Thursday, December 16, 2010

Setting up a Test Environment for Mail Servers (sending and receiving emails – Internal (LAN) to External (WAN) and vice versa)

 

This time I am going to write about the procedure on setting up a Test Environment for understanding Mail Servers (sending and receiving emails- Internal to External and vice versa)

 

Here, in my case I first installed VMWARE ESXi server on my Server which has 8 GB RAM

 

Then deployed 3 virtual machines (VMs) with the Operating System as Windows Server 2003 SP2

 

Let me first explain why three VMs/Systems:

  1. Domain Controller and Exchange Server (Internal)
  2. RRAS (used for LAN Routing)
  3. Domain Controller and Exchange Server (External)

 

Setup a Static IP Address with a Completely Different Subnet for the Two Servers. For example setup 192.168.1.30 for one server and setup 192.168.20.30 for another server

 

Install and Configure DNS on both the identified Systems

 

Install and Configure Active Directory on both the identified Systems making it a completely new Domain Controllers (DCs) in a completely new forest for each one

 

Make sure that both the DCs are completely different domains in completely different forest

 

For Example: myhome.abc and company.abc

 

Prepare the server for Exchange Installation by running “forestprep” and “domainprep”

 

Once successful, install Exchange Server on both the identified Systems

 

Then go to the DNS Server snap-in and Configure both the DNS server to use each other as forwarders

 

For Example if we assume the two Server with the IP Address as:

  1. 192.168.1.30
  2. 192.168.20.30

Then we need to configure DNS Server 192.168.1.30 as a DNS forwarder for the server 192.168.20.30 and vice versa

 

 

To configure a DNS server to use forwarders

  • Open the DNS snap-in.
  • In the console tree, click the applicable Domain Name System (DNS) server.
    Where?
    • DNS/applicable DNS server
  • On the Action menu, click Properties.
  • On the Forwarders tab, click Edit.
  • Type the IP address for the fully qualified domain name (FQDN) of a forwarder, and then click OK.
  •  

    Once the DNS forwarding is completed, verify by sending an email to any user in the other Domain from the Existing one

    For Example: Sending an Email from the Domain myhome.abc to company.abc which are two completely different domains in completely different forest working on different subnets connected via a router

     

    Mail Sent Successfully isn't it ?

     

    This setup can now be used to simulate a Internal Email to WAN and WAN to Internal Email, since we can assume and configure one of the Domains as Internal and the other on WAN connected via a Router which is RRAS in our case

     

     

    All the best and Let me know how it goes or incase if you need any inputs

     

     

    Thank you for reading :-)

    Wednesday, May 26, 2010

    Reverse Hosting

     

    Reverse hosting is similar to reverse proxying except that in addition to protecting the servers sitting behind it, it also keeps a list of those servers on the network that are permitted to publish to the Internet. The proxy server listens for requests from those servers and responds for them, thus protecting them from unwanted visitors. The proxy server hides all internal
    servers.

     

    When configuring reverse hosting, ensure that all incoming Web requests will be discarded by default. This is done through the properties pages of the Web Proxy service under the Publishing tab. Mappings will be added that provide paths to the servers “downstream” or behind the proxy server, and these mappings will connect virtual paths that belong to the proxy server to the actual path of the Web server. Again, for the protection of the internal servers on the network, proxy is the gatekeeper so to speak, inspecting what comes in or goes out, and making sure that its internal network is safe.

     

    .

    Reverse Proxy

     

    Reverse Proxy is offered by to increase the security level for internal servers on the network. Reverse Proxy works by listening for HTTP requests by enabling the proxy server to capture incoming requests to an internal Web server and to reply for that server. This provides a measure of security for an internal Web server that might contain sensitive information or be vulnerable to hackers’ attacks. Since the proxy server handles requests, the outside user never sees the internal server. Configuring the Web server to sit behind the protection of the proxy server provides an essential layer of defense against hackers. Enabling reverse proxying is discussed in a later section.

     

    Ref: http://www.syngress.com

     

    .

    Tuesday, May 25, 2010

    Best Practice to have Access Control enabled when with SOCKS Proxy and Winsock Proxy services

     

    When working with SOCKS Proxy and Winsock Proxy services, make sure that you’ve enabled access control. This is simply a checkbox on the permissions tab of the service you’re using in most of Proxy Severs application Similar to Microsoft Proxy Server 2.0. If this is not enabled, you will not see an option for selecting permissions for these services.

     

    .

    Sunday, May 23, 2010

    SOCKS Proxy Service

     

    SOCKS Proxy service is very similar to the Winsock Proxy service, but it can be used by most popular client operating systems. With SOCKS Proxy, by default, all SOCKS requests are denied. You can allow or disallow requests to and from Domains or Zones, IP subnets, or All. Logging can be used to track clients as in the previous services. SOCKS provides secure communication between the client and server and can provide redirection for non-Windows platforms. It uses TCP/IP as the protocol.

     

    .

    Saturday, May 22, 2010

    Winsock Proxy Service

     

    Winsock Proxy service is the only service offered that supports IPX/SPX as well as TCP/IP as a protocol of choice. When IPX is used, conversion of IPX to IP is done twice, once when the information leaves the network for the Internet, and once on its return. This is necessary since the Internet is solely a TCP/IP-based network. Winsock Proxy is compatible with Windows Sockets applications and operates with them as if they had a straight connection to the Internet. Winsock Proxy service does not cache Internet addresses or support routing like the Web Proxy service does, but it does offer the ability to add protocols other than FTP, Gopher, Secure, and WWW. With Winsock Proxy service, protocols such as Post Office Protocol 3 (POP3), Hypertext Transfer Protocol (HTTP), and Real Audio can be added simply by configuring them through the Internet Service Manager. With Winsock Proxy service, both inbound and outbound access can be secured by placing permissions on protocols, port numbers, users, or groups. IP addresses, domain names, and IP address ranges can also be used to restrict users’ access to the Internet. External users can be blocked from accessing the internal network using this service. Clients that use the Winsock Proxy service must be using a Windows operating system. This rules out this service for many networks since there are usually other clients like Novell or UNIX. As with the other services, logging is enabled and can be used to track client usage.

     

    .

    Talking about Security Let’s discuss securing your network using various Proxy

     

    A few effective types are as follows:

    1. Winsock Proxy Service
    2. SOCKS Proxy Service
    3. Reverse Proxy
    4. Reverse Hosting 

    We would see them in detail in the next posts :-)

     

    .

    Thursday, May 20, 2010

    Now Disable “Autoplay” simply by installing a “Security Update”

     

     

    Depending on the version of Windows that you are using, there are different updates that you must have installed to correctly disable the Autorun functionality:

     

    To disable the Autorun functionality in Windows Vista or in Windows Server 2008, you must have security update 950582 installed (security bulletin MS08-038).

     

    To disable the Autorun functionality in Windows XP, in Windows Server 2003, or in Windows 2000, you must have security update 950582, update 967715, or update 953252 installed.

    Note Updates 950582, 967715, and 953252 provide the same functionality for Autorun. Update 953252 was repackaged as security update 950582 to provide an additional security update for Windows Vista and Windows Server 2008.

     

    Ref: http://support.microsoft.com/kb/967715

    That is why I guess it is said “A Good defense starts with a thorough understanding of your opponent’s offense” - Eric Cole

     

    …Continued from my previous Post on Social Engineering

     

    That is why I guess it is said that a good defense starts with a thorough understanding of your opponent’s offense. :-)

    Social Engineering

     

    Was reading through Teri Bidwell’s book called Hack Proofing your Identity and found this excellent note on “Social Engineering”

     

    Social engineering, also called pretexting, is a term used for a variety of scams and con games involving tricking a victim into voluntarily giving up private information that’s useful. Pretexting is an attempt to elicit a specific response to a social situation the perpetrator has engineered; for example, someone gives you false People who might be savvy enough to shred their paper trash might not be thinking about the trashcan on their computers. Your computer’s recycle bin might contain files with private information in them that you’ve deleted over time. If someone gains access to your computer while you’re away from it, those files might provide useful information. For instance, let’s say you make an online purchase using a credit card, and the Web site provides you with a confirmation form showing what you purchased along with the credit card number and shipping address. You keep the confirmation page on your hard drive until you receive the merchandise. After you receive the merchandise, you delete the confirmation form because it’s no longer needed. The form remains in your recycle bin until you empty it. Even then, the file isn’t irretrievable. It can be restored using special undelete software, which is discussed Information for the purpose of obtaining otherwise forbidden information from you. You might receive the false information via postal mail, email, computer chat program, Web site, telephone, or in person. An example of this is the Nigeria 419 email scam. The Nigeria 419 scam is designed to trick you into disclosing your bank account number. In any case, you are asked to give up information that you would not normally give to just anyone. Most of the time, the victim has no idea he or she has disclosed information under false pretenses, unless it results in a crime that can later be traced back to having disclose information to the person doing the social engineering. As an example of social engineering, an identity thief might pose as a potential landlord or employer in order to obtain a copy of a victim’s credit report. Or, let’s say you needed to find someone’s address and couldn’t find it using one of the online “People Search” type programs. You might phone up the gas company and pose as a relative. The phone conversation might go something like this, in which the gas company clerk is tricked into disclosing the address you’re looking for:

     

    You: Hello, I’m Joe User’s daughter. We just moved my dad to a senior community, and I need to make sure he changed his gas service over to his new address. Bless his heart—he doesn’t remember things the way he used to! Can you tell me the address that’s showing on his account?

     

    Gas Company clerk: I show his address is 555 Shady Lane. Is that the retirement home?

     

    You: Yes it is; thank you very much. Bye.

     

    Social engineering is by far the most effective, least costly, and hardest to prevent method of obtaining private information. Technology can’t be used to block it, and people targeted have to be on their toes in order to even notice it when it’s happening. What’s more, it’s not illegal unless someone uses the obtained information to commit a crime. Unfortunately, most people have an even harder time noticing social engineering when it’s happening using a computer. Some of the most successful social engineering scams today are sent to victims via e-mail. When you can’t see a person’s facial expression or hear his or her voice, inferring their intent when they ask you for information can be difficult. You need to be even more vigilant online than in person against social engineering, due to the numerous places a thief can hide on the Internet.