Increase the performance and stay secure…

There are so many types of files on a computer or server and the anti-virus software is responsible for scanning all of them to find out possible malicious pieces of codes attached to any of them. That could seriously impact the performance of the system as you can see many people avoid installing anti-virus softwares only because of this reason.

For instance, I myself used to have so much trouble with Norton 2004 when I installed it on my machine in the past. But What can be done?

There are so many files in the Windows OS that do not need to be scanned really as they are either locked and impossible to be scanned or always clean and never infected and trying to scan them all would be just the waste of time and effort and would greatly reduce the performance of the system. So how about excluding them all from the scanning tasks of our anti-virus?

That seems like a good solution for improving the performance of the operating system when there is an anti-virus software on your machine which has a terrible effect on the operating speed of your machine. But the question is which files need to be excluded?

Here is a list of types of files that need to be excluded for scanning in Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows 2000, Windows XP, Windows Vista, or Windows 7. There is something very important about this exclusion as you can also read on the page whose link I gave you; that excluding these file types should only be temporary to see if the problem with your computer being slow is the anti-virus and if that’s the case, you can contact the producer of your anti-virus company to ask for possible solutions.

Thanks for reading…

Encryption at Layer-2 or Layer-3 ??!

This is the question that often times comes to mind? Where do we need to apply encryption and why? Do we need to apply it at layer-2 which is much more low-level or do we need to apply it at layer-3 where Internet Protocol finds its definition?

Well, in the world today it is the speed of communication which every one thinks of first and talking about that, encryption at later-2 is the best option if you are sending data over a very fast network and if you do not want the flow of the traffic to be slow by any means. Layer-2 encryption reduces the overhead required by layer-3 encryption protocols or protocol suits like IPSec and reduces CPU utilization in devices applying it. Considering the great usage of VoIP nowadays and knowing that security and speed play very important roles in voice communications, layer-2 encryption for sure will be the best choice.

Having mentioned above, layer-3 encryption is still well-suited for environments where you have low-bandwidth connections and really do not have devices to support encryption at layer-2. There are also situations where companies have offices around the world and it is not anymore the matter of only a few devices but hundreds, so you need to consider the fact that encryption at layer-2 is on a hop-by-hop basis and not end-to-end just like layer-3.

Nowadays there are so many devices supporting Layer-2 encryption and it is not like the past anymore as there is a standard for it therefore there could be layer-2 encrypted communication between devices of different vendors. For instance Cisco Catalyst Switches (3560-X series and 3750-X series) now pretty well support data-link layer encryption by IEEE 802.1AE (MACsec), 802.1x REV.

So if you think that you need to apply encryption over your high-speed links and security really matters to you as well as low-latency and simplicity in management, you can for sure go for layer-2 encryption.

The Enhanced Mitigation Experience Toolkit (EMET)

In the previous posts of my blog we talked a little bit about security exploits and how they function and how to prevent from attacks using security exploits. In this post I am so excited to introduce a great toolkit offered by Microsoft to defense against the exploitation of the system.

The tool is called Enhanced Mitigation Experience Toolkit (EMET) which uses exploitation mitigation techniques making it very difficult for exploits to defeat the system. However the protection applied by EMET does not guarantee that the system will not be exploited but it just makes it as difficult as possible to exploit the system even using a 0-Day vulnerability exploits. 

Working with EMET is pretty simple and you just need to download it from here  and then install it on your machine and simply choose the software that you want it to protect and you believe is more probable to have a security vulnerability and then you are all done. It is possible through the GUI interface of the tool.

EMET is compatible with any software and it does not really matter whether the software you want to protect is a Microsoft software or not. Below is a screenshot of the GUI interface of the toolkit:

You should for sure try this tool as it’s a must for every security engineer worrying about the security of their environment with all those softwares installed on their servers which each could have possible security vulnerabilities putting the whole network and system at risk.

You want to learn more? Check out my new book below and have access to great and practical tutorials and step-by-step guides all in one book: 

To get more information about the book click on the book below:



Security from the Inception !!!

