| Tamer's profileSecurity GuRuPhotosBlogLists |  Tools  Help |
|
Security GuRuThink Big .. Aim High .. Work Hard .. all the dreams come true ..
June 13 Devschool :-i ‘ve been discussing game programming and XNA game studio recently with Sam Stokes. He has a nice blog. Just have a look.
Technorati Tags: Sam Stokes,XNA Game studio June 06 Service Pack 2Windows Vista Service Pack 2 and Windows Server 2008 Service Pack 2 is available for download here . May 23 Gears of war Cog-TagsIf you feel collecting the 33 Co-Tags difficult, watch the video here. Technorati Tags: Cog-Tags,Gears of War Gears of War ..I really enjoyed this game soooooooooo much that it made me think seriously of trying XNA Game studio. Just have a look on this review..
April 06 Dual Boot Configuration for Windows Server 2008 and VistaI usually use Dual boot on my machine, for testing, trials, learning purpose …etc I had some headache recently.. I had windows vista ultimate 32 bit installed on my C drive. After wards, I installed Windows server 2008 64Bit on my D drive. On boot, i have a list to choose the boot options. All worked fine.
The only solution, was to boot again from the Vista DVD, choose the repair option. Afterwards all the stuff is repaired.
Have a look again on how the boot configuration looks like now
April 02 Adding a new virtual hard disk on VMWare Workstation ACE edition
Sometimes you need to expand the allocated hard disk space or add a new HDD drive for one of your virtual machines. I ‘ll show a little explanation for that.
I ‘m using Windows XP virtual machine on a Vista machine. This snapshot shows the only available HDDs on the XP machine:
You need to shutdown the virtual machine before adding the new Hard Disk.
Edit Virtual Machine Settings
Click Add
Now the new disk has been added
Restart your virtual machine
Nothing new added yet. But, note the new HDD icon on the bottom right icons on the vmware bar. On the virtual machine, Start > Run > mmc.exe File > Add / Remove snap-in Add > Computer Management
Click on Disk Management
(This gives you an option to use a dynamic disc too if you need one)
Right click on the new disk and choose > Create New Partition
Now the new HDD partition added successfully
Technorati Tags: Virtualization VMware Virtual Hard Disk VHD February 01 Synchronizing your Mp3s with Windows MobileSynchronizing your Mp3s with Windows Mobile and Windows Media Player is something pretty simple. Media Player 11 detects the Mobile Device you are using and the the storage card as two separate devices. Just drag and drop the files to the sync list and it is synchronized automatically once you connect your Mobile to the computer
Technorati Tags: Windows Mobile 6 Sync Media player 11 HTC Synchorizing Mp3s January 30 Making your first Access Rule for Forefront Threat Management GatewayMaking your firewall access policy is so simple. You should only have a plan. What you want to do ( Allow / Deny ) for what type of traffic, the source and destination ( either computers or networks) , users or computers. If you need to have exceptions, this is easily allowed. Make sure you use a nice description name for the policy you make. Also take care that the policy order makes a difference. For exmaple: If we have two access rules: . Allow All Traffic . Deny All Traffic
This order will allow all the traffic. But, if they are rearranged as . Deny All Traffic . Allow All Traffic This order will deny all the traffic. Making your first access policy: When I tried to access my blog website from the machine hosting the Forefront Threat Management Gateway I couldn’t.
Actually, Forefront Threat Management Gateway, considers the hosting machine ( local host ) as a separate network. So, we will make an access rule to allow the web traffic from the hosting machine.
To have a more detailed look on the protocols, click (Edit)
Select whether you want your HTTP traffic to be inspected for malware or no
Forefront TMG detects the local host machine as a separate network You can add multiple source networks or users to the same rule if you want so
Click Add. You can choose “External” form the networks part for the whole internet. You can also make a new URL set. Click new
Installing Forefront Threat Management GatewayISA server and Forefront were two separate products. But now, they have become one. Forefront Threat Management Gateway (TMG) adds the malware protection functionality to the ISA server. This is a little presentation showing the installation step by step on the windows server 2008 64bit that is NOT a part of a domain ( Just to make stuff simpler at first ) First: Unpack the installation application:
Then, Just follow the wizard:
Choose the installation path
Second: Install the software:
Choose “Install Forefront TMG”
. If you have other machines having the Forefront TMG installed and you want to manage them remotely from the computer, choose the “Install Forfront Threat Management Gateway Management Only ”. But, this option doesn’t install the TMG engine. . In our case, we will install the first option, this installs the engine and the management interface too.
