how that works.

  • I want to set up security for my linksys network.  I foll...

    I want to set up security for my linksys network.  I followed the directions outlined on the linksys web site.  I get through the process, create a password (key) and I save the settings.   When I try to log on from my laptop, I am asked for a password, however when I type the password in, the statement says "invalid number of caracters.  How do I get the password process to work so that I am able to secure my network.  Also, without security, can someone break into my laptop and corrupt my files.

    With WEP, you must enter WEP "key 1"  (found in the router)  into your computer, not the WEP password or passphase.
    However, you should be using WPA2, or at least WPA, and a strong password.
    If you use an unsecured wireless router, anyone within range can login and use your Internet connection. At a minumum, this means that they will be using your bandwidth. At worst, they could be uploading copyrighted music, sending spam email, distributing viruses, or downloading child pornography --- all from an account with your name on it!   Additionally, once someone is on your wireless network, they are in a very convenient spot to start attacking your computer.  They  have immediate access to all your shared files, and they could corrupt, steal, or delete them.  With some work, they could likely get to your other files also.  So my advice is --- secure your wireless network.
    To set up wireless security, you must use a computer that is wired to the router.
    Where to find the router settings: The router's login password is usually on one of the "Administration" pages. The other settings are all found in the "Wireless" section of the router's setup pages, located at 192.168.1.1
    First, give your router a unique SSID. Don't use "linksys".
    Make sure "SSID Broadcast" is set to "enabled".
    Next, leave the router at its default settings (except for the unique SSID), and then use your pc to connect wirelessly to the router. Test your wireless Internet connection and make sure it is working correctly. You must have a properly working wireless connection before setting up wireless security.
    To implement wireless security, you need to do one step at a time, then verify that you can still connect your wireless computer to the router.
    Next, encrypt your wireless system using the highest level of encryption that all of your wireless devices will support. Common encryption methods are:
    WEP - poor (see note below)
    WPA (sometimes called PSK, or WPA with TKIP) - good
    WPA2 (sometimes called PSK2, or WPA with AES) - best
    WPA and WPA2 sometimes come in versions of "personal" and "enterprise". Most home users should use "personal". Also, if you have a choice between AES and TKIP, and your wireless equipment is capable of both, choose AES. With any encryption method, you will need to supply a key (sometimes called a "password" ).
    The wireless devices (computers, printers, etc.) that you have will need to be set up with the SSID, encryption method, and key that matches what you entered in the router.
    Retest your system and verify that your wireless Internet connection is still working correctly.
    And don't forget to give your router a new login password.
    Picking Passwords (keys): You should never use a dictionary word as a password. If you use a dictionary word as a password, even WPA2 can be cracked in a few minutes. When you pick your login password and encryption key (or password or passphrase) you should use a random combination of capital letters, small letters, and numbers, but no spaces. A login password, should be 12 characters or more. WPA and WPA2 passwords should be at least 24 characters. Note: Your key, password, or passphrase must not have any spaces in it.
    Most home users should have their routers set so that "remote management" of the router is disabled. If you must have this option enabled, then your login password must be increased to a minumum of 24 random characters.
    One additional issue is that Windows XP requires a patch to run WPA2. Go to Microsoft Knowledge base, article ID=917021 and it will direct you to the patch.
    Sadly, the patch is not part of the automatic Windows XP updates, so lots of people are missing the patch.
    Note:
    WEP is no longer recommended. The FBI has demonstrated that WEP can be cracked in just a few minutes using software tools that are readily available over the Internet. Even a long random character password will not protect you with WEP. You should be using WPA or preferably WPA2 encryption.

  • Does anyone know whether iTunesU can be used in a secure environment for corporate training? Looking at previous posts it does not seem like it?

    Does anyone know whether iTunesU can be used in a secure environment for corporate training? Looking at previous posts it does not seem like it?

    Sorry, but iTunes U is only available to K-12 public school districts, private schools and two- and four-year accredited, degree-granting, public or private colleges and universities. It's not available for corporations.
    Regards.

  • It was advised on a radio program to get Security for Macs as they are becoming a target.  Is this the case?

    It was advised on a radio program to get Security for Macs as they are becoming a target.  Is this the case?

