Connect with us

Cyber Security

Comodo One. Understanding Devices in ITSM

Avatar

Published

on

ITSMReading Time: 25 minutes

Comodo One. Understanding Devices in ITSM

How to implement “Bulk to installation package” in devices?

Step 1: Click ‘Download Bulk Enrolment Package’ icon.

OR Go to ITSM > ‘Bulk Installation Package’

Step 2: Fill the form and Download the required package.

1. User – Select the user of your company to install package over the devices of the same user [devices enrolled under the user control]. Example: admin@yourcompany.com

2. Company – Select your company. Example: Your-Company Pvt Ltd

3. Device Group – Select the group. Example: production

4. Comodo Client, If you want to include the Comodo Client, Kindly use the further options

  • Choose operating system – Choose the operating system of the devices
  • Comodo Client – Communication – By default, it is checked and installed if not already
  • Comodo Client – Security – User can check this and let it be added into the package which is downloading here
  • Additional Option.
  • Include initial Antivirus signature database (will apply only if a Profile contains Antivirus section) – If the device profile contains antivirus product then the initialantivirusdatabaseisincludedforthepackage

5. Profile – the default profile is loaded at the beginning but if you want to change the profile then enter the name of the profile and choose it. Example: Windows x64 – Other options < Windows x86, Windows x86 and x64 (Hybrid) and MacOS

6. Restart Control Options – Use the option to get changes on restart control

  • Force reboot in – Select the time laps of the action restarting the machine. Example: 10 minutes
  • Suppress reboot – Select to skip the action restarting machine
  • Warn about the reboot and let users postpone it – Select for user decision that the user can postpone or perform instant action restarting machine
  • Reboot message – Message is auto generated but if wish to change the content, you can.

Step 2.1: Fill the UI Options if you would like to deploy the Comodo Agent through Active Directory from a Server.

1. Show error messages if installation failed

2. Show a deployment confirmation message upon completion of the installation

3. Confirmation Message – Enter your message to confirm if the installation is over. Example: deployment is over.. thank you

4. Download Installer button – click the button and save the package on the local computer

Optional: Fill the Proxy Settings and Download the package if you would like to Deploy the Comodo Agent through Proxy Server.

1. Proxy Host – Enter theProxyIPAddress .

2. Proxy Port – Port Number

3. Username – Administrator privileged user

4. Password – Password of the user

5. Download MST File – click the button and save the MST file to the local computer

**If you already use AD in your environment or you are comfortable with GPO or already have your device structure set on AD and etc, please follow the further steps.

Step 3: Once the .msi file is downloaded. From AD Server, Create a new directory and copy the file into the directory. Example, ITSM_Agent

Step 4: Right-click the created-folder and choose the option ‘Share…’

Step 5: From the ‘ITSM_Agent Properties’ Window, click the tab ‘Advance Sharing’.

Step 6: From the ‘Advance Sharing’ Window, check ‘Share this folder’ checkbox and click the ‘Permissions tab’.

Step 7: From the ‘Permissions ITSM_agent’ Window, ensure the only option ‘Read’ from the Allow column is selected (if not check the Read checkbox only) and click ‘OK’ button

Step 8: Click ‘Apply’ button from the ‘Advance Sharing’ window.

Step 9: Ensure whether the Network path is assigned. Example, \WIN-CU2OX8JDY3DITSM_Agent and then click ‘Close’ button.

Step 10: Go to ‘Administrative Tools’ from ‘Start ‘menu.

Step 11: Double-click the ‘Group Policy Management’.

Step 12: Select the domain from ‘Domains’ folder.

Step 13: Right-click the selected Domain and click the option ‘Create a GPO in this domain and Link it here …’.

Step 14: Enter the Appropriate name and Source for the GPO and click the ‘OK’ button to save it under the selected Domain.

Step 15: Select the GPO from the ‘Domains’ folder and right-click the GPO and choose ‘Edit Option’.

Step 16: Expand the folder ‘Computer Configuration as Computer Configuration’ > Policies > Software Settings and right-click the ‘Software Settings’ menu and choose New > Package…

Step 17: Copy and paste the path we have already created. Example, \WIN-CU2OX8JDY3DITSM_Agent and click the ‘Open’ button.

Step 18: Select the file and click ‘Open’ button again and click ‘OK’ button from the window ‘Deploy Software’.

Step 19: Open Command Prompt as Administrator and run the command ‘gpupdate’. Once your command finished as in the image below, your endpoints will start the installation of the ITSM agent once the user logs on the computer.

How to install custom MSI packages?

Step 1: Go to DEVICES > ‘Device List’ and select the specific device to install the desired MSI package.

Step 2: Click ‘Install MSI/Packages’ icon and select the ‘Custom MSI/Packages’ menu.

Step 3: Fill the form and click the ‘Install’ button.

1. MSI/Package URL – Enter the URL where the package is being downloaded. Example: https://notepad-plus-plus.org/reposi….Installer.exe

2. Command-Line Options – Enter the associated commands to install the package successfully. Example: /S

3. Reboot options – Set the options for reboot the machine after installation of the package

  • Force the reboot in – Select the minutes you want to delay
  • Suppress the reboot – Skip the reboot if you want to do so
  • Warn about the reboot and let users postpone it – Hand over the decision to Users who is logging in
  • Reboot message – Automatically generated.

4. Click ‘Install’ button.

Step 4: Click the ‘MSI Installation State’ tab to know the installation status in detail.
Table contains the columns to check the details of MSI Installation State

1. Option: Delete MSI Installation State – Select the records from the table and click the icon suppose you would like to delete them.

