Google Apps (G Suite) provides the option of turning on two-step verification for your user accounts. This provides an extra layer of security to your user’s data by having them authenticate with a verification code as well as their password. I recommend that you enable this option to make your accounts more secure. The instructions below will lead you through enabling two-step verification as well as enforcing its use for your G Suite service.
INSTRUCTIONS
Enabling Two-Step Verification
These steps will guide you through enabling the option of using two-step verification for your G Suite account users. This allows your users to choose to use the feature if they wish. It does not make two-step verification mandatory for your users.
4. Scroll down to the Two-Step Verification setting and tick the checkbox to Allow users to turn on 2-step verification. This will enable the ability for the account user to utilize two-step authentication if they choose.
5. Click on the Save changes button that appears.
NOTE:
If you wish to make it mandatory for your users to use two-step
authentication, please continue on to the enforcing two-step
verification instructions once the two-step verification option is
enabled.
Google’s Gmail Confidential Mode lets an email sender set a message to automatically expire anywhere from 24 hours to five years after itis sent.
Remember Hollywood movie series Mission Impossible (MI), in that the agent used to receive his assignments through self-destructing messages that usually detonating itself.
Confidential mode on Gmail adds access restrictions to emails that you sent using the mode. Designed to protect sensitive information, it enables you to set time limits and passcodes. The mode blocks certain actions, forwarding, copy and paste, downloading of the email, and printing as well automatically.
Here disappearing emails may not actually detonate, but they do vanish after a certain amount of time. The tool is part of Google’s efforts to beef up privacy and cybersecurity for Gmail users. It will be available to corporate accounts as well as personal Gmail account holders, you can enable it and use it right away.
Here’s how.
Open Gmail on your computer and tap the compose/reply button.
Now select this icon on the bottom of the screen. It’s a tiny lock with a clock on it.
A click on the icon opens the confidential mode configuration overlay which gives you two options:
Set an expiration date for the email. Available options are 1 day, 1 week, 1 month, 3 months and 5 years. The expiration date is displayed next to the selection menu so that you know immediately when the email expires.
Enable the SMS passcode Recipients to need a mobile phone for that and Google will be sent recipients a passcode text message which they need to unlock the email.
No SMS passcode – if the recipients don’t use Gmail, they’ll get a passcode by email.
SMS passcode – Recipients will get a passcode by SMS (text message)
Gmail highlights confidential mode by adding a “content expires” message to the email. You can edit the requirement or click on the x-icon to remove it again before you hit the send button.
What happens when you hit send? If you selected the passcode option, you are asked to type the phone number of the recipient.
That’s it. Now the email will automatically delete itself after your predetermined self-destruction time period ends. Recipients can open the email until then, which means the clock starts right when you send it, not when they open it.
Also, if you want to revoke access sooner, you can do that by opening Gmail, selecting “Sent,” opening the confidential email you just sent and then selecting “remove access.”
The email that you receive does not contain the message. Google uses the selected subject and shows the sender of the email, but instead of displaying the content, it informs you that you have received a confidential email which you can only open.
In other words: Google sends you a notification by email that a confidential email was sent to you and that you may click on the link to open it.
No SMS passcode– if the recipients don’t use Gmail, they’ll get a passcode by email.
SMS passcode– Recipients will get a passcode by SMS (text message)
But, before you start emailing friends the juicy details of your diary, there are a few important limits on confidential emails you might want to keep in mind. Erased emails may fade away from receivers’ inboxes, but they’ll still show up in your “sent” file if you don’t manually delete them. Keep in mind as well that Mac OS and Windows OS both allow the taking and saving of screenshots of anything that appears on a screen. It’s also not clear how long the messages stay on Google’s servers.
There is another issue that needs to be addressed. Recipients get an email with a link asking them to click on the link and even sign in to a Google account if they are not already to view it. If that does not sound a lot like phishing I don’t know what does.
Recipients may not want to click on the links. Ironically, attackers who use phishing as an attack vector may exploit the new functionality to steal user credentials.