    Mac users often ask whether they should install "anti-virus" software. The answer usually given on ASC is "no." The answer is right, but it may give the wrong impression that there is no threat from what are loosely called "viruses." There  is a threat, and you need to educate yourself about it.
    1. This is a comment on what you should—and should not—do to protect yourself from malicious software ("malware") that circulates on the Internet and gets onto a computer as an unintended consequence of the user's actions. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the computer, or who has been able to take control of it remotely. That threat is in a different category, and there's no easy way to defend against it.
    The comment is long because the issue is complex. The key points are in sections 5, 6, and 10.
    OS X now implements three layers of built-in protection specifically against malware, not counting runtime protections such as execute disable, sandboxing, system library randomization, and address space layout randomization that may also guard against other kinds of exploits.
    2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user. Internally Apple calls it "XProtect."
    The malware recognition database used by XProtect is automatically updated; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
    The following caveats apply to XProtect:
    ☞ It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets.
    ☞ It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
    As new versions of OS X are released, it's not clear whether Apple will indefinitely continue to maintain the XProtect database of older versions such as 10.6. The security of obsolete system versions may eventually be degraded. Security updates to the code of obsolete systems will stop being released at some point, and that may leave them open to other kinds of attack besides malware.
    3. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't necessarily been tested by Apple, but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. That may not mean much if the developer lives in a country with a weak legal system (see below.)
    Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
    ☞ It can easily be disabled or overridden by the user.
    ☞ A malware attacker could get control of a code-signing certificate under false pretenses, or could simply ignore the consequences of distributing codesigned malware.
    ☞ An App Store developer could find a way to bypass Apple's oversight, or the oversight could fail due to human error.
    Apple has so far failed to revoke the codesigning certificates of some known abusers, thereby diluting the value of Gatekeeper and the Developer ID program. These failures don't involve App Store products, however.
    For the reasons given, App Store products, and—to a lesser extent—other applications recognized by Gatekeeper as signed, are safer than others, but they can't be considered absolutely safe. "Sandboxed" applications may prompt for access to private data, such as your contacts, or for access to the network. Think before granting that access. Sandbox security is based on user input. Never click through any request for authorization without thinking.
    4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is effective against known threats, but not against unknown ones. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
    5. The built-in security features of OS X reduce the risk of malware attack, but they are not, and never will be, complete protection. Malware is a problem of human behavior, not machine behavior, and no technological fix alone is going to solve it. Trusting software to protect you will only make you more vulnerable.
    The best defense is always going to be your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "Trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and Internet criminals. If you're better informed than they think you are, you'll win. That means, in practice, that you always stay within a safe harbor of computing practices. How do you know when you're leaving the safe harbor? Below are some warning signs of danger.
    Software from an untrustworthy source
    ☞ Software with a corporate brand, such as Adobe Flash Player, doesn't come directly from the developer’s website. Do not trust an alert from any website to update Flash, or your browser, or any other software. A genuine alert that Flash is outdated and blocked is shown on this support page. Follow the instructions on the support page in that case. Otherwise, assume that the alert is fake and someone is trying to scam you into installing malware. If you see such alerts on more than one website, ask for instructions.
    ☞ Software of any kind is distributed via BitTorrent, or Usenet, or on a website that also distributes pirated music or movies.
    ☞ Rogue websites such as Softonic, Soft32, and CNET Download distribute free applications that have been packaged in a superfluous "installer."
    ☞ The software is advertised by means of spam or intrusive web ads. Any ad, on any site, that includes a direct link to a download should be ignored.
    Software that is plainly illegal or does something illegal
    ☞ High-priced commercial software such as Photoshop is "cracked" or "free."
    ☞ An application helps you to infringe copyright, for instance by circumventing the copy protection on commercial software, or saving streamed media for reuse without permission. All "YouTube downloaders" are in this category, though not all are necessarily malicious.
    Conditional or unsolicited offers from strangers
    ☞ A telephone caller or a web page tells you that you have a “virus” and offers to help you remove it. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