2. NAME – Name of the MSI Installation State

3. STATE – To check the state of the command started for execution

  • Command In The Queue – Waiting for execution
  • Success – Completed
  • Fail – Failures in the execution

4. CREATED – Date of execution created

How to check all malicious files from a device?

Step 1 : Go to ITSM ? ‘Devices’ and click the ‘Device List’ menu.

Step 2: Choose a device from the list, for which you should see the malicious list.

Step 3: Click the ‘File list’ tab and go to the ‘Malicious’ tab.

Step 4: The malicious files that are available in a device are listed here.

Step 5: Click on the name of the file to view the detailed information of the file.

Step 6: The files can also be moved to other categories like Unrecognized and Trusted

1. Select the malicious files by marking checkbox of the table

2. Click ‘Move To Unrecognized’ icon to move the file to ‘Unrecognized’ category

3. Click ‘Move to Trusted’ icon to move the file to ‘Trusted’ category

How to check all unrecognized files from a device?

Step 1: Go to ITSM ? Devices and click ‘Device List’ menu.

Step 2: Choose a device from the list , for which you should see the unrecognized files list.

Step 3: Click the File list . Go to unrecognized tab.

Step4: The unrecognized files that are available in a device are listed here.

Step 5: Select the file name to view the detailed information of the file.

Step 6: The files can even be moved to other categories like ‘Malicious’ and ‘Trusted’.

1. Select the Unrecognized files by marking checkbox of the table

2. Click ‘Move To Malicious’ icon to move the file to ‘Unrecognized’ category

3. Click ‘Move to Trusted’ icon to move the file to ‘Trusted’ category

How to manage associated profiles with a device?

Step 1: Go to ITSM> ‘Devices’> ‘Device List’ . You can see all enrolled devices in ITSM.

Step 2: Click ‘Device’ for which associated profiles needs to be checked.

Step 3: Click ‘Manage Profiles’ button in the top. All associated profiles with the device will be listed here.

Step 4: To remove profile from the device follow below steps,

1. Select profile check box.

2. Click ‘Remove Profile’ button.

Step 5: To associate profile with device follow below steps,

1. Click ‘Add Profiles’ button in the top.

2. Select ‘Profile’

3. Click ‘Save’

How to install additional COMODO packages?

Step 1: Go to ITSM> ‘Devices’> ‘Device List’. You would be able to see all enrolled devices in ITSM.

Step 2: Click ‘Device’ for which additional packages going to be installed.

Step 3: To open install dialog box follow below steps,

1. Click ‘Install MSI/Packages’

2. Choose ‘Additional Comodo Packages’ from drop down menu.

Step 4: Select options as described below,

1. Install Comodo Client – Security – Select check box associated with this option to install ‘Comodo Client – Security’ in the device.

2. Install RMM Plugin Agent – Select check box associated with this option to install ‘RMM Plugin Agen’ in the device.

3. Force the reboot in – If you want to reboot the device after comodo package installation follow below steps,

4. Select check box associated with ‘Force the reboot in ‘

5. Choose any of the time period among “‘5 minutes’, ’10 minutes’, ’15 minutes’, ’30 minutes’” after which device will be automatically restart.

6. Suppress the reboot – Select check box associate with this option to cancel rebooting after software installed in the device.

7. Warn about the reboot and let users postpone it – Enable this option to allow users to postpone reboot upon warning.

8. Reboot message – Enter text to be displayed before reboot otherwise default message settings will be applied.

Step 5: Click ‘Install’ to complete the Comodo package installation process.

How to check active components of a device?

Step 1: Go to ITSM > ‘Devices ‘ > ‘Device list’.

Step 2: Check ‘Active components’ column for the device.

Following active components are available for ITSM devices:

1. Agent only (AG)

2. Antivirus (AV)

3. Firewall (FW)

4. Containment (CO)

Step 3: Installed components in the device have highlighted icons.

Step 4: Please Install and configure Comodo Client Security software a in the device for Antivirus, Firewall and Containment components.

How to set specific applications to be malicious and check the admin rating

In ITSM, Setting a file as a Malicious can be done in two ways.

  • Application Control
  • Device List

1. Application Control:

Step 1: Go to ITSM -> ‘Security Sub-Systems’ and then click “Application Control” menu.

Step 2: The ITSM has grouped the files into three main categories, and the categories are:

1. Unrecognized

2. Trusted

3. Malicious

Step 3: If you find a file from ‘Unrecognized’ tab or trusted tab as harmful, then you can move the file to ‘Malicious’.

Step 4: To Move the files to ‘Malicious’ tab please follow the below steps.

a. Navigate to ‘Unrecognized’ tab or ‘Trusted’ tab.

b. Select the check boxes of the appropriate files.

c. Click the “Move to Malicious” in the top.

Step 5: Go to ‘Malicious’ tab and view the saved files.

Step 6: Admin Rating, Indicates whether the file was manually moved by the Administrator from one category to another and the Categories are Unrecognized, Trusted and Malicious.

1. If Admin Rating is “yes”, Indicates that the file was moved by Administrator.
Example: Since the files were moved, the admin rating is set as “yes”. (Please Refer the screenshot)

2. If Admin Rating is “Not Set”, Indicates that the file was not moved by Administrator.
Example: Since the files were not moved, the admin rating is set as “not set”. (Please Refer the screenshot).

2. Device List:
Step 1: Go to ITSM -> ‘Devices’ and then click “Device List ” menu.

Step 2: Select a device from the list.

Example: WIN-EV5S84NSROI (Please Refer the image)

Step 3: Go to ‘File List’ tab.


