Security – IT Wiz Technology Blog

Disable IE Enhanced Security Configuration in Windows Server via script

January 26, 2025 by Samuel Mitchell, posted in Azure, Hyper-V, Security, VMware, windows, Windows server

I have always want to use a script to disable Internet Explorer Enhanced Security Configuration (IE ESC) in Windows Server. It is an annoying activity when it is required to perform tasked using the IE in older versions of windows servers.

It is important to note that IE ESC is very important to the security of legacy servers from common past vulnerabilities which is not a risk in current versions of server OS.

This activity must be taken with precaution and on servers with access restriction to the Internet. It is encouraged that IT professional implement all measures to secure the legacy application running on these servers that must be maintained in an segmented or isolated environment. It is the responsibility of the IT professional to use a secure alternative browser after this activity has been performed.

Now here is a batch script to the rescue taken from this Microsoft FAQ that can be runned on all your servers. Save the script in a batch file and run it from the command line.

The script must run as an administrator or a logon script to work since it is making changes to the registry.

Note: The script was created for Windows Server 2003 and 2008. However, it will work for other versions such as Windows Server 2019.

ECHO OFF
REM  IEHarden Removal Project
REM  HasVersionInfo: Yes
REM  Author: Axelr
REM  Productname: Remove IE Enhanced Security
REM  Comments: Helps remove the IE Enhanced Security Component of Windows 2003 and 2008(including R2)
REM  IEHarden Removal Project End
ECHO ON
::Related Article
::933991 Standard users cannot turn off the Internet Explorer Enhanced Security feature on a Windows Server 2003-based terminal server
::http://support.microsoft.com/default.aspx?scid=kb;EN-US;933991
:: Rem out if you like to Backup the registry keys
::REG EXPORT "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" "%TEMP%.HKEY_LOCAL_MACHINE.SOFTWARE.Microsoft.Active Setup.Installed Components.A509B1A7-37EF-4b3f-8CFC-4F3A74704073.reg"
::REG EXPORT "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" "%TEMP%.HKEY_LOCAL_MACHINE.SOFTWARE.Microsoft.Active Setup.Installed Components.A509B1A8-37EF-4b3f-8CFC-4F3A74704073.reg"
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" /v "IsInstalled" /t REG_DWORD /d 0 /f
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" /v "IsInstalled" /t REG_DWORD /d 0 /f
::x64
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432node\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" /v "IsInstalled" /t REG_DWORD /d 0 /f
::Disables IE Harden for user if set to 1 which is enabled
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap" /v "IEHarden" /t REG_DWORD /d 0 /f
REG ADD "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap" /v "IEHarden" /t REG_DWORD /d 0 /f
REG ADD "HKEY_CURRENT_USER\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap" /v "IEHarden" /t REG_DWORD /d 0 /f
::Removing line below as it is not needed for Windows 2003 scenarios. You may need to enable it for Windows 2008 scenarios
::Rundll32 iesetup.dll,IEHardenLMSettings
Rundll32 iesetup.dll,IEHardenUser
Rundll32 iesetup.dll,IEHardenAdmin
Rundll32 iesetup.dll,IEHardenMachineNow
::This apply to Windows 2003 Servers
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OC Manager\Subcomponents" /v "iehardenadmin" /f /va
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OC Manager\Subcomponents" /v "iehardenuser" /f /va
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OC Manager\Subcomponents" /v "iehardenadmin" /t REG_DWORD /d 0 /f
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OC Manager\Subcomponents" /v "iehardenuser" /t REG_DWORD /d 0 /f
::REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}" /f /va
::REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}" /f /va
:: Optional to remove warning on first IE Run and set home page to blank. remove the :: from lines below
:: 32-bit HKCU Keys
REG DELETE "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /v "First Home Page" /f
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /v "Default_Page_URL" /t REG_SZ /d "about:blank" /f
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /t REG_SZ /d "about:blank" /f
:: This will disable a warning the user may get regarding Protected Mode being disable for intranet, which is the default.
:: See article http://social.technet.microsoft.com/Forums/lv-LV/winserverTS/thread/34719084-5bdb-4590-9ebf-e190e8784ec7
:: Intranet Protected mode is disable. Warning should not appear and this key will disable the warning
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main" /v "NoProtectedModeBanner" /t REG_DWORD /d 1 /f
:: Removing Terminal Server Shadowing x86 32bit
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap" /v "IEHarden" /f
:: Removing Terminal Server Shadowing Wow6432Node
REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap" /v "IEHarden" /f

The script may display errors for some commands depending on the versions of Windows servers due the registry keys not used in that versions.