    ☞ A web site offers free content such as video or music, but to use it you must install a “codec,” “plug-in,” "player," "downloader," "extractor," or “certificate” that comes from that same site, or an unknown one.
    ☞ You win a prize in a contest you never entered.
    ☞ Someone on a message board such as this one is eager to help you, but only if you download an application of his choosing.
    ☞ A "FREE WI-FI !!!" network advertises itself in a public place such as an airport, but is not provided by the management.
    ☞ Anything online that you would expect to pay for is "free."
    Unexpected events
    ☞ A file is downloaded automatically when you visit a web page, with no other action on your part. Delete any such file without opening it.
    ☞ You open what you think is a document and get an alert that it's "an application downloaded from the Internet." Click Cancel and delete the file. Even if you don't get the alert, you should still delete any file that isn't what you expected it to be.
    ☞ An application does something you don't expect, such as asking for permission to access your contacts, your location, or the Internet for no obvious reason.
    ☞ Software is attached to email that you didn't request, even if it comes (or seems to come) from someone you trust.
    I don't say that leaving the safe harbor just once will necessarily result in disaster, but making a habit of it will weaken your defenses against malware attack. Any of the above scenarios should, at the very least, make you uncomfortable.
    6. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style virus affecting OS X. Merely loading a page with malicious Java content could be harmful.
    Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
    Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it—not JavaScript—in your browsers.
    Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a task on a specific site, enable Java only for that site in Safari. Never enable Java for a public website that carries third-party advertising. Use it only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a padlock icon in the address bar when visiting a secure site.
    Stay within the safe harbor, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself.
    7. Never install any commercial "anti-virus" (AV) or "Internet security" products for the Mac, as they are all worse than useless. If you need to be able to detect Windows malware in your files, use one of the free security apps in the Mac App Store—nothing else.
    Why shouldn't you use commercial AV products?
    ☞ To recognize malware, the software depends on a database of known threats, which is always at least a day out of date. This technique is a proven failure, as a major AV software vendor has admitted. Most attacks are "zero-day"—that is, previously unknown. Recognition-based AV does not defend against such attacks, and the enterprise IT industry is coming to the realization that traditional AV software is worthless.
    ☞ Its design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere. In order to meet that nonexistent threat, commercial AV software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
    ☞ By modifying the operating system, the software may also create weaknesses that could be exploited by malware attackers.
    ☞ Most importantly, a false sense of security is dangerous.
    8. An AV product from the App Store, such as "ClamXav," has the same drawback as the commercial suites of being always out of date, but it does not inject low-level code into the operating system. That doesn't mean it's entirely harmless. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
    An AV app is not needed, and cannot be relied upon, for protection against OS X malware. It's useful, if at all, only for detecting Windows malware, and even for that use it's not really effective, because new Windows malware is emerging much faster than OS X malware.
    Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else. A malicious attachment in email is usually easy to recognize by the name alone. An actual example:
    London Terror Moovie.avi [124 spaces] Checked By Norton Antivirus.exe
    You don't need software to tell you that's a Windows trojan. Software may be able to tell you which trojan it is, but who cares? In practice, there's no reason to use recognition software unless an organizational policy requires it. Windows malware is so widespread that you should assume it's in every email attachment until proven otherwise. Nevertheless, ClamXav or a similar product from the App Store may serve a purpose if it satisfies an ill-informed network administrator who says you must run some kind of AV application. It's free and it won't handicap the system.
    The ClamXav developer won't try to "upsell" you to a paid version of the product. Other developers may do that. Don't be upsold. For one thing, you should not pay to protect Windows users from the consequences of their choice of computing platform. For another, a paid upgrade from a free app will probably have all the disadvantages mentioned in section 7.
    9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.
    10. As a Mac user, you don't have to live in fear that your computer may be infected every time you install software, read email, or visit a web page. But neither can you assume that you will always be safe from exploitation, no matter what you do. Navigating the Internet is like walking the streets of a big city. It can be as safe or as dangerous as you choose to make it. The greatest harm done by security software is precisely its selling point: it makes people feel safe. They may then feel safe enough to take risks from which the software doesn't protect them. Nothing can lessen the need for safe computing practices.