Step 4: If you find a file from ‘Unrecognized’ tab or ‘Trusted’ tab as harmful, then you can move the file to Malicious.

Step 5: To Move the file(s) to malicious tab,

a. Go to ‘Unrecognized’ tab or ‘Trusted’ Tab.

b. Select the check boxes of the appropriate files.

c. Click the “Move to Malicious” option in the top.

Step 6: Click on the ‘Malicious’ tab. The malicious files that are in a device will be listed here.

How to set specific applications to be trusted and check the admin rating?

In ITSM, setting a file as trusted can be done in two ways,

  • Application Control
  • Device List

1. Application Control:
Step 1: Go to ITSM -> ‘Security Subsystems’ and then click “Application Control” menu.

Step 2: The ITSM has grouped the files into three main categories, and the categories are:

1. Unrecognized

2. Trusted

3. Malicious

Step 3: Go to ‘Trusted’ tab.

Step 4: The Trusted files from all the enrolled endpoints will be listed here.


Step 5: If you find a file from the ‘Unrecognized’ tab or ‘Malicious’ tab as ‘Trusted, then you can move the file to Trusted.

Step 6: To Move the file(s) to Trusted tab,

a. Go to Unrecognized tab or Malicious Tab.

b. select the check boxes of the appropriate files.

c. Click the “Move to Trusted ” option at the top.

Step 7: The Admin Rating, Indicates whether the file was manually moved by the Administrator from one category to another and the Categories are Unrecognized, Trusted and Malicious.

1. If Admin Rating is “yes”, Indicates that the file was moved by Administrator.
Example: Since the files were moved, the admin rating is set as “yes”. (Please Refer the screenshot)

2. If Admin Rating is “Not Set”, Indicates that the file was not moved by Administrator.
Example: Since the files were not moved, the admin rating is set as “not set”. (Please Refer the screenshot)

2. Device List:

Step 1: Go to ITSM -> ‘Devices ‘and click “Device List” menu.

Step 2: Select a device from the list.

Step 3: Go to ‘File List’ tab.


Step 4: If you find a file from the ‘Unrecognized’ tab or ‘Malicious’ tab as ‘Trusted’, then you can move the file to Trusted.

Step 5: To Move the file(s) to Trusted tab,

a. Go to ‘Unrecognized’ tab or ‘Malicious’ tab.

b. Select the check boxes of the appropriate files.

c. Click the “Move to Trusted ” option at the top.

Step 6: Click on the ‘Trusted’ tab. The trusted files that are in a device will be listed here.

How to set specific applications to be unrecognized and check the admin rating

In ITSM, setting a file as trusted can be done in two ways:

  • Application Control
  • Device List

1. Application Control:
Step 1: Go to ITSM -> ‘Security Subsystems’ and then click “Application Control” menu.

Step 2: The ITSM has grouped the files into three main categories, and the categories are

1. Unrecognized

2. Trusted

3. Malicious

set_unrecognize2

Step 3: If you find a file from the malicious tab or trusted tab as unrecognizable, then you can move the file to the unrecognized tab.

Step 4: To Move the files to unrecognized tab please follow the below steps,

a. Navigate to the ‘Malicious’ tab or trusted tab.

b. Select the check boxes of the appropriate files.

c. Click the “Move to Unrecognized” at the top.

Step 5: Go to the ‘Unrecognized’ tab. The Unrecognized files from all the enrolled endpoints will be listed here.

Step 6: Admin Rating, Indicates whether the file was manually moved by the Administrator from one category to another and the Categories are Unrecognized, Trusted and Malicious.

1. If Admin Rating is “yes”, Indicates that the file was moved by Administrator.
Example: Since the files were moved, the admin rating is set as “yes”.

2. If Admin Rating is “Not Set”, Indicates that the file was not moved by Administrator.
Example: Since the files were not moved, the admin rating is set as “not set”.

2. Device List:

Step 1: Go to ITSM -> ‘Devices’ and then click “Device List ”menu.

Step 2: Select a device from the list.

Step 3: Go to ‘File List’ tab.

Step 4: If you find a file from the ‘Trusted’ tab or ‘Malicious’ tab as unrecognizable, then you can move the file to unrecognized.

Step 5: To Move the file(s) to ‘Unrecognized’ tab,

a. Go to ‘Trusted’ tab or ‘Malicious’ tab.

b. Select the check boxes of the appropriate files.

c. Click the “Move to unrecognized ” option at the top.

Step 6: Click on the ‘Unrecognized’ tab. The unrecognized files that are in a device will be listed here.

How to update Comodo clients to latest version

This new feature in ITSM provides user interface option to update Comodo clients.
Note: “Comodo Client -communication” or “Comodo Client -Security” can be updated from ITSM only if installed versions are higher than 6.2.

Step 1: Go to ITSM> ‘Devices’> ‘Device List’. You would be able to see all enrolled devices in ITSM.

Step 2: Select checkbox associated with ‘Devices’ for which Comodo clients needs to be updated with latest version. You can select multiple devices and update clients simultaneously.

Step 3: To open client update dialog box follow below steps,

  1. a) Click ‘Install MSI/Packages’
  2. b) Choose ‘Additional Comodo Packages’ from drop-down menu.

