Jump to content

Ioannis Zontos

Members
  • Posts

    181
  • Joined

  • Last visited

Everything posted by Ioannis Zontos

  1. mono ta account ston isp θα φτιαξει , ο sbs εχει pop3 connector και θα τα κατεβαζει στα exchange mailbox δεν κανεις κατι στο outlook
  2. Ο sbs2011 περιέχει τον exchange2010 std , τωρα αν θες να μην χάνεις μηνύματα ειδικά στον sbs που εχει pop3 connector φτιάξε MX primary tin ip σου και backup MX κάποιον provider που θα έχεις εκει τα pop account <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /> Αν εχεις πρόβλημα στο μέλλον με τον sbs σου όλα τα mail θα πηγαίνουν στα pop accounts του ISP αφου δεν θα λειτουργεί το primary MX Ετσι θα είσαι μια χαρά και ξεχνάς και το linux και όλα και εχεις και backup λυση γιτην ληψη των email sou v
  3. Σε αυτό το άρθρο επανέρχομαι με περισσότερες πληροφορίες για το πώς μπορούμε να βρούμε τον κωδικό και να αποκτήσουμε access σε ένα wireless lan με το reaver Ξεκινάμε με ένα live cd BackTrack Για να βρουμε το Download Live DVD from BackTrack's download page και φτιάχνουμε ένα DVD.(την ίδια δουλειά μπορούμε να κάνουμε με ένα usb >=2GB ) Αφού έχουμε ξεκινήσει το backtrack δίνουμε Startx για να ξεκινήσει γραφικό περιβάλλον Στην συνέχεια Click Applications > Internet > Wicd Network Manager 2. Select your network and click Connect, enter your password if necessary, click OK, and then click Connect a second time. Εφόσον εχουμε internet acces δίνουμε Apt-get update Apt-get upgrade Apt-get install reaver Iwconfig για να δουμε το wireless interface Τώρα βάζουμε την wireless card σε monitor mode Airmon-ng start wlan0 Δημιουργείτε ένα νέο interface mon0 Ξεκινάμε το scan για να βρούμε όλα τα ασυρματα δίκτυα γύρω μας Airodump-ng wlan0 Μετά ξεκινάμε το reaver reaver -i moninterface -b bssid –vv me moninterface to mon0 και BSSID αυτό που μας ενδιαφέρει πχ reaver -i mon0 -b 8D:AE:9D:65:1F:B2 -vv όταν τελειώσει το reaver θα δείτε κάτι τέτοιο Για να προστατευτούμε από το reaver θα πρέπει να απενεργοποιήσουμε το WPS Για να προστατευτούμε από το reaver θα πρέπει να απενεργοποιήσουμε το WPS Φυσικά δεν δουλεύει σε όλα ταAccess points και θέλει για να παίξει πολύ ισχυρό σήμα Περισσότερα για το reaver εδώ Sean Gallagher's excellent post on Ars Technica.
  4. Τα τελευταία χρόνια, πολλές ιστοσελίδες βρίσκονται σε ομηρία, και παγιδευμένες με κακόβουλο κώδικα. Εάν επισκεφθείτε μια τέτοια ιστοσελίδα με unpatched σύστημα, ο υπολογιστής σας μπορεί αυτόματα και σιωπηλά κατεβάσει και να εγκαταστήσει κάποιο malware. Τον τελευταίο καιρό, οι εισβολείς έχουν καταφέρει καιι έχουν χτυπήσει χιλιάδες ιστοσελίδες με τη μία. Τι φταίει για αυτές τις μαζικές επιθέσεις και πως γίνονται ; Τις περισσότερες φορές με Αυτοματοποιημένη SQL Injection (SQLi). Σύμφωνα με τους ερευνητές στο SANS, ένα αυτοματοποιημένο συστημα εισαγωγής SQL (SQLi) που ονομάστηκε Lilupophilupop έχει μολύνει πάνω από ένα εκατομμύριο ιστοσελίδες Αυτή η τελευταία περίοδος των αυτοματοποιημένων επιθέσεων SQLi εχει στόχους web server της Microsoft (IIS servers με ASP.NET, και MSSQL backend), και εμφανίστηκε πρώτα στις αρχές Δεκεμβρίου. Τότε, η επίθεση είχε επηρεάσει λιγους server . Ωστόσο, πρόσφατη έρευνα SANS »δείχνει ότι έχει εξαπλωθεί σε μόλις πάνω από ένα εκατομμύριο ιστοσελίδες σήμερα. Αν θέλετε να μάθετε περισσότερα για αυτήν την επίθεση, μπορείτε να βρείτε λεπτομέρειες σχετικά SANS’ early December post. Ένα μικρό βίντεο για μια απλή επίθεση με sql injection στην συνέχεια
  5. Στο φετινό Chaos Communications Congress (28C3) ο Ang Cui παρουσίασε πως με reverse-engineered σε printers της HP και κατά την διαδικασία τουfirmware update μπορεί να αποκτήσει πρόσβαση και να εκτεθεί όλο δίκτυο μας Στην παρουσίαση του , στο πρώτο μέρος δείχνει πως στέλνοντας ένα αρχείο που περιέχει malicious version of the OS του printer κατάφερε τον εκτυπωτή να στέλνει τα έγγραφα που είχε για εκτύπωση σε μια ip στο internet Στο δεύτερο μέρος , παλι με το ιδιο τρόπο έκανε τον εκτυπωτή να scannarei το εσωτερικό δίκτυο για vulnerable PCs, αφού τα βρει, να υποβίβαση την ασφάλεια του pc να το μετατρέψει σε proxy και να του δώσει access από το firewall. Στο βίντεο που ακολουθεί μπορείτε να δείτε ολη την παρουσίαση Η HP εχει βγάλει διόρθωση για αυτό το προβλημα των MFP printers Δείτε επίσης http://events.ccc.de/congress/2011/Fahrplan/events/4780.en.html http://events.ccc.de/congress/2011/Fahrplan/events/4871.en.html
  6. Σε προηγούμενο άρθρο είχαμε αναφερθεί στα προβλήματα ασφάλειας από το WPS , σε αυτό επανερχόμαστε και δίνουμε πληροφορίες για το πώς με ένα εργαλείο και με την τεχνική brute force μπορούμε να παρακάμψουμε την ασφάλεια σε ασύρματο δίκτυο και να αποκτήσουμε πρόσβαση Το εργαλείο που θα χρησιμοποιήσουμε είναι το Reaver (Reaver is a WPA attack tool developed by Tactical Network Solutions that exploits a protocol design flaw in WiFi Protected Setup (WPS). This vulnerability exposes a side-channel attack against Wi-Fi Protected Access (WPA) versions 1 and 2 allowing the extraction of the Pre-Shared Key (PSK) used to secure the network. With a well-chosen PSK, the WPA and WPA2 security protocols are assumed to be secure by a majority of the 802.11 security community) Η χρήση του είναι πολύ εύκολη ,(target BSSID and the monitor mode interface ) η σύνταξη της εντολής είναι # reaver -i mon0 -b 00:01:02:03:04:05 Υπάρχει μόνο σε open source version και μπορείτε να βρείτε των κώδικα από Get open source version of Reaver at Google Code Σε δόκιμες που έγιναν σε διαφορετικά Access Points ο χρόνος για να αποκτήσουμε πρόσβαση ήταν από 3 ώρες μέχρι και 10 ώρες Οι δοκιμές δικες σας
  7. These vulnerabilities affect: All versions of Microsoft’s .NET Framework How an attacker exploits it: Multiple ways, including sending specially crafted web requests or enticing users to click maliciously crafted links Impact: Various. In the worst case, an attacker can log in to your web application as another user, without having that user’s password What to do: Install the proper .NET Framework update immediately, or let Windows Update do it for you. Exposure: Last week — following the holiday weekend — Microsoft released a blog post and Security Advisory about a new, publicly disclosed ASP.NET Denial of Service (DoS) vulnerability. A few days later, they released an out-of-cycle Security Bulletin fixing that .NET Framework vulnerability, and three others. Whether you manage a public web server with ASP.NET applications, or host such .NET applications internally, we highly recommend you download, test, and deploy the appropriate .NET Framework updates as soon as possible. Microsoft’s out-of-cycle .NET Framework security bulletin describes four vulnerabilities, including the publicly disclosed DoS vulnerability mentioned above. The vulnerabilities have different scopes and impacts. I detail two of the more relevant issues below, in order of severity: ASP.NET Forms Authentication Bypass Flaw – ASP.NET doesn’t properly authenticate specially crafted usernames. If an attacker has (or can create) an account on your ASP.NET application, and knows the username of a victim, the attacker can send a specially crafted authentication request that gives him access to the victim’s account without needing a valid password. However, your ASP.NET web site or application is only vulnerable to this when you’ve enabled “Forms Authentication.” ASP.NET HashTable Collision DoS Vulnerability – Without going into great technical detail, ASP.NET suffers from a flaw involving the way it hashes specially crafted requests. In short, by sending specially crafted ASP.NET requests to you web application, an attacker can fill ASP.NET’s hash table with colliding hashes, which can greatly degrade the performance of your ASP.NET application or web site. If you are technically inclined, and would like more details, we recommend reading n.run’s advisory concerning this flaw. Microsoft’s bulletin also fixes a less severe privilege escalation vulnerability, as well as an insecure URL redirect flaw. For more details on these two flaws, see the “Vulnerability Information” section of Microsoft’s bulletin. Solution Path: Microsoft has released .NET Framework updates to fix these vulnerabilitie. If you have web servers or clients that use the .NET Framework, you should download, test and deploy the corresponding updates immediately. Due to the exhaustive and varied nature of .NET Framework installations (1.1, 2.0, 3.5.x, and 4.0 running on many Windows platforms), we will not include links to all the updates here. We recommend you visit the “Affected and Non-Affected Software” section of Microsoft’s bulletin for those details. If possible, we also recommend you use Windows Update to automatically download and install the appropriate .NET Framework on client computers. That said, you may still want to keep production servers on a manual update process, to avoid upgrade-related problems that could affect business-critical machines. For All Users: This attack typically leverages normal looking HTTP requests, which you must allow for users to reach your web application. Therefore, Microsoft’s patches are your primary recourse. Status: Microsoft has released updates to correct this vulnerability. References: Microsoft Security Bulletin MS11-100 Microsoft Security Advisory Microsoft Security Blog Post Technical Write-up on ASP.NET Hash Table DoS Flaw
  8. Over the years, we've had to deal with vulnerabilities and weaknesses in wireless security protocols, such as the deprecation of the WEP protocol due to design flaws. Now, a standard that was designed to make wireless security easier, actually makes it less secure. For those of you who haven't heard of Wi-Fi Protected Setup (WPS) — which frankly included me until recently — it is a standard created by the Wi-Fi Alliance to make it easier for home users to configure security settings on their access points, making the task less foreboding for the non-technical. In concept, I think this is a great idea. I know many average home users that run open access points simply because they find the tech lingo (WPA2, PSK, AES, TKIP, etc.) too overwhelming, or because they can't be bothered with strong passwords. Making wireless security easier for the average Joe is noble goal. However, in practice WPS will make your WAP less secure. According to research by Stefan Viehböck (also discovered independantly by another researcher as well), technical flaws in WPS make it embarrassingly simple to brute force a WPS PIN. Without going into too much technical detail, the WPS protocol responds to failed authentication attempts in a way that will both tell you if the first four digits of the PIN are correct, as well as disclose the eighth digit of the PIN. This severely reduces the number of guesses necessary to learn a WPA PIN. Rather than providing the 100,000,000 possible combinations (108) that an eight digit pin should offer, this flaw allows attackers to find the PIN with only 11,000 guesses (104 + 103). Computers can go through 11,000 combinations in no time. Furthermore, many devices that use WPS apparently don't lockout failed authentication attempts. If an attacker knows your wireless router's WPS PIN, he can use it to retrieve the router's wireless network password. So if you use WPS, you should expect any attacker within range of your Wi-Fi signal can access your network. The good news is that WPS is not an industry-wide standard. Only some wireless routers and access points use it. If you'd like more details on this issue, US-CERT has released a coordinated alert about it, including some of the router brands that are affected. This includes some well know consumer brands like Belkin, Netgear, D-Link, and others. Since this is a protocol level design flaw, there is no fix. If you use a wireless router that leverages WPS, you should stop using WPS.
  9. If your office gets quiet around the week leading up to Christmas and New Years, as many seem to, you may have missed a few interesting security stories during this lull. Let me catch you up in one fell swoop. Below, I quickly highlight a menagerie of interesting security stories, which you may have missed over the past two weeks: · Unpatched Vulnerability in Windows Win32k.sys Component - A "researcher" calling himself webDEViL found a memory corruption flaw in Windows' win32k.sys component. By enticing you to a web site containing malicious code, an attacker could exploit this flaw to execute malicious code on your computer, with your privileges. exploit the flaw via Safari till now… · Siemens Accused of Security Cover-up - Stuxnet malware - the possibility of digital SCADA and ICS attacks. A security researcher accuses Siemens of lying about a security flaw in one of their products. In short, Billy Rios (the researcher) is unhappy that a Siemens PR person claimed there are no open issues regarding authentication bypass bugs in Siemens products. As a result, Rios decided to publicly disclose just such an issue. · The US Can Now Launch Cyberwars - Cyberwar is at hand - A recent change to the U.S. National Defense Authorization Act supports this notion. It states that the Department of Defense can conduct offensive cyberspace operations with the President's approval !!! · Free iPad 2 Offer Lures Gaga Fans - Many users following Lady Gaga on Twitter and Facebook almost had their credentials stolen by following links about a free iPad 2 promotion. · Anonymous Still Up to No Good - During the holiday, Anonymous breached Stratfor, a "global intelligence" company in Texas. They reportedly stole 200GB of email, and a client list of 4000, including credit cards info. In the last week, Anonymous has also threatened to attack Sony and Nintendo due to their support of SOPA. As I predicted for 2012, I expect to continue to see these sort of Anonymous-related hacktivism incidents throughout the year.
  10. Στις 19 /12/2011 έχει κυκλοφορήσει το Office 365 Integration Module for Windows Small Business Server 2011 Essentials (OIM). Η πελάτες που έχουν Microsoft Small Business Essentials μπορούν να το κατεβάσουν από το Microsoft Download Center. Αυτό το Module επιτρέπει στους πελάτες που διαθέτουν Αυτό το Module επιτρέπει στους πελάτες που διαθέτουν Small Business Server 2011 Essentials να έχουν τις βασικές τους υπηρεσίες όπως Domain services File services ,etc on-premise και πολύ εύκολα να έχουν integrate στο Office 365 τα email τους και ότι άλλες υπηρεσίες διαθέτουν στο cloud και όλα αυτά με το μικρότερο διαχειριστικό κόστος Το συγκεκριμένο integration module θα μας βοηθήσει να έχουμε κάπου κεντρικά την διαχείριση των user και του server management , και επιπλέον βοηθά την μικρή επιχείρηση να διαχειρίζεται τους χρηστές τοπικά και στο cloud από την ιδια console , Σε συνεργασία με το Windows 7 Professional Pack Add-in for SBS Essentials και τον Windows Phone Connector η Microsoft έχει δώσει όλα τα εργαλεία που χρειάζεται η μικρή εταιρεία για να μπορεί να διαχειριστεί το IT infrastructure , τα email και το collaboration το , mobility και τα client computing Περισσότερες πληροφορίες για τον SBS Essentials θα βρείτε στο webcast here.
  11. Καλη ΧΡΟΝΙΑ να έχουμε ,θα είμαστε εκει
  12. Transport rule σε exchange 2007 -2010 ειναι αυτο που θα σου κανει την ζωη ευκολη......
  13. Πολυ καλο , αναμενουμε την συνεχεια , και ισως καποιες πληροφοριες για να τον συνδεσεις με Lync η OCS
  14. According to ComputerWorld and Symantec, Attackers are currently leveraging a zero day vulnerability in Adobe Reader in targeted attacks against telecommunications, manufacturing, computer hardware, and chemical companies, as well as defence sector organisations like Lockheed Martin. The attacks may have started as early as the beginning of November, and arrive as a targeted phishing email with a malicious PDF attachment. If you open said attachment, your computer gets infected with information stealing malware. Earlier this weak, Adobe confirmed this zero day flaw in a Security Advisory. The vulnerability affects all current versions of Reader and Acrobat running on any platform. Though they have not released a fix for the flaw yet, they plan to sometime next week. Until then, we highly recommend that you inform your users to be very careful handling PDF files that come from outside your organization, whether from a trusted source or not. If you have one of our security appliances, you can also use our proxy policies to strip all PDF content if you like. That said, doing so blocks both legitimate and malicious PDF files. Also, be sure to keep both your gateway and client level antivirus software up to date, as it likely has signatures to block known variants of this attack.
  15. Το πρόβλημα που υπάρχει στην Exchange Management Console (EMC) στον Microsoft Exchange 2007-2010 με τον Internet Explorer 9 is installed πλέον μπορεί να λυθεί με hot fix που δεν είναι ακόμα διαθέσιμο για public download και αυτό γιατί θα είναι ενσωματωμένο σε επόμενο roll up . Το πρόβλημα εμφανιζόταν με το έξης μήνυμα Exchange 2007 or 2010 EMC might fail to close with "You must close all dialog boxes before you can close Exchange Management Console" Για να λυθεί το πρόβλημα Θα πρέπει πρώτα να εγκαταστήσουμε την released version of IE9 στο μηχάνημα που έχουμε τον Microsoft Exchange 2007-2010 . Στην συνέχεια θα πρέπει να εγκαταστήσουμε MS11-081: Cumulative Security Update for Internet Explorer: October 11, 2011 Αυτό το βρίσκουμε από το Windows Update or – αν θέλουμε να το κατεβάσουμε και να το έχουμε στο local network το πακέτο το βρίσκουμε here. Please note that the packages for client and server OSes might be different, depending on what you need. The installation of this package is REQUIRED for proper operation of the EMC hotfix. Μπορούμε να καλέσουμε το support της Microsoft και να ζητήσουμε το hotfix , αν ζητήσουμε το hotfix θα πρέπει να ζητήσουμε το KB 2624899.(το όποιο δεν είναι άρθρο που είναι διαθέσιμο publicly ) Πως βρίσκω call support? Ανάλογα με την Περιοχή που είμαστε θα πάμε here. Γιατί αυτό το hot fix δεν είναι διαθέσιμο για public download? (από το Exchange Team Blog η απάντηση ) It's planned that this fix will be rolled into a version of Internet Explorer or a fix that will be released at a later time. Due to the amount of feedback we've received about this issue, we wanted to give you a way to resolve this problem right now, if you are impacted by it. Individual hotfix packages such as this one do not go through as extensive testing as our roll-up fixes and therefore we want to have a way to reach out to customers who use it in case there's a problem that is identified with it at a later time. Finally, I would like to thank the Internet Explorer team for working with us on this interoperability issue and producing this hotfix.
  16. Έχει παρατηρηθεί σε αρκετούς πελάτες με εγκαταστάσεις SBS2011 που ειναι είτε σε virtual περιβάλλον είτε σε φυσικό μηχάνημα ,αργό network performance Αυτό παρατηρείτε ειδικά στα site του Small Business Server και ειδικά στο Outlook Web Access στο Remote Web Access ,αλλα και στο file service and shares printers , αυτες οι υπηρεσίες παγώνουν και δεν μπορούν να λειτουργήσουν. Αν γίνει επανεκκίνηση του συστήματος το πρόβλημα προσωρινά ίσως εξαλείφετε . Το πρόβλημα οφείλεται από software που χρησιμοποιεί τον Transport Driver Interface (TDI) Τα προγράμματα antivirus συνήθως τον χρησιμοποιούν Για να επιλυθεί το πρόβλημα θα πρέπει Να γίνει install το hotfix από το άρθρο 2028827 The applications that use the TDI driver for network traffic may stop responding in Windows Server 2008 R2 or in Windows 7 http://support.microsoft.com/default.aspx?scid=kb;en-US;2028827 (http://support.microsoft.com/default.aspx?scid=kb;en-US;2028827)
  17. Το νέο update για το WSSG BPA(windows server solution Best practice ) που δημοσιεύτηκε τον Σεπτέμβριο έχει προσθέσει αρκετά νέα rules για ελέγχους στο δίκτυο μας.Αναλυτικά ο συνολικός αριθμός ελέγχον ανά έκδοση server είναι Small Business Server 2011 Standard Edition 102 Small Business Server 2011 Essentials 78 Windows Storage Server 2008 R2 Essentials 30 Windows MultiPoint Server 2011 5 Ο BPA μπορεί να ειδοποιεί από διαφορετικά σημεία όταν υπάρχει διαθέσιμο update Τον BPA μπορούμε να τον <<δέσουμε>> με την κονσόλα του SBS2011 που θα μας δίνει ένα critical alert μέχρι να εγκαταστήσουμε την ενημέρωση Επίσης μας ειδοποιεί για νέο update όταν τρέχουμε τον ίδιο τον BPA “An update for the Windows Server Solutions BPA is available” η ειδοποίηση θα υπάρχει μέχρι να εγκαταστήσουμε το νέο update για τον BPA Τα νέα rules και οι έλεγχοι που έχουν προστεθεί ανά έκδοση server είναι αναλυτικά τα εξής Small Business Server 2011 Standard Edition CACertNameCheck9Section - The name of your certification authority contains one or more periods, or includes either the word "remote" or "mail." CheckOrigName9Section - The value set for the registry key at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL CheckOrigName10Section - The value set for the registry key at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL ExchangeSPSection - The server is running the original release of Exchange Server 2010. However, Exchange Server 2010 Service Pack 1 (SP1) is now available. JournalEventExist9Section - The server is in a journal wrap condition. RPCExtAuthSection - Exchange Server 2010 is not set to use the default method for external authentication RPCIntAuthSection - Exchange Server 2010 is not set to use the default method for internal authentication. OSRTMSection - This server is running the original release of Windows Server 2008 R2. However, Service Pack 1 for Windows Server 2008 R2 is available. SMTPInstalledSection - The Simple Mail Transfer Protocol (SMTP) service is installed. EmptyServersContainerSection - One or more Servers containers in your Exchange organization are empty. AcceptedDomainSection - The name of the default accepted domain contains one or more spaces. SharepointAppPoolIdentitySection - The SBS SharePoint AppPool application pool is not running with the default account. SharepointAppPoolFrameworkSection - The SBS SharePoint AppPool application pool is not running with the default .NET Framework version. SharepointAppPoolPipelineSection - The SBS SharePoint AppPool application pool is not running with the default Managed Pipeline Mode. SharepointAppPoolBitnessSection - The SBS SharePoint AppPool application pool is not running with the default Bitness level. RWAAppPoolBitnessSection - The SBS Web Workplace AppPool application pool is not running with the default Bitness level RWAAppPoolPipelineSection - The SBS Web Workplace AppPool application pool is not running with the default Managed Pipeline Mode RWAAppPoolFrameworkSection - The SBS Web Workplace AppPool application pool is not running with the default .NET Framework version. RWAAppPoolIdentitySection - The SBS Web Workplace AppPool application pool is not running with the default account. WebGardensSection - The number of Maximum Worker Processes for the DefaultAppPool Application Pool is not set to the default value of 1. WarningDiskSpaceVeryLowSection - One or more volumes has less than 20% of free space available. SysvolSection - The Sysvol share does not exist RDPPortSection - The PortNumber registry key for the Terminal Server port has been changed. SysvolRdySection - The value of the SysvolReady registry key is not equal to 1. This indicates that there is a problem with the domain. PingDCFailsSection - This server cannot ping one or more domain controllers. OldRootVerSection - The value of the RootVer registry key for .NET Framework may be incorrect. NotSchemaMasterSection - This server running Windows SBS is not the Schema Master. NotSBSDNSSection - The DNS client is not configured to point only to the internal IP address of the server. NotRIDMasterSection - This server running Windows SBS is not the RID Master. NotPreWin2Section - The Authenticated Users group is not a member of the Pre-Windows 2000 Compatible Access group. NotPDCMasterSection - This server running Windows SBS is not the Primary Domain Controller Master. NotInfraMasterSection - This server running Windows SBS is not the Infrastructure Master. NotDomMasterSection - This server running Windows SBS is not the Domain Naming Master. NoNSRecs3Section - There are no DNS name server (NS) resource records for the delegated _msdcs forward lookup zone. NoNSRecs2Section - There are no DNS name server (NS) resource records in the _msdcs zone for Windows SBS 2011 (for example: _msdcs.contoso.local). NoNSRecsSection - There are no DNS name server (NS) resource records in the forward lookup zone for Windows SBS 2011. NoDefaultDomainPolicySection - The Default Domain Policy group policy is missing. MaxCacheTTLSection - The DNS parameter MaxCacheTTL is not set. LeftSrcSvrinOUSection - The Source Server that is running Windows SBS still exists in Active Directory Users and Computers in the MyBusiness/Computers/SBSComputers organizational unit. LeftSrcSvrSection - The source server that is running Windows SBS still exists in Active Directory Sites and Services in the Default-First-Site-Name. IsSchemaMasterSection - This server running Windows SBS is the Schema Master. IsRIDMasterSection - This server running Windows SBS is the Relative ID (RID) Master. IsPDCMasterSection - This server running Windows SBS is the Primary Domain Controller Master. IsInfraMasterSection - This server running Windows SBS is the Infrastructure Master. IsDomMasterSection - This server running Windows SBS is the Domain Naming Master. IEHardenUsersSection - Internet Explorer Enhanced Security Configuration (IE ESC) is currently not enabled for the Users group. IEHardenAdminSection - Internet Explorer Enhanced Security Configuration (IE ESC) is currently not enabled for the Administrators group. ForwardDNSAllowUpdatesMSDCSSection - You should configure the forward lookup zone for the _msdcs.* zone to allow only secure dynamic updates ForwardDNSAllowUpdatesSection - You should configure the forward lookup zone to allow only secure dynamic updates. EDNSEnabledSection - Some routers and firewall devices do not support EDNS. You should disable EDNS on this server. To disable EDNS, from a command prompt, type dnscmd /Config /EnableEdnsProbes 0, and then restart the DNS Server service. DNSTimeOutsSection - The value of the DNS ForwardingTimeout registry key should not be the same as the value of the RecursionTimeout registry key. DNSRegEnabledSection - The internal network adapter is not configured to register its IP address in DNS. DNSAforInternalSection - The host (A) resource record points to an incorrect IP address. CheckFirewallSection - Windows Firewall is turned on in the default installation of Windows Small Business Server. CheckAdminSection - The built-in Administrators group does not have the right to log on as a batch job. PowershellAppPoolBitnessSection - The MSExchangePowerShellAppPool application pool is not running with the default Bitness level PowershellAppPoolPipelineSection - The MSExchangePowerShellAppPool application pool is not running with the default Managed Pipeline Mode. PowershellAppPoolFrameworkSection - The MSExchangePowerShellAppPool application pool is not running with the default .NET Framework version PowershellAppPoolIdentitySection - The MSExchangePowerShellAppPool application pool is not running with the default account. CheckAdminSection - The built-in Administrators group does not have the right to log on as a batch job. CheckFirewallSection - Windows Firewall is turned on in the default installation of Windows Small Business Server. DNSAforInternalSection - The host (A) resource record points to an incorrect IP address DNSRegEnabledSection - The internal network adapter is not configured to register its IP address in DNS. DNSTimeOutsSection - The value of the DNS ForwardingTimeout registry key should not be the same as the value of the RecursionTimeout registry key. EDNSEnabledSection - Some routers and firewall devices do not support EDNS. You should disable EDNS on this server. To disable EDNS, from a command prompt, type dnscmd /Config /EnableEdnsProbes 0, and then restart the DNS Server service. ForwardDNSAllowUpdatesSection - You should configure the forward lookup zone to allow only secure dynamic updates. ForwardDNSAllowUpdatesMSDCSSection - You should configure the forward lookup zone for the _msdcs.