  • Single WLC for Corporate and Guests

    Hi, We are looking into deploying Wirelss on our corporate network. There are a few branch office and a central office, we want to use a single WLC if possible which will allow both internal and guest user traffic whilst isolating guest traffic.
    I understand there is the option of placing an Anchor WLC in the DMZ for guest traffic and an internal one, but it's a bit of overkill given the limited access required for guests at this stage.
    Is the above possible to place the WLC in the DMZ or on the internal network whilst having the guest user traffic terminate in the DMZ and isolated from internal traffic.
    The WAN to branch offices are IP WAN and is it possible to somehow bridge them back to the central office WLC?
    Thanks

    There are a lot of variables that would go into this.  In my environment, I have a 6500 and a couple of WiSM controllers.  I also have a FWSM that is seated in a different 6500.  What I did was create a vlan and map that vlan to my FWSM as a DMZ.  Then I set up the approprate firewall rules to seperate that vlan from everything else.  Then I just trunked that vlan to the 6500 that my WLCs are seated in.  I then created a dynamic interface on my WLCs that pointed to this vlan and created an SSID that was meant to be a Guest SSID using Layer 3 security (Web Auth).  Works pretty well.

  • Secure Wireless Corporate SSID

    Hi all,
    I have signed up to these forums today specifically for advice. I am very new to the network / cisco community and hope to spend some time on these forums both learning from everyone here and hopefully in the near future providing input as well based on my experiences.
    Now for my question...
    My company is endeavouring the path of WiFi. The controller is a 5508. We have established the requirements for both a Guest and Corporate SSID. Our design would have the WLC have a leg out to the DMZ for the Guest network and a leg into our internal core switches for the Corporate network. Unfortunately the company I work for does not want to spend the extra money for an anchor controller.... Only trusted and company supplied devices will have access to the corporate network. Authentication is 2-factor (AD and PKI Self-signed cert)
    Our security engineers have concerns with this design as they do not feel very comfortable at all that the Corporate network is inside the DMZ. They are concerned that there is no ability to filter traffic, and worry about attacks being launched from outside the building. The worry because once on the internal network there is nothing blocking or preventing the hacker from accessing our servers. They are pushing for a new design that would have the corporate SSID network in the DMZ with several firewall ports opened to our internal network. I don’t feel entirely comfortable with this approach due to the amount of firewall ports that need to be opened.
    Is there a best approach or best practice for this scenario? Can someone please give me some experienced advice?

    Just to add to this....
    I have large customers whom also went this route with one leg in and one leg out. This is better than placing everything in the DMZ and opening FW ports to be honest. The reason being is that you will end up opening so many ports because this group needs this and that group needs that and then your executives want everything.
    With one leg into the internal and the WLC and AP's placed in the inside, you assign another port in the WLC for guest and you dump that traffic to your DMZ. This is the preferred method. The only true two factor authentication is if you have either authentication that is 802.1x, which is AD and certificates (one factor) with users that also has an RSA login (another one factor). Cisco offers a two factor if you have AnyConnect and ISE. With WPA2/AES and 802.1x, I really don't think that anyone would be able to hack into that. How do you protect your wired ports now? Can someone unplug a phone in the reception area and access the network? Can guest connect to an open port and access your network? If you want internal devices or should I say domain computers only to access the network, you would authenticate to a radius server only computers in this group. Then AD user credentials are not used and only domain computers are used. You just need to sit down and understand what will be allowed and not, because it's always the executives who want this and that and then all of a sudden, what you want isn't going to work well.
    Sent from Cisco Technical Support iPhone App

  • Setup a system Users can get to corporate network thru wifi

    Hi everyone,
    I may be behind on this...but finally I got a chance to ask.... Currently my manager thinks about to setup a wifi system so that the users can log on the network thru the wireless... There are some questions I have...
    1.) Is it a good practice to make a AP to share both public and corporate traffics on a same wifi system (but they can be on different vlans)..? Why or why not?
    2.) We have Active Directory for the network authentications... I would like to ask which way can be used to enhance the network security, including user authentications and data encryptions...
    3.) Any more concerns I should have? Or what is the best model setup for this wifi system?
    Hope you can help or share your opinions...I will really appreciate.
    Takami Chiro

    1.) Is it a good practice to make a AP to share both public and corporate traffics on a same wifi system (but they can be on different vlans)..? Why or why not?
    Yes.  This has been the cornerstone of wireless.  A single AP, for example, can broadcast CORP and Guest SSID.  And CORP users can login to their accounts via wireless.  Guest users can get diverted to a website and accept the T&C and off they go to the internet.  Guest users do NOT have access to corporate resources.  
    2.) We have Active Directory for the network authentications... I would like to ask which way can be used to enhance the network security, including user authentications and data encryptions...
    Yes you can.  You can even dot DOT1X.
    3.) Any more concerns I should have? Or what is the best model setup for this wifi system?
    If you don't know what you're doing, then get a reputable systems integrator or else things won't get done right.

  • Unauthenticated traffic allowed into corporate network by Reverse Proxy

    The mobility solution for Lync 2013 requires unauthenticated traffic to be passed into the corporate network, where it is then authenticated by Lync web services.  So how do I convince my "security guys" that allowing this unauthenticated
    traffic through a reverse proxy is safe?

