| Subcribe via RSS

System Forensics, Investigation, And Response by John R. Vacca and K Rudolph

December 15th, 2010 | No Comments | Posted in Books, Security

New book on the block, “System Forensics, Investigation, And Response” by John R. Vacca and K Rudolph. Published by Jones & Bartlett Learning.
System Forensics, Investigation, And Response

If I manage to get through it, I’ll write a short review.

Tags: , ,

What does VDI awareness in Trend Micro OfficeScan 10.5 imply?

November 10th, 2010 | No Comments | Posted in Security, Software, Trend Micro

One of the new features of Trend Micro OfficeScan 10.5 is “Virtual Desktop Infrastructure awareness”.
But what does this mean? Trend has implemented two features, to ease the performance impact of running anti-virus in a virtual environment.

First of all, before performing a full system scan, OfficeScan will check with the server if other systems in the environment are also running a full scan. In order to avoid multiple full system scans in the same environment.

Second, they implemented the option to scan a virtual machine template. And save the results as a cache (which will be used when performing a full system scan).

Tags: , , , ,

Trend Micro OfficeScan 10.5 Features and thoughts

October 11th, 2010 | No Comments | Posted in Security, Software, Trend Micro, Windows

It’s almost 2 months since the release of OfficeScan 10.5. Anyone out there upgraded yet? If so, what’s your experience?
I’ve done a couple of installations and upgrades, and I’ll share my experiences:

First, what’s changed in OfficeScan from version 10.0 SP1?

– Active Directory Integration
– Smart Protection Solutions
– Security Compliance
– Virtual Desktop Support
– Role-based administration
– General Product enhancements

So, what is my experience with the new features?
More »

Tags: , , ,

Howto: Netstat CSV

October 8th, 2010 | No Comments | Posted in Scripting, Security

How to output netstat result to CSV (comma-separated values/character-separated value).

Example netstat to CSV with “-an” flags.
for /F "tokens=1-4 delims= " %A in ('netstat -an') do echo %A,%B,%C,%D

Example netstat to CSV with “-ano” flags with output to file.
for /F "tokens=1-5 delims= " %A in ('netstat -ano') do echo %A,%B,%C,%D,%E>>outputfile.csv

Note if you are going to use it in a batch script, remember to use the following format:
for /F "tokens=1-4 delims= " %%A in ('netstat -an') do echo %%A,%%B,%%C,%%D

And you can of course use this to just list “Listening” ports:
for /F "tokens=1-4 delims= " %A in ('netstat -an ^| find "LISTENING"') do echo %A,%B,C%,%D

Why would you do this?
1. Openports (from DiamonCS is licensed)
2. No need for third party binaries.

Why would you not do this?
1. Hard to parse netstat -anob

If you know how to parse “netstat -anob”, please feel free to leave a comment 😉

Tags: , , , ,

Trend Micro Smart Scan Server 2.0 and OfficeScan 10.0 SP1

October 7th, 2010 | No Comments | Posted in Security, Trend Micro

When Trend Micro released OfficeScan 10.5 they also released Smart Scan Server 2.0. But is Smart Scan Server 2.0 compatible with OfficeScan 10.0? I’ve tested it with OfficeScan 10.0 SP1, and it works without any problem. Of course you wont be able to use the “local” Web Reputation Server included in the Smart Scan Server without installing OfficeScan 10.5. But the File Reputation Service is working perfectly.

By installing the Smart Scan Server 2.0, you will get the following features:
– “Local” Web Reputation Server
– Additional Widgets
– Web Access and Pattern Update Log
– Notifications through email and SNMP
– Multi language web interface

Full installation readme:
http://www.trendmicro.com/ftp/documentation/readme/tmcss-2.0.1336-1-x86_64-DVD_README-en.txt

Patch update readme:
http://www.trendmicro.com/ftp/documentation/readme/PatchPackage-2.0-1336.x86_64_README-en.txt

Tags: , , , , , ,

Check Point Security Gateway R71 Virtual Edition

October 6th, 2010 | No Comments | Posted in Security, Software

If you along with the rest of the world, failed to notice the announcements NOT written by Check Point’s marketing people, Check Point Security Gateway is now available (General Availability).

Codename “Avatar”, if you want to know more, you could read more at Check Point’s product page:
http://www.checkpoint.com/products/security-gateway-virtual-edition/index.html

Or head over to fireverse.org.

In short, Security Gateway Virtual Edition (Avatar) is a VMWare virtual appliance (for vSphere) that uses the VMSafe API. Same as IBM ISS Virtual Server Security and Trend Micro Deep Security.

Tags: , , ,

Trend Micro OfficeScan 10.5 Scan Exclusion Bug

October 6th, 2010 | 1 Comment | Posted in Security, Trend Micro

If you have upgraded to OfficeScan 10.5, and are experiencing problems with scan exclusions, it might be because your scan exclusion list exceeds 1000 characters. If it does, it might cause the OfficeScan Master Service or the DBServer to crash.

This is a known issue! Ask your Trend Micro Partner/Reseller for Hotfix 1106.1

Tags: , , ,

Trend Micro OfficeScan: Installation

July 2nd, 2010 | No Comments | Posted in Security, Software, Trend Micro

Here we go. The first article in my OfficeScan how-to series.

So, how to install Trend Micro OfficeScan 10.0:

These are the steps:

1. Generate Trial license

2. Download software

3. Prepare server

4. Install OfficeScan server

More »

Tags: , , , ,

OfficeScan how-to series

July 1st, 2010 | No Comments | Posted in Security, Software, Trend Micro

I have had an overwhelming response to my “Thoughts about OfficeScan 10“.

And I’m simply not able to answer all the questions regarding installation and troubleshooting.

Therefore I have decided to write a series of posts/articles, to try to answer all of your questions, and to cover some general topics.

So, this is the articles I’ve planned to write:

Trend Micro OfficeScan: Installation

Trend Micro OfficeScan: Smart Scan Server

Trend Micro OfficeScan: Deployment

Trend Micro OfficeScan: Server Components

Trend Micro OfficeScan: Troubleshooting

If anyone has any request/wishes regarding content and topics, please feel free to leave a comment!

Read the original thoughts on OfficeScan 10 (just me ranting):

http://technoblog.org/2009/09/trend-micro-officescan-10-some-thoughts/

Tags: , , ,

Mac OS X Security Configuration Guides

June 2nd, 2010 | No Comments | Posted in Security, Software

Apple has now released a 272-pages Security Configuration Guide for Mac OS X 10.6 (Snow Leopard).

Security guides for Mac OS X 10.3, 10.4 and 10.5 are also available at the same site:

Mac OS X Security guides:

http://www.apple.com/support/security/guides/

Tags: , ,
technoblog@trap.threatobs.com