My 2 Cents ...

Setting up a Test Environment for Mail Servers (sending and receiving emails – Internal (LAN) to External (WAN) and vice versa)

2010-12-16T10:44:00.001-08:00

This time I am going to write about the procedure on setting up a Test Environment for understanding Mail Servers (sending and receiving emails- Internal to External and vice versa)

Here, in my case I first installed VMWARE ESXi server on my Server which has 8 GB RAM

Then deployed 3 virtual machines (VMs) with the Operating System as Windows Server 2003 SP2

Let me first explain why three VMs/Systems:

Domain Controller and Exchange Server (Internal)
RRAS (used for LAN Routing)
Domain Controller and Exchange Server (External)

Setup a Static IP Address with a Completely Different Subnet for the Two Servers. For example setup 192.168.1.30 for one server and setup 192.168.20.30 for another server

Install and Configure DNS on both the identified Systems

Install and Configure Active Directory on both the identified Systems making it a completely new Domain Controllers (DCs) in a completely new forest for each one

Make sure that both the DCs are completely different domains in completely different forest

For Example: myhome.abc and company.abc

Prepare the server for Exchange Installation by running “forestprep” and “domainprep”

Once successful, install Exchange Server on both the identified Systems

Then go to the DNS Server snap-in and Configure both the DNS server to use each other as forwarders

For Example if we assume the two Server with the IP Address as:

192.168.1.30
192.168.20.30

Then we need to configure DNS Server 192.168.1.30 as a DNS forwarder for the server 192.168.20.30 and vice versa

To configure a DNS server to use forwarders

Open the DNS snap-in.

In the console tree, click the applicable Domain Name System (DNS) server.
Where?

DNS/applicable DNS server

On the Action menu, click Properties.

On the Forwarders tab, click Edit.

Type the IP address for the fully qualified domain name (FQDN) of a forwarder, and then click OK.

Once the DNS forwarding is completed, verify by sending an email to any user in the other Domain from the Existing one

For Example: Sending an Email from the Domain myhome.abc to company.abc which are two completely different domains in completely different forest working on different subnets connected via a router

Mail Sent Successfully isn't it ?

This setup can now be used to simulate a Internal Email to WAN and WAN to Internal Email, since we can assume and configure one of the Domains as Internal and the other on WAN connected via a Router which is RRAS in our case

All the best and Let me know how it goes or incase if you need any inputs

Thank you for reading :-)

Back to Blogging after a while…

2010-12-16T10:07:00.001-08:00

It is been long for sure, professional and family commitments seems to have overburdened me more than ever before. Lots of changes taking place. When we talk about changes they usually mean progress and progress brings happiness. But that's something to come in due course of time I suppose cause haven't experienced any positives yet, maybe since no time to spare, not even for experiencing positives like happiness recently.

Short of words today I guess due to a couple of reasons. Firstly since I had always been a Technology Blogger not too good in writing about me or my life and secondly maybe because it is been a while since my last post here

Let me end with a message that inspired me lately, hope the same for you as well ;-) as said by Mr. Mahesh Benkar

"Volume is vanity, profit is sanity and cash is the only reality"

Thank You :-)

Reverse Hosting

2010-05-26T07:05:00.001-07:00

Reverse hosting is similar to reverse proxying except that in addition to protecting the servers sitting behind it, it also keeps a list of those servers on the network that are permitted to publish to the Internet. The proxy server listens for requests from those servers and responds for them, thus protecting them from unwanted visitors. The proxy server hides all internal
servers.

When configuring reverse hosting, ensure that all incoming Web requests will be discarded by default. This is done through the properties pages of the Web Proxy service under the Publishing tab. Mappings will be added that provide paths to the servers “downstream” or behind the proxy server, and these mappings will connect virtual paths that belong to the proxy server to the actual path of the Web server. Again, for the protection of the internal servers on the network, proxy is the gatekeeper so to speak, inspecting what comes in or goes out, and making sure that its internal network is safe.