Step 4: Select options as described below,

  1. a) Update Comodo Client – Security – Select check box associated with this option to update ‘Comodo Client – Security’ in the device.
  2. b) Update Comodo Client – Communication -Select check box associated with this option to update ‘Comodo Client – Communication’ in the device.
  3. c) Force the reboot in – If you want to reboot the device after Comodo clients update, Please follow below steps,
    1. i) Select check box associated with ‘Force the reboot in ‘
    2. ii) Choose any of the time period among “‘5 minutes’, ’10 minutes’, ’15 minutes’, ’30 minutes’” after which device will be automatically restart.
  4. d) Suppress the reboot – Select check box associate with this option to cancel rebooting after clients update completed.
  5. e) Warn about the reboot and let users postpone it – Enable this option to allow users to postpone reboot upon warning.
  6. f) Reboot message – Enter text to be displayed before reboot otherwise default message settings will be applied.

Step 5: Finally, click ‘Install’ to apply your commands to clients.

How to uninstall Comodo Clients while removing devices from ITSM

This new feature in ITSM provide user interface option to uninstall Comodo clients while removing devices from ITSM.
Step 1: Go to ITSM> ‘Devices’> ‘Device List’. You would be able to see all enrolled devices in ITSM.

Step 2: Select checkbox associated with ‘Devices’ that needs to be removed from ITSM enrollment. You can select multiple devices to remove simultaneously.

Step 3: Click ‘More…’ button at the top.
Step 4: Choose ‘Delete Device’ option from drop down menu . You can see confirmation pop-up window now.

Step 5: Ensure below options are checked to uninstall clients in confirmation windows viz,

  1. i) Uninstall Comodo Client – Security from the selected Windows device(s) – If selected CCS agent will be uninstalled automatically from device after removed from ITSM.
  2. ii) This may require reboot of the device(s).
  3. iii) Uninstall Comodo Client – Communication from the selected Windows device(s) -If selected CCC agent will be uninstalled automatically from device after removed from ITSM.

Step 6: Click ‘Confirm’ button in the bottom of confirmation window to remove devices from ITSM as well as uninstall clients from devices.

How to enroll device for a user

Step 1: Go to ITSM -> Users’ and click ‘User List’ menu.

Step 2: Click the name of the user from the list for which you want to enroll the device and click “Enroll Device” button.

Step 3: In ‘Enroll Devices’ dialog box,

  1. 1. In “Please choose the device owner(s) ” – The name of the user will be selected in the text box in default. To add more users type the name of the user and select from the drop-down.
  2. 2. The “Show enrollment instructions” Button – Click on this button to view the instructions.

3. The “Email enrollment instructions” Button – Click on this button to send the instructions through mail.

Step 4: Based on the operating system, the user can download the software from the appropriate link.
For example: For Windows, you can download from the link below the caption “For Windows devices “.

Step 5: Open and install the downloaded software. The machine will be enrolled.

How to see all devices associated with a user

Please refer below steps to check devices associated with particular ITSM user.

Step 1: Launch ITSM.

device associates

Step 2: Go to ‘USERS’ ->’ User List’.

device_associate2

Step 3: Click on the specific user’s link: select the user to check associated devices for the same user.

device_associate3

Step 4: Select the ‘Associated Devices’ tab

device_associate4a

Check the list of Devices which are associated with the user account.

device_associate4b

How to view the logs in the ITSM device” in devices

When a procedure or an event applied to a device, a log will be created for those events. In ITSM, a log records the audit trail of the following events “ Alerts”, “Monitoring”, ”Script Procedures ”, “Patch Procedures”.

The logs are used to keep track of the events executed and also they can also be used to diagnose a problem. The logs are categorized and maintained separately for every device.

1. Alert logs – The alerts are created and associated with the events or procedures such as Monitoring, Script procedure and Patch procedure .When an event or procedure fails, the alert will be triggered, if the alert trigger option in the respective procedure or event is enabled. When an alert triggers, the log will be created under the category ‘Logs’ → “Alert Logs” in a device.

2. Monitoring logs – Whenever the monitoring event’s condition associated with a device exceeds its limit, the alert will be triggered and the log will be created for that monitoring under the ‘Logs’ → ‘Monitoring Logs’.

3. Script logs – When you execute a script procedure in your device, a log will be created under the Script Logs.

4. Patch logs – When you execute a patch procedure in your device, a log will be created under the Patch Logs.

View Alert Logs:

Step 1: Go to ITSM → ‘Devices’ → ‘Device List’ menu and click “Device Management” tab. Select a device to which you want to see the log files from the list.

alert_log1

Step 2: Click the “Logs” tab. Click “Alert logs” tab, the triggered alerts will be listed here with the following details alert name, Trigger name, Trigger Type, Hits Count (24H Period).

alert_log2

Step 3: Click the name of the alert to view the detailed information of the alert.

alert_log3a

Note: While configuring the alert setting the following options should been abled, to create ticket and to notify the alert in the portal and also the time difference for notification.

1. Create notifications on the portal – If enabled, the notification will be created on your portal
2. Create alert tickets on the service desk – If enabled, creates ticket through service desk automatically
3. Don’t create additional alerts (about the same issue) for – If enabled ,Based on the time period mentioned additional alerts will not be created on the same issue. Example: 5 minutes.

alert_log3b

View Monitoring Logs:

Step 1: Go to ITSM → ‘Devices’ → ‘Device List’ menu and click “Device Management” tab. Select a device to which you want to see the log files from the list.

alert_log_monitor1

Step 2: Click the “Logs” tab > “Monitoring logs”. The list of monitoring added to the device will be listed here.
Click “Details” link to view the log details of the monitoring.

1. Status – The log of monitoring messages will be displayed here.
2. Tickets – The tickets will be created when the monitoring condition exceeds the limit.
Note: Tickets are raised only if the option is enabled.

alert_log_monitor2

View Script Logs

Step 1: Go to ITSM → ‘Devices’ → ‘Device List’ menu and click “Device Management” tab. Select a device to which you want to see the log files from the list.

alert_log_script1

Step 2: Click the “Logs” tab. Click “Script Logs”, the list of scripts executed by the device will be listed here. Click “Details” link to view the result of the executed script.

1.Status – The output of the script will be displayed here.
2.Tickets – The tickets will be created when the scripts are exceeded the limit.
Note: Tickets will be raised if the procedure fails and those tickets will be listed here.

alert_log_script2

View Patch Logs:

Step 1: Go to ITSM → ‘Devices’ → ‘Device List’ menu and click “Device Management” tab.

alert_log_patch1

Step 2: Click the “Logs” tab. Click “Patch Logs”, the list of patch procedures executed on the device will be listed here. Click the “Details” link to view the result of the executed patch procedure.

1.Status – The output of the patch procedure will be displayed here.
2.Tickets – The service desk tickets will be created when the patch procedures fail.
Note: If an alert configured and added to the patch procedure appropriately.

alert_log_patch2

How to update file ratings in order to reflect the same ratings in all devices

Admins can manage file rating also under the ‘Device Detail’ > ‘File List’ view. This will allow admins to take action more quickly on the files collected from the endpoints. Admin ratings provided in this view will be also reflected global view under ‘Security Sub-Systems’ → ‘Application Control’ view so that the admin would not need to take the same action for each device.

Note: If the ‘File List’ tab is not found on the device details page then you need to install Comodo Client Security – Please refer the link for more details https://forum.mspconsortium.com/forum/products/other-comodo-products/comodo-device-management/wiki-faq-how-to/7528-wiki-how-to-install-additional-comodo-packages

Step 1: Go to ‘Device Details’ > ‘File List’ and select the files collected by the CCS

Step 2: Click ‘Change Rating’ icon and select the option you would rate the file – you can check the rating at the column ADMIN RATING of the same table, this will be immediately updated.

Options:

  • Rate File as Trusted – Admin confidently believes the file that will not harm the endpoint
  • Rate File as Malicious – Admin surely knew that the file will harm the endpoint ever>
  • Rate File as Unrecognized – Admin is not sure on taking decision on the file behavior
    For example, If I update the file as Unrecognized then the file is also being updated for the same ratings in our global view also.
  • To ensure the same, go to ‘SECURITY SUB-SYSTEM’ > ‘Application Control’ and select the same file you have rated then check the ‘ADMIN RATING’ column has the ‘Unrecognized’.

How to add exclusions to external devices control like USB devices

The “External devices control” profile section, allows the user to block the access of the external devices at the endpoints. The devices like “bluetooth devices”, “USB storage devices” can be blocked. Thus it blocks every USB storage devices that are added to the devices. Add exclusions to certain devices using wild characters in the device id.

For example : Device ID = “USBSTORDiskHUAWEI__*”

  • The Device ID matches the above wild characters, will be excluded from the restrictions.

Note : A Device ID can be obtained from from the ” Device Manager ” in the windows device.

Example : Open the Device Manager , select Hardware devices(Universal serial Bus collectors ) and select appropriate hardware like USB Root Hub and then right click and go to ‘Properties’ → ‘Details’ and choose hardware id from the property. The value listed are the Device ID.

Step 1: Go to “Configuration Templates” -> “Profiles”. Select a profile from the list, to which you add the exclusions to the external devices.

Step 2: Go to “External Devices control” tab. There are two available tabs:

  • 1.The “Blocked Devices Classes” tab – A device class such as “USB devices” that are to be excluded can be added here and it also lists the blocked devices classes.
  • 2.The “Exclusion” tab – Lists the exclusion added to the blocked devices.

Step 3: Click “Edit” button in the “External Devices Control” and go to “Exclusion” tab, click “Add” button.

The “Add Exclusion” dialog box appears. Provide the “Device custom name” and “Device Id” then click ‘Add’ button. The exclusion will be added.

  • 1. Device custom name – Name of the device. E.g.: AS123
  • 2. Device Id – Unique identifier of the device
  • Condition: If you want to add the exclusion to all the HUAWEI USB devices that are being connected to the endpoints.
    • Give a device id that matches all the HUWAEI devices.
    • Example: Device Id : ” USBSTORDiskHUAWEI__* “
    • Device id : “HUAWEI__* “
    • so it add exclusions to the following devices(Refer above Example in the Note).
    • 1. USBSTORDiskHUAWEI__TF_CARD_Storage_2.31
    • 2. USBSTORDiskHUAWEI__TF_CARD_Storage_
    • 3. USBSTORDiskHUAWEI__TF_CARD_Storage_2
    • 4. USBSTORDiskHUAWEI__
    • 5. DiskHUAWEI__
  • Similarly N number of devices that matches the string mentioned in the device id, can be added to the exclusions.

Step 4: To delete the exclusion, select the checkbox of the exclusion and click “Delete” button.

The exclusion will be removed from the device. Note: This setting will be applied to the endpoints only when the profile is added to that particular endpoint.

Related Resources

What is Device Manager?

Device Manager for Android

TEST YOUR EMAIL SECURITY GET YOUR INSTANT SECURITY SCORECARD FOR FREE Source: https://blog.comodo.com/it-management/comodo-one-understanding-devices-itsm/

Cyber Security

Three of the Major Threats to Application Security and How to Mitigate Them

Avatar

Published

on

With the increased dependency of our lives on the internet and mobile apps, application security is important, now more than ever. 

The importance of applications in our lives cannot be overemphasized. We depend on them for everything from dating to banking and from bookkeeping to private messaging. 

