Archive for category Microsoft
Terminal Server Aware Web Proxy Server with pfSense
Posted by clamasters in Microsoft, pfSense on March 17th, 2009
At work, I have a client that was requesting the ability to monitor/block sites that their users were visiting. This is traditionally quite easy with just a squid proxy server or a Barracuda Web Filter but they really didn’t want an extra server to be installed during this process AND they were using a terminal server.
I started looking for server side applications that I could install and just have the admin pull the data from there, however, the costs I was finding were a bit too much. I setup a pfSense in a quick lab to demo this up. After installing pfSense on some old hardware, did a basic configuration of the box, and then installed the Squid proxy package. I configured this to be a traditional proxy where I had to send traffic on a specific port, and the user was required to login. That was really the trick to get the terminal server users broken apart. I know it could probably use a little masaging with NTLM authentication or some other clean mechanism but for the lab and the purposes of this client, this hit the mark for a great price.
I did mention that they did not want to install new hardware during this process, but the knew they needed to upgrade their Linksys “router” that was currently firewalling their network. I am once again impressed with the flexibility and ease of use that pfSense gives you. I truly only have 1 complaint about the system at all but it has nothing to do with this and as I understand it, that feature has been added in pfSense 2.0. The management of OpenVPN clients/certificates is somewhat of a nightmare for large installs unless you use a single certificate for all users (not recommended).
My take on AntiVirus / AntiSpyware applications
Posted by clamasters in Microsoft, blog on August 20th, 2008
Virii suck, I just though I’d throw that out there. They cost the world billions of dollars a year and keep people like you and me up at night. I wish I had the final solution for you but I don’t, however, I do have a list of applications/tools/services that I use to keep my computers running virus and spyware free.
Desktop Antivirus / AntiSpyware
At work my company has standardized on NOD32 from ESET. I had never herd of the company until I started at my current position about a year and a half ago and now, I rarely use anything but NOD32. They have a couple of editions but I’m only familiar with ESET NOD32 AV v2.6 and v3.0. So far I have not had a single problem with virii or spyware (except for a few hacking/cracking tools that I use on occasion).
If I’m not using or recommending NOD32 for home / client computers I go with AVG. AVG AntiVirus 8.0, the newest version from AVG covers pretty much everything you would need from an AntiVirus / AntiSpyware software suite. They even have a free edition that can be found here for home computers that only need basic protection. If your on a budget, AVG Free Edition is for you. Again, so far, with my use of AVG Antivirus, I have not had a single problem.
Safe Internet Browsing
This is a huge deal when it comes to keeping your computer safe. Sometimes it doesn’t involve any software at all. Just some intelligence and PG13 level surfing (no porn or online gambling allowed!!). However, because of my ADHD and endless appetite for information, even I run across some potentially bad websites.
To combat this I use OpenDNS. I’ve done a blog post on them a while back. Search at the right if you are interested but I’ll cover a few points to OpenDNS here. First of all, OpenDNS is cool. Second, OpenDNS is free. Now that I got those two things out of the way, I’ll explain it a bit. OpenDNS is a free DNS service that you point your network DNS servers, clients, etc towards and you instantly get a bit better service. If you go to the website and create an account and then register your IP address there, you can have settings specified that would prevent people from surfing websites that fall within a specific category. Below is what I have mine set to.
The moderate setting includes blocking of Adaware, Alochol, Dating, Drugs, Gambling, Hate/Discrimination, Weapons, Tasteless, Lingerie/Bikini, Proxy/Anonymizer, Sexuality, Nudity, Pornography, and Phishing. The last one is especially cool because it uses the phishing database PhishTank, which is THE defacto standard in phishing databases…well at least I believe so.
Desktop and Network Firewalls
As much as I should use a desktop firewall, I don’t. It hinders my ability to do network scans, attach to different networks, open up shares on my computer remotely, test software, etc. But, do what I say and not what I do. If you have no reason not to use one…then do so. The built in Windows Firewall is fine but if you need to feel a little safer at night, I recommend ZoneAlarm. It has both high reviewes in the major computer magazines and is recommended by the security research group Gibson Research Corp.
