Google Apps (G Suite) provides the option of turning on two-step verification for your user accounts. This provides an extra layer of security to your user’s data by having them authenticate with a verification code as well as their password. I recommend that you enable this option to make your accounts more secure. The instructions below will lead you through enabling two-step verification as well as enforcing its use for your G Suite service.
INSTRUCTIONS
Enabling Two-Step Verification
These steps will guide you through enabling the option of using two-step verification for your G Suite account users. This allows your users to choose to use the feature if they wish. It does not make two-step verification mandatory for your users.
4. Scroll down to the Two-Step Verification setting and tick the checkbox to Allow users to turn on 2-step verification. This will enable the ability for the account user to utilize two-step authentication if they choose.
5. Click on the Save changes button that appears.
NOTE:
If you wish to make it mandatory for your users to use two-step
authentication, please continue on to the enforcing two-step
verification instructions once the two-step verification option is
enabled.
The HTTP-over-QUIC experimental protocol will be renamed to HTTP/3 and is expected to become the third official version of the HTTP protocol, officials at the Internet Engineering Task Force (IETF) have revealed.
This will become the second Google-developed experimental technology to become an official HTTP protocol upgrade after Google’s SPDY technology became the base of HTTP/2.
HTTP-over-QUIC is a rewrite of the HTTP protocol that uses Google’s QUIC instead of TCP (Transmission Control Protocol) as its base technology.
QUIC stands for “Quick UDP Internet Connections” and is, itself, Google’s attempt at rewriting the TCP protocol as an improved technology that combines HTTP/2, TCP, UDP, and TLS (for encryption), among many other things.
In a mailing list discussion last month, Mark Nottingham, Chair of the IETF HTTP and QUIC Working Group, made the official request to rename HTTP-over-QUIC as HTTP/3, and pass it’s a development from the QUIC Working Group to the HTTP Working Group.
In the subsequent discussions that followed and stretched over several days, Nottingham’s proposal was accepted by fellow IETF members, who gave their official seal of approval that HTTP-over-QUIC becomes HTTP/3, the next major iteration of the HTTP protocol, the technology that underpins today’s World Wide Web.
According to web statistics portal W3Techs, as of November 2018, 31.2 percent of the top 10 million websites support HTTP/2, while only 1.2 percent support QUIC.
What is QUIC?
QUIC (Quick UDP Internet Connections) is a new transport protocol for the internet, developed by Google.
QUIC solves a number of transport-layer and application-layer problems experienced by modern web applications while requiring little or no change from application writers. QUIC is very similar to TCP+TLS+HTTP2 but implemented on top of UDP. Having QUIC as a self-contained protocol allows innovations which aren’t possible with existing protocols as they are hampered by legacy clients and middleboxes.
Key advantages of QUIC over TCP+TLS+HTTP2 include:
Connection establishment latency
Improved congestion control
Multiplexing without head-of-line blocking
Forward error correction
Connection migration
Connection Establishment
QUIC handshakes frequently require zero roundtrips before sending a payload, as compared to 1-3 roundtrips for TCP+TLS.
The first time a QUIC client connects to a server, the client must perform a 1-roundtrip handshake in order to acquire the necessary information to complete the handshake. The client sends an inchoate (empty) client hello (CHLO), the server sends a rejection (REJ) with the information the client needs to make forward progress, including the source address token and the server’s certificates. The next time the client sends a CHLO, it can use the cached credentials from the previous connection to immediately send encrypted requests to the server.
Congestion Control
QUIC has pluggable congestion control and provides richer information to the congestion control algorithm than TCP. Currently, Google’s implementation of QUIC uses a reimplementation of TCP Cubic and is experimenting with alternative approaches.
One example of richer information is that each packet, both original and retransmitted, carries a new sequence number. This allows a QUIC sender to distinguish ACKs for retransmissions from ACKs for originals and avoids TCP’s retransmission ambiguity problem. QUIC ACKs also explicitly carry the delay between the receipt of a packet and its acknowledgment being sent, and together with the monotonically-increasing sequence numbers. This allows for precise roundtrip-time calculation.
Finally, QUIC’s ACK frames support up to 256 NACK ranges, so QUIC is more resilient to reordering than TCP (with SACK), as well as able to keep more bytes on the wire when there is reordering or loss. Both client and server have a more accurate picture of which packets the peer has received.
Multiplexing
One of the larger issues with HTTP2 on top of TCP is the issue of head-of-line blocking. The application sees a TCP connection as a stream of bytes. When a TCP packet is lost, no streams on that HTTP2 connection can make forward progress until the packet is retransmitted and received by the far side – not even when the packets with data for these streams have arrived and are waiting in a buffer.
Because QUIC is designed from the ground up for multiplexed operation, lost packets carrying data for an individual stream generally only impact that specific stream. Each stream frame can be immediately dispatched to that stream on arrival, so streams without loss can continue to be reassembled and make forward progress in the application.
Forward Error Correction
In order to recover from lost packets without waiting for a retransmission, QUIC can complement a group of packets with an FEC packet. Much like RAID-4, the FEC packet contains parity of the packets in the FEC group. If one of the packets in the group is lost, the contents of that packet can be recovered from the FEC packet and the remaining packets in the group. The sender may decide whether to send FEC packets to optimize specific scenarios (e.g., beginning and end of a request).
Connection Migration
QUIC connections are identified by a 64-bit connection ID, randomly generated by the client. In contrast, TCP connections are identified by a 4-tuple of source address, source port, destination address, and destination port. This means that if a client changes IP addresses (for example, by moving out of Wi-Fi range and switching over to cellular) or ports (if a NAT box loses and rebinds the port association), any active TCP connections are no longer valid. When a QUIC client changes IP addresses, it can continue to use the old connection ID from the new IP address without interrupting any in-flight requests.
For a detailed explanation, read the book: HTTP/3 Explained by Daniel Stenberg
HTTP/3 explained is a free and open booklet describing the HTTP/3 and QUIC protocols.
Are you concerned about your online security? With more data breaches occurring daily, it’s crucial to protect yourself with these simple tips.
This infographic is a comprehensive look at how you can reduce your online visibility to protect your privacy, but still be seen by your family and friends. From browsing the internet to safety on social media platforms, you don’t need to be a technical genius to lessen your online risk.
You don’t have to leave the grid to disappear from hackers and unscrupulous businesses who exploit you and your information for their gain without your knowledge. However, it’s critical to protect your data on each platform you use.
Unfortunately, these big corporations don’t always have our best interests at heart. As we’ve seen from the multiple data breaches, there are times that consumers aren’t told about the hack until it was too late. Repairing your credit and personal information after a data hack is scary. By locking down your data now, you’ll save yourself a bigger headache later.
For years users have wanted to save time and effort when accessing servers on the network, Web sites requiring credentials, etc. So, there have been options in the operating system to save usernames and passwords for faster and easier access. I am sure you have seen this, either in a prompt or a checkbox, asking you to save the password. In Windows, you have the ability to store the credentials for resources that you access often, or just don’t want to have to remember the password. Although this is a time-saving option, you might want to reconsider using this feature due to security issues.
Windows stores the passwords that you use to log in, access network shares, or shared devices. All of these passwords are stored in an encrypted format, but some passwords easily are decrypted using your Windows login password.
Windows stores the login credential details in a hidden desktop app named Credential Manager. Here is how to find this app, how to see which credentials are stored by Windows and how to manage them:
What is the Credential Manager?
Credential Manager is the “digital locker” where Windows stores log-in credentials like usernames, passwords, and addresses. This information can be saved by Windows for use on your local computer, on other computers in the same network, servers or internet locations such as websites. This data can be used by Windows itself or by programs like File Explorer, Microsoft Office, Skype, virtualization software and so on. Credentials are split into several categories:
Windows Credentials – are used only by Windows and its services. For example, Windows can use these credentials to automatically log you into the shared folders of another computer on your network. It can also store the password of the Homegroup you have joined and uses it automatically each time you access what is being shared in that Homegroup. If you type a wrong log-in credential, Windows remembers it and fails to access what you need. If this happens, you can edit or remove the incorrect credential, as shown in later sections of this article.
Certificate-Based Credentials – they are used together with smart-cards, mostly in complex business network environments. Most people will never need to use such credentials and this section is empty on their computers. However, if you want to know more about them, read this article from Microsoft: Guidelines for enabling smart card logon with third-party certification authorities.
Generic Credentials – are defined and used by some of the apps you install in Windows so that they get the authorization to use certain resources. Examples of such apps include OneDrive, Slack, Xbox Live, etc.
Web Credentials – they represent login information for websites that are stored by Windows, Skype, Internet Explorer or other Microsoft apps. They exist only in Windows 10 and Windows 8.1, but not in Windows 7.
How to open the Credential Manager in Windows:
The method that works the same in all versions of Windows. First, open the Control Panel and then go to “User Accounts –>Credential Manager.”
You’ll notice there are two categories: Web Credentials and Windows Credentials. The web credentials will have any passwords from sites that you saved while browsing in Internet Explorer or Microsoft Edge. Click on the down arrow and then click on the Show link.
You’ll have to type in your Windows password in order to decrypt the password.
f you click on Windows Credentials, you ’ll see fewer credentials stored here unless you work in a corporate environment. These are credentials when connecting to network shares, different computers on the network, or network devices such as a NAS.
In the same way, I’ll also mention how you can view Google Chrome saved passwords. Basically, each browser has the same feature, so you can do the same thing for Firefox, Safari, etc. In Chrome, click on the three dots at the top right and then click on Settings. Scroll down and then click on Passwords.
Under Passwords, enable Offer to save your web passwords. You can view the saved passwords.
History of the Credential Manager:
According to a 1996 Network Applications Consortium (NAC) study, users in large enterprises spend an average of 44 hours per year performing login tasks to access a set of four applications. The same study revealed that 70 percent of calls to companies’ Help desks were password-reset requests from users who had forgotten a password.
Single sign-on (SSO) is an approach that attempts to reduce the time users spend performing login tasks and the number of passwords users must remember. The Open Group, an international vendor and technology-neutral consortium dedicated to improving business efficiency, defines SSO as the “mechanism whereby a single action of user authentication and authorization can permit a user to access all computers and systems where that user has access permission, without the need to enter multiple passwords”
SSO solutions come in two flavors: solutions that deal with one set of user credentials and solutions that deal with multiple sets of user credentials.
A good example of the first type of solution is a Kerberos authentication protocol-based SSO setup.
A good example of the second type of solution is the Credential Manager. Credential Manager is a new SSO solution that Microsoft offers in Windows Server 2003 and Windows XP. It’s based on a secure client-side credential-caching mechanism.
The Windows 2000 (and earlier) requirement that users must re-enter the same credentials whenever they access resources on the same Internet or intranet server can be frustrating for users, especially when they have more than one set of credentials. Administrators often must cope with the same frustration when they have to switch to alternative credentials to perform administrative tasks. Credential Manager solves these problems.
Conclusion:
Browser-stored passwords make it easy for hackers to get inside your network
allowing a browser to “remember” passwords can pose a major security risk because:
Password recovery tools can easily find these passwords.
Browsers typically do not use strong encryption for these passwords.
Users do not monitor and rarely change these passwords once they store them in their browser.
DO NOT USE THE “REMEMBER PASSWORD” FEATURE ON APPLICATIONS SUCH AS WEB BROWSERS (Google Chrome, Mozilla Firefox, Safari, Internet Explorer etc.)
For IT Admins:
Get your FREE Browser-Stored Password Discovery Toolfrom Thycotic to quickly and easily identify risky storage of passwords in web browsers among your Active Directory users. You get reports that identify:
Top 10 common machines with browser-stored passwords
Top 10 common users with browser-stored passwords
Top 10 most frequently used websites with browser-stored passwords
The Browser-Stored Password Discovery Tool is free. You can re-run the Browser-Stored Password Discovery Tool at any time to identify browser password risks and help enforce compliance with web browser security policies.
Problem: The following message displays when select Remove for the McAfee Agent through Add \ Remove Programs or Programs and Features on client computers:
” McAfee Agent cannot be removed while it is in managed mode”
Solution:
The computer must be removed from Managed Mode
Steps:
1- Open Command Prompt
2- Go to the folder” C:\Program Files (x86)\McAfee\Common Framework” on X64 systems,” C:\Program Files\McAfee\Common Framework” on X86 systems
3- Type “frminst.exe /forceuninstall” and press enter. command without quotes
Microsoft Corp. Announced that its Board of Directors has appointed Satya Nadella as Chief Executive Officer and a member of the Board of Directors effective immediately. Before being named CEO in February 2014, Nadella held leadership roles in both enterprise and consumer businesses across the company.
Joining Microsoft in 1992, he quickly became known as a leader who could span a breadth of technologies and businesses to transform some of Microsoft’s biggest product offerings.
Most recently, Nadella was executive vice president of Microsoft’s Cloud and Enterprise group. In this role he led the transformation to the cloud infrastructure and services business, which outperformed the market and took share from the competition. Previously, Nadella led R&D for the Online Services Division and was vice president of the Microsoft Business Division. Before joining Microsoft, Nadella was a member of the technology staff at Sun Microsystems.
Originally from Hyderabad, India, Nadella lives in Bellevue, Wash. He earned a bachelor’s degree in electrical engineering from Mangalore University, a master’s degree in computer science from the University of Wisconsin – Milwaukee and a master’s degree in business administration from the University of Chicago. He is married and has three children.
“During this time of transformation, there is no better person to lead Microsoft than Satya Nadella,” said Bill Gates, Microsoft’s Founder and Member of the Board of Directors. “Satya is a proven leader with hard-core engineering skills, business vision and the ability to bring people together. His vision for how technology will be used and experienced around the world is exactly what Microsoft needs as the company enters its next chapter of expanded product innovation and growth.”
Since joining the company in 1992, Nadella has spearheaded major strategies and technical shifts across the company’s portfolio of products and services, most notably the company’s move to the cloud and the development of one of the largest cloud infrastructures in the world supporting Bing, Xbox, Office and other services. During his tenure overseeing Microsoft’s Server and Tools Business, the division outperformed the market and took share from competitors.
