Cursor jumps all over screen on a Macbook

If you think Macs don't get malware, you are sadly mistaken. There are plenty of free antivirus software on the Internet, so please find and download the security on your Mac computer as soon as possible. If you or your kids download music on a regular basis from nefarious sources, you are prime for infection. Or, if you do not have your own personal home network, you are leaving yourself wide open by connecting to open Internet connections in your neighborhood. Beware of network names like linksys or hpsetup. If there is no lock symbol beside the network name, that tells you it is an open network and anyone can connect to the network.

Daisy

Danny

This morning as I was feeding my dogs, Danny and Daisy, my friend Lisa texted asking if she could call me about a computer problem. "Sure", I texted back, as I continued to feed my always seemingly starved ravenous pets.

Lisa complained about a problem with her Macbook cursor jumping around, moving involuntarily, and windows randomly opening. I asked if she had antivirus installed on her computer, "No, I never installed one on the Mac". It goes without saying Lisa, along with everyone else I know, thought MacBooks immune from virus problems.

Unable to install your printer?

Image via Wikipedia

You are not able to install a new printer you purchased for your computer. The instruction manual tells you to "Choose the local printer attached to the computer", but that option is not available. The only option that is available is "a network printer, or a printer connected to another computer". What is the likely cause of the problem?

You have not been granted permissions to install printers. To install permissions, you must be a member of the Administrators group or the Power Users group.

In Windows, you have a security component called UAC or User Account Control, which is the method used in Windows Vista and Windows 7, for elevating privileges in order to do certain Administrative tasks. This is a good thing because previously malicious software could install "silently" just because a user was logged on as an Administrator. Administrators have privileges over everything in a computer.

Now, when a user logs on to a Windows Vista or Windows 7 computer, the user is automatically given the security token of a standard user. The built-in Administrator is disabled on new installations of Vista. If the user needs to perform any administrative tasks, UAC prompts for an administrator password.

If you are an admin, enter YES to continue. If you are not an admin, enter the administrator password to continue.

If you are in Windows XP, you might be logged onto a Standard User Account and need to switch to an Administrator Account or Power User in order to install the printer. See the Microsoft link below for instructions in assigning rights to a Power User using Group Policy.

Why use a standard user account instead of an administrator account?

Understanding and Configuring User Account Control in Windows Vista

Power Users and Windows 7

Assign User Rights to a Group in AD DS

User Account Control Step-by-Step Guide

Non-admins unable to install Network Printers: Windows 7

Allowing Vista Standard Users to install printer drivers

Install printer without being administrator

Looking at BranchCache for Windows 7 and Windows Server 2008

RGBStock.com

BrancheCache gives users of Windows 7 and Windows Server 2008 R2 increased network responsiveness, by reducing wide area network (WAN) utilization when accessing files from a branch office that are located in a central office.

Enabling BranchCache causes a copy of the file that is accessed from a file or Web server and located in a remote office to be cached in the local branch office. The next time a client requests the file, BranchCache first attempts to retrieve it from the local BranchCache.

BranchCache makes sure clients are authorized by the content server and the files are up-to-date, so  clients never have to worry about retrieving files that are not current.

• BranchCache clients must be running Windows 7 and the BranchCache feature has to be enabled. 
• Web servers must be running Windows Server 2008 R2 with the BranchCache feature enabled.

How to Make a Conference Call on your IPHONE

Below is the procedure to make a conference call while using the iPhone. If you are like me, the need will arise spontaneously, and inevitably you are stuck and have to discontinue the call because you never took the time to figure out how.



The iPhone lets you conference up to five different callers.

1. Make your call.
2. Tap Add Call and call the other line. The first call is put on hold when you do this. You can talk privately with the second call before merging the calls.
3. Tap Merge Calls to bring the current call into conference with the other call(s).
4. Perform step 2 and 3 to bring other calls into the conference.

If you have an incoming call and would like to merge the call into the conference:

• Tap Hold Call + Answer; then tap Merge Calls.

Drop a call from the conference:

• Tap Conference and type the red phone symbol next to a call; then type End Call.

Talk privately with a call in the conference: 

• Tap Conference and tap Private next to a call. Tap Merge Call when you are ready to return the call to the conference.

http://support.apple.com/kb/TA38608?viewlocale=en_US

How to Manage Access to Shared Folders in Windows 7

What does Authentication and Authorization mean?

• Authentication: Authentication is when you provide some type of proof to access a computer or a computer resource, and the proof you provide verifies your identity. Usually you authenticate with your user id and password. If the infrastructure is critical, then a user id and password will not be enough and digital certificates are issued and verified by a Certification Authority. 
• Authorization: Determining if you have the permission to access some particular type of resource.
• Access: Determine what type of action, based on a permission level, that can be performed on a resource.

What is Windows Authentication?

• Kerberos v5 Protocol: Windows 7 clients and Windows Server 2000 or later uses Kerberos as its default authentication method. Kerberos(protocol)
• NTLM (NT Lan Manager): Used to provide backward compatibility with pre-Windows 2000. NTLM is a suite of Microsoft security protocols that provide authenticity, integrity, and confidentiality to users. NTLM
• Certificates: Rely on a third party to verify who you are (PKI Infrastructure). Public-key_infrastructure.