We need all the stuff to be available on the machine.
choose the network adapter connected to your internal network
You can also add different ip address ranges to your internal network
Check the ranges for confirmation before clicking next
Installation Done
Third: Begin configuring you Forefront Threat Management Gateway:
You have three templates. For the sake of this demonstration, we will select the Edge Template. ( NB. The three templates preview is only to understand what is going on. It doesn’t affect your network configuration at all)
If your network settings were not detected automatically, make sure you enter them
Check the settings if you need to change any before clicking finish
Make sure that the machine name and the domain settings ( if you are connected to a domain ) are detected well, otherwise, enter them manually.
You must have your TMG server up to date, to have your network more secure. New attacks and malware updates are available frequently
You can participate if you like ;)
As a first time installation, you may need to use the Web Access Wizard to make policies for your network users web access, but you can uncheck it and begin making the access rules manually the way you like.
Malware inspection for web traffic is a new feature. It uses the malware engines in Forefront server
Make sure you read the options carefully (Although it is always recommended to make the access rule manually to make sure you are really allowing access to what you really need and nothing more )
You can selectively Deny Access to anywhere ( Will be discussed in more details in a later article)
It is recommended to use the Malware Inspection feature
If you want to allow web caching to minimize the internet traffic for commonly accessed websites. ( will be discussed later in a separate article for using a web caching server )
Now you have Forefront Threat Management Gateway successfully installed
To view the policies, click on the Firewall Policy on the Left side. You will find the access rule we just created using the wizard. Make sure you click the apply button to have the new settings applied
Also, note the default DENY ALL at the bottom of the list. Make sure this policy is always the last one as it will deny all connections that don’t match the policies above. If it is in a higher position, allowed access by other policies below it will be discarded.
Technorati Tags: TMG Forefront Threat Management Gateway ISA Server December 24 Annoying Mobile Internet connection : Disable GPRS / EGDE connection on HTCWell.. I 'm using Windows Mobile 6.0 on HTC Touch. I 'm paying a lot for weather updates !!!! and stuff like that, when I don't need to use the GPRS / EDGE so long as I have the wifi and my laptop available. There is no clear function to disable that without disconnecting your mobile signals too. I had to make a new NULL !!!! connection for Internet access as the default one, then switch between the network connections when I need to have Internet access form my mobile.
Start > Settings > connections > connections > advanced > Select Networks
The first part showing " Programs that automatically connect to the Internet should connect using" : Just make a new connection with no settings and save it. Choose it as the default connection, when you need to have access, choose your mobile network connection back ...
Enjoy :) and save your money :D
Technorati Tags: Windows Mobile EDGE GRPS HTC December 19 Introduction to Hyper-VHyper V is a new Virtualization Era. Microsoft has done a big deal of improvements and enhancements on the Virtualization. Now Hyper V is a part of the system.You don't have to go through that headache of implementing Virtualization like that used to be in Virtual server. When I first tried to try Hyper V, installed a 32Bit server edition. Then I discovered it is not supported. I don't know why Microsoft doesn't support the Hyper V role in a 32 bit server. So, I had to install a 64 bit version. A strange thing happened ( was my first time to notice it actually) : . My HDD has 3 partitions :
When I began to install the win2008, I chose the D partition. On opening the windows explorer from the server, it sees the windows files ..etc on the C partition and the vista on D !!!!!! why did that happen ? Is it intentionally ? Why doesn't it support the parallel installation with keeping the drive letters the same as they are ? (The data is kept actually the same. When I check on vista, I find the vista on C partition and the server on D :( ) Now, lets go a head exploring the Hyper V step by step.
This is a Tutorial for Hyper-V Virtualization beginners. Please make sure you email me or post comments in case you need any clarification. . I wanted to show first the I have only one NIC now. After installing the Hyper V role, I 'll install other NICs to have more connectivity options with the virtual machines.
. When you first start your server for the first time, it has no roles. Just go and add the hyper V role. ( System updates, securing your server...etc is beyond the scope of this topic. This is a testing machine)
. Just follow the wizard an all goes fine.
. Make sure you select Hyper-V
. An introduction to hyper-V, also the help documents from Microsoft on hyper v. . Installing
. Restart your system now . Right after system restart
The installation succeeded. Now let's begin making our first virtual machine.