To give you an idea of just how essential applications are in our lives, 105 billion applications were downloaded in 2018. The number has increased by more than 25 percent over the last two years.

That means one thing, applications are here to stay for quite a bit of time. And if they do have to be a part of our life, they better be secure.

You cannot make anything secure unless you don’t know what exactly you are securing it against. For that matter, we’ll have a look at some of the common security threats applications are facing. Then we’ll see how they can be mitigated.

Major Application Security Threats 

There are more application threats than can be covered in any blog post of reasonable dimensions. We’ve picked the most common threats to give you an idea of what you need to steer clear of as a developer or a user.

Brute Force Hacking 

This is the most primitive and perhaps the rawest method of hacking into a secure environment. As the name suggests, these attacks rely on the use of force to break into an application. 

The way this is done is simple. A hacker programs a computer to try all possible combinations of letters, symbols, and numerals to guess a password. 

Definitely, that takes the computer quite a bit of time to crack the password but given enough time it can do that every single time. 

As of now, there are no active defenses to stop or prevent such an attack. There are some measures that can minimize the possibility. 

How to Avoid Brute Force Hacking?

There are two things that can secure an application against a brute force attack: 

  • The use of a strong password that has a long combination of letters, numbers, and symbols in it. 
  • Limiting the number of login attempts allowed from an IP address within a certain period of time.

Injection Hacking

Another common form of attacks on applications is injection attacks. The target of such attacks is mostly the web-based applications that run on data provided by the user. 

The way these attacks work is by “injecting” data into the application that compromises the security of the system from within.

The most common types of injection hacking attacks include cross-site scripting, code injection, and SQL injection attacks.

Cross-Site Scripting 

These are the attacks where the attackers inject malicious scripts into a trusted application. This causes the application to execute these scripts and behave in a way that exposes sensitive information about the users. 

Code Injection Attacks 

In these attacks, the hackers compromise the application by injecting malicious code into it. When executed, these codes can prevent the application from properly working.

SQL injection 

These attacks involve injecting the application with malicious SQL codes. This makes it possible for the hackers to remotely control the application and access the sensitive data in its databases.

How to Prevent Injection Hacking? 

Unlike brute force hacking, injection hacking can be prevented. Here are some precautionary measures that can secure applications against such attacks:

  • Enforce strict access criteria for getting into the app.
  • Put in place strong screening measures for all the data entered by the users into the app.

Malware Attacks 

Malware is probably the single largest threat not only to application security but to the computer systems as a whole.

This is mainly because of the sheer amount of new malware coming to the market every year. It is estimated that as many as 317 million new computer viruses and malware were created in 2018 alone.

The effects of malware differ from one to another but once they have infected an application they can: 

  • Allow the cybercriminals to make illegal backdoors into the application. 
  • Give unauthorized access to the application.
  • Result in massive data breaches and privacy compromise. 

How to Prevent Malware Attacks

As new malware is coming to the scene every day, there cannot be a singular solution to this problem. However, application security against malware can be improved by: 

  • Putting strong antivirus and firewalls in place.
  • Releasing security patches for the application as and when a new threat is revealed. 
  • Scanning the app for vulnerabilities and fixing them.

While all these measures are to secure applications against specific attacks, there are some things that need to be made a part of the app development process in order to make the apps safer.

Making the Development Environment Secure 

It goes without saying that it is of paramount importance for the developers to make the applications secure. However, just like it is very difficult to proofread what you have written, it is an ego-shattering thing to enforce application security measures. 

A recent study has shown that as much as 83% of developers globally release their apps without implementing proper security measures.

Here are some things that every developer needs to do to ensure application security: 

  • Applications must be developed in accordance with the security standards of the industry leaders and regulators. 
  • Updates and patches must regularly be released to cope with the ever-lurking threat of malware.
  • All the open-source components of the application must be regulated and made at par with the application security standards being followed.

However, it is not just up to the developers to ensure application security. Application users also need to play their part to make sure that the applications they use and the data they have are safe. The things that the users can do include:

  • The use of long and mixed passwords that are hard to guess even for a computer. 
  • Install a firewall on their devices.
  • Don’t download any application from an untrusted source.
  • Keep their credentials safe. 

Continue Reading

Cyber Security

Fintechs are ransomware targets. Here are 9 ways to prevent it.

Avatar

Published

on

Cybercriminals are clever, and they often target fintechs for two reasons. They know fintechs handle a lot of sensitive and financial information on a daily basis, and that they probably have the means to meet hackers’ demands and get back to business as usual.

Ransomware attacks are one of the most common fintech cybersecurity risks, and falling victim to one can be devastating — or disruptive at the very least. So, we asked the experts at ESET to explain how to prevent ransomware, and secure your business from the inside out.

Firstly, what is ransomware and how does it work?

With a ransomware attack, a cybercriminal hacks into their victim’s systems and essentially holds their data “hostage” until they pay a ransom. Since hackers know how valuable data is to a business, they tend to set ransoms in the thousands or even millions of dollars.

There are two types of attacks: crypto ransomware encrypts all the files, folders and hard drives on the infected computer, while locker ransomware locks users out of their devices. For cybercriminals, the goal is to get you to pay up so you can retrieve your files and mitigate any damage to your business.

What to do after a ransomware attack

Unfortunately, you don’t have too many options if you fall victim to a ransomware attack. You’ll need to decide to pay the ransom or not, and that involves weighing up how much your data is worth. Just keep in mind that giving in to a cybercriminal’s demands may encourage them to attack you again — and there’s no guarantee that your data will be restored.

