Thursday, February 28th, 2013
I was installing Window Server 2012 Essentials today for a client, and had laid down the base operating system and then walked away from the computer for a while. When I came back, I found the screen was locked and I didn’t know the password. Some investigation found that the default Administrator password used during the setup of Windows Server 2012 Essentials is Admin@123 – Microsoft documented it here which is where I found it.
Note – this is not a major security issue, as this password is only used for the base Windows installation. Once you either finish the new server installation or server migration, the local administrator password is set to whatever you’ve told it to be set to for the Domain Administrator.
Wednesday, October 10th, 2012
Windows Server 2012 Essentials is different from previous versions of SBS as it’s designed to work with 3 different types mail systems. As a result the ports you need to have open on your firewall is also different.
If you have a uPnP router then the configuration wizards in Windows Server 2012 Essentials will do the work for you. If you like me elect to disable uPnP then you will need to configure the firewall port forwarding manually.
Here’s the list of ports you need to open on your firewall for Windows Server 2012 Essentials. Note that not ALL of them need to be open in order for things to work.
Port 25 – is NOT required to be open if you are using a cloud based mail system such as Office 365 then this port can and should be closed. ONLY if you have an onpremise Exchange or other mail server should you open this port to your network. If you have an onpremise Exchange or other mail server, then you will port forward this port to that server and not the Windows Server 2012 Essentials server. If you have no external email filtering or antispam software then you will need to leave this open for all external IPs. If however you are using something like ExchangeDefender or Trend IMHS then you will need to lock down the external IPs that this port can talk to.
Port 80 - does NOT need to be open at all in reality. It’s there to provide an easy redirect for our users when they go to access the Anywhere Access feature of Windows Server 2012 Essentials (formerly known as Remote Web Access). Having this port open allows the user to type in remote.mycompany.com into a web browser which will then go direct to our server. The server will immediately redirect the user to https://remote.mycompany.com/remote so that all traffic is encrypted. You can safely close this port to reduce your attack profile but you will need to train your users to type in the full URL of https://remote.mycompany.com/remote. My advice is to train your users – put this URL on the back of a business card for them to make it easy to handle.
Port 443 – this is a mandatory one. This needs to be open and forwarded to your Windows Server 2012 Essentials server to allow access to the Anywhere Access website. All traffic over this connection is encrypted so it’s safe and secure. If this is not open then none of these functions will work outside your office. This port is also used by default for the SSTP VPN protocol which is the default protocol in Windows Server 2012 Essentials.
Port 1723 – is an optional port on Windows Server 2012 Essentials. You see – the default protocol for VPN is now SSTP which runs over port 443. You will only need to open port 1723 if you have client PCs that can not use SSTP to access your server. Make sure if you have a more advanced router to also allow the GRE protocol (type 47) over this port.
Wednesday, September 19th, 2012
One of my biggest concerns about the cloud in general is that you can have so much of your data, email and your life stored in the cloud where you have no control over the security at all. My good mate Dana Epp – fellow Security MVP and owner of Scorpion Software, has been developing solutions that will help protect your Office365 stored data from password breaches. He does this in a very SMB friendly manner without the need for things like Dirsync or ADFS which are all pretty darn complex to configure and manage.
Check out the offering of AuthAnvil for Office 365 here
Tuesday, May 29th, 2012
This is just gold. I highly suggest that this video is mandatory watching for all my clients, friends, parents, relatives, anyone that uses a computer. These type of scammers have been calling people here in Australia now for quite a few years, but only recently have they spread to other regions of the globe.
It all starts with a phone call you get on your home phone. The caller indicates that they are from “Technical Support” or some similar company and they tell you that there’s some problem with your computer and that they are there to help you resolve it. The scam then involves them walking you to a website to install some very valid remote control software after which they then proceed to show you all the “problems” with your computer and request money from you to “fix” them.