Reverse Proxy

2010-05-26T07:04:00.001-07:00

Reverse Proxy is offered by to increase the security level for internal servers on the network. Reverse Proxy works by listening for HTTP requests by enabling the proxy server to capture incoming requests to an internal Web server and to reply for that server. This provides a measure of security for an internal Web server that might contain sensitive information or be vulnerable to hackers’ attacks. Since the proxy server handles requests, the outside user never sees the internal server. Configuring the Web server to sit behind the protection of the proxy server provides an essential layer of defense against hackers. Enabling reverse proxying is discussed in a later section.

Ref: http://www.syngress.com

Best Practice to have Access Control enabled when with SOCKS Proxy and Winsock Proxy services

2010-05-25T05:56:00.001-07:00

When working with SOCKS Proxy and Winsock Proxy services, make sure that you’ve enabled access control. This is simply a checkbox on the permissions tab of the service you’re using in most of Proxy Severs application Similar to Microsoft Proxy Server 2.0. If this is not enabled, you will not see an option for selecting permissions for these services.

SOCKS Proxy Service

2010-05-23T01:01:00.001-07:00

SOCKS Proxy service is very similar to the Winsock Proxy service, but it can be used by most popular client operating systems. With SOCKS Proxy, by default, all SOCKS requests are denied. You can allow or disallow requests to and from Domains or Zones, IP subnets, or All. Logging can be used to track clients as in the previous services. SOCKS provides secure communication between the client and server and can provide redirection for non-Windows platforms. It uses TCP/IP as the protocol.

Winsock Proxy Service

2010-05-22T07:54:00.001-07:00

Winsock Proxy service is the only service offered that supports IPX/SPX as well as TCP/IP as a protocol of choice. When IPX is used, conversion of IPX to IP is done twice, once when the information leaves the network for the Internet, and once on its return. This is necessary since the Internet is solely a TCP/IP-based network. Winsock Proxy is compatible with Windows Sockets applications and operates with them as if they had a straight connection to the Internet. Winsock Proxy service does not cache Internet addresses or support routing like the Web Proxy service does, but it does offer the ability to add protocols other than FTP, Gopher, Secure, and WWW. With Winsock Proxy service, protocols such as Post Office Protocol 3 (POP3), Hypertext Transfer Protocol (HTTP), and Real Audio can be added simply by configuring them through the Internet Service Manager. With Winsock Proxy service, both inbound and outbound access can be secured by placing permissions on protocols, port numbers, users, or groups. IP addresses, domain names, and IP address ranges can also be used to restrict users’ access to the Internet. External users can be blocked from accessing the internal network using this service. Clients that use the Winsock Proxy service must be using a Windows operating system. This rules out this service for many networks since there are usually other clients like Novell or UNIX. As with the other services, logging is enabled and can be used to track client usage.

Talking about Security Let’s discuss securing your network using various Proxy

2010-05-22T07:51:00.001-07:00

A few effective types are as follows:

Winsock Proxy Service
SOCKS Proxy Service
Reverse Proxy
Reverse Hosting

We would see them in detail in the next posts :-)

Now Disable “Autoplay” simply by installing a “Security Update”

2010-05-20T22:03:00.001-07:00

Depending on the version of Windows that you are using, there are different updates that you must have installed to correctly disable the Autorun functionality:

To disable the Autorun functionality in Windows Vista or in Windows Server 2008, you must have security update 950582 installed (security bulletin MS08-038).

To disable the Autorun functionality in Windows XP, in Windows Server 2003, or in Windows 2000, you must have security update 950582, update 967715, or update 953252 installed.

Note Updates 950582, 967715, and 953252 provide the same functionality for Autorun. Update 953252 was repackaged as security update 950582 to provide an additional security update for Windows Vista and Windows Server 2008.