Either way, it’s important to go into disaster recovery mode right away. Follow these steps for what to do if you get ransomware:

1. Alert your IT department. If your company has IT professionals or a Chief Information Security Officer, notify them about the attack. Hopefully, they’ll have a plan of actions for situations like these and be able to guide your team through these steps.

2. Trace the source of the attack. Most ransomware attacks have a countdown clock before all your files are deleted forever, so the sooner you find the source, the faster you can act. Typically, ransomware sneaks its way into your system through a malicious link or email attachment. The best-case scenario is the ransomware only attacks that one device, and the worst-case is it infects your entire system. Once you’ve found the culprit, ask the user if they’ve opened other suspicious emails or noticed anything weird about their computer.

3. Remove that device from your network. To stop the ransomware from spreading through your network, you’ll need to unplug the infected device.

4. Let your employees and clients know about the breach. While it’s important not to cause panic, you do need to be transparent. The truth is, most cyber breaches are the result of human error, so your employees need to know what happened and what’s expected of them. As for your clients or customers, contact them if you have proof their data has been compromised. In other words, avoid putting out a statement until you have all the information.

5. Invest in better security systems. When you’ve gotten through the aftermath, look into more sophisticated cybersecurity in fintech practices.

9 ways to prevent ransomware attacks

Ransomware is incredibly common, and as you now know, there are limited ways to deal with an attack. You need to be proactive and prepared, and implement measures to prevent an attack.

As you might have guessed, fintech cybersecurity should be a priority. These are our tips for how to protect against ransomware: 

Set up sophisticated email filters. The majority of ransomware is delivered by spam or phishing emails. To stop ransomware before it has a chance to infect your systems, employ email filters that scan all email content for spam, viruses and other forms of malware.

Run regular security audits. It’s worth assessing your security systems to identify any gaps or weaknesses. If you can, consider outsourcing your cybersecurity, reallocating resources or hiring in-house professionals to give your fintech peace of mind.

Use an up-to-date antivirus and anti-ransomware software. To protect your company devices from ransomware, malware, identity theft and more, install a third-party antivirus software designed for businesses. ESET Digital Security for Business offers the best ransomware protection and defence against a range of advanced cyber threats, and can be tailored to the size and scope of your fintech. Along with blocking persistent threats, it secures your devices with endpoint protection, which is especially handy if you have employees who work remotely.

Accept all software updates. Cybersecurity companies often release new patches to fix bugs and address vulnerabilities, which is why it’s essential to stay on top of any updates. In other words, you could have the most sophisticated antivirus ransomware software in the world, but that won’t do you any good if you ignore every notification that pops up! Updates usually take a few minutes to download and require you to restart your computer, but they make your company much less vulnerable to ransomware.

Implement multi-factor authentication. Two-factor authentication is good, but multi-factor authentication is better. This means employees will need to enter their username, password and one more piece of additional information — usually a code sent to their phone or email — before they can log into the system. It also makes it harder for hackers to break in.

Create a whitelisting program. This is effective in preventing ransomware, and it involves restricting the applications that can run within your company’s system. Think of it as the opposite of blacklisting — only applications that have passed the approval process will work.

Encrypt your company files. Ideally, all of your data should be end-to-end encrypted, and access limited to the people who need that information to do their jobs. The good news is, most computers and phones have built-in operating systems that encrypt stored data and prevent unauthorised users.

Tighten your cloud security. Speaking of the cloud, some cloud services don’t offer secure encryption and can’t distinguish between authorised users and other people trying to access the cloud. ESET Cloud Office Security will configure your cloud security so hackers can’t bypass your company’s policies and tap into sensitive information.

Routinely back up your data and systems. By backing up your data regularly, you’ll be able to recover any lost or corrupted data if your server crashes or if you fall victim to a ransomware attack. We recommend always having two encrypted backups: one on the cloud, and one an external hard drive.

Get in touch with ESET today!

Ready to protect your business from the inside out? With ransomware, prevention is always better than cure, so head to ESET’s site to learn more about their top-rated cybersecurity systems.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://australianfintech.com.au/fintechs-are-ransomware-targets-here-are-9-ways-to-prevent-it/

Continue Reading

Cyber Security

What are Insecure Direct Object References (IDOR)?

Avatar

Published

on

HackerOne Hacker Noon profile picture

@hacker0x01HackerOne

HackerOne empowers the world to build a safer internet.

Insecure Direct Object References (or IDOR) is a simple bug that packs a punch. When exploited, it can provide attackers with access to sensitive data or passwords or give them the ability to modify information. On HackerOne, over 200 are found and safely reported to customers every month. 

What is an IDOR?

There are several types of IDOR attacks, including:

  • Body Manipulation, in which attackers modify the value of a checkbox, radio buttons, APIs, and form fields to access information from other users with ease.
  • URL Tampering, in which the URL is modified at the client’s end by tweaking the parameters in the HTTP request. 
  • HTTP Requests in which IDOR vulnerabilities are typically found in GET, POST, PUT, and DELETE verbs.
  • Mass Assignment, where a record pattern can be abused to modify data that the user should not be able to access. While not always a result of IDOR vulnerabilities, there are many powerful examples of this being the result of it. 

In its simplest and most common form, an IDOR vulnerability arises when the only input required to access or replace content is from the user. This vulnerability submitted to Shopify by California-based hacker Rojan Rijal (a.k.a. @rijalrojan) in 2018 is the perfect example.

By observing how file attachments were labeled when sending a query to Shopify’s Exchange Marketplace application, Rojan was able to replace documents by leveraging the same file name from different accounts. 

