My take on AntiVirus / AntiSpyware applications

blog, Microsoft
Virii suck, I just though I'd throw that out there.  They cost the world billions of dollars a year and keep people like you and me up at night.  I wish I had the final solution for you but I don't, however, I do have a list of applications/tools/services that I use to keep my computers running virus and spyware free. Desktop Antivirus / AntiSpyware At work my company has standardized on NOD32 from ESET.  I had never herd of the company until I started at my current position about a year and a half ago and now, I rarely use anything but NOD32.  They have a couple of editions but I'm only familiar with ESET NOD32 AV v2.6 and v3.0.  So far I have not had a single problem…
Read More

Dell Laptop offline file syncronization issues

blog, Microsoft, Windows
Recently I had a client who purchase a new laptop from Dell.  It was a failry straight forward setup, nothing out of the ordinary.  After we got the computer joined to the domain and the user's profile setup, we started the file syncronization process for a number of directories that they needed to take offsite on a daily basis to be able to read/modify while out of the office and without internet connectivty.  They had been using Microsoft's offline file feature.  Again, nothint out of the ordinary. Well, this computer took up more than a few hours of my time as well as another associate of mine.  The computer no matter what we did would not syncronize files during the logon process even thought the little checkbox was checked to…
Read More

Microsoft PowerShell – Searching for a command

blog, Microsoft, Windows
I live in command line on Linux, Cisco, HP, and a number of other products but for some reason it feels UnAmerican to do it on Windows.  I'm coming around though.  With the implementation of the Microsoft Powershell on Windows you now have a great deal of power that you may or may not have had before.  For me, troubleshooting Exchange 2007 and AD, it is a blessing.  However, finding the command that you need to use to get the information you want is pretty hard.  I guess that's why Microsoft created the "get-command" command for PowerShell.  It is basically a search function for Powershell and will return a list of commands that you can run to get the information you need (per your search). So lets use the command…
Read More

Disable SSLv2 for Windows Server 2003

blog, Microsoft, Windows
This is a followon from my last post about weak SSL ciphers but they kind of go hand in hand.  SSLv3 offers a few security improvements over SSLv2 and is supported by the majority of new browsers.  What we will do in this post is disable the ability for a client co choose to use SSLv2 if connected to your webserver that has SSLv2 disabled.  To accomplish this we will need to do the following. Open regedit and find the key HKLMSYSTEM|CurrentControlSetControlSecurityProvidersSCHANNELProtocols Now for SSL 2.0 you will want to create a new DWORD value named Enabled with a data value of 0 in Hex in both the client and server subkeys.  This will disable the ability for the server to use or allow the use of SSLv2 during the…
Read More

Windows / IIS SSL – Restrict Weak Ciphers

blog, Microsoft, Windows
I have been on a little bit of a security kick lately with my time at work thwarting SQL injection attempts, securing web servers, firewall administration and so much more and have been doing some pretty repetitive tasks so I thought I'd put them up here to help me remember how to do these very important tasks. This piece is on restricting weak ciphers within your SSL certificates.  Nessus and some other security auditing tools will detect this one with ease so there's really no good excuse not to lock it down.  Basically what we are going to do is remove the ability for web clients (IE, Firefox, Safari, Opera, etc) connect to the web server with anything but 128 bit or greater SSL encryption.  This just sounds like a…
Read More