Ref: http://support.microsoft.com/kb/967715

That is why I guess it is said “A Good defense starts with a thorough understanding of your opponent’s offense” - Eric Cole

2010-05-20T06:54:00.001-07:00

…Continued from my previous Post on Social Engineering

That is why I guess it is said that a good defense starts with a thorough understanding of your opponent’s offense. :-)

Social Engineering

2010-05-20T06:49:00.001-07:00

Was reading through Teri Bidwell’s book called Hack Proofing your Identity and found this excellent note on “Social Engineering”

Social engineering, also called pretexting, is a term used for a variety of scams and con games involving tricking a victim into voluntarily giving up private information that’s useful. Pretexting is an attempt to elicit a specific response to a social situation the perpetrator has engineered; for example, someone gives you false People who might be savvy enough to shred their paper trash might not be thinking about the trashcan on their computers. Your computer’s recycle bin might contain files with private information in them that you’ve deleted over time. If someone gains access to your computer while you’re away from it, those files might provide useful information. For instance, let’s say you make an online purchase using a credit card, and the Web site provides you with a confirmation form showing what you purchased along with the credit card number and shipping address. You keep the confirmation page on your hard drive until you receive the merchandise. After you receive the merchandise, you delete the confirmation form because it’s no longer needed. The form remains in your recycle bin until you empty it. Even then, the file isn’t irretrievable. It can be restored using special undelete software, which is discussed Information for the purpose of obtaining otherwise forbidden information from you. You might receive the false information via postal mail, email, computer chat program, Web site, telephone, or in person. An example of this is the Nigeria 419 email scam. The Nigeria 419 scam is designed to trick you into disclosing your bank account number. In any case, you are asked to give up information that you would not normally give to just anyone. Most of the time, the victim has no idea he or she has disclosed information under false pretenses, unless it results in a crime that can later be traced back to having disclose information to the person doing the social engineering. As an example of social engineering, an identity thief might pose as a potential landlord or employer in order to obtain a copy of a victim’s credit report. Or, let’s say you needed to find someone’s address and couldn’t find it using one of the online “People Search” type programs. You might phone up the gas company and pose as a relative. The phone conversation might go something like this, in which the gas company clerk is tricked into disclosing the address you’re looking for:

You: Hello, I’m Joe User’s daughter. We just moved my dad to a senior community, and I need to make sure he changed his gas service over to his new address. Bless his heart—he doesn’t remember things the way he used to! Can you tell me the address that’s showing on his account?

Gas Company clerk: I show his address is 555 Shady Lane. Is that the retirement home?

You: Yes it is; thank you very much. Bye.

Social engineering is by far the most effective, least costly, and hardest to prevent method of obtaining private information. Technology can’t be used to block it, and people targeted have to be on their toes in order to even notice it when it’s happening. What’s more, it’s not illegal unless someone uses the obtained information to commit a crime. Unfortunately, most people have an even harder time noticing social engineering when it’s happening using a computer. Some of the most successful social engineering scams today are sent to victims via e-mail. When you can’t see a person’s facial expression or hear his or her voice, inferring their intent when they ask you for information can be difficult. You need to be even more vigilant online than in person against social engineering, due to the numerous places a thief can hide on the Internet.

Not much blogging from me in the past few months… :-(

2010-05-20T06:26:00.001-07:00

Not much blogging from me in the past few months :-(, planning to be back soon

How do I perform a install a SERVER CORE installation using an UNATTEND file

2009-06-25T08:54:00.001-07:00

Using an unattend file to install a Server Core installation

Using an unattend file for a Server Core installation enables you to perform most of the initial configuration tasks during Setup. Performing an unattended Server Core installation provides the following benefits:

There is no need to perform the initial configuration by using command-line tools.
You can include the settings in the unattend file to enable remote administration (when Setup is complete).
You can configure settings that cannot be easily modified at a command prompt, such as display resolution.