Be warned – NO ONE WILL EVER CALL YOU TO HELP YOU WITH YOUR COMPUTER….unless of course you have a prearranged and PAID relationship with them – i.e. – your IT support company or your son (yes Mum, I’m talking to you here)
Monday, February 13th, 2012
Tis a common question isn’t it. People never really know if their account has been hacked or not. Robert Crane, fellow MVP and SMB IT Professional member, shared this little gem last week with us. This particular site https://pwnedlist.com/ allows you to enter your email address and that’s it. Based on the information that this site has received they will tell you if your email address is in fact on their list of hacked accounts.
How reliable it is, is anyone’s guess. They rely on information that they’ve collected from various sources. They state on their site that they do not actually keep your email address, but they compare it to a “hash” of your address – that way if their site gets hacked, the information will be useless. Provided of course that what they say is correct, there’s no real harm in trying it. You don’t need to give them your password or any other personal information.
Certainly it’s worth giving it a try to see if your account has been hacked.
Sunday, February 12th, 2012
News last week about Google Chrome and their intention to make it faster still… at the expense of security. I’m not sure I agree with this line of thinking. Basically the article talks about how Google are going to stop checking for revoked SSL certificates because it slows down the web browser too much. Other main vendors Microsoft and Mozilla are not at this point following in this course of action. The certificate revocation is designed to ensure that when you got to a website, the SSL certificate is in fact valid and not been revoked by the Certification Authority. A revoked certificate normally happens when hackers have gained control over the SSL certificate and the entire mechanism is designed to protect you. Google on the other hand have decided that speed is more important than security. Yes – speed is important, but not at the expense of security. There are other mechanisms in place such as DNSSEC which are designed to help ensure that you are going to the websites you think you are, but they are in their infancy. If Google were to implement this change further down the track once DNSSEC was widely used, then it might be acceptable. To do so now is reckless.
I may well be wrong too you know… I don’t know everything but based on what I do know, I’m even more concerned about using Google Chrome for ANYTHING.
Friday, December 16th, 2011
We’ve seen this week a lot in the news about the ANZ Bank and the security issue they’ve had with their online banking. ANZ have now taken their online statements offline until such time as they resolve the issue.
The IT Professional that discovered the issue is a colleague of mine. We’ll call him Mr Y for now. Here’s the side to the story that has not yet been published… and it’s certainly a real issue and a concern that it’s not yet been resolved.
So I have to wonder, if the ANZ Bank have known about this security flaw for many months now, then why the heck did it take pressure from the press for them to do anything about it? Why also have they now inconvenienced all of their online customers by removing access to the online statements when they could have resolved this earlier without the negative press that has ensued?
What about other banks that are using the same system – they themselves are vulnerable and yet we’ve not seen anything to suggest that they have taken action to resolve the issue.
As an IT Professional, I have to wonder what their security response policy must look like. For them to have failed to acknowledge the issue initially, and then once the press alerted them to it, further fail to acknowledge they knew about it is just not acceptable.
As an ANZ customer, I’ve got to consider also the security of the information that they have on me. How do I know it’s still secure with such lax policies as they have in place to allow this to go on?
Thursday, November 24th, 2011
One of the things you should do before migration is to ensure that you set your DSRM password to something that you know. The quickest way to do this is to use NTDSUtil to synchronise it with the current SBS 2008 or SBS 2011 Network Administrators password.
To do this is easy – use the following procedure.
You can see below where I’ve configured my SBS 2008 server to sync with the account SBSADMIN
Of course, the next thing before you need to use it in a DR scenario is to test it of course!
Wednesday, November 2nd, 2011
In the last episode of Crack The Creds, Dana showed us how to bypass the iLo security. This time he’s showing us how to bypass the Apple iPad screen lock password and see the screen of the last application running. Well worth a look. Check it out here.
Tuesday, October 25th, 2011
Dana Epp has released his first video on how to bypass the password on the HP iLo systems. This is pretty useful for when you forget the password for your iLo or you take over a customer site and you don’t know the password at all. The process Dana recommends is very simple and takes moments. Check out his video here