How I Got My Macbook's Cracked LCD Panel Repaired

This photo belongs to Jerry Bunkers

If you ever travel with your laptop, be sure to put it in a carryon designed for laptops.

As you know, airlines have a limit for the number of bags you can carry on a flight. You are allowed one small carryon and one personal bag. If you exceed that amount, those bags must be checked.  On a recent flight, I packed my Macbook securely, so I thought, between clothing in the carryon luggage. There was not enough room in the carryon to put the laptop case inside, where it would have been more secure. I couldn't carry the laptop in a separate carryon because my other carryon was my purse. My rational was the laptop would be safe because the carryon was with me and I wouldn't be throwing the bag around like the luggage handlers do.

Quick Check Facts for Windows Server 2008, Active Directory Network Infrastructure

IPv6 
IPv6 Addressing

• IPv6 address space is 128 bits (16 bytes)
• Large address space. Divided along 16-bit boundaries, converted to 4 digit hexadecimal numbers, separated by colons - known as colon hexadecimal .
• Simpler host configuration. IPv6 supports dynamic client configuration by using DHCPv6 and IPv6 also enables routers to configure hosts dynamically.
• Improved routing efficiency. Reduces how many routes the Internet must process by supporting hierarchical routing.
• Built-in security. IPv6 ensures all hosts encrypt data while in transit by including native IPSec support.
• IPv6 address types
• Unicast. Packets delivered to a unicast address are delivered to a single interface, one-to-one communication
• Multicast. Packets are delivered to multiple interfaces, one-to-many. One-to-many communication between computers that are defined as using the same multicast address. Multicast addresses have the first 8 bits set to 1111 1111 or FF
• Anycast. Identifies multiple interfaces, but delivered to a single interface, the closest one.  Used for locating services or the nearest router.
• Global Unicast address
• Equivalent to IPv4 public addresses
• Identified by the FP (Format Prefix) of 001 (globally routable and reachable on the IPv6 Internet
• The scope of a global unicast address is the entire IPv6 Internet
• The address prefix of a currently assigned global address is 2000::/3
• The combination of the first 3 high-order fixed bits and the 45-bit Global Routing Prefix is a 48-bit prefix assigned to an individual site
• The next 16 bits are the Subnet ID 
• The Interface ID field is the next 64-bits 

How to Secure Windows 7 Desktops

London

Overview of Security Management

Key Security Features in Windows 7

• Windows 7 Action Center
• Centralized reporting center for users to keep track of issues and messages about their local computer
• Categorized by severity to get action items and events 
• Color-coding for severity alerts
• Encrypting File System (EFS)
• About encrypting information while it’s at rest (theft of laptops)
• A built-in encryption tool for Windows files
• Windows BitLocker and BitLocker To Go
• Introduced with Windows Vista, protects data on a computer exposed to unauthorized physical access
• Available in Enterprise and Ultimate editions of Windows 7
• Locks the operating system and removable drives such as USB drives and portable hard drives
• Renders data inaccessible when drives are decommissioned or recycled
• Windows AppLocker
• Restricts the types of applications you can run and install
• Allows administrators to specify the apps that are allowed
• User Account Control
• Checks for permissions when performing necessary daily tasks
• Windows Firewall with Advanced Security
• Restricts unsolicited traffic coming and going
• Security rules to provide protection from malware 
• Windows Defender
• Prevents and removes all forms of malware 

Understanding forwarders

Scenario: Your network is a multiple-domain Active Directory with two forests, each containing multiple child domains. Full trust is configured among the domains. When a trust exists between two domains, the authentication mechanisms for each domain trust the authentications coming from the other domain. Trusts help provide for controlled access to shared resources in a resource domain (the trusting domain) by verifying that incoming authentication requests come from a trusted authority (the trusted domain). In this way, trusts act as bridges that allow only validated authentication requests to travel between domains. What Are Domain and Forest Trusts?  The network includes several branch offices with computers in the branch offices running Windows 7 or Windows Server 2008 R2 over low-bandwidth links. Each branch office has a Dynamic Host Configuration Protocol (DHCP) server. Each branch office has at least one domain controller configured as a Domain Name System (DNS) server and hosts an Active Directory-integrated DNS zone. Computers in the branch offices need to use resources throughout the network. You want to configure name resolution for the branch offices. You need to keep the traffic generated by fully qualified domain name (FQDN) resolution attempts to a minimum.

Configuring Server Security Compliance

Apply Defense-in-Depth to Increase Security

Defense-in-depth provides multiple layers of defense to protect a network environment.

Policies, Procedures, and Awareness - Security documentation and user education

Physical Security - Guards and/or locks

Perimeter - Firewalls

Internal Network - Network segments (subnets), IPSec

Host - OS hardening (latest patches and updates), authentication

Application - Application hardening and testing, antivirus patches

Data - ACLs (Access Control Lists/permissions), encryption, EFS (Encrypting File System)

Configuring Availability of Network Resources

Backing Up Data

Windows Server 2008 has an additional role installed called Windows Server Backup (WSB). Backup consists of a Microsoft Management Console (MMC) snap-in, command-line tools, and Windows PowerShell cmdlets.