The experience shows that consumers whether they are ordinary people using their computers for everyday tasks or even experienced network administrators never tend to be very open to security updates. Talking to so many network admins about security updates especially Service Packs (They do not necessarily include only security updates) of operating systems especially Windows Server, they mostly didn’t show much interest for installing some specific updates and service packs for some reasons:

  • They thought of some of the security updates as unnecessary
  • Some of them believed it is too risky to install some of the updates due to a fear of possible service crackdown. Some also believe some hotfixes and security patches are not compatible with some other services and could possibly create problems
  • They mostly considered service packs as unnecessary update packages with this reasoning that they have already installed those needed hotfixes and the rest included in the service packs are unnecessary
In my own experience I’ve always seen people hit by a pretty famous worm on the Internet like Sasser and even after that they were always looking for some virus removal tool to get them out of the trouble and not a security patch unaware of the fact that an anti-virus software can not stop a worm from functioning.
So you can see that security people at Microsoft are on a very difficult road to educate all those users and admins and kind of convince them that patching a system is the best thing to do for every user to stay safe on the Internet. But here it comes another concept called Security from the Inception which says instead of going through all these difficulties of educating the users which seem pretty impossible at times, a much better approach is to try to secure the code of the products by applying SDL (Security Development Lifecycle) from the beginning of the development of a product. That is how we can reduce the impact of security vulnerabilities missed during the software development process.
Right now Microsoft is on the right track in developing more secure code by only applying SDL as we can see less security vulnerabilities in its products.

Security in the cloud

A few weeks ago I shared a link on my blog about Steve Ballmer’s speech on cloud computing and how it really works. Cloud computing in terms is referred to all kinds of services provided online on the internet. To make things clearer, cloud computing is a way to make data always accessible for anyone to use at any time. Such a technology brings a lot of convenienve and a really fast access to the data using the services in the cloud. For instance imagine that you could have your Microsoft office tools available whereever you would need it on any computer whether with or without the real office installed.
With this rapid growth of cloud computing and different companies having their own clouds with their services available and ready to give services on it, who knows maybe on day all the services would go online and working offline had no meaning to anyone. We have to wait and see how fast the technology is going…
When it comes to the reliabiliy of the services provided in the cloud, one of the first things that comes to everyone’s mind is security and how the companies providing such online services are approaching security. There are many items that could be listed here but to be brief I’d like to mention a few of them:
Trusting the cloud: This is probably the most fundamental concept of security which is very hard to gain. Trusting the company and therefore trusting their cloud and its services is definitely crucial because you are putting all your information up there and you must make sure that the company is trustworthy to keep all those provate information. This type of trust also comes from the level of popularity of a company. Let’s say if is providing services online, then the name is well-known to anyone and there will be no more question.
-Availability of the cloud: Basically this concept is more related to the availability than security, but the first step to secure your data is to have the servers available all the time. This is something not many companies pay a lot of attention to and also clients do not question the companies about the availability of their services. It has happned in the real world that a little bit of interruption in service provision has caused loss of thousands of dollars.
-Identity in the cloud: Whoever using the cloud has his identity and is known to the others using let’s say a username. this user is given an ientity from the cloud provider and he is the only one reponsible to keep his credentials safe. On the other hand, the company is also required to set policies to force users to better protect their credentials.
-Policies in the cloud: Everyone would make a lot of connections in the cloud and could share his/her information with the others. This is the company giving the user this ability to customize his/her privacy policies and give the rest of the people different types of permission to access his/her data. You could see a lot of such issues recently in Facebook regarding different privacy policies resulting in many of its users to go angry and even quit using it. So wha can be concluded is that it is not only the user who has to be aware enough to set proper policies but also the company must give him this ability.
The history of loud computing maybe dates back to the time Hotmail became so popular and everyone was creating accounts in it and ever user was communicating with the rest, uploading their data somehow and doing so many new things. The technology has expanded up until now that we have lots of services provided like having a lot of space for storing my information and even I could have more than what I have on my pc at home. right? With all this rapid expansion, there comes security risks also. One of them could be the server downtime due to any serious security issues. In these situation we should look at our company’s plan to see how prepared they are for such cases and how secure their infrastructure is. At the same time, we should see how they react to such problems in the cloud really and what back-up plans they have.
Something else which plays a very important role in the level of trust and reliability from the users is the support they receive from the technical team. The users always need a team to respond well to the issues they have and we should really see how a company as big as Microsoft and with the users as many as Microsoft users, is supporting so many users.
In the future posts I ll try to make it so specific on different cloud providers and how they interact with each other and how the users are connected from different clouds. For the time being this link is a great source of information on Microsoft website.
Late at night
Befoe the morning clouds are out, let’s get some night sleep…. 🙂