Jorge's Quest For Knowledge!

All About Identity And Security On-Premises And In The Cloud – It's Just Like An Addiction, The More You Have, The More You Want To Have!

Archive for the ‘Networking’ Category

(2012-01-26) The Remote Procedure Call (RPC) Protocol – Everything You Ever Wanted To Know!

Posted by Jorge on 2012-01-26


A guy from AskDS has written an excellent blog post about the RPC protocol used in Windows. This is a must read!

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
######### http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

Advertisement

Posted in Networking, Windows Client, Windows Server | Leave a Comment »

(2011-12-13) Active Directory Replication Over Firewalls

Posted by Jorge on 2011-12-13


I found the following information on a MSFT Wiki page. Interesting read!

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
######### http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

Posted in Active Directory Domain Services (ADDS), Networking, Replication | Leave a Comment »

(2011-02-02) Changing The Binding Order Of Network Connections From The Command-Line

Posted by Jorge on 2011-02-02


Within Windows (Full Server) it is easy to change the binding order of network connections using the Network Connections Control Panel (ncpa.cpl). This is shown in the following picture.

image

Now imagine, you are using the other available installation option, also known as Server Core. As you may know, Server Core does not provide, that does not provide a GUI such as the Network Connections Control Panel to change network bindings. How are you going to achieve that then? You could use the procedure as mentioned here.

However, you could also use the tool available here. This tool was created by a Microsoft employee. An important notice about this is that Microsoft DOES NOT support this tool in any way!

There are three versions of the tool available, being:

  • A 32-bit version for Windows XP;
  • A 32-bit version for Windows 6 and higher;
  • A 64-bit version for Windows 6 and higher.

The help of the tool looks like what’s shown in the following picture.

image

In addition to this, each of the package contains a README file (WORD doc) with explanations about how the tool works. Make sure to read this before using the tool.

An partial example of all the NICs in my system is shown in the picture below

image

Although the tool is supposed to be used for Hyper-V on Server Core, it also works for other purposes. What I think is annoying about the tool is that it does not filter all those special, and less interesting network connections.

For additional commands on Server Core click here.

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
######### http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

Posted in Networking, Windows Client, Windows Server | Leave a Comment »

(2010-10-09) Server Core Behind Firewall With Very Limited Access

Posted by Jorge on 2010-10-09


Now imagine the following scenario. You have a Server Core machine (W2K8 or W2K8R2) behind a firewall (e.g. in DMZ) and from the internal network you have very limited access to it. Only port 3389 (RDP) has been opened from a steppingstone (management server) on the internal network to the Server Core machine. From the Server Core machine to the DCs the necessary ports were opened. To manage the Server Core machine locally as easy as possible I have installed Server Core Configurator. As you may know by now, when you log on to Server Core you only get a command prompt as you can see below.

image

Now imagine you have closed that command prompt window. There a different ways to reopen the command prompt window, depending on how you are logged on to the Server Core machine.

[1] If you are logged on interactively to Server Core, you can just press CTRL+ALT+DEL and then click "Start Task Manager". In Task Manager you click on the pull down menu "File" and then select "New". Then enter the path of the command you would like to execute or just enter the executable if its path is included in the PATH variable.

[2] If you are logged on through Terminal Services (a.k.a. Remote Desktop Services) to Server Core from your workstation, you cannot press CTRL+ALT+DEL because that will target your workstation and not the RDP session against the Server Core machine. In this case you need to use CTRL+ALT+END and then click "Start Task Manager". In Task Manager you click on the pull down menu "File" and then select "New". Then enter the path of the command you would like to execute or just enter the executable if its path is included in the PATH variable.

[3] Looking at the scenario I explained earlier, you log on through RDP against the steppingstone. From that steppingstone you then log onto the Server Core machine through RDP. In this case you cannot press CTRL+ALT+DEL because that will target your workstation and not the RDP session against the Server Core machine (or the steppingstone). You also cannot press CTRL+ALT+END because that will target the RDP session against the steppingstone and not the Server Core machine. The only option left to be able to open the Task Manager on the Server Core machine for which you are using two RDP sessions, is to press CTRL+SHIFT+ESC. This will open the Task Manager right away. In Task Manager you click on the pull down menu "File" and then select "New". Then enter the path of the command you would like to execute or just enter the executable if its path is included in the PATH variable.

image

By the way, this of course also works on Full Server. It is just more interesting for Server Core as you have nothing else available.

Because the RDP session is still available, by simply reconnecting, the command prompt window will not reopen as you connect to the same session as you left it. There are other ways of achieving this such as killing the RDP session remotely through the Terminal Services Manager (a.k.a. Remote Desktop Services Manager). By logging on again, the command prompt is opened again. The last option is not possible because the firewall only has port 3389 (RDP) open and nothing else!

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
######### http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

Posted in Networking, Windows Server | Leave a Comment »

(2009-07-15) Active Directory And Active Directory Domain Services Port Requirements

Posted by Jorge on 2009-07-15


Find it here on TechNet!

