Tuesday, May 25, 2021

SSL VPN and IPsec VPN: How they work

 A virtual private networks (VPN) is a popular way for businesses and individuals to enhance their security online.

But VPNs come in many types and protocols. What is the best one to fit your needs? And why do you even need a VPN?

Before we get to the differences between VPN SSL vs IPSEC, let’s start with the basics.

What is a VPN?

VPN-virtual-private-networkA Virtual Private Network, or VPN, is exactly what it sounds like – a network with no physical location that is configured to protect a user’s privacy online.

Also known as VPN tunnels, they allow users to connect to a private network and use its systems even when not directly connected to that network.

For example, business travelers often use VPN at the airport. By connecting to the airport’s wifi and then establishing a mobile VPN connection to their office network, they can check their company emails as if they were sitting at a workstation.

VPN also establishes a secure connection. The data sent between the user and the network is encrypted, making it a reliable safety measure when using public wifi and other untrusted networks.

The user’s IP address is also obscured by VPN. Anyone wishing to track the user’s activity will see the IP address of the user’s VPN-connected network rather than the address of the user’s local network.

Two of the most commonly used VPN protocols are SSL and IPsec (more details below).

Why should you use a VPN?

The primary benefit of a VPN is enhanced security and privacy. VPN tunnels encrypt the traffic sent to and from the user, making it all but impossible for would-be attackers to use any data they intercept.

So if you want to check your bank account balance on an unsecure network, such as the free public wifi at a local coffee shop, then a VPN connection will help keep your banking password and account information secure.

Since VPN tunnels also obscure user’s IP address, they also make it harder for third parties to track a user’s online activity. Instead of seeing the individual user’s IP address, the third party will only see the IP of the network to which the user is connected via VPN.

Lastly, VPN tunnels are useful when you need to access something on a remote network. For example, if you visit a client’s site and forget to bring an important file, you can connect to the home network via mobile VPN and grab the file from a shared drive (assuming it’s saved there).

IPsec-VPN-network-securityIPsec VPN

IPsec VPN is one of two common VPN protocols, or set of standards used to establish a VPN connection.

IPsec is set at the IP layer, and it is often used to allow secure, remote access to an entire network (rather than just a single device).

This inability to restrict users to network segments is a common concern with this protocol.

IPsec VPNs come in two types: tunnel mode and transport mode.

IPsec Tunnel Mode VPN

IPsec VPNs that work in tunnel mode encrypt an entire outgoing packet, wrapping the old packet in a new, secure one with a new packet header and ESP trailer.

They also authenticate the receiving site using an authentication header in the packet.

Tunnel mode IPsec VPN is typically implemented on a secure gateway, such as on a firewall or router port, which acts as a proxy for the two communicating sites.

IPsec Transport Mode VPN

Transport mode on the other hand only encrypts the IP payload and ESP trailer being sent between two sites.

Usually meant for use in end-to-end communication between sites, transport mode doesn’t alter the IP header of the outgoing packet.

SSL VPNSSL-vpn

Secure Sockets Layer, or SSL VPN, is the second common VPN protocol.

A big plus for SSL VPNs is that they can allow segmented access for users. For example, users can be limited to checking email and accessing shared drives rather than having access to the entire network.

SSL VPNs come in two types, SSL portal and SSL tunnel.

SSL Portal VPNs

SSL Portal VPNs allow a user to securely access the web from a browser once the user logs into the VPN’s online portal using a specified method of authorization.

This type of SSL VPN gets its name because of how the user accesses it – through a single web page, or portal. The page acts as a single gateway to the other services available on the secured network.

SSL Tunnel VPNs

SSL Tunnel VPNs allow the user to not only access the web securely, but to also use applications and other network services that aren’t based on the web.

Due to their sophisticated segmentation capabilities, SSL VPNs often require more skill to implement.

VPNs are not a cure-all

Of course, what you could do is circumvent the entire debate around VPN SSL vs IPSEC. 

After all, a VPN won’t protect your employees from social engineering attacks such as email phishing.

VPNs should be used in conjunction with other network security tools such as firewalls, antivirus, and antimalware to prevent attacks.

Training employees about networks security and its importance is also important for creating an effective, comprehensive network security plan.

Friday, May 7, 2021

How do I create a non .exe OR a .msi Install Package for Installing Symantec Endpoint Protection.

 To create the new custom install package

    1. In the Symantec Endpoint Protection Manager Console, on the Admin tab, under Tasks, click Install Packages.
    The current default client installation packages appear on the right.

    2. Under View Install Packages, click Client Install Packages.
    3. Under Tasks, click Export client install package.
    4. Browse to or create a preferred export folder, and select it.
    5. Select whether or not you want to create a single ".exe" file. (Here, we need to uncheck the box to create a non .exe or a .msi package )





    6. Select Installation Settings and Features.
    7. Select Custom Install Settings from the settings drop down.
    8. Select Custom feature set from the features drop down.
    9. Select the group to which the client will be installed. If no group has been created, select the Default group.
    10. Select the Preferred Mode. The default is Computer mode.
    11. Click OK.

    The new install package is created in the location that you specified.



    Note: Symantec Antivirus.msi Package is very useful in many issues where Customers often face issues like "The Windows Installer service could not be accessed"

Uninstall Symantec Endpoint Protection(SEP) client Through GPO

 What you have to do is create a startup or shut down script.

Note:-In SEPM side you need to remove uninstall password.

  1. To Remove Uninstall Password settings in SEPM go to

SEPM console->Clients tab ->Policies ->General Settings-> Security Settings.

 

To Get Uninstall String in SEP client

Uninstall String is different for Every version of Sep client

SEP Client  12.1.671.4971.105

MsiExec.exe /I{A3AEEA68-AC93-4F6F-8D2D-78BBF7E422B8}

SEP 12.1.2

MsiExec.exe /I {C2103AF2-E66C-446B-9791-9207840EC821}

Follow these steps to get Uninstall Strings.

  1. Start->RUN->Regedit
  2. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3AEEA68-AC93-4F6F-8D2D-78BBF7E422B8}.

 

 Uninstal_1.JPG

Create Batch File

@Echo off

MsiExec.exe /x {C2103AF2-E66C-446B-9791-9207840EC821}  /qn

Exit

Create Batch file as uninstall.bat and save it into AD net logon folder (Shared Location).

How to run Batch file Through Group Policy

1. Start Run ->GPMC.MSC. 

2. Right click on Domain name and select create a GPO in the domain

Uninstall1_0.jpg

3. Give the GPO name (SEP uninstall)

Uninstal2.jpg

4. Edit Newly Created GPO SEP uninstall.

Uninstal3.jpg

5. Go to Computer Configuration ->Policies ->Windows Settings ->Select Script (Startup/Shutdown).

Uninstal4.jpg

6. Select Startup Script ->Add.

Uninstal5.jpg

7. Browse Batch file ( Shared Location) -> Ok.

Uninstal6.png

 

Uninstal7.jpg

8. Apply Ok.

Uninstal8.jpg

9. Select AD OU where you want to apply and  select Link an Existing GPO.

Uninstal9.jpg

10. Select GPO and OK.

Uninstal10.jpg

 

10 Restart Computer.

11.This process will take 5 to 10 min. for removing Sep client.

Saturday, May 1, 2021

How can I display host name, IP Address, Free Space, Memory, etc. on windows desktop

 You are looking for Microsoft's Sysinternals BgInfo. It is very customizable. Not to mention it comes straight from Microsoft for free.

How many times have you walked up to a system in your office and needed to click through several diagnostic windows to remind yourself of important aspects of its configuration, such as its name, IP address, or operating system version? If you manage multiple computers you probably need BGInfo. It automatically displays relevant information about a Windows computer on the desktop's background, such as the computer name, IP address, service pack version, and more. You can edit any field as well as the font and background colors, and can place it in your startup folder so that it runs every boot, or even configure it to display as the background for the logon screen.

Screenshot of BgInfo