Thursday, July 25, 2013

How to Setup and Configure the SMTP Service for Windows Server 2012

Many applications depend on the internal Windows SMTP Service to relay email confirmations to visitors browsing their web site. When using Windows Server 2012 the SMTP feature must be installed and configured first. Below are the steps for installing the internal Windows SMTP Service.

Install the SMTP Service

1 Launch the Server Manager.

2 From the Dashboard, click on Add Roles and Features to begin the wizard. Click Next on the first screen.

3 Select 'Role-based or feature-based installation'.

4 Select the server.

5 Click Next to bypass the Roles selections.

6 Scroll down the list and tick the 'SMTP Server' feature.

7 A new window will pop up to inform you that some other services will also be installed. Click Add Features to confirm and continue.

8 Click Next to continue past the features selection screen.

9 Click Install to complete the installation.

10 Click Close when the installation has completed.



Configure the SMTP Service

1 Launch the Internet Information Services (IIS) 6.0 Manager.

2 Click Yes to the UAC Prompt.

3 Right-click on SMTP Virtual Server #1 and select Properties.

4 Select the General tab and change the IP Address to the server’s IP address.

5 Select the Access tab and click on the Connection button.

6 In the Connection window, select 'Only the list below' and click the Add button.

7Add the IP address, Group of computers or Domain of the devices permitted to use the internal SMTP, then click OK.

8 In the Access tab of the Connection window, click the Relay button. Add the same permitted devices to the Relay Restrictions list.

9 In the Delivery tab of the Connection window, set an external domain.

10 Launch the Windows Firewall with Advanced Security console.

11 Right-click on 'Inbound Rule' and select 'New Rule' to begin the wizard.

12 Select 'Port' and click Next.

13 Set the local port to 25 and click Next.

14 Choose 'Allow the connection' and click Next.

15 Uncheck 'Public' to prevent external access to the server. Click Next.

16 Give the rule a name, and click Finish.

17 You should now see a new rule enabled in the firewall management console.

18 In the Server Manager, click on Tools and select Services.

19 In the Services window, double-click on 'Simple Mail Transfer Protocol (SMTP)'.

20 Stop and then Start the service. Set the Startup type to Automatic.

20 Click OK to finish. The internal SMTP service is now ready and listening.


Remember to add this new SMTP server as a legitimate relay if your mail domain is using (SPF) Sender Policy Framework.

Tuesday, June 11, 2013

How to Prevent RDP Brute Force Attacks

Tech forums and publications are buzzing with news of a tool that enables hackers to attack servers via the Remote Desktop protocol (RDP), a commonly used protocol on remote servers that relies on enabling common ports to access them. These brute force attacks are nothing new, but the frequency of these attacks has sharply increased in recent months and are predicted to continue growing this year.

Understanding the Attacks

A brute force attack on the RDP server allows the attacker to connect. The attacks seem to follow a simple methodology:

  • Scan a range of IP addresses.
  • Scanner looks for open ports usually used by RDP (e.g. 3389).
  • A RDP brute force attack is launched using dictionary terms.

Successful logins by the attacker will give them access to the drives of that server (via the shares \\tsclient\c and \\tsclient\d). This may give the attacker access to the server, potentially including areas usually hidden from the external connection, such as local backups and development areas.

There are no reports of successful breaches yet, so it's unknown what motives are behind the attacks. Similar attacks in the past suggest that infected servers could be used to launch stronger attacks and thus scatter and strengthen itself. However, it could also be used to install other malware or ransomware.

With this type of attack, Windows 2003 servers could also be affected by memory exhaustion which would cause them to reboot. It could also cause Window 2008+ servers to fill their log files. However, this type of attack is not only aimed at Windows servers — it is an IP based attack.

Preventing the Attacks

As with any emerging threat, there are precautions that those running RDP on their servers can take.

  • Use strong passwords for your RDP sessions including:
    • One or more special characters such as !@#$%^&*()
    • At least one number, preferably two or more
    • A mix of upper and lower case
    • At least 7 characters in length
    • A non-dictionary word
  • Do not use standard usernames (root, admin, owner, test).
  • Implement account lockout policy for a set number of failed logins before locking out the account.
  • Use an alternative port instead of leaving RDP port 3389 open for anyone to abuse. To change this automatically, use Microsoft Fix It.
  • Consider locking the RDP port to a specific IP address.
  • On Windows 2008 (and server 2012), enable Network Level Authentication which means the session can not established until the credentials are authorized.
  • Ensure you have all the latest patches installed.
  • Have a plan to be proactive and scan for potential attacks.
  • Limit RDP access to only the accounts that require it.
  • If external access is needed, configure a VPN tunnel.

RDP is a great tool used by administrators and users alike to establish multiple connections to a system, but there's a risk if the connections and software aren't secure. Knowing how RDP works, why it’s being used, and what can be done to secure it will help administrators to get a better grasp on server security.

Monday, May 13, 2013

Using the X-Forwarded-For HTTP Module For IIS7

Are you having problems with logging client IP addresses in server logs because your web servers are using proxies or load balancing? This is a common issue with proxies and fortunately there is a solution. The standard for forwarding client information is the HTTP X-Forwarded-For header, which is handled by most proxies.

What is X-Forwarded-For?

The "X-Forwarded-For" HTTP request header is used to allow a proxy server or load balancer to inject the true originating IP address of a client connection into the HTTP request allowing the application server to know the caller's true identity.

The Solution

The version 7.0 release of IIS (Windows Server 2008) introduced the ability to integrate HTTP modules. In comparison to classic ISAPI filters http modules are much more flexible and much easier to integrate with IIS. Joe Pruitt at F5 DevCentral developed a module for IIS7 that extracts the X-Forwarded-For header value and replaces the CIP value (client IP address) that is stored in the server logs.

How to Setup the Module

  1. Download the X-Forwarded-For HTTP Module binaries at F5 DevCentral and unpack the archive into the local file system of the web server.
  2. Create a new sub folder in the file system root (e.g. HttpModules) and add two additional sub folders for x86 and x64. Now copy the .DLL library and the ini.bak file from the unpacked folders into the appropriate folders. Remove the .bak file ending.
    *Implement both the x64 version and x86 version of the module. Otherwise, 32-bit applications may crash.

  3. Edit the .ini file to configure the individual http header variable which will contain then IP address of the client and therefore serve as the source for the c-ip value in the IIS log file. In this example X-Cluster-Client-Ip.
  4. Open the IIS MMC and select the web server node from the configuration tree. Open the Modules settings page.
  5. Select Configure Native Modules in the Action Pane.
  6. Click Register and select the file path to the x86 DLL and name the module configuration accordingly. Repeat this step for the x64 version of the DLL.
  7. Click OK to apply the new module configuration. Sometimes a restart of W3SVC service is required.
  8. After successful installation the IP address will be stored in the CIP column of the IIS log file.

Monday, April 8, 2013

Free Training for SmarterMail and SmarterTrack

SmarterTools offers FREE weekly training for new and existing customers that covers tasks such as installing products, first-time set up of products, complete walkthroughs of the concepts and ideas behind how a product works and more. SmarterTools offers separate training for both SmarterMail and SmarterTrack that benefit customers who install their own versions of these products or who use the hosted version of SmarterTrack.com.

SmarterMail Training

This training will cover the basic installation and configuration of your new mail server. Items covered include:

  • General system requirements and installation
  • Initial set-up and configuration
  • Adding a domain, then users to that domain
  • Sending and receiving an email
  • Anti-spam and anti-virus options
  • General feature discussion
  • Overview of licensed add-ons

SmarterTrack Training

This training will help with how SmarterTrack can be installed, configured and how communication flows through it. Items covered include:

  • General system requirements and installation
  • Initial set-up and configuration
  • General helpdesk concepts
  • Setting up a Department, Group and Employee
  • Adding Employees to Groups
  • Following a Ticket through SmarterTrack
  • General feature discussion
For training schedules and more information, visit the SmarterTraining web page (http://www.smartertools.com/support/smartertools-training.aspx).

Wednesday, January 9, 2013

SQL Server 2012 : Edition and Licensing Information

Microsoft’s new SQL Server 2012 release, code-named Denali, marks some significant changes in the SQL Server product lineup. Taking steps to simplify the platform's licensing options, Microsoft has retired the Datacenter Edition, Workgroup Edition and Small Business Edition previously available for SQL Server 2008 and 2008 R2.

SQL Server 2012 Express Edition
replaces the Microsoft Data Engine (MSDE) as the free version of SQL Server for application development and lightweight use. It’s a great tool for developing and testing applications and extremely small implementations, but that’s about as far as you can run with it.

SQL Server 2012 Web Edition
is a specialized version for use in web hosting environments that is nearly identical to Standard Edition. This edition is available only to Services Provider License Agreement customers, which means your hosting provider.