New Windows Server Backup (WSB) Features

• You can protect the entire server without using a separate backup and recovery technology
• Backup entire server or selected volumes
• Use wizards, tools, and the Complete PC Restore feature to assist in recovering a server
• Full support for Volume Shadow Copy service (VSS)
• Easier to restore to a point in time
• Can use Backup to provide application recovery
• Improved scheduling utility
• Better remote administration both from the GUI and through Windows PowerShell
• Windows PowerShell brings us extensive command line support
  
  

Storage Management and FSRM

File Server Resource Manager (FSRM) is a new suite of storage management tools in Windows Server 2008 R2.

There are many challenging aspects to storage management:

• Some organizations have growth requirements anywhere from 60-100 percent per year
• Critical data must always be available
• Organizations must comply with regulatory requirements
• The amount of storage-intensive apps on the market has increased
• How to determine existing storage capacity and usage trends
• How to determine whether usage supports organizational goals
• Defining and implementing storage policies
• Adjusting policies such as restricting employee personal file storage as capacity needs grow

How do we address capacity and storage management?

Network File and Print Services

Configuring and Troubleshooting File Shares 

What is a File Share?

A file share is a folder that has been configured so that it can be accessed over a network.

In Windows Server 2008, to configure a file share, install the File Service server role. The File Service server role automatically configures Windows Firewall to allow file sharing.

File Services Role

Windows Server 2008 has a new tool called Share and Storage Management that is used to create and configure file shares. To do this, you can also use the Computer Management tool that is available in previous versions of Windows Server and the command line tool, Net use.

Share and Storage Management

Configure and Manage Distributed File System (DFS)

If you have multiple file servers deployed, how do you connect to the file servers?

DFS is a service that connects file shares together into a single namespace. The files can reside on different computers and provides client access to the files in a transparent manner.

According to Windows® Internals: Including Windows Server 2008 and Windows Vista, Fifth Edition:

Troubleshooting IPSEC

IPSec Monitoring Tools

Tool	Description
IP Security Monitor	Used as a MMC snap-in with Windows XP and higher Administrators can use it locally or remotely to monitor IPSec policy
Ipsecmon	Command-line tool Only available in Windows 2000
Windows Firewall with Advanced Security	New to Windows Vista and Windows Server 2008
Netsh	Perform a trace, located in systemroot\debug\oakley.log Enabled in Windows XP and Windows 2000 with registry modification

IP Security Monitor

The IP Security Monitor snap-in is used to view and monitor IP-Sec policy. The IP Security Monitor can be used to troubleshoot and test IPSec policies you create. 

In previous versions of Windows, we used IP Security Monitor as a snap-in in the MMC. With Windows Server 2008, the IP Security Monitor is now integrated with the Windows Firewall with Advanced Security (WFAS). 

Configuring IPSec

Even though you can encrypt your data stored on your hard drive, how do you protect the data while it is in transmission? IPSec can do this. 

IPSec (Internet Protocol Security) is a set of protocols that give you a level of encryption between two computers while it is being transferred over an unsecured network.  IPSec uses security services and digital certificates with public and private keys. As stated in Mark Russinovich's and David Solomon's Windows Internals Book:

Internet Protocol Security (IPSec), which is integrated with the Windows TCP/IP stack, helps to protect unicast (IPSec itself supports multicast, but the Windows implementation does not) IP data against attacks such as eavesdropping, sniffer attacks, data modification, IP address spoofing, and man-in-th-middle attacks (when the identity of the remote machine can be verified, like a VPN). You can use IPSec to provide defense-in-depth against network-based attacks from untrusted computers; certain attacks that can result in the denial-of-service of applications, services, or the network; data corruption, data theft, and user-credential theft; and the administrative control over servers, other computers, and the network. IPSec helps defend against network-based attacks through cryptography-based security services, security protocols, and dynamic key management.

IPSec was originally designed to secure traffic over public networks. However, IPSec is being used increasingly on private networks. Windows Server 2008 provides enhancements to the IPSec rules.

Windows Internals Book

Configuring Network Access Protection (NAP)

How do you protect yourself from computers that do not meet your health requirements on your network?

Network Access Protection (NAP) with Windows Server 2008:

• A feature of Windows server 2008 that enforces health-requirement policies on client computers running:
  • Windows XP (SP3)
  • Vista
  • Windows 7
  • Windows server 2008
  • Windows server 2008 R2
• Ensures client computers are compliant with policies such as anti-virus and security policies on a granular level, based on who the client is and the group to which the client belongs.
• Remediation servers can offer support for computers not meeting health requirements, and to automatically bring the client back into compliance and dynamically increase its level of network access.
• You are able to integrate NAP’s features with software from other vendors or with custom programs.
• You can customize your health enforcement solutions. NAP includes an application programming interface (API) for developers and vendors that allows them to create customized solutions for health-requirements, network-access, and ongoing compliance.