Most importantly, ensure to verify the settings changed for the Internet Explorer ESC.

Storage Redundancy in Azure

August 1, 2024 by Samuel Mitchell, posted in Azure, Microsoft, windows, Windows server

In general computing, storage is a very important component of a systems because it is where all the data is stored on a systems. With this reason, it is important that when moving workloads to the Cloud, storage is a critical part of the discussion.

In this article, the focus will be on storage redundancy options in the Azure and how it works.

There are four (4) basic storage redundancy options in Azure:

Locally Redundant Storage (LRS)
Zone-Redundant Storage (ZRS)
Geo-Redundant Storage (GRS)
Geo-Zone Redundant Storage (GZRS)

To better understand how the storage redundancy, a few terms will need to be defined:

Region – it is a large geographical area. For example California or Virigina (in Azure it is referred to as West US and East US respectively)

Availability Zones (AZ) – it is a logical set of one or more datacenters within a single region. The AZ shares the same network, power and cooling which is a single point of failure for the AZ. Every Region will have alteast 1 AZ and atmost 3 AZes.

Now, I am will be going over the storage redundancy.

Locally Redundant Storage (LRS)

Within one Availability Zone, there are muliple racks of servers with storage that will support the redundancy as required. The LRS takes advantage of these storage, by making 3 copies of the data across three (3) independent storage within a datacenter (Availability Zone).

The LRS protects against system level failures which includes server and disk within a datacenter.

Zone-Redundant Storage (ZRS)

The next level of storage redundancy is ZRS which has three (3) copies of your data across three(3) availability zones (data centers). This storage redundancy protects the data against datacenter level failures which is affected by network or power outage.

For the remaining storage redundancy, the replication to the secondary region is based on the primary region selected using the region pair. Additionally, the next redundancy will need to be activated for the service to be back online.

Geo-Redunant Storage (GRS)

This storage redundancy method utilizes the LRS as part of it functionality. The data is replicated across two regions where three (3) copies of the data is created within each region. This redundancy not only increase the data available against systems failures but also against regional outage affected by natural disasters namely earthquakes, floods or hurricanes.

Geo-Zone Redundant Storage (GZRS)

This storage redundancy is similiar to the GZS except that the primary region use the ZRS instead of the LRS method. The benefits of redundancy GZRS verse GRS is that when there is a datacenter level failure in the primary region, the data will still be available and failover to the secondary region will not be necessary.

Limitations

Not all storage redundancy are available for all storage account type. An example is the Premium Azure Files which uses SSD-backed storage and only supports LRS and ZRS.

Conclusion

For each of the storage redundancy, selecting the right option will be based on business requirements and cost. It is important to assess the impact to the buiness and choose the option that balance cost and availability to keep the business operational.

Reference:

https://learn.microsoft.com/en-us/azure/storage/files/files-redundancy

Securing the Microsoft OneDrive share

July 4, 2024 by Samuel Mitchell, posted in Microsoft, windows

Microsoft has provided a method to easily and conveniently share documents with other persons that are stored within your OneDrive.

How?

This capability creates a shared link which can be sent via email or shared with the person directly.

Security

With this capability, it is important that users takes precaution when sharing their information with others, especially if it is company related.

I recommend the following guidelines when using these capabilities:

1. Verify the email address of the person you are sharing the files with. This email address will be used to validate the access to that share link using access code to the email.

2. Set the correct level of access such as “can view” (which is read-only). If they don’t need to edit the files, then apply the least privilege, which is read only. It protects the files from getting modified uncessarily.

3. Establish a timeline that the person will be assessing the information and set it on the shared link. This ensures the expiration of access without human’s intervention.

4. Dont share the entire drive, all the files should be placed in a folder and the shared link created from there. It limits the access to only that folder and even if it is compromised, it is restricted to that folder only. An additional benefit is that it gives you the flexibility to share additional information with the same party. You can simply drop that files in that folder, and it is readily available to them.

It is important to note that this shared link from OneDrive is publicly accessible, which means that it will be accessed from the internet. The only safeguard is the access permissions configured as recommended.

Why?

The OneDrive is a public file storage service which provides local access on the computer.

