Pages

Banner 468

Wednesday, 25 December 2013

Configure &Change the Firewall settings (For Windows® 8)

0 comments
 

Description:

If a Firewall on your computer is active, it may be rejecting the necessary network connection needed for the network operations such as network printing, network scanning or network PC-Faxing. In this case, Brother recommends you either disable the Firewall on your computer whenever you use a network feature, or leave the Firewall enabled and adjust the settings.



Step 1: Disable the Firewall settings
For personal Firewall Software users:
(For example, Blackice™, Norton Internet Security™, Tiny Personal Firewall, Zone Alarm®, Sygate and McAfee®.)
For instructions on how to disable this type of program, please refer to the user's guide for your software or contact the software manufacturer.

For Windows® 8 Firewall users:
NOTE: If the User Account Control screen appears, type an administrator username and password and click Yes.

First check your network location.
  1. Open the Control Panel. (Click here to see how to open the Control Panel.)
  2. Click System and Security => Windows Firewall => Network and Sharing Center.
    Windows Firewall

  3. Check your network location which is shown in the View your active networks section.
    Network and Sharing Center
Then disable the Firewall settings.
  1. Open the Control Panel. (Click here to see how to open the Control Panel.)
  2. Click System and Security => Windows Firewall => Turn Windows Firewall on or off.
    Windows Firewall

  3. Choose Turn off Windows Firewall (not recommended) for your network location, and click OK.
    Windows Firewall

Note

If you disabled your Firewall, you will need to re-enable it after a network operation.

For instructions on how to re-enable a Software Manufacturer Firewall, refer to your user's guide or contact the software manufacturer.

For Windows® 8 Firewall users, follow the instructions in Step 1 and select Turn On Windows Firewall (recommended) (STEP vi) to re-enable the Firewall.

Step 2: Leave the Firewall enabled and adjust the settings

For personal Firewall Software users:
(For example, Blackice™, Norton Internet Security™, Tiny Personal Firewall, Zone Alarm®, Sygate and McAfee®.)
For instructions on how to configure the settings properly for this type of program, please refer to the user's guide for your software or contact the software manufacturer.

For Windows® 8 Firewall users:
NOTE: If the User Account Control screen appears, type an administrator username and password and click Yes.

First check your network location.
  1. Open the Control Panel. (Click here to see how to open the Control Panel.)
  2. Click System and Security => Windows Firewall => Network and Sharing Center.
    Windows Firewall

  3. Check your network location which is shown in the View your active networks section.
    Network and Sharing Center
Add the port 54925 for Network Scanning.
  1. Open the Control Panel. (Click here to see how to open the Control Panel.)
  2. Click System and Security => Windows Firewall => Advanced Settings.
    Windows Firewall

  3. Click Inbound Rules.
    Windows Firewall with Advanced Security

  4. Click New Rule....
    Windows Firewall with Advanced Security

  5. Choose Port and click Next.
    New Inbound Rule Wizard

  6. Choose UDP, Specific local ports and enter 54925 in the box. Then click Next.
    New Inbound Rule Wizard

  7. Choose Allow the connection and click Next.
    New Inbound Rule Wizard

  8. Check the profile for your network location and click Next.
    New Inbound Rule Wizard

  9. Enter any description in the Name box, for example "Brother NetScan", and click Finish.
    New Inbound Rule Wizard

  10. Make sure that the new setting is added.
Add the port 54926 for Network PC-FAX.
  1. Repeat STEP viixiii with attention to the following points.
    In STEP ix, enter 54926 for Specific local ports.
    In STEP xii, enter any description in the Name box, for example "Brother PC-FAX".