“Microsoft is one of those rare companies to have truly revolutionized the world through technology, and I couldn’t be more honoured to have been chosen to lead the company,” Nadella said. “The opportunity ahead for Microsoft is vast, but to seize it, we must focus clearly, move faster and continue to transform. A big part of my job is to accelerate our ability to bring innovative products to our customers more quickly.”
“Having worked with him for more than 20 years, I know that Satya is the right leader at the right time for Microsoft,” said Steve Ballmer, who announced on Aug. 23, 2013 that he would retire once a successor was named. “I’ve had the distinct privilege of working with the most talented employees and senior leadership team in the industry, and I know their passion and hunger for greatness will only grow stronger under Satya’s leadership.”
Microsoft also announced that Bill Gates, previously Chairman of the Board of Directors, will assume a new role on the Board as Founder and Technology Advisor, and will devote more time to the company, supporting Nadella in shaping technology and product direction. John Thompson, lead independent director for the Board of Directors, will assume the role of Chairman of the Board of Directors and remain an independent director on the Board.
Nadella addressed customers and partners for the first time as CEO during a Customer and Partner Webcast event.
How peoples’ lives are changed through Microsoft technology with a Super Bowl ad. This one-minute ad celebrates what technology can do, and is narrated by Steve Gleason, former NFL player and post-Katrina hero of the New Orleans Saints, now living with ALS. Steve narrates the spot in the same way he communicates daily — using his Surface Pro to speak, via eye tracking technology
I had encountered three problems when installing McAfee ePO 4.5, 4.6 & 4.6.6 on Windows 2008 server standard edition R2.
Problem 1: SQL2005 backward compatibility: McAfee ePO comes with SQL 2005 express, however you will encounter a problem of unable to install the SQL 2005 backward compatibility on Windows 2008 server R2 standard edition. You have to install SQL 2008 otherwise ePO installation cannot be preceded.
Problem 2:8.3 naming conventionwas disabled:
You need to modify the registry to enable the 8.3 convention. 8.3 naming is needed for the tomcat service.
computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisable8dot3NameCreation from 2 to 0
Another method which is easier – is to use fsutil.exe.
Problem 3: Setup is unable to access UDP port 1434:
This problem will arise while installing all versions of McAfee ePO 4.5, 4.6. 4.6.6 and 5.0.
To resolve above error, we have to start SQL server browser service. By default SQL server browser is disabled. SQL Server Network Configuration protocols TCP/IP to be enabled, this protocol also by default disabled.
Go to Start->All programs->MS SQL Server 2008R2 ->Configuration Tools->click on Configuration Manager (for details see the image given below)
Once changes done we have to restart the SQL server service (see the below image)
That’s it, further click Next… Next finish the installation.
Happy computing….
From here forward, McAfee will be known as Intel Security.
Do the following tasks to take FortiGate firewallbackup.
Steps:
Connect the firewall through browser.
Login to the firewall (Enter User name & Password) (see Figure-1)
Figure-1
3. After logging in, click on System–>Maintenance–>Backup & Restore on the left hand side of the window (see Figure-2).
Figure-2
4. FortiGate firewall configuration can be saved to management computer, a central Mangement station or to a USB stick, if the FortiGate supports a USB stick.
5. The central management station is referred to remote management service the FortiGate unit is connected to. For example, if the current configuration on a FortiGate-60 is backed up to a FortiManager unit, the central management station would be the FortiManager unit.
USB Disk – displays if the FortiGate unit supports USB disks. This option is grayed out if no USB disks are connected.
6. Select to encrypt the backup file. Encryption must be enabled to save VPN certificates with the configuration. This option is not available for FortiManager backup option.
Enter a password to encrypt the configuration file. You will need this password while restoring the configuration file. Confirm Enter the password again to confirm the password.
NOTE:If the password is forgotten, there is no way to use the file.
Enter the name of the backup file or select Browse to locate the file. The File name field is only available when the USB drive is connected.
Figure-3
7. Restore – provides the ability to restore the firewall configuration file.
8. Use the “choose file” button if you are restoring the configuration file from the management computer.
Select the configuration file name from the browse list if you are restoring the configuration file from the USB disk.
9. Enter the password, you entered when backing up the configuration file.
Use This Infographic to Pick a Good, Strong Password :
There are few things quite as important as choosing a strong password—at least in the area of onlinesecurity. If you’re looking to beef up your passwords, here are plenty of great tips consolidated into one great image.
Click graphic to enlarge (Please click twice on image)
This is a handy info graphic to share with friends, family, and co-workers — reminding them to stay alert and follow some basic security tips for online and mobile banking.
lakkireddymadhu 