Other OneDrive features for Business

The OneDrive for Business or organizations that uses SharePoint, there is an additional settings for restricting access based on location using the location-based policy. This setting is only configurable by administrators, and it is set on a wider scale.

There are more features which will not be discussed in this article. You can check out the Mircrosoft Learn for further details.

Oracle Cloud Infrastructure 2023 Architect Associate Study Resources

October 10, 2023 by Samuel Mitchell, posted in architecture, Oracle Cloud Infrastructure

I have created this blog to share resources used to prepare for my Oracle Cloud Infrastructure Architect Associate Exam. The exam will be done using Online proctoring which will be my first time. Unfortunately, I am unable to take advantage of the test center option because it is not available using the Race to Certification program. As a result, I end up scheduling the exam at my work office because I have no proper enclosed sound proof room in my house to do a proctored exam.

Exam Number: 1Z0-1072-23

https://education.oracle.com/oracle-cloud-infrastructure-2023-architect-associate/pexam_1Z0-1072-23

https://mylearn.oracle.com/ou/learning-path/become-an-oci-architect-associate/122195

Passing this exam is required to earn these certifications. Select each certification title below to view full requirements.
Oracle Cloud Infrastructure 2023 Certified Architect Associate

Exam Format: Multiple Choice

Duration: 90 Minutes
Exam Price: $245
Number of Questions: 55
Passing Score: 65%
Validation: This exam has been validated against Oracle Cloud Infrastructure 2023
Policy: Cloud Recertification

Review exam topics

The following table lists the exam objectives and their weightings.

Objectives	% of Exam
Compute	20%
Networking	28%
Storage	22%
Observability and Management	8%
Identity and Access Management	10%
Security	12%

Compute [20%]

Select appropriate computing choices
Configure compute instances
Configure Autoscaling
Describe OCI compute image options
Describe and configure OS Management
Understand Infrastructure Maintenance

Networking [28%]

Implement and manage Virtual Cloud Networks
Describe public and private subnets
Describe public and private IP addresses and virtual NICs
Configure Virtual Cloud Network Routing and Gateways
Configure Security Lists and Network Security Groups
Implement and manage VCN connectivity
Understand VCN connectivity options
Configure site-to-site VPN
Describe Fast connect
Configure Local and Remote Peering
Configure DNS and Traffic Management
Describe Public and Private DNS zones
Configure Traffic Management
Explain Load Balancing
Describe and configure a layer-7 Load Balancer
Describe and configure a layer-4 Network Load Balancer
Understand Network Command Center Services
Understand Inter-Region Latency
Understand Network Visualizer

Storage [22%]

Deploy and manage Block Storage
Understand Block Volume performance tiers
Deploy Block and Boot Volumes
Configure Volume Groups, Backups, Clones
Configure cross-region replication
Configure and manage Object Storage
Understand Object Storage tiers
Describe Object Storage Security
Implement Object Storage versioning, life cycle management, and retention rules
Configure Multipart uploads
Understand Object Storage replication
Implement and manage File Storage
Configure File Storage
Describe File Storage Security
Understand File System Snapshots and Cloning
Understand File System usage and metering
Understand File Storage replication

Observability and Management [8%]

Understand Observability and Management platform
Configure Monitoring and set alarms
Configure Logging

Identity and Access Management [10%]

Understand AuthN and AuthZ
Implement compartments
Implement conditional and advanced policies
Configure Dynamic Groups and Tag based access control

Security [12%]

Understand security services
Configure Cloud Guard, Security Zone, and Security Advisor
Describe and Configure OCI Vault
Describe and Configure Web Application Firewall and Certificates

Microsoft Certification Learning Resources

May 31, 2023 by Samuel Mitchell, posted in Azure, Exchange, Microsoft, windows, Windows server

This article was created for me to keep track of the Microsoft Learning resources available to acquire the knowledge needed to prepare for the Microsoft Certifications.

The material includes preparation for following certifications:

AZ-900
AZ-104
AZ-800/AZ-801
AZ-500
AZ-700
AZ-305
AZ-400
AZ-140
SC-300
MS-900
MS-500 (expires June 30, 2023)
MS-100/ MS-101 (expires July 31, 2023) / MS-102
AI-900
AI-102
DP-900
DP-420
DP-300

Microsoft Learn
https://learn.microsoft.com/en-us/

Microsoft Learning Lab Exercises
https://github.com/MicrosoftLearning

Microsoft Azure Connected Learning Experience (CLX)
https://clx.cloudevents.ai/events/39366311-ad15-4b90-9364-0252213842fa

Microsoft Partner Training
https://partner.microsoft.com/en-us/training/training-events

MS365 Lab Resources for Microsoft Partner
https://transform.microsoft.com/modernwork/partner

Microsoft Learn Lab Exercise
https://microsoftlearning.github.io/AZ500-AzureSecurityTechnologies/
https://microsoftlearning.github.io/MS-500-Microsoft-365-Security/
https://microsoftlearning.github.io/SC-300-Identity-and-Access-Administrator/
https://microsoftlearning.github.io/AZ-104-MicrosoftAzureAdministrator/

https://microsoftlearning.github.io/AZ-305-DesigningMicrosoftAzureInfrastructureSolutions/

https://microsoftcloudworkshop.com/

https://microsoftlearning.github.io/AZ500-AzureSecurityTechnologies/

https://microsoftlearning.github.io/AZ-140-Configuring-and-Operating-Microsoft-Azure-Virtual-Desktop/

https://microsoftlearning.github.io/AZ400-DesigningandImplementingMicrosoftDevOpsSolutions/

Microsoft Simulation Guide

https://mslearn.cloudguides.com/en-us/guides/AZ-900%20Exam%20Guide%20-%20Azure%20Fundamentals
https://mslabs.cloudguides.com/guides/DP-900%20Exam%20Guide%20-%20Azure%20Data%20Fundamentals
https://mslabs.cloudguides.com/guides/AI-900%20Exam%20Guide%20-%20Azure%20AI%20Fundamentals

https://mslabs.cloudguides.com/guides/AZ-104%20Exam%20Guide%20-%20Microsoft%20Azure%20Administrator

https://mslabs.cloudguides.com/guides/AZ-700%20Lab%20Simulations%20-%20Designing%20and%20implementing%20Microsoft%20Azure%20networking%20solutions

https://mslabs.cloudguides.com/guides/AZ-800%20Lab%20Simulations%20-%20Administering%20Windows%20Server%20Hybrid%20Core%20Infrastructure

https://mslabs.cloudguides.com/guides/AZ-801%20Lab%20Simulations%20-%20Configuring%20Windows%20Server%20Hybrid%20Advanced%20Services

https://mslabs.cloudguides.com/guides/DP-300%20Lab%20Simulations%20-%20Administering%20Microsoft%20Azure%20SQL%20solutions

https://mslabs.cloudguides.com/guides/AI-102%20Lab%20Simulations%20-%20Designing%20and%20implementing%20a%20Microsoft%20Azure%20AI%20solution

https://mslabs.cloudguides.com/guides/DP-420%20Lab%20Simulations%20-%20Designing%20and%20implementing%20cloud-native%20applications%20using%20Microsoft%20Azure%20Cosmos%20DB

Third party resources:

John Savill – https://learn.onboardtoazure.com/

Susanth Sutheesh – https://www.aguidetocloud.com/

Microsoft Azure Paid Labs environment and Training – ACloudGuru.com

I will update this list as times progresses and the information changes.

Disclaimer: all information is provided as is and if there are any changes Microsoft website is the ultimate authority and the respective producers.

CCNP Encore: Configuring GRE Tunnel over IPSec

September 24, 2020September 25, 2020 by Samuel Mitchell, posted in Cisco, Routing & Switching, Security

This article will be showing how to configure a Generic Encapsulation Tunnel also known as GRE Tunnel over IPSec.

disclaimer: note that this is a lab exercise only to show the configuration steps stated and may require additional modification based on your network environment.

The following network topology will be used to demonstrate this exercise.

The initial basic router configuration are below:
R1 configuration:
interface fastethernet 0/0
ip address 192.0.2.1 255.255.255.252
no shut
!
int loopback 0
ip address 1.1.1.1 255.255.255.255
!
router ospf 1
network 0.0.0.0 0.0.0.0 area 0
!
R2 configuration:
interface fastethernet 0/0
ip address 192.0.2.2 255.255.255.252
no shut
!
interface fastethernet 0/1
ip address 203.0.113.1 255.255.255.252
no shut
!
int loopback 0
ip address 2.2.2.2 255.255.255.255
!
router ospf 1
network 0.0.0.0 0.0.0.0 area 0
!
R3 configuration:
interface fastethernet 0/1
ip address 198.51.100.1 255.255.255.252
no shut
!
interface fastethernet 0/0
ip address 203.0.113.2 255.255.255.252
no shut
!
int loopback 0
ip address 3.3.3.3 255.255.255.255
!
router ospf 1
network 0.0.0.0 0.0.0.0 area 0
!
R4 configuration:
interface fastethernet 0/0
ip address 198.51.100.2 255.255.255.252
no shut
!
int loopback 0
ip address 4.4.4.4 255.255.255.255
!
router ospf 1
network 0.0.0.0 0.0.0.0 area 0
!

Before going into the task, there are some information that is important to know why IPSec is with a GRE Tunnel:

GRE Tunnel
- It is used to encapsulated the packets over a network between two network devices.
- it does not provide encryption which makes it unsecure
IPSec
- It is secure by providing encryption
- it only supports uni-cast traffic which presents a problem for routing protocols that uses multicast to function.

What are the use cases for this technology?

Combining both technology makes it a suitable solution to create a secure connections over public or unsecured networks between two networks.

Lab Exercise

Once the routers has been configured accordingly using the initial base configuration, it is time to start the exercise.

In this exercise, two task are going to be done:

Configure a GRE Tunnel between R1 and R4
Configure a IPSec tunnel

Step 1 – Configure the GRE tunnel on R1 and R4

Create a tunnel interface

R1(config)# interface tunnel 1

Assign an ip address to the tunnel interface

R1(config-if)# ip address 192.168.0.1 255.255.255.252

Set the source interface from where the tunnel will be connected

R1(config-if)# tunnel source fastethernet 0/0

Set the destination address of the router at the other end of the tunnel

R1(config-if)# tunnel destination 198.51.100.2 255.255.255.252

Note: repeat the same steps on router R4 but replacing the respective source interface and destination address. It is important to note that the tunnel # is locally significant.

you can check the status of the tunnel after step 1 by running the show command as follows:

R1(config)# do show ip interface brief

Step 2 – Configure a IPSec tunnel

Setup Phase 1 – set ISAKMP policy

R1(config)# crypto isakmp policy 14

Set encryption type

R1(config-isakmp)# encryption aes

Set authentication type

R1(config-isakmp)# authentication pre-share
R1(config-isakmp)# group 2
R1(config-isakmp)# exit

Set ISAKMP key and transform mode

R1(config)# crypto isakmp key 0 [keypass] address [192.51.100.2]
R1(config)# crypto ipsec transform-set [KWTRAIN] esp-aes esp-sha-hmac
R1(cfg-crypto-trans)# mode [transport|tunnel]
R1(cfg-crypto-trans)# exit

Configure an ACL for the traffic allowed to traverse the IPSec tunnel

R1(config)# ip access-list extended GRE-IN-IPSEC
R1(config-ext-nacl)# permit gre any any
R1(config-ext-nacl)# exit

Setup Phase 2 – linking ACL, transform set and peer ip to IPSec tunnel

R1(config)# crypto map VPN 10 ipsec-isakmp
R1(config-crypto-map)# match address GRE-IN-IPSEC
R1(config-crypto-map)# set transform-set KWTRAIN
R1(config-crypto-map)# set peer 198.51.100.2
R1(config-crypto-map)# exit

mapping interface to IPSec tunnel

R1(config)# interface f0/0
R1(config-if)# crypto map VPN
R1(config-if)# end

For person who are visual learners, here is a mind map of the configurations below.

Mindmap of the IPSec configuration commands

Getting the Domain Account Lockout from the Security Event Logs using PowerShell

May 15, 2020May 15, 2020 by Samuel Mitchell, posted in Microsoft, windows, Windows server

This article is about search the Windows Security event logs on the DC with the PDC role to list the account lockout information using PowerShell.

Open the PowerShell ISE using administrator rights.

pscmd

Run the command to get the PDC from the domain and put it in a variable ($pdc in this case)

$pdc = (get-addomain).pdcemulator

Run the PS command to get the windows event in the Security logs with ID 4740

Get-WinEvent -ComputerName $pdc -LogName Security | Where-Object ID -EQ ‘4740’

Alternative, the Invoke-Command can be used to execute it on the PDC

Invoke-Command -ComputerName $pdc -Credential(Get-Credential) -ScriptBlock{Get-WinEvent -LogName Security | Where-Object id -EQ ‘4740’}

For me information on using the Get-WinEvent cmdlet, refer to the Microsoft documentation here.

Securing the Web management for the HP 2530 switch

May 14, 2019May 14, 2019 by Samuel Mitchell, posted in HP, Routing & Switching, Security

Whenever you get a HP/Aruba 2530 switch out of the box, it comes default with web management enabled using http. You can easily go to the IP address of the switch to view the switch details. To secure the web portal of the switch, do the following:

Log into the switch
Go into configuration mode
Create a self-signed certificate for secure http access
1. crypto pki enroll-self-signed certificate-name [SWITCHNAME] subject
2. Enter each information requested
To enable secure http, use command
1. web-management ssl
To disable http for web management, use command
1. no web-management plaintext
To added a login for the web portal, use the command:
1. password manager user-name [loginname] plaintext [loginpassword]

I hope this was useful.

Fortinet: Publishing a Server access to the Internet via HTTP

April 3, 2019April 3, 2019 by Samuel Mitchell, posted in Routing & Switching, Security, Uncategorized

This article is providing instructions on how to public a server/device to the internet using http. This article will go through the basic configuration.

After logging into to the Fortinet portal, got to Firewall Objects –> Virtual IP –> Virtual IP, select Create New

create_virtual_ip

There are number of parameters:

Name: Short description of services e.g. DVR HTTP-80

External Interface: this is the port connected to the internet link with the public IP address.

External IP Address/Range: this use only need if you have more that one IP address configured on the port. If not, you can leave the default 0.0.0.0

Mapped IP Address/Range: Enter the internal server IP address of device. e.g. our DVR 192.168.0.12

Port Forwarding: tick this option if you are using custom ports from the default e.g. external service port is 5000 from the outside connecting to (map to) port 80 on the internal server.

virtual_ip_info

Go to Policy –>Policy –> Create New

create_policy

Select the Source Interface/Zone to external port.

Select destination Address to the Virtual IP created earlier and select Service to HTTP since we are using port 80. If the service is not list add it with the custom ports. Select Enable NAT to allow external IP address to access the internal device through the fortinet.

policy_settings

Once save by clicking ok, it will be listed under the external port source port column in the Policy section.

policy_listed

Computer blocked by Port Security

January 22, 2019January 22, 2019 by Samuel Mitchell, posted in Cisco, Microsoft, Routing & Switching, Security

My colleague was working on an issue where a computer was communicating on the network through a Cisco switch that had port security enabled. As usually, he disables port security and re-enables it in an attempt to get the new mac address registered on the port. The computer (A) was now able to get an IP address from the DHCP server but unfortunately, the computer (A) still was not able to communicate with the server. In an effort to identify whether the problem was with computer (A) or the network port, another computer (B) was connected to the port which was successful. But when computer (A) was reconnected to the same port, there was still no communication. All network settings on Computer (A) were verified to be correct but still no break through. The same computer (A) was taken to another switch in another location and surprisingly it worked. So hhhmmm….what could be the problem? It was escalated to me to investigate further as he could not identify what was the root of the problem.

I started to ask the question “What is working?”

The responses were:

Other devices were communicating when connected to the port
The computer (A) is getting an IP address from the DHCP server
The computer (A) is able to communicate on other switches

Next question, did they try the computer (A) on another port on the same switch? Response was No.

Anyways, everything was connected back to how it was before and then I started the troubleshooting.

The following observations were made:

Port-security was enabled on the entire switch but disabled on this troubled port.
The port duplex and speed was ok (Full/100)
The computer (A) got an dynamic IP address from the DHCP server
The computer (A) mac address was not showing on the port when I check the MAC address table for the problem port (f0/42)
Port security sticky address listing showed that computer (A) mac address was tied to port f0/22

What do you think the root of the problem is?

The computer (A) is not able to communicate with anything on the network because the mac address of the computer (A) was tied to another port so when devices response to the packet, it is returning to the wrong port. so the solution was to remove the sticky address and allow the switch to relearn it over the new connected port (f0/42). Another question resonate in my mind was “How did it get an IP address from the DHCP server?”. But if you review how devices acquire an IP address, it is using broadcast. Therefore, the computer will always get an IP address but it would not be able to communicate with other devices.

I hope this troubleshooting scenario helps someone with understanding port-security on a Cisco switch.