2013-11-28
Puppy Linux (Slacko 5.6) Default Root Password
Followed a set of on-line instructions to make Puppy Linux require a password upon boot-up. This article claimed that the root password, unless otherwise set, was blank. To my surprise this was not correct for my recent Slacko Puppy version 5.6. With some further digging I did find that the Puppy Linux (Slacko 5.6) default root password is "woofwoof".
2013-11-22
Reporting on Active Directory User Account Lockouts Event 644
Active Directory Security - Even with complex password and lockout policies in place, in theory a very slow brute force attack could compromise a privileged user password. i.e. 5 attempts before lockout, lockout for 5 mins, means someone could attempt about 60 passwords an hour, 1440 in a 24-hour period. If a user doesn't notices that they account is locked out and notified IT for an unlock, i.e. while away on vacation, someone with a few password hints might have enough time to slowly brute force their way in.
As such, it's a good idea to get reports of when a lockout occurs of User AD accounts. Even if only so that an Administrator can see that the same account is repeatedly locked out, and thus potentially the target of a repeated password guess attack.
There are Active Directory Tools and Log Reporting Suites that can do great job of this task and a whole lot more, but for smaller shops this might be too expensive or complex to install and maintain.
A simple control, would a small Windows Power Shell script that reports via email, all Active Directory User Lockout Events in the last 24 hours. If the same account is repeatedly locked out, you either have a very distressed user or a potential password compromise attack.
The following is designed for Windows Server 2003 Domains.
Windows Power Shell (2.0) Script: LOCKOUT-ALERT.PS1
# get start date
As such, it's a good idea to get reports of when a lockout occurs of User AD accounts. Even if only so that an Administrator can see that the same account is repeatedly locked out, and thus potentially the target of a repeated password guess attack.
There are Active Directory Tools and Log Reporting Suites that can do great job of this task and a whole lot more, but for smaller shops this might be too expensive or complex to install and maintain.
A simple control, would a small Windows Power Shell script that reports via email, all Active Directory User Lockout Events in the last 24 hours. If the same account is repeatedly locked out, you either have a very distressed user or a potential password compromise attack.
The following is designed for Windows Server 2003 Domains.
Windows Power Shell (2.0) Script: LOCKOUT-ALERT.PS1
# get start date
$start = get-date
# get 644 events from server ad1 for last 24 hours $msg_ad1 = get-eventlog -log security -computer ad1 | where-object {$_.EventID -match "^644" -AND $_.TimeGenerated -gt (get-date).AddHours(-24) } | Format-List | Out-String
$msg_ad2 = get-eventlog -log security -computer ad2 | where-object {$_.EventID -match "^644" -AND $_.TimeGenerated -gt (get-date).AddHours(-24) } | Format-List | Out-String
# ... repeat for each server in your domain ...
# get start date
$end = get-date
$msg = $msg_ad1 + $msg_ad2
if ($msg) { # if anything to report
$msg = "Script run on hostname. " + $start.ToString() + $msg + $end.ToString()
Send-MailMessage -To "itadmin@mydomain.com" -Subject "Lockout Alerts" -Body $msg -SmtpServer 10.10.10.10 -From "lockout@domain.com"
}
# get 644 events from server ad1 for last 24 hours $msg_ad1 = get-eventlog -log security -computer ad1 | where-object {$_.EventID -match "^644" -AND $_.TimeGenerated -gt (get-date).AddHours(-24) } | Format-List | Out-String
$msg_ad2 = get-eventlog -log security -computer ad2 | where-object {$_.EventID -match "^644" -AND $_.TimeGenerated -gt (get-date).AddHours(-24) } | Format-List | Out-String
# ... repeat for each server in your domain ...
# get start date
$end = get-date
$msg = $msg_ad1 + $msg_ad2
if ($msg) { # if anything to report
$msg = "Script run on hostname. " + $start.ToString() + $msg + $end.ToString()
Send-MailMessage -To "itadmin@mydomain.com" -Subject "Lockout Alerts" -Body $msg -SmtpServer 10.10.10.10 -From "lockout@domain.com"
}
Step to Install & Configure Event 644 Lockout Monitoring:
- Ensure that your Security Event log on each server is set large enough to hold well over 24 hours of logging.
- Install PowerShell (http://support.microsoft.com/kb/968929) if not already installed.
- Start > Programs > Accessories > Windows Power Shell > Windows Power Shell
- In order to run PowerShell scripts you need to execute the following command within PowerShell :> Set-ExecutionPolicy Unrestricted
- Create a batch script to run the PowerShell script, one-line: c:\windows\system32\windowspowershell\v1.0\powershell.exe -NoLogo -NonInteractive c:\apps\ps\lockout-alert.ps1
- Schedule the script to run once a day.
2013-11-12
Polycom VSX7000 Behind Router/Firewall with Port Forwarding
The Polycom VSX 7000 can function perfectly well from behind a NAT firewall router with port forwarding enabled accordingly. I was able to get ours to work very quickly by configuring the video conference device as follows:
- Login to the Web interface for the device. The default login credentials for the Polycom VSX7000 is username "admin" and the password is the full serial number of the device.
- Go to the Network > IP Network portion of the menu, and see the Firewall section of the page.
- Settings should be:
- Fixed Port, yes apply check mark.
- For TCP & UDP Ports: enter 3230 as the starting values.
- Under NAT Configuration, specify manual.
- Specify NAT Public (WAN) Address, as the Internet IP of your firewall router device.
On your Router / Firewall, configure Port Forwarding for the following range of ports to the LAN IP of your Polycom.
- 3230 to 3235 TCP & UDP
- 1720 TCP & UDP
2013-11-06
Kawartha Lakes Web Design Promotion from Portage Design
Businesses and residents of Kawartha Lakes can now save 15% off any Portage Design Web Design or related service from now until the the end of the year. What a great way to establish or enhance your on-line presence, for local and global marketing appeal.
http://portagedesign.com/web-design/kawartha-lakes-web-design/
http://portagedesign.com/web-design/kawartha-lakes-web-design/
2013-11-05
Numerical Analysis with SQL instead of Excel
For all you analyst and number crunchers out there, now you can work directly with the SQL data within SQL, using a toolset that has more functions, will be easily persisted, and run with better performance than workstation Excel calculations, using XLeratorDB.
http://blog.sqlauthority.com/2013/11/05/sql-server-number-crunching-with-sql-server-exceed-the-functionality-of-excel/
http://blog.sqlauthority.com/2013/11/05/sql-server-number-crunching-with-sql-server-exceed-the-functionality-of-excel/
Subscribe to:
Posts (Atom)