    You can say the Microsoft Lync and Exchange 2013 were designed with security in mind and so on and so forth, and it's true.  The security risk is slim, and there are much easier attack vectors to target.  But you're right, the Lync 2013 client
    does not support pre-authentication and users connecting to the Lync Web App anonymously require no authentication.  I don't think you'll be able to convince them if they just don't like the idea of sending traffic to Internal servers unauthenticated. 
    In the end, someone will have to make a business decision, do you want to enable this functionality or not?
    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
    SWC Unified Communications

  • Parallels, Windows Corporate Network and Passwords

    Hi there,
    I am one of about 15 people in my company that use our MBP on a windows corporate network. The LAN is secured by username and passwords. We are forced to change our passwords every 3 months or so.
    I use mainly my Mac to run most applications. However, there are some applications that run only on Windows and for those, I use Parallels on my Mac to run Windows and connect to those applications.
    Since changing my corporate password I am continually being locked out of my corporate account. There might be something somewhere in Parallels or in Windows that is storing my old password and sending that across the network. Then the network locks my account.
    If I never boot up Windows, I can run just fine on my Mac with my current password. But as soon as I boot up Windows via Parallels, I get locked out.
    Any ideas on where the old password is stored. I've looked through all my keychains on my Mac and all places I could think of on Windows. Or could it be Parallels storing it?
    Trouble is, I'm not very familiar with Windows. Need some guidance here.
    Thanks,
    Angie

    I had a similar issue with SMB Manager (to connect SMB shares automatically once I log in to the Mac Pro). After looking around I guess I realized everything on the Mac uses the Keychain and once I opened it and got rid of the stored credentials there, all started working fine again. Parallels may store credentials there as well. I would recommend taking a look there.
    For the Windows side, you do not mention if the VMs running on parallels are part of a domain or not. If they are, there should be no issue otherwise you will need to change your password on the VMs to match the domain/AD account password (assuming they have the same username).

  • Is it suggested to use an additional layer of internet security such as ESET Cyber Security Pro - Internet Security for Mac

    I just want to make sure I am as safe as possible with all the internet hacking that has been in the Media. I have a Mac Mini that was purchased in Aug. 2013.  Is it suggested to use an additional layer of internet security such as ESET® Cyber Security Pro - Internet Security for Mac ???