To install a Server Core installation by using an unattend file:

Create a .xml file titled Unattend.xml by using a text editor or Windows System Image Manager.
Copy the Unattend.xml file to a local drive or shared network resource.
Boot your computer to Windows Preinstallation Environment (Windows PE), Windows Server 2003, or Windows XP.
Insert the media disk with the Server Core installation of Windows Server 2008 into your disk drive. If the auto-run Setup window appears, click Cancel.
At a command prompt, change to the drive that contains the installation media.
Type the following at a command prompt:
setup /unattend:<path>\unattend.xml
where path is the path to your Unattend.xml file.
Allow Setup to complete.

Note:
Appendix A of this document contains a sample unattend file with comments that explain the settings in the sample configuration. This sample can be modified for use in your environment.

How do I perform ACTIVATION on the windows SERVER CORE?

2009-06-08T15:31:00.001-07:00

To perform the ACTIVATION on the windows SERVER CORE type the following at the command prompt:

slmgr.vbs –ato

If activation is successful, no message will return in the command prompt.

You can also activate by phone, using a Key Management Service (KMS) server, or remotely by typing the following command at a command prompt of a computer that is running Windows Vista or Windows Server 2008:

cscript windows\system32\slmgr.vbs <ServerName> <UserName> <password>:-ato

Prerequisites for installing a server role on a server running Server Core installation…

2009-06-05T15:45:00.001-07:00

Prerequisites for installing a server role on a server running Server Core installation

A computer on which you have installed and configured a Server Core installation of Windows Server 2008.

An administrator user account and password for the server running the Server Core installation.

If installing and configuring a print server, another computer running Windows Vista or Windows Server 2008 on which

you can run the Print Management Console to remotely configure the print server.

If installing and configuring a DHCP server, the information required to configure a DHCP scope.

If installing and configuring a DHCP server, you must configure the server running the Server Core installation to use a static IP address.

If installing and configuring a DNS server, the information required to configure a DNS zone.

If installing and configuring an Active Directory environment, the information required to either join an existing domain or to create a new domain.

If you are going to promote the server running the Server Core installation to be a domain controller in an Active Directory domain, a domain administrator user name and password.

How do I configure the FIREWALL on the windows SERVER CORE?

2009-06-05T15:36:00.001-07:00

To configure the FIREWALL on the windows SERVER CORE:

Use the following command.

netsh advfirewall

For example, to enable remote management from any MMC snap-in, type the following:

netsh advfirewall firewall set rule group="Remote Administration" new enable=yes

Notes: You can also use the Windows Firewall snap-in from a computer running Windows Vista or Windows Server 2008 to remotely manage the firewall on a server running a Server Core installation. To do this, you must first enable remote management of the firewall by running the following command on the computer running a Server Core installation:

netsh advfirewall set currentprofile settings remotemanagement enable

How do I install the DHCP Server role on the SERVER CORE ?

2009-05-26T05:17:00.001-07:00

To install the DHCP Server role on the SERVER CORE

At a command prompt, type:

start /w ocsetup DHCPServerCore

Configure a DHCP scope at the command prompt by using netsh, or by remotely using the DHCP snap-in from Windows Server 2008.

If the DHCP server is installed in an Active Directory domain, you must authorize it in Active Directory.

The DHCP Server service does not start automatically by default. Use the following procedure to configure it to start automatically and to start the service for the first time.To configure and start the DHCP Server service

At a command prompt, type:

sc config dhcpserver start= auto

Start the service by typing:

net start dhcpserver

Typing the following at the command prompt will uninstall the DHCP Server role

start /w ocsetup DHCPServerCore /uninstall

How do I install the DNS server role on the SERVER CORE ?

2009-05-26T04:48:00.001-07:00

To install the DNS Server role on the SERVER CORE

At a command prompt, type:

start /w ocsetup DNS-Server-Core-Role

Note: Using /w prevents the command prompt from returning until the installation completes. Without /w, there is no indication that the installation completed.

