Category: System Administration
-
Building a Hyper-V Lab – cheaply!
I’ve been trying to build a lab at home for a while, but have continued to put the thought aside, over and over. Not because I lack motivation, no, because it’s so damned expensive to purchase so much kit if I’m going to use it for a few months, and then not use it again.…
-
TMG 2010 – Export Some, Not All
Quick heads up. In TMG 2010, in the Toolbox sidebar, if you run “Export All” on a Network Object (e.g. Domain Name Sets or URL Sets), it doesn’t export “all”. This function exports “all objects that are currently assigned to a rule”. Not “all” in the English sense, everything, all encompassing, etc etc. To re-iterate,…
-
Sphinx Search for Invision Power Board
I’ve toyed with Sphinx before. It blew my socks off… Until it broke. Sphinx is an Open Source indexing engine, which is supported out of the box by the forum software, Invision Power Board (IPB). Essentially what Sphinx does, is run a bunch of queries against the IPB database, usually hosted on MySQL, pulling the…
-
WPAD & Proxy Timeout Issue
If you’ve been following, I’ve recently been playing with Forefront Threat Management Gateway 2010, the “new” ISA Server. Now, for all intensive purposes, everything is configured correctly. There’s a virtual IP for the proxy array (let’s say, 192.168.0.10), and the WPAD file is published, and contains the IP addresses of both proxies (let’s say, 192.168.0.11…
-
WSUS, TMG & WPAD – Making the Proxy Bypass List Work!
I got tasked with a problem today which was plain weird… New servers being deployed, are unable to contact the WSUS distribution point to check for updates. The file C:\Windows\WindowsUpdate.log show the following errors: 2010-11-23 11:03:45:106 800 634 Misc WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: Bypass List used : <(null)> Auth…
-
My iptables “base” ruleset
I’m not 100% sure if this is correct in a security sense, but thought I’d post this. For my web/database servers, it’s a pretty basic setup really. Drop all inbound packets not specifically allowed, and allow all outbound unless specifically denied. Open for comment / feedback. It’s for all intensive purposes, pretty secure in my…
-
Makeshift Anonymous (aka always encrypted) Browsing
In light of all the “omg, people can hack into my Facebook/Twitter account now” rubbish that’s been headlining around the world in the last week, I faced a similar situation, in constantly being prompted to allow access through a firewall, which seemed to think my access to brain dump material was actually an attempt to…
-
825mbps “Phantom DSL” – NBN Killer?
Exceeelllleeennnttttt. Puts Stephen Conroy’s NBN fibre network to shame, doesn’t it? Nokia Siemens Networks achieves world record copper DSL speeds Paris, France – 25 October 2010 “Phantom DSL” reaches 825 megabits per second over 400 meters of copper lines Nokia Siemens Networks has successfully tested a technology that could drastically increase the data carrying capacity…
-
Better TCPViewer
I needed to show all the connections on a virus infected machine a while ago, and being a Microsoft tech, I normally used the Sysinternals TCPViewer tool to do this… However, TCPViewer is a bit limited. I mean, I’m trying to track all the connections on a given port, say, SMTP port 25, but I…
-
Forefront TMG Stuff
http://www.isascripts.org/ – a bunch of handy scripts by a security consultant named Jason Fossen Microsoft tools for TMG 2010 – http://www.microsoft.com/downloads/en/details.aspx?FamilyID=8809cfda-2ee1-4e67-b993-6f9a20e08607&displaylang=en Technet Doco for TMG 2010 – http://technet.microsoft.com/en-us/library/ff355324.aspx Jim Harrison’s list of tools for TMG2010 – http://www.isatools.org/tools.asp?Context=TMG2010 Microsoft ISA Blog – http://blogs.technet.com/b/isablog/