* zone to allow only secure dynamic updates. IEHardenAdminSection - Internet Explorer Enhanced Security Configuration (IE ESC) is currently not enabled for the Administrators group. IEHardenUsersSection - Internet Explorer Enhanced Security Configuration (IE ESC) is currently not enabled for the Users group. IsDomMasterSection - This server running Windows SBS is the Domain Naming Master. IsInfraMasterSection - This server running Windows SBS is the Infrastructure Master. IsRIDMasterSection - This server running Windows SBS is the Relative ID (RID) Master. IsPDCMasterSection - This server running Windows SBS is the Primary Domain Controller Master. IsSchemaMasterSection - This server running Windows SBS is the Schema Master. LeftSrcSvrSection - The source server that is running Windows SBS still exists in Active Directory Sites and Services in the Default-First-Site-Name. LeftSrcSvrinOUSection - The Source Server that is running Windows SBS still exists in Active Directory Users and Computers in the MyBusiness/Computers/SBSComputers organizational unit MaxCacheTTLSection - The DNS parameter MaxCacheTTL is not set. NoDefaultDomainPolicySection - The Default Domain Policy group policy is missing. NoNSRecsSection - There are no DNS name server (NS) resource records in the forward lookup zone for Windows SBS 2011. NoNSRecs2Section - There are no DNS name server (NS) resource records in the _msdcs zone for Windows SBS 2011 (for example: _msdcs.contoso.local). NoNSRecs3Section - There are no DNS name server (NS) resource records for the delegated _msdcs forward lookup zone. NotDomMasterSection - This server running Windows SBS is not the Domain Naming Master. NotInfraMasterSection - This server running Windows SBS is not the Infrastructure Master. NotPDCMasterSection - This server running Windows SBS is not the Primary Domain Controller Master. Small Business Server 2011 Essentials NotRIDMasterSection - This server running Windows SBS is not the RID Master. NotSBSDNSSection - The DNS client is not configured to point only to the internal IP address of the server. NotSchemaMasterSection - This server running Windows SBS is not the Schema Master. OldRootVerSection - The value of the RootVer registry key for .NET Framework may be incorrect. PingDCFailsSection - This server cannot ping one or more domain controllers. RDPPortSection - The PortNumber registry key for the Terminal Server port has been changed. SysvolRdySection - The value of the SysvolReady registry key is not equal to 1. This indicates that there is a problem with the domain. SysvolSection - The Sysvol share does not exist WarningDiskSpaceVeryLowSection - One or more volumes has less than 20% of free space available. WebGardensSection - The number of Maximum Worker Processes for the DefaultAppPool Application Pool is not set to the default value of 1. NotPreWin2Section - The Authenticated Users group is not a member of the Pre-Windows 2000 Compatible Access group. RWAAppPoolBitnessSection - The SBS Web Workplace AppPool application pool is not running with the default Bitness level RWAAppPoolPipelineSection - The SBS Web Workplace AppPool application pool is not running with the default Managed Pipeline Mode. RWAAppPoolFrameworkSection - The SBS Web Workplace AppPool application pool is not running with the default .NET Framework version. RWAAppPoolIdentitySection - The SBS Web Workplace AppPool application pool is not running with the default account. Windows Storage Server 2008 R2 Essentials RWAAppPoolBitnessSection - The SBS Web Workplace AppPool application pool is not running with the default Bitness level RWAAppPoolPipelineSection - The SBS Web Workplace AppPool application pool is not running with the default Managed Pipeline Mode. RWAAppPoolFrameworkSection - The SBS Web Workplace AppPool application pool is not running with the default .NET Framework version. RWAAppPoolIdentitySection - The SBS Web Workplace AppPool application pool is not running with the default account. Σε περίπτωση που δεν έχουμε το update του BPA έχουμε τις εξής επιλογές Αν το update δεν είναι διαθέσιμο μπορούμε να κάνουμε έλεγχο απευθείας από το windows update Τρέχουμε το Windows Update και επιλεγούμε την επιλογή «check online for updates from Windows update.» Στην συνέχεια επιλέγουμε την επιλογή "Get updates for other Microsoft products" Όταν ολοκληρωθεί η διαδικασία θα περιμένουμε 20-25 λεπτά για να ολοκληρωθεί ο συγχρονισμός. Μετά εκτελούμε τον BPA και το update θα είναι διαθέσιμο Επίσης θα πρέπει να ελέγξουμε στο μητρώο για το HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsServerSolutions\BPA\Update .Το κλειδί αυτό θα πρέπει να έχει την τιμή 1
  18. το βρηκα , ευχαριστω για την προσπαθεια ,,,,
  19. Μετά την εγκατάσταση του Microsoft Exchange 2007 service pack 3, η rollup #1 η rollup #2 αν προσπαθήσουμε να φτιάξουμε ένα νέο receive connector θα έχουμε το έξης λάθος error: Summary: 1 item(s). 0 succeeded, 1 failed. Elapsed time: 00:00:00 test Failed Error: Active Directory operation failed on SBS01.ks.local. This error is not retriable. Additional information: The parameter is incorrect. Active directory response: 00000057: LdapErr: DSID-0C090C26, comment: Error in attribute conversion operation, data 0, v1772 The requested attribute does not exist. Exchange Management Shell command attempted: new-ReceiveConnector -Name ‘test’ -Usage ‘Custom’ -Bindings ’0.0.0.0:25′ -Fqdn ‘test.test.com’ -RemoteIPRanges ’0.0.0.0-255.255.255.255′ -Server ‘SBS01′ Elapsed Time: 00:00:00 Παρατήρηση :: Οι παλιοί connectors που έχουμε λειτουργούν μια χαρά και δεν έχουν πρόβλημα , μόνο στην δημιουργία νέου , η σε τυχόν απόπειρα να κάνουμε edit σε υπάρχον connector εμφανίζετε το