My home network firewall is pfSense, a free open source, fully featured firewall that I have installed on an old workstation with two network interfaces. Visit the website for a full list of features. Other firewall’s that I would recommend would be the Cisco PIX or ASA, m0n0wall, and any Linux distribution running iptables. It’s not that these are the only secure options out there but rather I only have extensive experience in this small list.
SPAM Protection
This cannot be stressed enough… Never use an email address without a **GREAT** SPAM filter. For personal use, grab a free GMail account. For corporate use get a Barracuda SPAM firewall, use Postini or build your own SPAM filter based on SpamAssassin. For the DIY I recommend Maia Mailguard. The reason for this is quite simple, spyware and virii can be transmitted quite easily through email. If you are not protected, you are asking for trouble.
Defense in Depth
Although all of my recomendations, in my option, are good ones..not a single one of them guarantees that you will not get infected. Things like zero day attacks, trojans, virii, spyware, adaware, malware, etc are not always easily detected and therefore may hit a large number of computers over a short period of time without the security companies knowledge. However, with the use of all of them together, you now have the tools for a fighting chance and with any luck, you’ll be virus free.
Hopefully you’ll take my advice on one or more of the above topics and have a safer more enjoyable time on the internet.
Extras!!
Here are a few extra tools that I did not fit in.
ESET Online Scanner | TrendMicro House Call | TrendMicro HijackThis | Symantec Removal Tools
Help me with my next PC purchase
Posted by clamasters in Microsoft, Windows on July 11th, 2008
Please!! I’ve been using an old P4 1.6Ghz and 512Mb memory at home with Ubuntu loaded on it for some time now. I can’t seem to ever come up with enough cash to purchase this myself so I thought I would give ChipIn at try. It’s a new (I think) service that allows you to have a fund raiser of your own. Check it out and try it for yourself.
I’m looking at one of the higher end HP or Dell’s running Vista Ultimate with a dual monitor setup for home. I have dual monitors at work and it gets pretty hard to get all the work I want to get done at home when I only have a single 17″ flat panel. Pretty low tech if you ask me.
For those of you who do donate, thank you very much. I appreciate it. For those of you who don’t, I won’t hold any grudges.
Dell Laptop offline file syncronization issues
Posted by clamasters in Microsoft, Windows, blog on June 22nd, 2008
Recently I had a client who purchase a new laptop from Dell. It was a failry straight forward setup, nothing out of the ordinary. After we got the computer joined to the domain and the user’s profile setup, we started the file syncronization process for a number of directories that they needed to take offsite on a daily basis to be able to read/modify while out of the office and without internet connectivty. They had been using Microsoft’s offline file feature. Again, nothint out of the ordinary.
Well, this computer took up more than a few hours of my time as well as another associate of mine. The computer no matter what we did would not syncronize files during the logon process even thought the little checkbox was checked to do so. As it turns out, Dell has some sort of security suite that they are deploying with all the laptops now with the name of WavXDocMgr. This was the culprit of the syncronization issue. We took this out of MSCONFIG as a startup process and the problem was solved. As this was not the answer but rather a workaround, we have started talking with Dell but as of yet have not found a fix for the issue so I thought I would share.
Microsoft PowerShell – Searching for a command
Posted by clamasters in Microsoft, Windows, blog on June 21st, 2008
I live in command line on Linux, Cisco, HP, and a number of other products but for some reason it feels UnAmerican to do it on Windows. I’m coming around though. With the implementation of the Microsoft Powershell on Windows you now have a great deal of power that you may or may not have had before. For me, troubleshooting Exchange 2007 and AD, it is a blessing. However, finding the command that you need to use to get the information you want is pretty hard. I guess that’s why Microsoft created the “get-command” command for PowerShell. It is basically a search function for Powershell and will return a list of commands that you can run to get the information you need (per your search).
So lets use the command to find more about our Exchange queues (Exchange 2007 Server).
Get-Command *queue*
Which will return a list of commands that you can run from PowerShell like Get-Queue, Retry-Queue, and Suspend-Queue.
Now lets try something to do with Active Directory. Try this command.
Get-Command *User*
It’ll return a boatload of commands but you can see a few that might be useful like New-ADUser and New-ADGroup.
Hopefully this will shine some light on the still fairly new (feeling) command line power of Microsoft’s Operating Systems.