  2. Close the Windows Firewall with Advanced Security screen.
If you still have trouble with your network connection such as network scanning or printing,
  1. Open the Control Panel. (Click here to see how to open the Control Panel.)
  2. Click System and Security => Windows Firewall => Allow a program or feature through Windows Firewall.
    Windows Firewall

  3. Click Change settings if the button is clickable.
    Windows Firewall

  4. Check File and Printer Sharing for your network location and click OK.
    Windows Firewall

Retry using network features. If the problem continues, there may be another cause. Please refer to "FAQ's & Troubleshooting" for other possible information, or please contact Brother Customer Service from "Contact Us".
Readmore...

Top Eight Security Tips for Windows 8

0 comments
 
Microsoft is releasing Windows 8, the newest version of the Windows operating system, for general availability on October 26. Although Windows 8 offers enhanced security features, it also raises new security concerns because of changes to the graphical user interface and a new online app store. We’re offering the following eight security tips to help you stay secure as you move to Windows 8.

1. Exercise caution with apps for the new Windows 8 user interface (formerly known as Metro)

Some familiar applications have been completely re-written for the new Windows 8 UI. As a result they may work completely differently, despite looking the same. For example, an application historically delivered as an executable could now be entirely web-based. This impacts the visibility your existing security and monitoring tools have into these apps.

2. Use the Windows 8 style UI version of Internet Explorer

By default, plugins are disabled, blocking a major target for exploit kits and Blackhole attacks.

3. Make sure your security vendor can flag malicious Windows 8 UI apps

Windows 8 UI apps have important differences from regular applications, and your security product should be able to distinguish the two. The security product should correctly flag malicious or modified Windows 8 UI applications (tampered, modified, invalid license).

4. Disable hard drive encryption hibernation

Hard drive encryption is a cornerstone of data protection. If possible, disable the hibernation option in Windows 8 through group policy, as it doesn’t always work well with encryption.

5. Make sure your hardware carries the “Designed for Windows 8” logo

To carry this logo, hardware must be UEFI compliant. This means you can take advantage of the secure boot functionality available in Windows 8. Secure boot is designed to ensure the pre-OS environment is secure in order to minimize the risk from boot loader attacks.

6. Make application control a priority

The Windows 8 app store makes application control increasingly important for both malware prevention and productivity control. While the Windows Store will be secured, history shows that malicious apps are likely to slip through. Disable the use of apps that aren’t relevant to your organization.

7. Treat Windows RT (ARM) devices like any other mobile devices

Make sure you impose the same security levels on Windows RT devices as all others. You should have the ability to control, track, remote wipe and encrypt them.

8. Review application permissions in the Windows Store

Applications in the Windows Store must list any resources they require. Carefully review these permissions in the details tab as some will grant access by default to your location information, calendar, etc.

You should still run a full security suite for superior filtering and centralized management and reporting. While Microsoft has included a minimalist antivirus and firewall, most organizations will still require commercial-grade security. And of course, all the old security rules also apply with Window 8. It’s still a bad idea to allow automatic log-on. Above all, remain vigilant.
Readmore...
Monday, 16 December 2013

Deploying ACS Reporting on Windows Server 2008 and SQL Server 2008

0 comments
 

Deploying ACS Reporting on Windows Server 2008 and SQL Server 2008

1 out of 1 rated this helpful - Rate this topic
Updated: May 22, 2009
Applies To: Operations Manager 2007 R2, Operations Manager 2007 SP1
Audit Collection Services (ACS) reporting can be installed in two configurations.
  • A Microsoft SQL Server 2008 Reporting Services (SRS) SP1 instance with Operations Manager Reporting already installed. A benefit of this is the ability to view ACS Reports in the Operations console.
  • An SRS instance without Operations Manager Reporting installed.
The installation procedures for ACS Reporting do not differ, but the application of access control is different. By deploying ACS Reporting on the same SQL Server 2008 Reporting Services instance as your Operations Manager 2007 Reporting, the same role-based security applies to all reports. This means that ACS Reporting users need to be assigned to the Operations Manager Report Operator Role to access the ACS reports.
In addition to membership in the Operations Manager Reporting Role, ACS report users must also be assigned db_datareader role on the ACS database (OperationsManagerAC) to run ACS reports. This requirement is independent of the presence of Operations Manager Reporting
If you choose to install ACS Reporting independently of Operations Manager Reporting, you can also use SRS security to secure the reports. See the SQL Server 2008 Books Online Reporting Services Tutorials, Setting Permissions in Reporting Services for more information.

Preparing for installation

Deploy ACS as described in About Audit Collection Services (ACS) in Operations Manager 2007 before setting up ACS reporting.

Before you start

  1. The root management server for your management group must be installed and ACS must be configured, on either the RMS or a management server. For more information, see About Audit Collection Services (ACS) in Operations Manager 2007.
  2. An instance of Microsoft SQL Server 2008 Reporting Services must be installed on the target computer.
  3. During this procedure, you need to be logged on as member of Operations Manager Report Operator user role.
  4. IIS must be installed on the hosting system. IIS will have already been installed if you are co-locating with a Reporting server.
  5. You need to have access to the ACS database.
  6. You need the Operations Manager 2007 installation media.

Deploying ACS Reporting

To deploy ACS Reporting

  1. Log on to the server that will be used to host ACS reporting as a user that is an administrator of the SRS instance.
  2. Create a temporary folder, such as C:\acs.
  3. On your installation media, go to \ReportModels\acs and copy the directory contents to the temporary installation folder.
    There are two folders (Models and Reports) and a file named UploadAuditReports.cmd.
  4. On your installation media, go to \SupportTools and copy the file ReportingConfig.exe into the temporary acs folder.
  5. Open a Command Prompt window by using the Run as Administrator option, and then change directories to the temporary acs folder.
  6. Run the following command.
    UploadAuditReports “” “” “
    For example: UploadAuditReports “myAuditDbServer\Instance1” “http://myReportServer/ReportServer$instance1” “C:\acs”
    This example creates a new data source called Db Audit, uploads the reporting models Audit.smdl and Audit5.smdl, and uploads all reports in the acs\reports directory.
    noteNote
    The reporting server URL needs the reporting server virtual directory (ReportingServer_) instead of the reporting manager directory (Reports_).

  7. Open Internet Explorer and enter the following address to view the SQL Reporting Services Home page. http:///Reports_
  8. Click Audit Reports in the body of the page and then click Show Details in the upper right part of the page.
  9. Click the Db Audit data source.
  10. In the Connect Using section, select Windows Integrated Security and click Apply
Readmore...

Windows Server 2003 System Security Analysis 'Quick and Easy'

0 comments
 
n this article we will look at demystifying the simple analysis of a Windows Server 2003's security posture. Too many times, administrators seem confused about how to do an initial security analysis test on a newly minted Windows Server 2003. (Or 2000 for that matter) In this article we will look at how to perform this very quickly, very easily with Windows Server 2003. This article will cover the steps needed to create the Security Database and perform the analysis on your Windows Server 2003 system.

Security Configuration and Analysis MMC

With Windows Server 2003, you can create a mew MMC that enables Security Analysis functionality. Before we begin, we should ensure you understand what an MMC is. The MMC (Microsoft Management Console) should be something you are familiar with as it was introduced way back in Windows NT - with older versions of IIS. Since then, Windows 2000 and 2003 have been utilizing this console for just about every service available within Windows. You can make a new console by going to the Run dialog box in the Start menu and typing: mmc
This will open a new Console. You can also open it in author mode by adding an mmc /a to the command. You can see this in Figure 1.
Figure 1
In figure 2, you can see that the new MMC has been opened and is ready for you to populate.
Figure 2
Once you have the MMC open, you only need to add the Security Configuration and Analysis tool. Before we do, lets go over it briefly.

Security Configuration and Analysis Snap in

Now you can set up the Security Configuration and Analysis in the Microsoft Management Console (MMC) to analyze and to configure security on a computer that is running Windows Server 2003. What the Security Configuration and Analysis does is compare the current security configuration with a security configuration that is stored in a database. To break this down into simplistic terms:
  • Run the tool
  • It checks you settings against a template in its database
  • It reports to you where you have weaknesses
  •  You fix them
  • Run the tool again to check
Simple right? Ok, now that you know this, lets look at some more details and how to set it up and run it.
In Microsoft terms, you can create a database that contains a preferred level of security and then run an analysis that compares the current configuration to the settings in the database. Again, this is simple as it just checks your system to verify its locked down and hardened.
Security Configuration and Analysis includes the following features:
  • Security Templates
  • Security Configuration and Analysis
  • Secedit command-line command
To analyze the security configuration of your computer, you must perform the following two steps:
  • Create the security database by using a security template.
  • Compare the computer security analysis to the database settings.
In this article we will look at these steps in great detail so that you completely know how to run this tool and get your security analysis information.

Create the Security Database

Lets look at the steps required to create the initial security database. We still need to connect the Security Configuration and Analysis tool, so lets look at finishing that up:
In figure 3, you can see that once you open up a new MMC, you will have the option to add in snap ins. To do this, go to the MMC's File menu and select the Add/Remove Snap-In… option.
Figure 3
Once opened, you can click on the Add button so that you can get figure 4 up so you can add your analysis tool.
Figure 4
Once you open the Add Standalone Snap-in, you can select the Security Configuration and Analysis tool as seen in figure 4. Next, highlight it and click on Add. Nothing will happen as you can see, so click Close, and then you will see in Figure 5, the Security Configuration and Analysis tool has been added and ready to use. Click Ok and proceed to this will bring you back to the MMC.
Figure 5
Figure 6 shows you the snap in added and ready to use. Directions are provided in the contents pane of the MMC. To create a database to use, you need to right click the Security Configuration and Analysis tool and select, Open Database… as seen in figure 6.

Figure 6
Once you open the database, you will be shown the Open Database dialog box as seen in figure 7.
Figure 7
As you see in figure 7, I name logs and databases so that I can reference back to them intelligently so here, I simply use the date the database was created. Once you are done, click Open, and this will invoke Figure 8.
Figure 8
Figure 8 is the security template that will be applied against your current configuration… and in this instance; I selected securedc.inf because I want to check security on my Domain Controller.  Once you select the right template, click Open.
Note: You do not have to click 'Clear this database before importing' because there are no entries in the database yet! If there were, then you can select this so that it runs clear.
Now, you have just set up your MMC to run the Security Configuration and Analysis tool against your DC with the securedc.inf security template. This is where the analysis phase comes in now that your database has been completed.

Analyze System Security

Now that you have made the database, you need to analyze the system to populate it with all the cool information you will use to analyze the security posture of your Windows Server 2003 system.
To compare system security with the settings in the security database, follow these steps: In the left pane, right-click Security Configuration and Analysis, and then click Analyze Computer Now as seen in figure 9.
Figure 9
Once you kick off the analysis, you will be promoted with a location for the security log. Note the location of the error log file, and then click OK.
Figure 10
Figure 11 shows you the process of the scan, it should not take more than a minute of two to perform this scan.

Figure 11
Once you have completed your scan, you will be presented with what looks like figure 12. Figure 12 shows the analysis that was done hierarchically.
Figure 12
Now, we need to dig into the analysis done to see what we need to do. Although it will take you awhile to sift through all the information, lets explain to you what it is you are looking at so you can read the analysis and work through what it is telling you.
Figure 13 shows you the Security Options in the MMC. There are quite a few symbols shown to you and if you are to analyze this properly, you will need to know what they stand for.
Figure 13
Table 1 gives you the explanations for the symbols you see:
Table 1
Symbol Explanation
Red X The entry is defined in the analysis database and on the system, but the security setting values do not match
Green check mark The entry is defined in the analysis database and on the system, and the setting values match
Question mark The entry is not defined in the analysis database and was not analyzed. If an entry is not analyzed, the entry may not be defined in the analysis database, or the user who is running the analysis may not have permissions to perform analysis on a specific object or area
Exclamation point The entry is defined in the analysis database, but does not exist on the actual system. For example, there may be a restricted group that is defined in the analysis database but does not actually exist on the system that you are analyzing
No symbol If no symbol appears, the entry is not defined in the analysis database or on the system
Now that you understand these entries, take a good look at figure 13 again, or look at your own analysis for your server. In figure 14, there is another look at these symbols. In figure 14, you can see that there are question marks near Account lockout duration and Rest account lockout counter after, and on both, this simply means that the entry is not defined in the analysis database and was not analyzed. You can see that there is a red X on the Account lockout threshold. This means that this setting (on the Windows Server 2003 system) does not match that in the database and needs to be analyzed by you. See how easy that was?
Figure 14

Add Settings to the Database

In the case of the missing entries in the database you can add them pretty effortlessly. If a setting is not contained in the database, you can add it very easily. To do so, Right-click an entry that is not defined in the database, and then click Properties. You can see this in figure 15. Remember, this only affects the database and analysis, you are not turning on any services, or so on when you do this, just set the database to look at this setting as well.
Figure 15
That’s it! You have successfully set up the Security Configuration and Analysis tool, built a database, performed a scan and learned how to alter it. Now, you can expand on this knowledge by looking through all the settings and whatever the Security Configuration and Analysis tool flagged, you should check out.
Note: Before you close the Security Configuration and Analysis tool and MMC, make sure that you save the console or you will close the MMC and have to re-add the Security Configuration and Analysis tool and so on.

Readmore...
Monday, 2 December 2013

How to Configure my Range Extender

0 comments
 

How to Configure my Range Extender

Suitable for: TL-WA730RE, TL-WA830RE
Before configuration, please get the right information of the Root Router as below:
Information of Root Router:
  •  LAN IP: 192.168.1.254
  •  SSID: 2WIRE_TEST
  •  Encryption Type: WPA2-PSK with AES
  •  Passphrase: testtplink
Preparation
  • Since the DHCP function on the Range Extender is disabled by default, we have to manually assign an IP address as 192.168.1.x to the computer to match the default IP address of the Range Extender. Please click here for detailed instruction. For TL-WA830RE, its LAN IP is 192.168.0.254, please assign 192.168.0.x for you computer.
  • Connect the computer to the Range Extender with an Ethernet cable. And disconnect the wireless from the root router.
Configuration on Range Extender :
1.    Log onto the Range Extender’s management page. Please click here for the detailed instruction;
2.    Click Network. Please make sure the Range Extender's IP address is in the same IP segment with the Root Router and avoid the IP conflict. In this instance, we can change the IP to "192.168.1.250". Then click Save.
Notice: If the root router is not in the IP segment 192.168.1.X, for example, it is 192.168.0.254.you need to change the IP of the Range Extender to 192.168.0.250. and after clicking on Save, please change the IP of your computer to 192.168.0.100. and then log in the Range Extender’s management page by using the new IP 192.168.0.250.
3.    Click Quick Setup, Click on Next->Wireless. Select Range Extender as the Operation Mode. Then click Search.
4.    Find the Root Router's SSID on the list, and then click Connect.
5.    Click Save.
 
6.    Click Wireless -> Wireless Security. Select WPA-PSK/WPA2-PSK, and Encryption AES. input the password "testtplink" in the PSK Password field. Then click Save. The Security settings on the Range Extender must be the same as the root router. Please contact the support of the router to check it if you are not sure.
After you go through all the above steps, the Range Extender should get working properly with the Root Router.
How to confirm:
Go to System Tools->Diagnosticin the IP address(or IP address/Domain Name) bar type in the root router’s IP 192.168.1.254, click on the Start on the bottom.
And the last step is to set the computer to obtain the IP addre
Readmore...