πρόβλημα για αυτό ενδέχεται να έχετε περάσει το SP3 και τα rollup χωρίς να έχει εντοπιστεί το πρόβλημα Το πρόβλημα αυτό εμφανίζετε γιατί κατά την αυτόματη εγκατάσταση του SP3 δεν έγινε πρώτα η προετοιμασία του σχήματος , όπως ΑΝΑΦΕΡΕΤΑΙ στο Microsoft TechNet site http://technet.microsoft.com/en-us/library/ff607233(EXCHG.80).aspx Θα πρέπει πρώτα να γίνει η προετοιμασία του Active Directory για κάθε domain πριν προχωρήσουμε στην εγκατάσταση του Exchange 2007 SP3 -. “This process includes updating the Active Directory schema for Exchange 2007 SP3″ Για να επιλύσουμε το πρόβλημα χρειαζόμαστε το αποσυμπιεσμένο SP3 , αν δεν το έχουμε το βρίσκουμε στο http://www.microsoft.com/downloads/en/details.aspx?FamilyID=1687160b-634a-43cb-a65a-f355cff0afa6&displaylang=en Μόλις το αποσυμπιέσουμε ανοίγουμε ένα command prompt ,πάμε στο φάκελο που το αποσυμπιέσαμε και εκτελούμε την εντολή Setup.com /PrepareSchema Μόλις ολοκληρωθεί το preparations του schema είμαστε έτοιμη και μπορούμε να δημιουργήσουμε τους connector που θέλουμε χωρίς κανένα πρόβλημα
  20. Στο παρόν άρθρο θα ασχοληθούμε με το πώς μπορούμε να επαναφέρουμε ένα mailbox που σβήσαμε κατά λάθος χωρίς να προχωρήσουμε σε restore από backup Όταν σβήσουμε ένα mailbox η επαναφορά του είναι πολύ εύκολη στον Microsoft Exchange 2007/2010 Τα Deleted mailboxes εμφανίζονται στα Recipient Configuration à disconnected mailbox , αλλά αυτό συνήθως δεν συμβαίνει αυτόματα αν ο οργανισμός είναι μεγάλος ,πρέπει να περιμένουμε να ολοκληρωθεί το online maintenance (υπαρχή δυνατότητα να τα δούμε άμεσα με power shell , οι εντολές ακλουθούν στην συνέχεια ) Το πόσες μέρες ο exchange θα κρατά τα delete items και τα delete mailbox μπορούμε να το ορίσουμε από τον EMC Organization Configuration àMailbox à Database Management Επιλέγουμε properties και στην συνέχεια στο tab limits Αν θέλουμε να δούμε τα delete mail box άμεσα αν δεν είναι στα disconnect mail box πάμε στο power shell και εκτελούμε · Clean-MailboxDatabase \servername\SGName\Store καθαρίζει την Database ανά ξεχωριστό store · Get-Mailboxdatabase | Clean-MailboxDatabase · Get-Mailboxdatabase | Where{ $_.Server –eq “<servername>”}| clean-MailboxDatabase καθαρίζει όλες τις database στο συγκεκριμένο information store · Get-Mailboxdaatabase | Where{ $_.Name –eq “<DatabaseName>”}| clean-MailboxDatabase καθαρίζει την Database που ταιριάζει το όνομα που δώσαμε στο eq “<DatabaseName>”}| Όταν ολοκληρωθούν οι εντολές στον event viewer θα δούμε τα έξης events ID’s Event ID 9531 – η διαδικασία clean mailboxdatabase process εχει ξεκινήσει Event ID 9533 – αυτό το βλέπουμε όταν δεν υπάρχει ο χρήστης στοactive directory η δεν έχει ενεργοποιημένο Exchange mail. Το mailbox θα αφαιρεθεί από το mailbox store όταν ολοκληρωθεί το retention time Event ID 9535 – η διαδικασία ολοκληρώθηκε Αλλαγές μετά το Service Pack 1 Έχουμε μετά το SP1 νέο cmdlet i Remove-StoreMailbox.: είναι χρήσιμη όταν έχουμε μετακίνηση πολλών mailbox και θέλουμε να έχουμε και πάλι διαθέσιμο των χώρο που καταλαμβάνουν στην source database . πχ · Remove-StoreMailbox -Database <DatabaseID> -Identity <MailboxID> -MailboxState [Disabled|SoftDeleted] Αν θέλουμε να αφαιρέσουμε το testaccount mailbox από την database DB1, όταν το μεταφέρουμε κάπου αλλού (σε άλλη database στον οργανισμό χρησιμοποιούμε ) · Remove-StoreMailbox –database DB1 –identity testaccount –MailboxState SoftDeleted Η εντολή για να αφαιρέσουμε όλα τα SoftDeleted mailboxes από την database DB1 θα είναι · Get-MailboxStatistics -Database DB1 | where {$_.DisconnectReason -eq "SoftDeleted"} | foreach {Remove-StoreMailbox -Database $_.database -Identity $_.mailboxguid -MailboxState SoftDeleted}} Το νέο Remove-StoreMailbox cmdlet μας δίνει την δυνατότητα με μια εντολή να αφαιρέσουμε όλα τα disconnected mailboxes(αρκετά χρήσιμο για μεγάλους οργανισμούς ) · Get-MailboxStatistics –Database DB1 | Where-Object {$_.DisconnectReason –eq “Disabled”} | ForEach {Remove-StoreMailbox –Database $_.database –identity $_.mailboxguid –MailboxState Disabled Τώρα πλέον θα δούμε τα delete mailbox στo recipient configuration àdisconnected mailbox Δεξι κλικ στο mailbox και επιλέγουμε connect και βλέπουμε τις εξής επιλογές για το είδος του mailbox User mailbox ,Room Mailbox ,Equipment Mailbox , Linked Mailbox Αφού επιλέξουμε το είδος του mailbox πατάμε επόμενο και βλέπουμε Matching user που αφορά τον χρήστη στο active directory που θα έχουμε δημιουργήσει αν έχει σβηστεί και το object του user και ταιριάζει με το mailbox που θέλουμε να κάνουμε connect(ουσιαστικά ψάχνει να κάνει match το Display Name του user ) H άλλη μας επιλογή είναι να κάνουμε connect το σβησμένο mailbox σε κάποιον user στον οργανισμό μας που δεν έχει mailbox Εμείς επιλέγουμε matching user Επιλέγουμε ΟΚ Εδώ μπορούμε να επιλέξουμε και Retention policy και active sync mailbox policy αν υπάρχουν στον οργανισμό μας , και φυσικά θα βάλουμε και Alias Μετά next και όπως καταλαβαίνουμε είμαστε έτοιμη να επιλέξουμε το deleted mailbox να γίνει connect Επιλέγουμε connect Το σύστημα μας ενημερώνει ότι η εργασία ολοκληρώθηκε αλλά οι αλλαγές θα είναι διαθέσιμες μόλις ολοκληρωθεί το replication του Active Directory !!
  21. Οταν έχουμε ενα subnet 10.0.0.0/24 μπορεί ο dhcp server που είναι σε win2008R2(10.0.0.1/24 ) να μοιράσει αλλο scope , πχ 10.0.1.0/24 <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /> ενω το παίρνει το scope , απο ολους τους client εχω time out , κάποια βοηθεια ? γιατι έχω κολλήσει ευχαριστώ ω
  22. Severity: High Summary: · These vulnerabilities affect: Adobe Shockwave Player, Flash Player, Flash Media Server, and Photoshop · How an attacker exploits them: Multiple vectors of attack, including enticing your users to open malicious files or visit specially crafted web sites · Impact: Various results; in the worst case, an attacker can gain complete control of your computer · What to do: Install the appropriate Adobe patches immediately, or let Adobe's updater do it for you. Exposure: Yesterday, Adobe released five security bulletins describing vulnerabilities in many of their popular software packages, including Shockwave Player, Flash Player, Flash Media Server, Photoshop, and Robohelp. A remote attacker could exploit the worst of these flaws to gain complete control of your computer. The summary below details some of the vulnerabilities in these popular software packages. · APSB11-19: Seven Shockwave Player Vulnerabilities Adobe Shockwave Player displays interactive, animated web content and movies called Shockwave. According to Adobe, the Shockwave Player is installed on some 450 million PCs. Adobe’s bulletin warns of seven security vulnerabilities that affect Shockwave Player 11.6.0.626 and earlier for Windows and Macintosh (as well as all earlier versions). Adobe’s bulletin doesn’t describe the flaws in much technical detail. It only describes the nature and basic impact of each flaw. For the most part, the flaws consist of unspecified memory corruption vulnerabilities. Though these flaws differ technically, most of them share the same general scope and impact. If an attacker can entice one of your users into visiting a website containing some sort of malicious Shockwave content, he could exploit many of these vulnerabilities to execute code on that user’s computer, with that user’s privileges. If your Windows users have local administrator privileges, an attacker could exploit this flaw to gain full control of their PC. Adobe Severity: Critical · APSB11-20: Flash Media Server DoS Vulnerability Adobe Flash Player displays interactive, animated web content called Flash. Flash Media Server allows administrators to stream Flash content. Flash Media Server 4.0.2 and earlier suffer from an unspecified Denial of Service (DoS) vulnerability. Adobe does not share any relevant detail about this flaw, including no detail on how an attacker might exploit it. They only share that an attacker could somehow exploit the flaw to launch a DoS attack against your media server. Adobe Severity: Critical · APSB11-21 : Flash Player Update Corrects 13 Security Flaws Adobe Flash Player displays interactive, animated web content called Flash. A recent report from Secunia stats that 99% of Windows computers have Adobe Flash Player installed, so you users very likely have it. Adobe’s update fixes 13 security vulnerabilities in Flash Player (for Windows, Mac, Linux, and Solaris), which they don’t describe in much technical detail. However, they do describe the general scope and impact of these flaws. In the worst case, if an attacker can lure one of your users to a malicious website, they could exploit some of these flaws to gain control of that user’s computer. We assume the attacker would only gain the privileges of the logged in user. However, since most Windows users have local administrator privileges, the attacker would likely gain full control of Windows machines. Adobe Severity: Critical · APSB11-22: Photoshop GIF Handling Vulnerability Photoshop is a popular image editing program. Photoshop CS5 suffers from an unspecified vulnerability involving its inability to properly handle specially crafted GIF images. If an attacker can trick you into downloading and opening a malicious GIF image in Photoshop, she can exploit this flaw to execute code on your machine, with your privileges. If you have local admin privileges, the attacker gains complete control of your computer. Adobe Severity: Critical · APSB11-23: RoboHelp XSS Flaw RoboHelp 9 is software that helps you create help systems. It suffers from an unspecified Cross-Site Scripting (XSS) vulnerability. By enticing one of your users into clicking a specially crafted link, an attacker could run script on that users computer under the context of the Robohelp component. Adobe Severity: Important. Solution Path: Adobe has released updates for all their affected software. If you use any of the software below, we recommend you download and deploy the corresponding updates as soon as possible, or let Adobe’s automatic updater do it for you: · APSB11-19: Upgrade to Shockwave 11.6.1.629 · APSB11-20: Upgrade to Flash Media Server 4.0.3 or 3.5.7 · APSB11-21: Upgrade to Flash Player 10.3.183.5 · APSB11-22: o Photoshop CS5 for Windows o Photoshop CS5 for Windows x64 o Photoshop CS5 for Mac · APSB11-23: Upgrade RoboHelp 8 and 9: o RoboHelp 8 o RoboHelp 9 Status: Adobe has released patches correcting these issues. References: o Adobe Security Update APSB11-19 o Adobe Security Update APSB11-20 o Adobe Security Update APSB11-21 o Adobe Security Update APSB11-22 o Adobe Security Update APSB11-23
  23. Among the other security bulletins released during Patch Day, Microsoft also released three updates covering security vulnerabilities in various development related software packages. These security bulletins included: · MS11-066: Microsoft Chart Control ( .NET Framework) Information Disclosure Flaw · MS11-067: Microsoft Report Viewer and Visual Studio Information Disclosure Flaw · MS11-069: Microsoft .NET Framework Information Disclosure Flaw The vulnerabilities these three bulletins cover all differ technically, but generally they all allow attackers to gain access to information (such as files within a directory) that they should not have access to. Microsoft rates these bulletins as Important or Moderate. The .NET Framework does not ship with all Windows computers, though many people do install it to support internal custom Windows applications. Furthermore, only developers install Visual Studio. For those reasons, we don't believe that these three bulletins will pose much risk to normal Windows users. That said, if you use the affected products, we do still recommend you patch these flaws at your earliest convenience.
  24. Severity: High Summary: · This vulnerability affects: The DNS service that ships with the Server versions of Windows · How an attacker exploits it: By sending specially crafted DNS queries · Impact: In the worst case, an attacker gains complete control of your DNS server · What to do: Deploy the appropriate Windows update immediately, or let Windows Automatic Update do it for you Exposure: The Server versions of Windows ships with a DNS Server to allow administrators to offer Domain Name System services on their networks. In a security bulletin released today as part of Patch Day, Microsoft describes two vulnerabilities that affects the DNS Server that ships with Server versions of Windows. While this is technically a Windows flaw, which we typically include in a combined Windows alert, we feel that it deserves individual attention due to its high severity. The worst of the two issues is a remote code execution flaw involving the way the DNS server handles specially crafted Naming Authority Pointer (NAPTR) DNS resource records (RR). By sending a specially crafted NAPTR query to your DNS server, and attacker could exploit this vulnerability to gain complete control of your server. However, the attacker would have to own the malicious domain name, and the authoritative DNS server for that domain name, in order for this attack to succeed. Despite this slight mitigating factor, the DNS server vulnerability poses a serious risk to your network. You should patch your Microsoft DNS servers immediately. The DNS Server also suffers from a less serious Denial of Service (DoS) flaw, which an attacker could exploit to cause your DNS server to stop responding. If an attacker can prevent your users from accessing DNS services, they essentially prevent access to the Internet (by making it difficult for users to find resources by name). Solution Path: Download, test, and deploy the appropriate DNS server patches immediately, or let Windows Automatic Update do it for you. · For Windows Server 2003 (w/SP2) · For Windows Server 2003 x64 (w/SP2) · For Windows Server 2003 Itanium (w/SP2) · For Windows Server 2008 (w/SP2) · For Windows Server 2008 x64 (w/SP2) · For Windows Server R2 2008 Itanium Status: Microsoft has released patches to fix this vulnerability References: · MS Security Bulletin MS11-058
×
×
  • Create New...