Closing Words
Gmail’s Confidential mode feature is not the right option when you need to send confidential messages to others. Email is not the right format for confidential messages unless you use Pretty Good Privacy (PGP) or another secure form of communication.
You may not be the only one reading your messages in your Gmail account.
Google said a year ago it would stop its computers from scanning the inboxes of Gmail users for information to personalize advertisements, saying it wanted users to “remain confident that Google will keep privacy and security paramount.”
While Google itself has stopped scanning Gmail users’ email, some third-party developers have created apps that can access consumers’ accounts and scan their messages for marketing purposes.
Google has long allowed software developers the ability to access users’ accounts as long as users gave them permission. That ability was designed to allow developers to create apps that consumers could use to add events to their Google Calendars or to send messages from their Gmail accounts.
But marketing companies have created apps that take advantage of that access to get insights into consumers’ behavior, according to the report. The apps offer things such as price comparison services or travel itinerary planning, but the language in their service agreements allows them to view users’ email as well. In fact, it’s become a “common practice” for marketing companies to scan consumers’ email.
It isn’t clear how carefully Google is monitoring such uses. Many consumers may not be aware that they’ve given apps such access to their accounts. Even if they are, Facebook’s Cambridge Analytica scandal offers a worrisome example of how similar access to consumer data can be abused.
How to Check and Remove Third-Party Apps Access with Your Gmail Inbox
Here’s how to see which apps have access to your Google account and how to block them from accessing it in the future.
To get to your Google Account page, select the “Account” icon from the app menu in the top right-hand corner of your Gmail account or navigate to https://myaccount.google.com
In that section, you’ll see all of the apps to which you’ve given any kind of access since you created your account.
You’ll see what kinds of information and services inside your Google account to which the apps have access.
Google organizes apps that have access to your account into three different groups.
Apps in the “Signing in with Google” section have access to your name, email address, and profile picture. But in some cases, they may have access to more of your information — potentially a lot more, such as the ability to read and delete your email messages.
You likely gave the “Signing in with Google” apps permission to access such data because you wanted to use your Google login to sign into your accounts with them instead of having to create separate user accounts and passwords. In fact, according to a Google support page, these apps often “can see and change nearly all information in your Google Account.”
If you see one you don’t trust, you can block it by clicking on “Remove Access.”
After clicking on that button you’ll have to click “OK” to confirm that you really want to block the app. The app should then disappear from the list of apps that have access to your account and should no longer have any ability to view or do anything else with your email or other data.
It’s a good idea to check the “Apps with access to your account” page every few months to keep your account safe from wandering eyes.
Web Real-Time Communication (WebRTC) is a collection of communications protocols and APIs originally developed by Google that enables real-time voice and video communication over peer-to-peer connections.
WebRTC is a set of protocols and APIs that allow web browsers to request real-time information from the browsers of other users, enabling real-time peer-to-peer and group communication including voice, video, chat, file transfer, and screen sharing.
WebRTC implements STUN (Session Traversal Utilities for Nat), a protocol that allows the discovery of your externally assigned IP address as well as your local IP address also.
How secure is WebRTC?
WebRTC works from browser to browser, you don’t need to download any software or plugins in order to set up a video conference or VOIP call. All the security that you need is already contained within your browser and the WebRTC platform. Some of the inbuilt security features contained within the WebRTC platform include:
End-to-end encryption between peers
Datagram Transport Layer Security (DTLS)
Secure Real-Time Protocol (SRTP)
End-to-End Encryption
Encryption is built into WebRTC as a permanent feature and addresses all security concerns effectively. Regardless of what server or compatible browser you’re using, private peer-to-peer communication is safe thanks to WebRTC’s advanced end-to-end encryption features.
Data Transport Layer Security (DTLS)
Any data that is transferred through a WebRTC system is encrypted using the Datagram Transport Layer Security method. This encryption is already built-in to compatible web browsers (Firefox, Chrome, Opera) so that eavesdropping or data manipulation can’t happen.
Secure Real-Time Protocol (SRTP)
In addition to offering DTLS encryption, WebRTC also encrypts data through Secure Real-Time Protocol, which safeguards IP communications from hackers, so that your video and audio data is kept private.
Camera and Microphone Security
Unlike some other video and audio conferencing software, WebRTC requires the user to enable access to their microphone and camera before communications begin. Typically, a pop-up box will appear in your web browser, asking you to allow the program access. The image below shows what a webcam and microphone permission pop-up might look like on a chrome browser.
Security issue caused by the WebRTC feature in Chrome
It is well known that the WebRTC feature in Chrome will leak your IP address even if you are behind a proxy server or using a VPN service. While most people who do not use proxy or VPN reveals their IP addresses to whatever web server they visit all the time, the IP address is the most easily accessible piece of information to track a website visitor.
For the minimum, big companies such as Google and Facebook are using the IP addresses to analyzing your habits and behavior and send your highly-targeted ads. While most people are fine with targeted ads, there are people who don’t like to be tracked at all for whatever reason. They will choose to use either proxy or VPN service to avoid being tracked. However, in a browser which supports WebRTC, including Chrome, Slimjet, and Firefox, the website owner can easily obtain the website visitor’s/user’s true IP addresses, but also their local network address too, by a simple piece of JavaScript.
In addition to that, the WebRTC Media Device Enumeration API also enables the website owner to obtain a unique media device id from the user, which can be used to uniquely identify the visitor.
How to verify the IP leakage issue caused by WebRTC?
Here are three websites which can let you detect if your browser is liable to the IP leakage issue caused by WebRTC:
Chrome Flaw Allows Sites to Secretly Record Audio/Video Without Indication
What if your laptop is listening to everything that is being said during your phone calls or other people near your laptop and even recording video of your surrounding without your knowledge?
A UX design flaw in the Google’s Chrome browser could allow malicious websites to record audio or video without alerting the user or giving any visual indication that the user is being spied on.
AOL developer Ran Bar-Zik reported the vulnerability to Google on April 10, 2017, but the tech giant declined to consider this vulnerability a valid security issue, which means that there is no official patch on the way.
Here’s the lowdown. Once you give a site permission to use your microphone or camera, Chrome assumes that site will have permission to do so in the future. That means every instance of that site, every page on that site, also has access to your camera and microphone, meaning a sketchy site owner could throw up a pop-under window in the background that’s listening in to everything you say, or worse, listening and set to trigger some action (like recording) when you say specific words or phrases.
After reporting it to Google, For their part, Google doesn’t see it as a problem and says it’s in compliance with W3C (the World Wide Web Consortium) standards. Google does have a point: In order for the issue to be a real threat, not only do you have to visit a site that would want to record your speech, you’d have to grant it access to your microphone, and then you’d have to not notice a pop-under window from that site lingering in the background.
Google consider this a security vulnerability or not, but the bug is surely a privacy issue, which could be exploited by hackers to potentially launch more sophisticated attacks.
In order to stay on the safer side, simply disable WebRTC which can be done easily if you don’t need it. But if you require the feature, allow only trusted websites to use WebRTC and look for any other windows that it may spawn afterward on top of that.
Following such privacy concerns, even Facebook CEO Mark Zuckerberg and former FBI director James Comey admitted that they put tape on their laptops just to be on the safer side.
Although putting a tape over your webcam would not stop hackers or government spying agencies from recording your voice, at least, it would prevent them from watching or capturing your live visual feeds.
If you want to block your camera and Microphone, follow the steps given below:
To improve your Chrome security settings, go to the Settings area, which can be accessed in the top right corner of the browser.
Click on Settings –> Advanced Settings –> Content Settings –> Block Camera and Microphone
or type in the Chrome browser chrome://settings/content –> Block Camera and Microphone.
What Is My Browser – Displays fingerprinting information such as the local and remote IP address, browser, plugins, location, screen resolution and more.
With Google Apps Directory Sync (GADS), you can automatically add, modify, and delete users, groups, and non-employee contacts to synchronize the data in your G Suite domain with your LDAP directory server. The data in your LDAP directory server is never modified or compromised. GADS is a secure tool that help you easily keep track of users and groups.
Key benefits of GADS:
Synchronizes your G Suite user accounts to match the user data in an existing LDAP server.
Supports sophisticated rules for custom mapping of users, groups, non employee contacts, user profiles, aliases, calendar resources, and exceptions.
Performs a one-way synchronization. Data on your LDAP server is never updated or altered.
Runs as a utility in your server environment. There is no access to your LDAP directory server data outside your perimeter.
Includes extensive tests and simulations to ensure correct synchronization.
Includes all necessary components in the installation package.
Configuration tips:
Use the 64-bit version of GADS if you plan to install it on a 64-bit compatible server. This version performs better than other versions when you need to synchronize large amounts of data.
Never share your GADS configuration files. The files contain sensitive information about your LDAP server and your G Suite domain.
Simulate a synchronization before you perform a real synchronization. And, simulate again whenever you upgrade GADS or change a configuration. If you don’t, you may accidentally delete an account or restrict a user.
How does it work?
Google offers a free tool called Google Apps Directory Sync. This is a program which can be installed on any system in your internal network (Windows XP/7/2003/2008, Linux or Solaris. The tool synchronizes Google Apps users with Active Directory (or other directory) users.
you must have administrator rights both in AD and your Google Apps environments. A setting in the Google Apps Control Panel called “Enable provisioning API” must be turned on.
Use the 64-bit version of GADS if you plan to install it on a 64-bit compatible server. This version performs better than other versions when you need to synchronize large amounts of data.
Step 2:Setup Configuration Manager:
Configuration Manager is a step-by-step user interface that guides you through creating, testing, and running a synchronization in Google Apps Directory Sync (GADS).
Open Configuration Manager from the Start menu (Shown in Figure GADS-1)
GADS-1
Specify your general settings:
On the General Settings page, specify what you intend to synchronize from your LDAP server. Select one or more from:
GADS-2
Define your G Suite settings:
On the Google Apps Configuration page of Configuration Manager, enter your G Suite (Google Apps) domain connection information.
Click the tabs to enter the following information:
Connection settings: If you check theReplace domain names in LDAP email addresses box, all LDAP email addresses are changed to match the domain listed in the Domain Name
Authorizing access using OAuth:
ClickAuthorize Now to set up your authorization settings and create a verification code.
ClickSign in to open a browser window and sign into your G Suite domain with your super administrator username and password.
Copy the token that is displayed.
Enter the token in theVerification Code field and click Validate.
Proxy settings: Provide any necessary network proxy settings here. If your server doesn’t require a proxy to connect to the Internet, skip this tab.
Exclusion rules: Use exclusion rules to preserve information in your G Suite domain that isn’t in your LDAP system (for example, users that are only in G Suite). See more about using exclusion rules.
Exclusion rules allow you to omit specific users, user profiles, groups, organizational units, calendar resources, and other data from the Google Apps Directory Sync (GADS) process. For example, you can add a user profile exclusion rule to exclude specific user profile information that you don’t want to sync in your G Suite domain.
GADS-3
GADS-4
Define your LDAP settings:
On the LDAP Configuration page of Configuration Manager, enter your LDAP server information. After you configure the LDAP authentication settings, click Test Connection. Configuration Manager connects to your LDAP server and attempts to sign in to verify the settings you entered.
If you selected Open LDAP or Active Directory® as your LDAP server, click Use defaults at the bottom of every configuration page to quickly set up the sync with default parameter. You can then customize them to your needs.
For detail on the LDAP Configuration fields in Configuration Manager, see LDAP connection settings.
GADS-5
Click on Test Connection
GADS-6
Leave the Org Units settings and move to User Accounts
User Accounts
Specify what attributes GADS uses when generating the LDAP user list on the User accounts page ->User Attributes:
Email address attribute
The LDAP attribute that contains a user’s primary email address. The default is mail.
(Optional) Unique identifier attribute
An LDAP attribute that contains a unique identifier for every user entity on your LDAP server. Providing this value enables GADS to detect when users are renamed on your LDAP server and sync those changes to the G Suite domain. This field is optional, but recommended.
Example: objectGUID
Under Google Apps Users deletion/Suspension policy
Select -> Suspend Google Apps users not found in LDAP, instead of deleting them: Active users in G Suite will be suspended if they are not in your LDAP server. Suspended users are not altered.
Select -> Don’t suspend or delete Google Apps admins not found in LDAP
GADS-7
Additional user attributes: Additional user attributes are optional LDAP attributes that you can use to import additional information about your G Suite users, including passwords. Enter your additional user attributes on the User accounts page.
GADS-8
A brief look at how to create a user in Active Directory and then use Google Apps Directory Sync (GADS) to provision the user in your Google Apps domain.
Leave the remaining Settings like Groups, user profiles, Shared Contacts, Calendar Resources as it is.Go to
Notification:
GADS-9
Logging: Enter the directory and file name to use for the log file or click Browse to browse your file system.
Example: sync.log
Sync:
Click Simulate sync to test your settings. During simulation, Configuration Manager will:
Connect to your G Suite domain and generate a list of users, groups, and shared contacts.
Connect to your LDAP directory server and generate a list of users, groups, and shared contacts.
Generate a list of differences.
Log all events.
If the simulation is successful, Configuration Manager generates a Proposed Change Report that shows what changes would have been made to your G Suite user list.
GADS-10
Note: Running a simulated synchronization does not update or change your LDAP server data or your users accounts in G Suite. The simulation is only for checking and testing purposes.
When you are confident that the configuration is correct, click Sync & apply changes to initiate the synchronization.
We receive password protected bank statements, credit card statements, mobile bills and salary slips every month. It’s quite OK to have passwords for PDF files that we rarely use but the situation changes as we use the file more frequently. It can be monotonous and tiresome to type the password each time you need to open the PDF file. Even sometimes we need to share these PDF files, in such cases, we can remove the password protection from a PDF file by decrypting it. PDF decryption is very easy but requires specialized software to do that. In this tutorial, we will see how to remove password from PDF file in a distinct method. The easiest and recommended way to remove password is using the Google Chrome browser.
Drag and drop password protected PDF file into Google Chrome browser.
Google Chrome will now prompt you to enter the password of the file. Enter the password and hit Enter to open the file.
Now go to the File menu in Google Chrome and choose Print (or press Ctrl+P on Windows or Cmd+P on Mac). Choose the destination printer as “Save as PDF” and click the Save
Google Chrome will now save the PDF to your PC but without the password protection. If you re-open this PDF , it will open without prompting password.
Finding useful information on the World Wide Web is something many of us do. We can find information about anything by searching online. Google is the most popular search engine available, but navigating it can sometimes be tricky.
But most people don’t use it to its best advantage. Do you just plug in a keyword or two and hope for the best? That may be the quickest way to search, but with more than 30 trillion pages in Google’s index, it’s still a struggle to pare results to a manageable number.
Google’s algorithm keeps improving, and without context, it’s hard for Google to know exactly what you’re looking for, especially if your inquiry is highly specific. But there are a few tricks for searching that can help you quickly find the results you’re looking for. Tricks like formatting and punctuation can really help narrow down your search.
So learn some of these tricks on how to be effective at “Googling”:
Some time ago I started attending trainings and discussions with industry experts, on McAfee ePO and started learning many things from them. During these sessions I came across some issues with McAfee 4.x and 5.x installation. I have uploaded solutions to some of these issues on my blog, please refer the following link:
One fine morning all of sudden I got a doubt, what if I lost McAfee ePO admin password and there were no additional accounts configured. I opened my laptop and started Googling for the solution. There were more blogs describing this issue, but none had a satisfied solution. After a rigorous search on the Internet, I found two good and easy solutions.
Solution–1:
We believe that only one account, i.e. Admin account, is configured in McAfee ePO. But by default one more account exists in the McAfee ePO User Management, named system. This account is disabled by default. User ‘system’ account has administrative rights (see theImage-1).
Image- 1
This user (system) is by default non-editable through the web console (see the Image–2)
Image- 2
We have to enable the user ‘system’ through MS SQL.
Go to start –> All Programs –> MS SQL Server 2008R2 –> click on SQL Server Management Studio, expand Databases -> expand ePO Database –> expand Tables –>go todbo.OrionUsers –> right click ondbo.OrionUsers –>click on Edit Top 200 Rows.One window will open on the right side (see the Image-3)
Image- 3
Under the OrionUsers Table –>following changes will need to be done for the user ‘System’
Under Disabled –> default setting will be True, change it to False (click enter)
Under Interactive –>default setting will be False, change it to True (click enter)
Minimize the SQL window and Open the McAfee ePO web console and type username: system, Password:system
It will allow you to login. Click on MenuàUnder User Management –>click on Users –>Admin –>Rightside down click on Actions –>click on Edit (see the Image-4& Image -5)
Image- 4
Image- 5
Click on Change Authentication or Credential
Type Password and confirm Password and save (see the Image-6)
Image- 6
Log off and Login with Admin credentials. That’s it.
Now Open SQL and make the same changes in OrionUsers Table (Exactly as shown in the Image-7)
Image- 7
Under Disabled –>change it to True (click enter)
Under Interactive –> change it to False (click enter)
Solution–2:
In solution 1, enabling of the user ‘system’ account through MS SQL resets Admin the Password.
In Solution -2, we will create a new account with Administrative rights using MS SQL and through new account will reset the Admin password.
Go to start –> All Programs –> MS SQL Server 2008R2 –>click on SQL Server Management Studio, expand Databases –> Click on ePO Database –> open a New Query, run the following query and execute
It will create a new user ‘epoadmin’, with the password: epoadmin
Open the McAfee ePO web console with username and passwordepoadmin
It will allow you to login.Click on Menu –>Under User Management –>click on Users –> Admin –> Rightside down click on Actions –> click on Edit and reset the Admin Password
Log off and Login with Admin credentials. That’s it.
NOTE: Use the above solutions when you don’t have any other option. Be sure you have got the required skills to modify SQL server. You can break your ePO server if you don’t know what you are doing. Don’t hold me responsible for your actions; think before you act and always make sure you have a backup 🙂
IMPORTANT: McAfee recommends that you implement account and password management policies such as:
Maintaining a backup administrator account
Creating individual accounts for each administrator
Adhering to corporate requirements for accounts and passwords
In June 2012, the number of Android malware threats increased to a whopping 25,000 samples. More specifically, 5,000 new malicious Android apps were found in Q1 2012 while 15,000 were found so far in Q2 2012. Put another way, in all of Q1 2012, the number jumped by 5,000, while just one month in Q2 2012 was responsible for another 10,000.
The data come from Trend Micro, which originally predicted the number would hit 11,000 by this time of the year. It turns out the company has found closer to 25,000 Android malware samples in the wild, so far.
Various tactics cyber criminals use to trick users into downloading malicious apps. Official Android app storeGoogle Play became host to infected apps. Fake versions of Skype, Instagram, Angry Birds Space, Farm Frenzy, and other legitimate apps were used to send messages to premium numbers at the users’ cost. Users’ curious nature was monetized by spying apps like Spy Tool and Spy Phone Pro+. The particularly sophisticated BotPanda strain opens rooted devices for remote access while hiding its routines
The security firm Trend Micro elaborated a bit on the top malware types and released a corresponding infographic:
The last statistic mentioned above is that one in five Android devices has a security app installed.
Click on Settings –> Advanced Settings –> Content Settings –> Block Camera and Microphone
lakkireddymadhu 