. First have a look on the Hyper-V server settings. Make sure you change the default directories for the virtual hard disks and the virtual machines. ( In a business environment, they should be on different physical drives other than your operating system for better performance). Also, change your escape Release Key according to what you prefer.
. . Then. go to the virtual network manager.. Well, now I 'll choose the network option to show a virtual NIC we will use.
. The Virtual NIC appears now. We can treat it as if it were a real one.
Now, we will start creating the first virtual machine.
. Right click your machine --> New --> Virtual Machine. The hard disk and floppy disk can be used too to make expansion for your virtual machines as if you were adding some new hardware. ( amazing ;) ) . Just follow the wizard ...
Assign the Ram you like for your virtual machine
Now choose the network card we made before.
Choose the virtual hard disk configuration. (Here we will make a new one as shown)
Choose the installation source.
Make sure you have all the things right and click finish.
Now you have a new machine on your system :)
You can have as much virtual machines as you like so long as you have enough hardware support. I 'll wait for your comments..
Technorati Tags: hyper V Virtual Machine windows server 2008 virtualization honeypot December 03 Upgrading Vista Home Premium to UltimateI wanted to upgrade my vista home premium to ultimate. The upgrade process was smooth. All the software and configuration was kept. I only had to uninstall Powershell before upgrading to vista ultimate. The upgrade process took about 3 - 4 hours. After the upgrade was complete, only few stuff was changed. . I had to reinstall : . VMWare ( coz the virtual network cards were lost) . Daemon Tools ( coz the virtual drvie i use to mount iso imsages was lost) . reconfigure the display configuration and poweroptions again. . Reinstall AVIRA ( coz the license key was lost) . Do some new windows update. . Reconfigure windows media player. . Other microsoft stuff like visual studio and office were kept the same. Nothing corrupted. . When you do that upgrade, after clicking the start menu for the first time, you will find a link to download windows live messenger again !!! But, if you use the link in all programs you will find it there working with the old configuration. No need to reinstall / redownload it. . If there are other issues, they will be clear soon. . I wanted to share that experience in case anybody wanted to do the same. I was afraid all the stuff gets lost and have the headache of restoring my system like i use it. Thanks God the upgrade process was smooth. Take the risk and do it. Technorati Tags: Upgrade Windows Vista Ultimate Home Premium October 26 Imagine Cup 2009 What's New ?Well.. I 'm an old Imagine Cup competitor. Really wish to reach the world finals this year :) I 'm in the IT Challenge. So, that's what I 'm gonna comment on. I 've noticed three main changes: . The system is slightly changed. There are 8 quizzes for round 1 with 4 different themes. . Round 2 has changed too. . I 've just finished my Quiz 1B. I 'v noticed that you have 60 minutes the moment you start the quiz. And not 60 minutes from the main start time like the previous times, especially when you have a 5 or 10 minutes delay due to the high traffic on the servers. . The thing i liked most was that , the regulations for imagine cup have changed. You can still compete if you have graduated recently. . Also, there are new challenges like the MashUp. . There is a big improvement on making the preparation plan. This will help people who aren't that good in making a study plan for themselves by giving links for suitable online clinics. If you didn't sign up yet, plz do. Good Luck for all... August 31 Programming Best Practices Part 2I think you should first read the "Programming Best Practices Part 1" article I posted before, especially the Security Related Best Practices part. Here I mention some more on Security Related Best Practices for web applications 1. Avoid using Cookies for sensitive stuff :- . Avoid storing sensitive data in cookies, coz they are accessible, can be re-edited or even used for impersonation!! Cookies are easily accessible at Drive Letter\Documents and Settings \ User Name \ Cookies Have a look at that folder and you will get impressed by all the stuff stored!! 2- View State Variables:- Some developers rely on passing some sensitive information as view state variables. This info can be easily seen by viewing the HTML code of the loaded web page. <input type="hidden" name="_whateverIWannaHide" value="This value can be easily seen"> Sensitive stuff is never hidden in the HTML code. 3- Query Strings:- Avoid passing sensitive parameters in the URL like http://www.mysite.com?uid=123 This is a bad security practice. You should better rely on tokens and tickets, or some other authentication stuff like the .Net passport, or use sharepoint servers or so to manage authentication for your user profiles. 4- Session State Time :- Edit your web.config file. If you are coding for sensitive applications like online banking or so, I recommend making the session state time shorter. I believe that the default 20 minutes is tooo long. This is done by changing the timeout value The default is : timeout="20" <sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;user id=sa;password=" cookieless="false" timeout="20" /> Make it 10 or whatever you think is never more than the time the user needs. This is useful, to force a user log in. Imagine this scenario .. Sometimes, especially in public computers, if a user forgets to sign-out and somebody else uses this computer later. The new user can log to his account from the history if the session didn't timeout yet. Making the session timeout short saves your users' sensitive stuff and forces anybody else to sign in again. I 'll wait for your comments and feedback . Technorati Tags: Programming developer Best Practices Code Enahancement CMMI August 18 I 'm Back :)Dear All ....