    Mac users often ask whether they should install "anti-virus" software. The answer usually given on ASC is "no." The answer is right, but it may give the wrong impression that there is no threat from what are loosely called "viruses." There  is a threat, and you need to educate yourself about it.
    1. This is a comment on what you should—and should not—do to protect yourself from malicious software ("malware") that circulates on the Internet and gets onto a computer as an unintended consequence of the user's actions. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the computer, or who has been able to log in to it remotely. That threat is in a different category, and there's no easy way to defend against it.
    The comment is long because the issue is complex. The key points are in sections 5, 6, and 10.
    OS X now implements three layers of built-in protection specifically against malware, not counting runtime protections such as execute disable, sandboxing, system library randomization, and address space layout randomization that may also guard against other kinds of exploits.
    2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user. Internally Apple calls it "XProtect."
    The malware recognition database used by XProtect is automatically updated; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
    The following caveats apply to XProtect:
    ☞ It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets.
    ☞ It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
    As new versions of OS X are released, it's not clear whether Apple will indefinitely continue to maintain the XProtect database of older versions such as 10.6. The security of obsolete system versions may eventually be degraded. Security updates to the code of obsolete systems will stop being released at some point, and that may leave them open to other kinds of attack besides malware.
    3. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't necessarily been tested by Apple, but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. That may not mean much if the developer lives in a country with a weak legal system (see below.)
    Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
    ☞ It can easily be disabled or overridden by the user.
    ☞ A malware attacker could get control of a code-signing certificate under false pretenses, or could simply ignore the consequences of distributing codesigned malware.
    ☞ An App Store developer could find a way to bypass Apple's oversight, or the oversight could fail due to human error.
    Apple has so far failed to revoke the codesigning certificates of some known abusers, thereby diluting the value of Gatekeeper and the Developer ID program. These failures don't involve App Store products, however.
    For the reasons given, App Store products, and—to a lesser extent—other applications recognized by Gatekeeper as signed, are safer than others, but they can't be considered absolutely safe. "Sandboxed" applications may prompt for access to private data, such as your contacts, or for access to the network. Think before granting that access. Sandbox security is based on user input. Never click through any request for authorization without thinking.
    4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is effective against known threats, but not against unknown ones. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
    5. The built-in security features of OS X reduce the risk of malware attack, but they are not, and never will be, complete protection. Malware is a problem of human behavior, and a technological fix is not going to solve it. Trusting software to protect you will only make you more vulnerable.
    The best defense is always going to be your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "Trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the scam artists. If you're smarter than they think you are, you'll win. That means, in practice, that you always stay within a safe harbor of computing practices. How do you know when you're leaving the safe harbor? Below are some warning signs of danger.
    Software from an untrustworthy source
    ☞ Software of any kind is distributed via BitTorrent, or Usenet, or on a website that also distributes pirated music or movies.
    ☞ Software with a corporate brand, such as Adobe Flash Player, doesn't come directly from the developer’s website. Do not trust an alert from any website to update Flash, or your browser, or any other software.
    ☞ Rogue websites such as Softonic and CNET Download distribute free applications that have been packaged in a superfluous "installer."
    ☞ The software is advertised by means of spam or intrusive web ads. Any ad, on any site, that includes a direct link to a download should be ignored.
    Software that is plainly illegal or does something illegal
    ☞ High-priced commercial software such as Photoshop is "cracked" or "free."
    ☞ An application helps you to infringe copyright, for instance by circumventing the copy protection on commercial software, or saving streamed media for reuse without permission.
    Conditional or unsolicited offers from strangers
    ☞ A telephone caller or a web page tells you that you have a “virus” and offers to help you remove it. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
    ☞ A web site offers free content such as video or music, but to use it you must install a “codec,” “plug-in,” "player," "downloader," "extractor," or “certificate” that comes from that same site, or an unknown one.
    ☞ You win a prize in a contest you never entered.
    ☞ Someone on a message board such as this one is eager to help you, but only if you download an application of his choosing.
    ☞ A "FREE WI-FI !!!" network advertises itself in a public place such as an airport, but is not provided by the management.
    ☞ Anything online that you would expect to pay for is "free."
    Unexpected events
    ☞ A file is downloaded automatically when you visit a web page, with no other action on your part. Delete any such file without opening it.
    ☞ You open what you think is a document and get an alert that it's "an application downloaded from the Internet." Click Cancel and delete the file. Even if you don't get the alert, you should still delete any file that isn't what you expected it to be.
    ☞ An application does something you don't expect, such as asking for permission to access your contacts, your location, or the Internet for no obvious reason.
    ☞ Software is attached to email that you didn't request, even if it comes (or seems to come) from someone you trust.
    I don't say that leaving the safe harbor just once will necessarily result in disaster, but making a habit of it will weaken your defenses against malware attack. Any of the above scenarios should, at the very least, make you uncomfortable.
    6. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style virus affecting OS X. Merely loading a page with malicious Java content could be harmful.
    Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
    Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it—not JavaScript—in your browsers.
    Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a task on a specific site, enable Java only for that site in Safari. Never enable Java for a public website that carries third-party advertising. Use it only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.
    Stay within the safe harbor, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself.
    7. Never install any commercial "anti-virus" (AV) or "Internet security" products for the Mac, as they are all worse than useless. If you need to be able to detect Windows malware in your files, use one of the free security apps in the Mac App Store—nothing else.
    Why shouldn't you use commercial AV products?
    ☞ To recognize malware, the software depends on a database of known threats, which is always at least a day out of date. This technique is a proven failure, as a major AV software vendor has admitted. Most attacks are "zero-day"—that is, previously unknown. Recognition-based AV does not defend against such attacks, and the enterprise IT industry is coming to the realization that traditional AV software is worthless.
    ☞ Its design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere. In order to meet that nonexistent threat, commercial AV software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
    ☞ By modifying the operating system, the software may also create weaknesses that could be exploited by malware attackers.
    ☞ Most importantly, a false sense of security is dangerous.
    8. An AV product from the App Store, such as "ClamXav," has the same drawback as the commercial suites of being always out of date, but it does not inject low-level code into the operating system. That doesn't mean it's entirely harmless. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
    An AV app is not needed, and cannot be relied upon, for protection against OS X malware. It's useful, if at all, only for detecting Windows malware, and even for that use it's not really effective, because new Windows malware is emerging much faster than OS X malware.
    Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else. A malicious attachment in email is usually easy to recognize by the name alone. An actual example:
    London Terror Moovie.avi [124 spaces] Checked By Norton Antivirus.exe
    You don't need software to tell you that's a Windows trojan. Software may be able to tell you which trojan it is, but who cares? In practice, there's no reason to use recognition software unless an organizational policy requires it. Windows malware is so widespread that you should assume it's in everyemail attachment until proven otherwise. Nevertheless, ClamXav or a similar product from the App Store may serve a purpose if it satisfies an ill-informed network administrator who says you must run some kind of AV application. It's free and it won't handicap the system.
    The ClamXav developer won't try to "upsell" you to a paid version of the product. Other developers may do that. Don't be upsold. For one thing, you should not pay to protect Windows users from the consequences of their choice of computing platform. For another, a paid upgrade from a free app will probably have all the disadvantages mentioned in section 7.
    9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.
    10. As a Mac user, you don't have to live in fear that your computer may be infected every time you install software, read email, or visit a web page. But neither can you assume that you will always be safe from exploitation, no matter what you do. Navigating the Internet is like walking the streets of a big city. It's as safe or as dangerous as you choose to make it. The greatest harm done by security software is precisely its selling point: it makes people feel safe. They may then feel safe enough to take risks from which the software doesn't protect them. Nothing can lessen the need for safe computing practices.

  • How do I set up an Apple TV with a corporate network?

    Hi all,
    I am aware that there are a lot of resources around that explain how to create a Configuration Profile for connecting an Apple TV to a corporate wireless network, and I think I understand them. But the issue I am struggling with is how to get the Apple TV initially configured - it seems to need to be connected to a wireless network in order to perform its initial configuration, but the initial configuration determines how it will connect to the wireless network.
    Am I missing something here?
    Regards
    Julian

    Hi diesel vdub. Unfortunately this does not work here.  The symproms are the AppleTV gets into a state at startup where the 'setting time' never comes back, and prompts me to check network settings. When I check network settings and press 'test network', it tells me that it cannot do this because time has not been set.
    A bit of a Catch-22 I think. This does not happen in my home environment, so seems to point to a corporate network issue, which I expect to resolve through using a Configuration Profile, but I am struggling to get the device ready for this.
    Julian

  • Is it possible to restrict access to individual SharePoint Online sites (or site collections) to users only connecting when on the corporate network?

    Hi,
    We have an Office 365 environment which is linked to our on premise ADFS environment. We have started to make some deployments of sites to our SharePoint Online environment. For the majority of sites this is great and the ability to access the sites
    from anywhere is a real bonus. However, there are some sites and data that I would be much more comfortable in migrating to SharePoint Online if there were a way to make them only accessible via users/computers connected to the corporate network. 
    I have seen articles in how you can configure ADFS to allow all connections to the Office 365 tenant only from the network or not but what I am after is something which can be configured on a site by site basis (i.e. not the whole Office 365 environment
    or SharePoint Online environment) to only allow access when connecting from the corporate network.
    Any advice/help would be much appreciated?
    Many thanks
    Paul

    Hi,
    This is the forum to discuss questions and feedback for Microsoft Office, the issue is more related to SharePoint online, I recommend you post your question to the Microsoft Office 365 Community Sites and document sharing Forum
    http://community.office365.com/en-us/f/154.aspx
    The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.
    Thanks
    George Zhao
    Forum Support
    Come back and mark the replies as answers if they help and unmark them if they provide no help.
    If you have any feedback on our support, please click "[email protected]"

  • No Connect / Answers for gv (Network Administrator)

    To refresh your memory, my 2 PC's are wirelessly perfect now, but my laptop is not networking beyond "seeing" the Router via the "Dell Wireless WLAN Card Utility", and even that continuously shows "Authenticating", and disconnects & reconnects every minute or so.
    Answers to your specific questions below (your paragraph pasted @ bottom in entirety).
    Do the security settings on my router & laptop match?
     WRT54G Router Configuration, Wireless Tab, Basic Wireless Settings Subtab:
    * Wireless Network Mode: G-Only
    * Wireless Network Name (SSID): linksys_SES_46146
    * Wireless Channel: 9
    * Wireless SSID Broadcast: Enable
    * Status: SES Security Parameters Configured
      WRT54G Router Configuration, Wireless Tab, Basic Wireless Security Subtab:
    * Security Mode: WPA Personal
    * WPA Algorithms: TKIP   
    * WPA Shared  Key: **************** (my actual key is the same on all)
    * Group Key Renewal: 3600 seconds
     DELL B130 Laptop utilizing the 1470 Dual Band WLAN Mini-PCI Card:
    * Wireless Network setup & managed by: "DELL Wireless WLAN Card Utility".
    * Connection Status: Authenticating (Always - never "Connects or locks on" & breaks regularly).
    * Encription Type: TKIP; Key Absent (I think that means hidden).
    * Network Connection Type: Infrastructure.
    * Speed: 54.0 Mbps
    * Channel: 9
    * AP Mac Address: 00:18:38:FD:21:AF
    * Gateway IP Address: Not available
    * Client Mac Address: 00:14:A5:CC:77:28
    * Client IP Address: 0.0.0.0
    Note: The software reports a strong signal from the WRT54G & even sees a few other weak encrypted signals, but nothing shows in Windows Explorer or My Network Places. It's own diagnostics report the laptop's wireless card is working fine. I have been wanting to take this laptop to a hot spot cafe to test the unprotected wireless connectivity & if that works possibly implicating my security settings on the router.
    Any advice or tips would be much appreciated as I would love to add this laptop to the already successfully networked pair of desktops (the remote desktop PC utilizes the Linksys "Wireless-G" Card & software.
    Thx,
    Wayne K.
    Your (gv) original text:
    Regarding the wireless connection problem: You should check whether the wireless security settings on the router and on the laptop match. There are different ways for encryption etc. and if the settings don't match you cannot connect properly.
    For this: go to http://192.168.1.1/ and enter the router password (not the wireless network key) which you have chosen during setup. The default password is "admin". You don't have to enter a username. It brings you to the router configuration pages. Go to the wireless tab. There are subtabs for basic wireless setup and wireless security. Please post current settings.
    For the settings on the laptop there are several options how it uses its wireless card: many laptops come with special software for the wireless card which is used to set it up and connect to wireless networks. You have to find out how your software works and where you'll find the settings if this is the case.
    Some laptops simply use the windows built-in functions called Windows Zero Configuration. To check that, you right-click onto the wireless network icon in the tray and select Properties (or Status and then press the Properties button in the status window). Change to the wireless networks tab. The top checkbox should be active, i.e. Windows is configuring your wireless connections. In the bottom half you'll see the list of preferred networks. Select the network with your network name (the SSID from the router configuration above) and press Properties. Post which settings you have currently for your network on the tabs in the window showing up.
    Message Edited by wayneproperties on 12-06-200606:50 PM

    BTW, please stay in the thread next time. It makes things easier to follow.
    O.K. I see a possible issues here:
    - The Dell status does not show which network name you are connecting to. That should be "linksys_SES_46146".
    - I think "Key Absent" rather means there is no key entered.
    - The AP MAC address is strange. The 00:18:38 is not Linksys but a company called PanAccess in china. That does not mean it is not correct but you should verify it: the MAC address of your router should be printed on the label underneath the printer. This should match.

Maybe you are looking for

  • Due to shortend fiscal year problem in depre amounts.

    Dear All, Due to shortend fiscal year (apr07-mar08)  we are facing Depre calculation problem. 1)       There are no errors in AFAB & AW01N.  Itu2019s showing   balance 3 (jan07,feb07,mar07)months depre in AFAB u201CTo Postu201D column. 2)  User doesn

  • Printing line only after all the records of line item are finished

    HI I have the following table : FieldA   FieldC       FieldD 10           1               CM 10           3               CCM 20           6               M Right now i am able to print in samrtform like this FieldA   FieldC       FieldD 10          

  • Can you make a custom alarm clock tones

    is it possible to make a custom alarm tone such as a voice recording?

  • Drill down error on Viewer

    Hi, I'm having an error on Discoverer Viewer (Release 4.1.44) when I try to Drill down on an element. The drill down functionality works ok, except when the drill down elements are too many and needs to be drawn on Next Page. In that case I got an er

  • OBIEE and Mapviewer

    I just read on the cook book of the OOW last november regarding using OBIEE with Mapviewer. However, I came to one part and I don't know what should put inside the file obiee_nsdp_xml_direct.jsp. Anybody have any idea how to do it? Or this file can b