• 
SQL Server 2012 Standard Edition
remains the workhorse of the product line for serious database applications. It can handle up to 16 cores with an unlimited amount of RAM.

• 
SQL Server 2012 Business Intelligence Edition
is designed specifically to support business intelligence applications.

• 
SQL Server 2012 Enterprise Edition
is designed for mission critical data center operations and large data warehouses.

• 
SQL Server 2012 Developer Edition
is a great tool for developers needing the full features of SQL Server 2012 Enterprise Edition for use in a non-production environment. This product has the same functionality as Enterprise Edition and offers a direct upgrade path to convert Developer servers to production licensing.

Having trouble choosing an edition? The Microsoft article "Features Supported by the Editions of SQL Server 2012" offers a detailed look at each edition.

SQL Server 2012 Licensing


Now that you have a SQL version in mind, it’s time to talk pricing. There's no question that licensing is one of the trickiest aspects of any Microsoft product to figure out — it's often harder to understand the licensing than it is to figure out how to use the product and its features. Changes in editions, the new core-based licensing, and the different availability options that are brought about by new features have made SQL Server 2012 licensing more confusing than ever. Let's take a closer look:
  • SQL Server 2012 Standard
    can be licensed either per core or per server and Client Access License (CAL).
  • SQL Server 2012 Business
    is licensed only per server and CAL.
  • SQL Server 2012 Enterprise
    is licensed only per core.

In a virtual environment, each "virtual processor" or "logical processor" counts as one (1) core. For example, if you have a virtual server with four (4) processors, you will need a four (4) core license for your SQL version. SQL Server 2012's licensing requires that you purchase a minimum of four (4) core licenses with additional core licenses available in packs of two (2). This means you will pay for a four (4) core license even if you have a single, dual or tri-core virtual processor VM.


In a fully dedicated environment the structure is much the same. For example, if you have a single quad (4) core processor, you will need a four (4) core license or one (1) server + CALs license. With today’s 12- core+ processors, Microsoft knew you were getting a good deal with socket-based licensing on late SQL versions.

If you’re planning to use the standard edition of Microsoft SQL Server 2012 in your environment, you have a major choice to make: should you opt for the per server licensing or the per core licensing? Be sure to count your cores. Depending on the environment (dedicated or virtual) it may make sense to license by server and CALs rather than core-based licensing.

Microsoft SQL Server 2012 Core Factor Table*
Processor TypeCore Factor
All processors not mentioned below1
AMD Processors
(31XX, 32XX, 41XX, 42XX, 61XX, 62XX Series Processors with 6 or more cores)
0.75
Single-Core Processors4
Dual-Core Processors2

* This is an example of how to calculate core license requirements and the core factor table. The core factor table is subject to change. You can find the core factor table at any time, updated at the link below.

For more information on the SQL Server 2012 Core Factor Table, including how to determine and use the appropriate core factor when licensing SQL Server 2012 under the Per Core model, visit: http://go.microsoft.com/fwlink/?LinkID=229882

Licensing SQL Server for High Availability


One of the most compelling features in the upcoming SQL Server 2012 release is the new AlwaysOn Availability Groups, but Microsoft's use of the term AlwaysOn is a bit confusing. AlwaysOn actually refers to two separate but related technologies: AlwaysOn Failover Clustering and AlwaysOn Availability Groups. AlwaysOn Failover Clustering is essentially the same thing as SQL Server failover clustering in earlier releases. It entails running a SQL Server instance on a Windows failover cluster. However, the AlwaysOn Availability Groups feature is completely new to SQL Server 2012, and it brings several new availability enhancements to SQL Server. If you're using database mirroring, AlwaysOn Availability Groups could be a good reason to upgrade to SQL Server 2012.

What if I have a failover cluster that includes a dedicated backup server? Do I need to license this server as well? No, both Failover Clustering and AlwaysOn Availability Groups allow you to skip licensing the backup server if it is truly passive (i.e., only used when the primary system isn't active).

What about Enterprise solutions where SQL needs high-availability in a fault-tolerant dual hardware solution? Using redundant hardware, will you be required to double the licensing costs? No, fortunately not. This is where Microsoft observes some sympathy and considers these multi-hardware solutions as a single system, thus no additional SQL license costs. The catch is, Microsoft only requires you to license the "active" system. In the event of a failover, switching the licensing to "active" on the receiving server will suffice.

For more information about licensing SQL Server 2012, including what is new with this version, please visit Microsoft's SQL Server website.