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
######### http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

Posted in Active Directory Domain Services (ADDS), Networking | 1 Comment »

(2009-01-08) Using A Simple Router/Firewall In Your VM Environment

Posted by Jorge on 2009-01-08


You have a set of VMs in their own Virtual Network. Those VMs can communicate with each and do not have access to the internet. Imagine you need access to the Internet because you want to update a VM, or you want to activate it, or whatever. One of the easiest options without screwing up the IP config of the VMs is to do the following:

  1. Download the latest beta version of m0n0wall (FreeBSD router/firewall which is great to be used in VM environments) http://m0n0.ch/wall/beta.php (this version also allows to put the stuff on a VM disk and keep it there without losing settings after rebooting that router VM)
  2. Create a new VM and boot it up from the ISO (before doing that assign it two NICS, one for the VM LAN and the other bridged with the host machine’s NIC
  3. After booting it up….
    1. Assign NICs to it from the menu by pressing 1. Assign em0 to LAN and em1 to WAN
    2. Assign it an address in the same LAN as your VMs (for example if your VM has 192.168.1.1, give the LAN NIC on m0n0wall 192.168.1.254)
    3. Adjust the IP config of the VM (just the gateway address!) assign the LAN address of the m0n0wall as gateway of the VM
    4. Check DNS of your VM and make sure the root hints are specified and the server DOES NOT host a root zone (.). If it does, remove it and restart DNS and check the DNS root hints are there (you should get a message stating if you want to put it back)
  4. Then in IE goto the LAN address of m0n0wall. Logon as ‘admin’ with pwd ‘mono’. Reconfigure the WAN interface with an address on the same network as the host, configure it with the same gateway as your host
  5. Now you should be able to access the internet

This works like a charm for me! I use VMWare Workstation extensively and it works great. It should also work for Virtual PC, Virtual Server and Hyper-V.

More information on configuring m0n0wall can be found here.

 

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
######### http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

Posted in Networking, Virtualization | 1 Comment »

(2007-12-21) Quick Wireless LAN Security Checklist

Posted by Jorge on 2007-12-21


I was browsing through some presentations about all kinds of security and found a link to the following…

This checklist is copied from WarDrive.NET….

————————————————–

Quick Wireless LAN Security
Checklist from Wardrive.net (***)

Things you can do to secure your wireless network.

  1. Change the default Admin password on your Access Point (this includes the webinterface).
  2. Check if the firmware for your Wireless Access Point and drivers for your Wireless Adapter(s) are up to date. Update if necessary. Keep checking for new releases in the future.
  3. Use the highest level of WEP/WPA (WPA2/802.11i strongly preferred) — Use decent keys.
  4. Authenticate wireless users with protocols like 802.1X, RADIUS, EAP (including EAP-PAX, EAP-PSK, EAP-TLS, EAP-FAST, EAP-POTP, EAP-TTLS, PEAP, and EAP-SIM). These protocols support authentication credentials that include digital certificates, usernames and passwords, secure tokens, and SIM secrets.
  5. Use strong encryption for all (userland) applications you use over the wireless network, e.g., use SSH and TLS/HTTPS.
  6. Encrypt wireless traffic using a VPN (Virtual Private Network), e.g. using IPSEC or other VPN solutions.
  7. Use WLAN Security Tools for securing the wireless network. This software is specifically designed for securing 802.11 wireless networks.
  8. Create a dedicated segment for your Wireless Network, and take additional steps to restrict access to this segment.
  9. Use a proxy with access control for outgoing requests (web proxy, and others).
  10. Regularly TEST the security of your wireless network, using the latest Wardriving Tools (the same tools the attacker will use). Don’t use these tools on other networks, and always check local laws and regulations before using any wardriving tools.
  11. Enable strict (sys)logging on all devices, and check your (wireless) log files regularly to see if your security policy is still adequate.
  12. (only provides very little security) – Enable MAC address filtering on your Access Point. Note that MAC addresses can be changed easily by the attacker.

(***) Note carefully

The steps mentioned above are not in a particular order of importance. It’s not always necessary to implement all steps, pick whatever is reasonable for your situation.

Wireless LAN Security (and Network Security in general) is more than just following "simple steps". Be sure that you understand the risks while using wireless networking equipment in your home or office.

Basic and advanced information about Wireless Networking and Wireless Security can be found on this website.

Final note: "SSID Hiding" does not provide real security, as explained in this article from Joel Snyder (Apr 2005) and –in depth– in this whitepaper: Debunking the Myth of SSID Hiding from ICSA Labs (PDF, Dec 2003).

————————————————–

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
######### http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

Posted in Networking | Leave a Comment »

(2005-11-15) Configuring The NICs (Load Balanced Or Fault Tolerant) On Your DCs

Posted by Jorge on 2005-11-15


Most servers bought at this moment have two NICs. With that you have three possibilities of configuration and use:

(1) Configure the NICs on the server as a "load balanced" team

This is used to distribute network traffic across NICs to achieve maximum throughput. The configured team (virtual NIC) has the IP address configured.

(2) Configure the NICs on the server as a "fault tolerant" team

This is used when redundant network switches are available so that when one NIC or switch dies, the server continues to operate on through the other NIC or switch. The configured team (virtual NIC) has the IP address configured

(3) Configure one of the NICs and disable the other one

Well.. that’s easy. Only one NIC works which has an IP address and the other is disabled. If the enabled NIC dies, you need to enable the other manually to use it. And if the switch dies you need to get a new one and plug the cable into it. 😉

In the "Windows Server System Reference Architecture" (WSSRA) Microsoft states:

"At this time, Microsoft does not support load balanced network teams on domain controllers due to potential data corruption issues" (Taken from the Directory Services Blueprint – page 29)

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
######### http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

Posted in Active Directory Domain Services (ADDS), Networking, Windows Server | Leave a Comment »

 
%d bloggers like this: