Articles Tagged ‘server’

Domain Name System (DNS)

DNS is a very popular and well known protocol. It is used for resolving host names and domain names to IP addresses. The fact is that when you type www.firewall.cx the name is translated into an IP address via a number of queries that take place from your PC towards the DNS server. This DNS Query process (and more) is analysed in great depth in the articles that follow.

The amount of information covering the DNS protocol has been broken into smaller sections to help avoid confusion and make the learning process as easy as possible.

Following is a break-down of the articles provided and information they contain:

Section 1: The DNS Protocol. How and why the DNS protocol was born. Page contains a bit of historical information and also compares DNS with the OSI Reference model, where you will see the layers on which DNS works. Internet DNS hierarchy is also analysed here, giving you the chance to understand how domains on the Internet are structured.

Section 2: The DNS Resolution Process. What really happens when a host requests a DNS resolution. Full analysis of the whole resolution process using a real life example. Understand Name Servers and the role they play in the DNS system.

Section 3: The DNS Query Message Format. This section, along with the next one gives you the DNS packet format in all its glory. Learn how DNS queries are generated and formatted. See, learn and understand the various fields within the packets as your taken through a full detailed analysis of the packet structure using the cool 3D diagrams.

Section 4: The DNS Response Message Format.This is the continuation of the section above, dealing with the DNS response that's received. You will learn how the response packet is generated, formatted and sent to the resolver. Again, you're taken through a full detailed analysis of the packet structure using the cool 3D diagrams.

 

Free Online Security Services

GFI.COM was kind enough to allow the Firewall.cx community to directly use their Free Online Security Services. Recommended to any Network Administrator or home users who wish to secure their network!

GFI Email Security Testing Zone - http://www.emailsecuritytest.com

Test whether your email system is vulnerable to email viruses and attacks! The zone allows visitors to freely discover instantly if their system is secure against current and future email threats, such as emails containing infected attachments, emails with malformed MIME headers, HTML mails with embedded scripts and much more !

 

GFI Event Log Scanner - http://www.eventlogscan.com

Intrusion Detection by checking for high security events happening on your machine, such as users logging on to your machine, accesses to important files on your machine, failed logon attempts, security policy changes to your machine, and more! Use EventLogScan to check that your system is truly secure!

Installation and Configuration of Fine-Grained Password Policy for Windows Server 2012

windows-2012-install-setup-fine-grained-password-policy-01aMicrosoft introduced Fine-Grained Password Policy for the first time in Windows Server 2008 and the policy has been part of every Windows Server since then. Fine-Grained Password Policy allows overcoming the limitations of only one password policy for a single domain. A brief example is that we apply different password and account lockout policies to different users in a domain with the help of Fine-Grained Password Policies.
 
This article discusses the Fine-Grained Password Policy as applicable to Windows Server 2012, and the different ways of configuring this policy. Windows Server 2012 allows two methods of configuring the Fine-Grained Password Policy:

1. Using the Windows PowerShell

2. Using the Active Directory Administrative Center or ADAC

In earlier Windows Server editions, it was possible to configure Fine-Grained Password Policy only through the command line interface (CLI). However with Windows Server 2012 a graphical user interface has been added, allowing the configuration of the Fine-Grained Password Policy via the Active Directory Administrative Center. We will discuss both the methods.

Before you begin to implement the Fine-Grained Password Policy, you must make sure the domain functional level must be Windows Server 2008 or higher. Refer to relevant Windows 2012 articles on our website Firewall.cx.

Backup your Windows Server 2012 R2 host using Altaro’s Free Hyper-V & VMware Backup solution. Download Now!

Configuring Fine-Grained Password Policy using the Windows PowerShell

Use your administrative credentials to login to your Windows Server 2012 domain controller. Invoke the PowerShell console by Right clicking on the third icon from the left in the taskbar on the Windows Server desktop and then clicking on Run as Administrator.

windows-2012-install-setup-fine-grained-password-policy-01

Figure 1. Executing Windows PowerShell as Administrator

 

Clicking on Yes to the UAC confirmation will open up an Administrator: Windows PowerShell console.

Within the PowerShell console, type the following command in order to begin the creation of a new fine grained password policy and press Enter:

C:\Windows\system32> New-ADFineGrainedPasswordPolicy

windows-2012-install-setup-fine-grained-password-policy-02

Figure 2. Creating a new Fine Grained Password Policy via PowerShell

 

Type a name for the new policy at the Name: prompt and press Enter. In our example, we named our policy FGPP:

windows-2012-install-setup-fine-grained-password-policy-03

Figure 3. Naming our Fine Grained Password Policy

 

Type a precedence index number at the Precedence: prompt and press Enter. Note that policies that have a lower precedence number have a higher priority over those with higher precedence numbers. We’ve set our new policy with a precedence of 15: windows-2012-install-setup-fine-grained-password-policy-04

Figure 4. Setting the Precedence index number of our Fine Grained Password Policy

 

Now the policy is configured, but has all default values. If there is need to add specific parameters to the policy, you can do that by typing the following at the Windows PowerShell command prompt and press Enter:

C:\Windows\system32> New-ADFineGrainedPasswordPolicy -Name FGPP -DisplayName FGPP -Precedence 15 -ComplexityEnabled $true -ReversibleEncryptionEnabled $false -PasswordHistoryCount 20 -MinPasswordLength 10 -MinPasswordAge 3.00:30:00 -MaxPasswordAge 30.00:30:00 -LockoutThreshold 4 -LockoutObservationWindow 0.00:30:00 -LockoutDuration 0.00:45:00


In the above command, replace the name FGPP with the name of your password policy, which in our example is FGPP.

The parameters used in the above are mandatory and pretty much self-explanatory:

Attributes for Password Settings above include:

  • Enforce password history
  • Maximum password age
  • Minimum password age
  • Minimum password length
  • Passwords must meet complexity requirements
  • Store passwords using reversible encryption

Attributes involving account lockout settings include:

  • Account lockout duration
  • Account lockout threshold
  • Reset account lockout after


To apply the policy to a user/group or users/groups, use the following command at the PowerShell command prompt:

C:\Windows\system32> Add-ADFineGrainedPasswordPolicySubject -Identity FGPP -Subjects “Chris_Partsenidis”

For confirming whether the policy has indeed been applied to the groups/users correctly, type the following command at the PowerShell command prompt and press Enter:

Security Articles

The following articles deal with one of the hottest topics around: Network, Web and IDS (Intrusion Detection System) Security.

The articles have been carefully selected to ensure they provide acurate and upto date information to our readers, while some have been written by our team, in response to our visitors request!

Troubleshooting Windows Server 2012 R2 Crashes. Analysis of Dump Files & Options. Forcing System Server Crash (Physical/Virtual)

windows-2012-troubleshooing-server-crashes-memory-dumps-debug-001aThere are umpteen reasons why your Windows Server 2012 R2 decides to present you with a Blue Screen of Death (BSOD) or the stop screen. As virtual machines become more prominent in enterprise environments, the same problems that plagued physical servers earlier are now increasingly being observed for crashes of virtual machines as well.

Microsoft designs and configures Windows systems to capture information about the state of the operating systems if a total system failure occurs, unlike a failure of an individual application. You can see and analyze the captured information in the dump files, the settings of which you can configure using the System Tool in the Control Panel. By default, BSOD provides minimal information about the possible cause of the system crash and this may suffice in most circumstances to help in identifying the cause of the crash.

However, some crashes may require a deeper level of information than what the stop screen provides – for example, when your server simply hangs and becomes unresponsive. In that case, you may still be able to see the desktop, but moving the mouse or pressing keys on the keyboard produces no response. To resolve the issue, you need a memory dump. This is basically a binary file that contains a portion of the server's memory just before it crashed. Windows Server 2012 R2 provides five options for configuring memory dumps.

SafeGuard your Hyper-V & VMware servers from unrecoverable crashes with a reliable FREE Backup – Altaro’s VM Backup. Download Now!

 

Types of Memory Dump Files Possible

1. Automatic Memory Dump

Automatic memory dump is the default memory dump that Windows Server 2012 R2 starts off with. This is really not a new memory dump type, but is a Kernel memory dump that allows the SMSS process to reduce the page file to be smaller than the size of existing RAM. Therefore, this System Managed page file now reduces the size of page file on disk.

2. Complete Memory Dump

A complete memory dump is a record of the complete contents of the physical memory or RAM in the computer at the time of crash. Therefore, this needs a page file that is at least as large as the size of the RAM present plus 1MB. The complete memory dump will usually contain data from the processes that were running when the dump was collected. A subsequent crash will overwrite the previous contents of the dump.

3. Kernel Memory Dump

The kernel memory dump records only the read/write pages associated with the kernel-mode in physical memory at the time of crash. The non-paged memory saved in the kernel memory dump contains a list of running processes, state of the current thread and the list of loaded drivers. The amount of kernel-mode memory allocated by Windows and the drivers present on the system define the size of the kernel memory dump.

4. Small Memory Dump

A small memory dump or a MiniDump is a record of the stop code, parameters, list of loaded device drivers, information about the current process and thread, and includes the kernel stack for the thread that caused the crash.

5. No Memory Dump

Sometimes you may not want a memory dump when the server crashes.

 

Configuring Dump File Settings

VMware Topics

This section provides high-quality technical articles covering VMware's popular ESX/ESXi virtualization platform.

Windows 2012 Server

This section contains technical articles, content and resources for IT Professionals working with Microsoft's Windows 2012 & Windows 2012 R2 server. Our content covers basic and advanced configuration of Windows 2012 components, services, technologies and much more, and has been written in an easy-to-follow manner.

We hope you enjoy the provided articles and welcome your feedback and suggestions.

Articles To Read Next:

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup