[SecurityRatty] tag: server

Firewalls On Your Windows Servers

Sun, 06 Jul 2008 04:37:16 +0000

A survey last year by David Litchfield of NGS Software showed "...there are approximately 368,000 Microsoft SQL Servers directly accessible on the Internet and around 124,000 Oracle database servers directly accessible on the Internet." Egad! That's almost certainly not a good thing. Many of them are accessible by accident and many of them are run by just plain incompetent people; 4% of the SQL servers were so old they were still vulnerable to the Slammer worm from many years ago. One point it raises, even if you don't in intend for your server to be accessible directly on the Internet, is defense in-depth. There should be a firewall on the server so that at least the attack surface is somewhat restricted. Out of this philosophy, starting with Windows Server 2008, the Windows Firewall is turned on by default. Many users will notice this change in the form of connectivity failures, but that's a good thing because it forces you to think about what's open and closed on your server and make a decision about it. An entry on the SQL Server Security Blog discusses these changes and how you can approach them to make your Windows Server 2008-hosted SQL Servers secure. First you have to locate your servers; it's a good bet that quite a few owners of those Internet-facing servers that Litchfield found don't even know the servers are up. You need to review the host security implementations on those servers to make sure that they conform to your policy. You also need to review your network firewall policies to make sure that the two are compatible. Verify that it's all working as expected; in other words, test the configuration. Then remedy the problems. Read the blog for more details. On your Windows Server 2003 servers you might even want to turn the firewall on as a defensive measure. Or you might want to turn it off on 2008. But it should be you making a conscious decision.

Lithuania: Attacks focused on hosting company

Fri, 04 Jul 2008 09:00:00 +0000

A vulnerability in a Web server contributed to attacks on some 300 Web sites in Lithuania earlier this week, a ...

Lithuania: Attacks focused on hosting company

Thu, 03 Jul 2008 20:00:00 +0000

A vulnerability in a Web server contributed to attacks on some 300 Web sites in Lithuania earlier this week, a computer security expert said on Friday.

Manage traces in SQL Server 2005 Analysis Services with XMLA commands

Thu, 03 Jul 2008 07:37:41 +0000

SQL Profiler is an efficient tool for tuning and troubleshooting Microsoft Analysis Services 2005, that is, unless you're managing numerous instances. In this tip, you'll learn how to use XMLA to automate tracing to monitor MSAS. Here's what you need to know to create, alter and delete traces with ease.

Third-party Exchange Server 2007 backup and restore tools

Thu, 03 Jul 2008 06:12:29 +0000

Streaming and brick-level backups take too long in Exchange Server 2007. Learn about two third-party tools to quickly back up and restore Exchange 2007 data.

Browser Insecurity

Thu, 03 Jul 2008 03:02:54 +0000

This excellent paper measures insecurity in the global population of browsers, using Google's web server logs. Why is this important? Because browsers are an increasingly popular attack vector. The results aren't good.

...at least 45.2%, or 637 million users, were not using the most secure Web browser version on any working day from January 2007 to June 2008. These browsers are an easy target for drive-by download attacks as they are potentially vulnerable to known exploits.

That number breaks down as 577 million users of Internet Explorer, 38 million of Firefox, 17 million of Safari, and 5 million of Opera. Lots more detail in the paper, including some ideas for technical solutions. EDITED TO ADD (7/2): More commentary.

Virtualisation - Welcome Back to the 90s.

Thu, 03 Jul 2008 02:37:00 +0000

I've been thinking about this for a while but this blog post by Pascal Meunier pretty much sums up my feelings about Virtualisation.

Back in the 90s when the Internet was new-ish and just becoming important all the machines running it were Unix boxes. (Maybe not all, but most). And a 386 would typically run DNS, sendmail, telnet (shell accounts), ftp and apache. All on the same box.

Security wasn't so tight in those days but it was usually good enough and the box could happily do what it needed to do.

Along came Microsoft and produced the idea of "one box - one service". You can't seriously consider running your domain controller as a file server. What are you thinking? And to put mail on the same box? No way. In fact, your SQL server is running under significant load, chain a few together.

And companies would buy into this concept. Microsoft were happy - more licenses. All the PC guys were happy too - more money. More complexity - more jobs.

Essentially what has happened now is that Moores Law has kicked in and has caught up with the complexity of Microsoft's software to the point where one server box can run multiple applications on it. Imagine that. But Microsoft has planted the one-service-one-box concept so well that it is now part of IT law. File server and mail server on one box? But wait...whats this button over here....? Vir-vir-virtualisation.

And now we have the tools to allow us to once again run multiple applications on one server without having to admit that one-application-one-server never made sense.

To be fair - Virtualisation does have other advantages - running multiple Operating Systems for example, being able to easily move a virtual machine from one box to another (without configuration issues), being able to make a snapshot backup of a system.

But running multiple applications on one box is not a huge win.

Using ClusDiag for enhanced Windows server cluster reporting

Wed, 02 Jul 2008 20:38:02 +0000

Learn to use some of the reporting capabilities of ClusDiag, Microsoft's free tool for Windows server cluster management, with details on how to capture logs and view cluster reports.

A primer on the Exchange Server 2007 Exchange Management Shell

Wed, 02 Jul 2008 06:40:33 +0000

Don't be wary of the Exchange Server 2007 Exchange Management Shell (EMS). Get an introduction to basic EMS commands and how to use them in this tutorial.

Tip: Does Your Server Really Need a Recycle Bin?

Wed, 02 Jul 2008 04:54:44 +0000

This is obvious when you think about it. What might you do, operating on the server itself, for which you need a recycle bin? In fact, for some, like Terminal Servers, you might need then, but not on others like a web server. In the meantime, it turns out to be a potential liability there. Thanks to The Elder Geek, by way of the SBS Diva blog (read this one for better details), for pointing this out. Susan, the SBS Diva, recently had a server compromise, and it turns out that the attackers used her web server's recycle bin as a video repository. Why? Because it's hidden. Removing the recycle bin won't stop someone from compromising your server, but it will take away one place they can hide once they get in there, so you might discover the breach sooner. And if you don't delete it, at least cut it down in size from the default 10% of space, which is far too big for a server, and probably for most client desktop.