Configure a DNS zone at the command prompt by typing:

dnscmd

OR

by remotely using the DNS MMC snap-in.

Note: Typing start /w ocsetup DNS-Server-Core-Role /uninstall at the command prompt will uninstall the DNS Server role.

How do I join the “SERVER CORE” into an existing “DOMAIN” ?

2009-05-20T12:43:00.001-07:00

To join the “SERVER CORE” into an existing DOMAIN:

At a command prompt, type:

netdom join <ComputerName> /domain:<DomainName> /userd:<UserName> /password:*

ComputerName is the name of the server that is running the Server Core installation.
DomainName is the name of the domain to join.
UserName is a domain user account with permission to join the domain.

When prompted to enter the password, type the password for the domain user account specified by

UserName

If you need to add a domain user account to the local Administrators group, type the following command:

net localgroup administrators /add <DomainName>\<UserName>

Restart the computer. You can do this by typing the following at a command prompt:

shutdown /r /t 0

Benefits of a Windows Server 2008 SERVER CORE installation

2009-05-11T14:18:00.001-07:00

The Server Core installation option of Windows Server 2008 provides the following BENEFITS:

Reduced maintenance:

- Because the Server Core installation option installs only what is required to have a manageable server for the AD DS, AD LDS, DHCP Server, DNS Server, File Services, Print Services, and Streaming Media Services roles, less maintenance is required than on a full installation of Windows Server 2008

Reduced attack surface:

- Because Server Core installations are minimal, there are fewer applications running on the server, which decreases the attack surface.

Reduced management:

- Because fewer applications and services are installed on a server running the Server Core installation, there is less to manage.

Less disk space required:

- A Server Core installation requires only about 1 gigabyte (GB) of disk space to install and approximately 2 GB for operations after the installation.

What Server Roles would a Server running a Windows Server 2008 SERVER CORE installation support ?

2009-05-11T14:11:00.001-07:00

Server running a Server Core installation supports the following server roles:

Active Directory Domain Services (AD DS)
Active Directory Lightweight Directory Services (AD LDS)
DHCP Server
DNS Server
File Services
Print Services
Streaming Media Services
Web Server (IIS)

To accomplish this, the Server Core installation option installs only the subset of the binary files that are required by the supported server roles

Introduction to Windows 2008 SERVER CORE

2009-05-11T14:04:00.001-07:00

The Server Core installation option is a new option that you can use for installing Windows Server 2008. A Server Core installation provides a minimal environment for running specific server roles, which reduces the maintenance and management requirements and the attack surface for those server roles.

To accomplish this, the Server Core installation option installs only the subset of the binary files that are required by the supported server roles. For example, the Explorer shell is not installed as part of a Server Core installation. Instead, the default user interface for a server running a Server Core installation is the command prompt.

How to Configure the Network Settings on Windows Server 2008 / Server Core using the COMMAND PROMPT

2009-05-11T13:41:00.001-07:00

At a command prompt, type the following:

netsh interface ipv4 show interfaces

Make a note of the number shown in the Idx column of the output for your network adapter. If your computer has more than one network adapter, make a note of the number corresponding to the network adapter for which you wish to set a static IP address.
At the command prompt, type:

netsh interface ipv4 set address name="<ID>" source=static address=<StaticIP> mask=<SubnetMask> gateway=<DefaultGateway>

Where:

ID is the number from step 2 above

StaticIP is the static IP address that you are setting

SubnetMask is the subnet mask for the IP address

DefaultGateway is the default gateway

At the command prompt, type:

netsh interface ipv4 add dnsserver name="<ID>" address=<DNSIP>index=1

Where:

ID is the number from step 2 above

DNSIP is the IP address of your DNS server

Repeat step 4 for each DNS server that you want to set, incrementing the index= number each time.

Notes:

If you set the static IP address on the wrong network adapter, you can change back to using the DHCP address supplied by using the following command:

netsh interface ipv4 set address name="<ID>" source=dhcp

where ID is the number of the network adapter from Step 2.

How do Enable or Disable APIPA in the TCP/IP stack for Windows Server 2008 ?

2009-04-29T14:26:00.001-07:00

IPAutoconfigurationEnabled

Key: Tcpip\Parameters

Value Type: REG_DWORD—Boolean

Valid Range: 0, 1 (false, true)

Default: 1 (true)

Description: This value enables or disables IPv4 autoconfiguration using APIPA.

Note: This value is generally setup globally and not locally

How do I change the default APIPA range from 169.254.xx.xx or the one stored by DHCP to a custom IP Address range in the TCP/IP stack for Windows Server 2008?

2009-04-29T14:10:00.001-07:00

IPAutoconfigurationAddress

Key: Tcpip\Parameters\Interfaces\interfaceGUID

Value Type: REG_SZ—String

Valid Range: Change to a valid IPv4 address

Default: None

Description: This value stores the APIPA autoconfiguration IPv4 address chosen by the DHCP client.

Note: “This value should not be altered unless there is a specific requirement”

How to enable Multicast Forwarding in the TCP/IP stack for Windows Server 2008

2009-04-22T08:35:00.001-07:00

EnableMulticastForwarding

Key: Tcpip\Parameters

Value Type: REG_DWORD—Boolean

Valid Range: 0, 1 (false, true)
Default: 0 (false)
Description: The routing service uses this value to control whether or not IP multicasts are forwarded. This value is created by the Routing and Remote Access service.

How to Disable IP Source Routing in Windows Server 2008 ?

2009-04-20T16:32:00.001-07:00

DisableIPSourceRouting

Key: Tcpip\Parameters, Tcpip6\Parameters

Value Type: REG_DWORD—Boolean

Valid Range: 0, 1, 2

0 - forward all packets
1 - do not forward source routed packets
2 - drop all incoming source routed packets

Default: 1 for IPv4 and 0 for IPv6

Description: IP source routing is a mechanism that allows the sender to determine the IP route that a packet should take through the network. The Ping and Tracert tools have command-line options to specify source routing

Changes in TCP/IP stack for Windows Server 2008 “netsh interface set interface” commands

2009-04-20T16:24:00.001-07:00

Many of the TCP/IP registry values supported in Windows XP and Windows Server 2003 are not supported by TCP/IP in Windows Vista and Windows Server 2008. You can configure additional TCP/IP settings with command-line parameters for the following Netsh commands at a Windows command prompt with administrator-level permissions:

netsh interface ipv4 set interface
netsh interface ipv4 set global
netsh interface ipv6 set interface
netsh interface ipv6 set global

Why IPv6 in TCP/IP stack now for Windows Server 2008 ?

2009-04-16T12:41:00.001-07:00

Large address space

- The 128-bit address space for IPv6 provides ample room to provide every device on the present and foreseeable future Internet with a globally reachable address.

Efficient routing

- With a streamlined IPv6 header and addressing that supports hierarchical routing infrastructures, IPv6 routers on the Internet can forward IPv6 traffic faster than their IPv4 counterparts.

Ease of configuration

- IPv6 hosts can configure themselves by either interacting with a Dynamic Host Configuration Protocol for IPv6 (DHCPv6) server or by interacting with their local router and using stateless address autoconfiguration.

Enhanced security

- The IPv6 standards solve some of the security issues of IPv4 by providing better protection against address and port scanning attacks and by requiring that all IPv6 implementations support Internet Protocol security (IPSec) for cryptographic protection of IPv6 traffic.

Reference: http://technet.microsoft.com/en-us/library/bb878121.aspx

Dual IP layer architecture for IPv6 in the TCP/IP stack for Windows Server 2008

2009-04-16T12:31:00.001-07:00

The implementation of IPv6 in Windows XP and Windows Server 2003 is a dual stack architecture. For IPv6 support, you have to install a separate protocol through the Network Connections folder. The separate IPv6 protocol stack had its own Transport layer that included Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) and its own Framing layer. Changes to protocols in either the Transport or Framing layers had to be done to two Windows drivers; Tcpip.sys for the IPv4 protocol stack and Tcpip6.sys for the IPv6 protocol stack.

The Next Generation TCP/IP stack supports the dual IP layer architecture in which the IPv4 and IPv6 implementations share common Transport and Framing layers. The Next Generation TCP/IP stack has both IPv4 and IPv6 enabled by default. There is no need to install a separate component to obtain IPv6 support.

PUG Windows 7 Day - IT Pro Track - Hope to see you ALL there

2009-04-16T07:20:00.001-07:00

http://www.puneusergroup.org/windows7day-itpro.aspx

Seminar Location:
Capgemini India
A-1, Technology Park
MIDC Talwade
Pune -412114
India

http://www.puneusergroup.org

Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP) and Challenge-Handshake Authentication Protocol (CHAP)

2009-04-10T13:07:00.001-07:00

The Challenge Handshake Authentication Protocol (CHAP) authenticates a user or network host to an authenticating entity.

RFC 1994: PPP Challenge Handshake Authentication Protocol (CHAP) defines the protocol.

CHAP is an authentication scheme used by Point to Point Protocol (PPP) servers to validate the identity of remote clients. CHAP periodically verifies the identity of the client by using a three-way handshake. This happens at the time of establishing the initial link, and may happen again at any time afterwards. The verification is based on a shared secret (such as the client user's password).

After the completion of the link establishment phase, the authenticator sends a "challenge" message to the peer.
The peer responds with a value calculated using a one-way hash function, such as an MD5 checksum hash.
The authenticator checks the response against its own calculation of the expected hash value. If the values match, the authenticator acknowledges the authentication; otherwise it should terminate the connection.
At random intervals the authenticator sends a new challenge to the peer and repeats steps 1 through 3.
CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable challenge-value. CHAP requires that both the client and server know the plaintext of the secret, although it is never sent over the network.

Microsoft has implemented a variant of the Challenge-handshake authentication protocol, called MS-CHAP, which does not require either peer to know the plaintext.

MS-CHAP is the Microsoft version of the Challenge-handshake authentication protocol, CHAP. The protocol exists in two versions, MS-CHAPv1 (defined in RFC 2433) and MS-CHAPv2 (defined in RFC 2759). MS-CHAPv2 was introduced with Windows 2000 and was added to Windows 98 in the "Windows 98 Dial-Up Networking Security Upgrade Release" and Windows 95 in the "Dial Up Networking 1.3 Performance & Security Update for MS Windows 95" upgrade. Windows Vista drops support for MS-CHAPv1.

Compared with CHAP, MS-CHAP:

is enabled by negotiating CHAP Algorithm 0x80 (0x81 for MS-CHAPv2) in LCP option 3, Authentication Protocol
provides an authenticator-controlled password change mechanism
provides an authenticator-controlled authentication retry mechanism
defines failure codes returned in the Failure packet message field
MS-CHAPv2 provides mutual authentication between peers by piggybacking a peer challenge on the Response packet and an authenticator response on the Success packet.

Memories - MCT Summit 2009, Hyderabad

2009-04-10T09:34:00.001-07:00

Days Well Spent !!

Shiva Password Authentication Protocol (SPAP) now included in the TCP/IP stack for Windows Server 2008

2009-04-09T14:03:00.001-07:00

Shiva Password Authentication Protocol (SPAP) now included in Windows Server 2008 which works in co-ordination with RADIUS and encrypts the password so that it transferred securely within the Network

Shiva Password Authentication Protocol (SPAP) is a simple encrypted password authentication protocol supported by Shiva remote access servers. With SPAP, the remote access client sends an encrypted password to the remote access server. SPAP uses a two-way encryption algorithm. The remote access server decrypts the password and uses the plaintext form to authenticate the remote access client.

Shiva Password Authentication Protocol (SPAP) is a reversible encryption mechanism employed by Shiva. A computer running Windows XP Professional, when connecting to a Shiva LAN Rover, uses SPAP, as does a Shiva client that connects to a server running Routing and Remote Access. This form of authentication is more secure than plaintext but less secure than Challenge Handshake Authentication Protocol (CHAP) or Microsoft Challenge Handshake Authentication Protocol (MS-CHAP).

To enable SPAP-based authentication, you must do the following:

Enable SPAP as an authentication protocol on the RADIUS client. SPAP is disabled by default.
Enable SPAP on the appropriate network policy. SPAP is disabled by default.
Enable SPAP on the access client

Reference:

http://technet.microsoft.com/en-us/library/dd197599.aspx

Enabling ECN (Explicit Congestion Notification) which is now included in the TCP/IP stack for Windows Server 2008

2009-04-08T05:35:00.000-07:00

What is ECN?
Explicit Congestion Notification (ECN) is an extension to the Internet Protocol and is defined in RFC 3168 (2001). ECN allows end-to-end notification of network congestion without dropping packets.The Addition of Explicit Congestion Notification (ECN) to IP, states that with the addition of active queue management (for example, WRED) to the Internet infrastructure, routers are no longer limited to packet loss as an indication of congestion.

ECN and Windows Operating Systems
ECN has now been added to the TCP/IP stack in the following Windows Operating Systems:

Windows Vista
Windows 7
Windows Server 2008

How do we enable ECN is Windows Operating System?

Open a command prompt as an adminstrator
Type "netsh int tcp show global"this will show your current TCP/IP state
To enable ECN, in command prompt type:"netsh int tcp set global ecncapability=enabled"
To enable CTCP (Compound TCP)in command prompt type:"netsh int tcp set global congestionprovider=ctcp"
To verify changes Type "netsh int tcp show global"

Ethical Hacking vs. Malicious Hacking

2008-11-29T13:30:00.000-08:00

Ask any developer if he has ever hacked. Ask yourself if you ever been a hacker. The answers will probably be yes. We have all hacked, at one time or another, for one reason or another. Administrators hack to find shortcuts around configuration obstacles. Security professionals attempt to wiggle their way into an application/database through unintentional (or even intentional) backdoors; they may even attempt to bring systems down in various ways. Security professionals hack into networks and applications because they are asked to; they are asked to find any weakness that they can and then disclose them to their employers. They are performing ethical hacking in which they have agreed to disclose all findings back to the employer, and they may have signed nondisclosure agreements to verify that they will NOT disclose this information to anyone else. But you don’t have to be a hired security professional to perform ethical hacking. Ethical hacking occurs anytime you are “testing the limits” of the code you have written or the code that has been written by a co-worker. Ethical hacking is done in an attempt to prevent malicious attacks from being successful. Malicious hacking, on the other hand, is completed with no intention of disclosing weaknesses that have been discovered and are exploitable. Malicious hackers are more likely to exploit a weakness than they are to report the weakness to the necessary people, thus avoiding having a patch/fix created for the weakness. Their intrusions could lead to theft, a DDoS attack, defacing of a Web site, or any of the other attack forms that are listed throughout this chapter. Simply put, malicious hacking is done with the intent to cause harm. Somewhere in between the definition of an ethical hacker and a malicious hacker lies the argument of legal issues concerning any form of hacking. Is it ever truly okay for someone to scan your ports or poke around in some manner in search of an exploitable weakness? Whether the intent is to report the findings or to exploit them. If a company hasn’t directly requested attempts at an intrusion, then the “assistance” is unwelcome.