Search

Just another day in paradise

rant about cloud computing and other Microsoft stuff

Protecting your perimeter – the quick wins

There are some really easy quick wins you can perform to stop a lot of unwanted internet traffic hitting your perimeter. If your perimeter is only accessed by real users, you are probably pretty safe drop any packets from the sources below.

Tor network exit IP’s  – Tor is an anonymous network which allows users to hide behind “exit node” ip’s which are members of the Tor network. More info on Tor – https://www.torproject.org

To find out a list of exit nodes you can use as source ip’s to drop, check out this site which has a downloadable text file that you can then import into a ruleset on your firewall – https://www.dan.me.uk/tornodes

Bogon IP’s – No, not a bogan which is an aussie slang term 🙂 A bogon prefix is a route that should never appear in the Internet routing table. A packet routed over the public Internet (not including over VPNs or other tunnels) should never have a source address in a bogon range. More information on these ip’s http://www.team-cymru.org/Services/Bogons/ which even includes a list you can download.

Possibly Amazon EC2 – Readily available on Amazon’s site https://forums.aws.amazon.com/ann.jspa?annID=1351 I say possibly because some legitimate businesses run all their infrastructure in EC2 so if you are hosting email services, you may start blocking legitimate email traffic.

Shout out to the guys at @asteriskinfosec

Happy blocking!

Servercore – set account password to never expire

The net user command only sets the account to never expire and not the password. To set the password to never expire we need to use WMI and here’s an example command;
WMIC USERACCOUNT WHERE “Name=’username'” SET PasswordExpires=FALSE

Enjoy!

How do I find HyperV VMs with active snapshots?

Easy, script it with powershell!

I’ve attached my powershell script, use it as you wish and if you have any enhancements, send them through and I’ll update it. Just rename to .ps1

findvmsnapshots powershell script

Watch out for those growing .AVHD files

A commonly overlooked task in the snapshot procedure is the merging process after deleting an older point-in-time snapshot. By selecting the previous point-in-time snapshot and selecting Delete, the virtual machine continues without interruption.

At the file level, however, that .AVHD file still exists in the snapshots folder and will continue to grow. To return to your original VHD file, shut down the guest. At this point, the .AVHD file will merge into the VHD file and be deleted automatically. Depending on the size of the .AVHD this can take some time so you will need to do this at an appropriate time.

Live Migration and Dymanic Memory make sweet love

Recently I’ve been doing a lot of work with HyperV clustering, new HP DL380 G7 servers, and Netapp storage. One of the great features I’ve uncovered is the sweetness dynamic memory adds when doing live migrations. If you are not sure what Dynamic memory is you can have a read here.

Essentially when doing a HyperV Live Migration with Dynamic memory enabled on the virtual machine, the migration process only has to copy the USED memory pages to the other host. So if you virtual machine has 512MB startup and maximum 4096MB memory configured and is using 640MB of memory, it will only have to Live Migrate 640MB.

This means the Live Migration process is super quick and over a 1GB Live Migration network I have seen 10 sec live migrations occur regularly.

Happy migrating!

Is my application secure if I publish it via Citrix Xenapp?

Not necessarily…..especially Microsoft Excel.

Applications still run in the user context on the Xenapp server however all the user is seeing is the application UI.

Excel and other apps which allow you to write macros pose an interesting problem…you can write a macro to spawn processes/applications from the server, here is some example code;

Sub Testing()

Dim RetVal

RetVal = Shell(“c:\windows\system32\cmd.exe”, 1)

RetVal = Shell(“c:\windows\explorer.exe”, 1)

RetVal = Shell(“C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe”, 1)

RetVal = Shell(“C:\Windows\System32\regedit.exe, 1)

End Sub

So if the Xenapp server isnt locked down using group policy then you’ve just opened yourself up for a whole world of “comeandhackmyass”.

A good resource for group policy is Group Policy Center.

Credit to Dave Taylor for giving me the information for this macro code 🙂

Enable only specific items in group policy Windows 2008 R2

If you’re in a terminal server environment and want to look at locking down the control panel, there is a nice GP setting which allows you to only show specific Control Panel items – User Config\Admin Templates\Control Panel “Show only specific Control Panel items”

However, trying to get this full list of names to plug into the GP setting I found to be a bit of a nightmare, until I found this MSDN page.

Citrix License Administration Console is not enabled after upgrading to v11.9

After upgrading my Licensing server to version 11.9 from 11.6 I found some weirdness.

The installer seems to go ok, it comes up with a couple messages about having to reboot to update files, so naturally after the installer has finished I reboot which is where the fun starts.

I then find that the following services have been stopped and disabled – Citrix Licensing, Citrix Licensing Config, Citrix Licensing Support Service. Additionally I try the LAC Management console and receive the following error.

Wicked.

So to fix this little problem I carried out the following steps;

– enabled and started all the services above

– CHANGED the shortcut of the LAC Management Console to point to http://<servername&gt;:8083 instead of localhost.

Hope this helps someone, took me 3 reinstalls and reverting to snapshots to work out what it was doing 🙂

UPN login doesn’t work with UAG 2010

That is because by default, this is not enabled but here is how you do it – http://technet.microsoft.com/en-us/library/ff607424.aspx

Create a free website or blog at WordPress.com.

Up ↑