Figure 1: IDOR vulnerability reported by @rijalrojan to Shopify on the HackerOne platform.

For retail and ecommerce companies, IDOR vulnerabilities represent 15% of what organizations pay bounties for and represent the top vulnerability for programs across government (18%), medical technology (36%), and professional services (31%) industries. 

If they’re so simple, why are they so common? 

In short, IDORs can not be detected by tools alone. 

IDORs require creativity and manual security testing to identify them. They require you to understand the business context of the target application. While some scanners might detect activity, it takes a human eye to analyze, evaluate, and interpret. Understanding the deeper context is an innately human skill that machines cannot replicate. In traditional pentests, unless a pentester tests every possible parameter in every request endpoint, these vulnerabilities can go undetected. 

What are the implications of an IDOR vulnerability? 

Perhaps the most infamous IDOR vulnerability as of late is that found in alt-tech social media platform Parler. The company ordered their posts by number in the URL, a telltale sign of IDOR. If you add a sequential digit to a Parler post URL, you could access the next post on the platform indefinitely. Without authentication or access limits, an attacker could easily build a program to download every post, photo, video, and data from the entire site. While this was just public posts (not necessarily IDs used to verify accounts), geolocation data from posts was also downloaded, which could reveal GPS coordinates of users’ homes.  

How can you prevent IDORs from cropping up?

“Avoiding IDOR is only possible by building a robust access control mechanism, choosing the best fit methodology for your scenario, log all access and if possible do an audit with a post authorization check,” said HackerOne hacker Manoel Abreu Netto, better known online as @manoelt.

“However, if you want to reduce the impact of an IDOR, avoid using a simple pattern to reference objects in the backend, thus not using a sequential integer value but something like uuid or even a MAC (hashed ID) with a salt per user session.

This does not eliminate the IDOR, but reduces the overall impact and the ability to enumerate objects.”

To remediate IDOR vulnerabilities, below are a few best practices. 

  1. Developers should avoid displaying private object references such as keys or file names.
  2. Validation of parameters should be properly implemented.
  3. Verification of all the referenced objects should be checked.
  4. Tokens should be generated in such a way that it can only be mapped to the user and is not public.
  5. Ensure that queries are scoped to the owner of the resource. 
  6. Avoid things like using UUIDs (Universally unique identifier) over Sequential IDs as UUIDs often let IDOR vulnerabilities go undetected.

For more information about reducing risk and getting started with hacker-powered security, check out our CISOs Guide to Deriving Value from Hacker-Powered Security.

Tags

Join Hacker Noon

Create your free account to unlock your custom reading experience.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://hackernoon.com/what-are-insecure-direct-object-references-idor-hz1j33e0?source=rss

Continue Reading

Cyber Security

80% of Global Enterprises Report Firmware Cyberattacks

Avatar

Published

on

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://threatpost.com/enterprises-firmware-cyberattacks/165174/

Continue Reading
Blockchain2 hours ago

Bitcoin Preis erreicht neues Allzeithoch bei 64.800 USD

Esports4 hours ago

Code S RO16 Preview: Trap, Armani, sOs, Zest

Esports5 hours ago

Use this Cyper tripwire trick to lure enemies into your sites

Blockchain7 hours ago

Tech firm unveils Australian first initiative to help charities access blockchain funding

Esports8 hours ago

ESL Open Week #66: Stats, Clem, Solar win

Esports8 hours ago

Call of Duty anti-cheat update by Raven Software

Fintech8 hours ago

Wisr posts 19 consecutive quarters of growth

Esports9 hours ago

Position 5 Faceless Void is making waves in North American Dota 2 pubs after patch 7.29

Fintech9 hours ago

Software-based facial recognition in payments industry to dominate by 2025

Esports10 hours ago

Code S RO16: Rogue and INno advance to the RO8

Esports11 hours ago

FunPlus Phoenix Set to Face RNG in the 2021 LPL Spring Split Finals!

Esports11 hours ago

NHL’s Montreal Canadiens join esports industry

Esports11 hours ago

Keiti parts ways with Cloud9 White one month after signing

Fintech11 hours ago

Square extends lending arm to Australian businesses with Square Loans

Fintech12 hours ago

Strong representation again from Aussie FinTechs in the Deloitte Technology Fast 500 Asia Pacific

Fintech12 hours ago

Brokers fuel 100% growth at Aussie fintech Plenti

Esports13 hours ago

Ludwig breaks Ninja’s subscription record after over 30 days of streaming

Esports13 hours ago

CoD: Warzone Nuke Event Teaser Gives Possible Date

Esports13 hours ago

CoD: Temp Replaces Fire On Paris Legion’s CDL Roster

Esports13 hours ago

Steam version of Nier Automata is finally getting an update

Esports13 hours ago

Reports: Counter Strike: Global Offensive bug allows PC hack

Esports13 hours ago

100 Thieves signs Canadian Content Creator Kyedae

Esports13 hours ago

Call of Duty League 2021: Rosters, format, schedule, and more

Esports13 hours ago

World Cricket Championship 3 introduces dedicated esports mode with its latest update

Esports14 hours ago

Ludwig breaks Ninja’s Twitch sub record

Esports14 hours ago

100 Thieves sign VALORANT content creator Kyedae

Esports14 hours ago

The best FR 5.56 loadout in Call of Duty: Warzone Season 2

Esports14 hours ago

shroud explains why bottom fragging in Valorant is no big deal

Esports14 hours ago

mason banned from Twitch yet again after homophobic slur

Esports14 hours ago

PS5’s April Update now lets you use external storage options

Trending