Sorry for being away all that long time.
At last I 'm graduated :) . No more far aways for the exams.
Wishing you all the best.
Waiting for your comments to go blogging more and more.
Bye all ....
May 05 Programming Best Practices: Part 1I 'm targeting the Hobbyists and Junior Developers here, not the software houses that have Design Guru's, Development managers leading teams of experienced developers.
Part 1 doesn't mean that I 'll post Part 2 tomorrow , but means that there will always be much much more enhancements and best practices so long as developers are still there on the globe .
The stuff I mention here is not mandatory. You can go and code the way you like. But these best practices will make you work much more efficiently, to make professionally looking applications with much higher quality like the big software houses and professional developers do.
You may not use all the recommendations in each application you write. Just choose what suits the application you are writing.
The numbers are for numbering. They don't mean an order. I may rewrite these items again in a different order, so just read it the way you like.
Rule no.1
I forgot, they aren't rules So
. Best Practice no. 1: Reusable Code
You will never be a smart guy if you spend ten days to write code that does a simple action that somebody else did. And, I guess you will be stupid if are spending that time to ReWRITE code that you have written a similar one before
Make sure you rely on Reusable Code.
What I mean here is always have your functions / methods in a reusable form that you can further use in another project. Reuse code written by somebody else in your team...
Rely on source code if it is available, frameworks, like .Net, MFC ...etc
Some big companies even sell their engines for others to use
Just make sure you aren't violating a copyright when you use somebody else's code
. Best Practice no. 2: Test Test Test and Test
Relying on reusable code saves a lot of time, because this code has been tested enough before.
But, when you write your reusable code, make sure you test it enough, so that you don't bother ReTesting it when it is reused in a new project.
. Best Practice no. 3: Distribution
Distribute your Reusable code in class files that can be used later. Also, when you are writing your new project, distribute it to classes that have related stuff. This is better in debugging and also enhances the performance of your program. Suppose I have 1000 methods in my applications. Imagine loading a file that has the 1000 methods. A very big load on the memory. But if it is distributed on different files what you only load what you need, when you need it, this will have a boost on your application performance.
. Best Practice no. 4: Avoid Public stuff
The user's System memory is expensive. So, don't use the Public declaration when you don't need it.
. Best Practice no. 5: Comments
Comments don't increase the file size the way you may think. It is something negligible. Comments have no effect on the performance.
So, when you write your reusable code or even non - reusable, make sure you comment on classes and methods. So that you can remember what was that method / class supposed to do when you come to use it again. This will also help other people in your company / team using your code, to understand what you did at a glance instead of revising your code line by line.
. Best Practice no. 6: Be Simple
Don't act like a rocket scientist when you code. The simple and smaller your code is the better it is. Perfection is Simple.
Again I say: Be simple. Perfection in simplicity
. Best Practice no. 7: Use Versioning
Versioning is important when you update or add new features to your reusable classes. Don't just overwrite the old stuff. Keep the old files and make new ones with a new version number, and write a little comment to show how this class differs from the older version.
This will have lots of benefits later if you begin to face compatibility issues. It will be easier to detect the problems when you use class versioning.
. Best Practice no. 8: No Hardcoding
Don’t' hardcode the filenames, IP address numbers, FQDN machine names and credentials. Make your best to read them form files so that they can be easily changed according to the project and the deployment machines
. Best Practice no. 9: Bug Handling
If you don't have bugs then you aren't a developer
But, no need to have your program crash when the user uses it if something unexpected happens.
Exception handling in your code is very important. Try to handle the expected exceptions, with the suitable action, or a neat error message and an option to close the program. Don't wait for the crash.
. Best Practice no. 10: Logging
Make sure your program is logging the actions, time, machine name, the user account doing the action ...etc according to the sensitivity of your program , actions and clients your are targeting.
Also, have some sense. Don’t overload the processor logging useless data for non sensitive scenarios.
Either using text log files, xml files, Event logs or even Sql database, all depends on the size of the expected log or for how long it is expected to be kept.
. Best Practice no. 11: Temp
If you are acting on something that may cause a critical loss of data, make sure you make a temporary copy, so that you still have a rollback action that gets that temp back if something foolish happens and so, no data is lost.
. Best Practice no. 12: Stick to Coding Standards and Naming Conventions
This will decrease your typing errors. And will have a great value when you work in a team
. Best Practice no. 13: Avoid duplicate names
If I 'm writing a C++ or a C# application,
MyMethod() and mymethod() are 2 different ones. But in Visual Basic they are the same.
Suppose you made a library in C#.net and you had to use it later to in a VB.net application so as to make the best use of the Common Language and Intermediate Language in .Net. You will have a bunch of bugs!!
So, it is a best practice to avoid duplicate names with different casing.
Another scenario will be even if my entire project is in a case sensitive language: Avoid the unexpected errors you may have even by the typing mistakes, which popup by the compiler, but will only give an unexpected result.
. Best Practice no. 14: Design first then code
I 'm not talking about Agile or Waterfall here. I 'm talking about the developers who begin to write on their project without having a design. I 'm talking about the developers who begin to write a complicated class with lots of methods that rely on each others and other classes without having a flowchart for what they are going to do.
So, PLEASE: Have a clear design before writing your first line of code.
. Best Practice no. 15: Be organized, have your own library
As I said before about reusable code. Be organized. Make your own folders having the classes you wrote before in an organized manner. Don’t just throw code files everywhere on your computer. Also, make special folders for the icons. Reusable forms that you commonly use (like the formsplash or the about form).
But, make sure you don't have your company’s property for your private library. Also make sure you check with your legal department if you are allowed to use the code YOU WROTE for your company to use it somewhere else
Security Related best practices:
. Best Practice no. 1: Code in Low Privilege
. In a business like environment, admins deploy the application, either manually or using a group policy, or automated installs ..etc But for security reasons, the users aren't admins on their machines. Some software doing some critical stuff like editing on registry or so , can be denied by the system , as the user doesn't have enough privileges to run it, and the admins then have to escalade the user privileges, or in some very restricted environments, your project may be even rejected and denied access. This is especially if you are writing windows based applications. Similar stuff sometimes happens in web applications when they have complicated scripts that may look malicious sometimes. Similar stuff too happens when you write applications for Microsoft Office that have Macros. These macros may be even denied by your antivirus software.
This happens because developers are Administrators on their machines. So, it is better to begin writing your project using an account with the similar privileges and environment like your expected user. This will make you overcome lots of problem at the coding phase.
. Best Practice no. 2: Encrypt the web.config file
The web.config file has lots of sensitive information for your web project. Just make it encrypted. Don't leave it in the plain text form.
. Best Practice no. 3: Encryption and Logging
Log files and Temporary files are the first to attack. Developers don't bother them selves to encrypt their application’s temp and logs.
Make sure you encrypt them if they have sensitive information. Also make sure you handle the security issues for who is allowed to view the logs.
I'll wait for your comments to make more improvements and post Part 2
Technorati Tags: Programming developer Best Practices Code Enahancement CMMI April 29 Security GuRu BroadcastI thought of having my Video Channel on YouTube at HTTP://www.YouTube.com/TMaher1982
I only posted a video playing a piano intro. I 'll try to post Tehcnical Videos later .
April 03 Web Developer .. Where to begin ??A friend of mine asked me a Question ..
“ I want to be a web developer . I know nothing about programming. Where can I begin ??? “
Well .. There is a great web and windows developer track on the msdn at http://msdn2.microsoft.com/en-us/beginner/default.aspx . I think they are very good to get you form the ground level till a respectable level. All the tutorials are available for both C#.net and VB.net developers.
MSDN has much more tutorials for beginners and experts too.
Good Luck for all new developers. Change the future of computers ..
|
|
||||||||||
Send a private message
Tell a friend
Add to My MSN
Add to your network
Sign up for alerts|
|
