Wednesday, November 5, 2014

The Easy Button for SSL Management

IIS Crypto is a free tool that gives administrators the ability to enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows Server 2003, 2008 and 2012. It also lets you reorder SSL/TLS cipher suites offered by IIS, implement best practices with a single click and test your website.

Nartac Software - IIS Crypto


Qualys SSL Labs - SSL Server Test

The SSL server test is an online service that enables you to inspect the configuration of any public SSL web server.

Wednesday, October 29, 2014

SSL 3.0 Protocol Vulnerability and POODLE Attack


All systems and applications utilizing the Secure Socket Layer (SSL) 3.0 with cipher-block chaining (CBC) mode ciphers may be vulnerable. However, the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack demonstrates this vulnerability using web browsers and web servers, which is one of the most likely exploitation scenarios. This affects most current browsers and websites, but also includes any software that either references a vulnerable SSL/TLS library (OpenSSL) or implements the SSL/TLS protocol suite itself. By exploiting this vulnerability in a likely web-based scenario, an attacker can gain access to sensitive data passed within the encrypted web session, such as passwords, cookies and other authentication tokens that can then be used to gain more complete access to a website.

We highly recommend disabling SSL 3.0 as well as SSL 2.0 if applicable.


To disable SSL 2.0/3.0 in IIS 6 or IIS 7:


1. Click Start, click Run, type regedit, and then click OK.
2. In Registry Editor, locate the following registry key/folder:
HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
3. Right-click on the SSL 2.0 folder and select New and then click Key. Name the new folder Server.
4. Inside the Server folder, click the Edit menu, select New, and click DWORD (32-bit) Value.
5. Enter Enabled as the name and hit Enter.
6. Ensure that it shows 0x00000000 (0) under the Data column (it should by default). If it doesn't, right-click and select Modify and enter 0 as the Value data.
7. Now to disable SSL 3.0, right-click on the SSL 3.0 folder and select New and then click Key. Name the new folder Server.
8. Inside the Server folder, click the Edit menu, select New, and click DWORD (32-bit) Value.
9. Enter Enabled as the name and hit Enter.
10. Ensure that it shows 0x00000000 (0) under the Data column (it should by default). If it doesn't, right-click and select Modify and enter 0 as the Value data.
11. Restart the computer.


This process is the same for IIS 6 (Windows Server 2003) machines. The server folder under SSL 2.0/SSL 3.0 will already be created so you will only need to create a new DWORD value under it and name it Enabled.


To disable SSL 3.0 in IIS 8 (Windows Server 2012):


1. In the Search menu type regedit.exe
2. Right-click on regedit.exe and click Run as Administrator
3. In the registry editor go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\
4. In the navigation tree, right-click on Protocols, and in the pop-up menu, click New > Key. Name the key SSL 3.0.
5. In the navigation tree, right-click on the new SSL 3.0 key that you just created, and in the pop-up menu, click New > Key. Name the key Client.
6. In the navigation tree, right-click on the new SSL 3.0 key again, and in the pop-up menu, click New > Key. Name the key Server.
7. n the navigation tree, under SSL 3.0, right-click on Client, and in the pop-up menu, click New > DWORD (32-bit) Value. Name the value DisabledByDefault.
8. In the navigation tree, under SSL 3.0, select Client and then, in the right pane, double-click the DisabledByDefault DWORD value.
9. In the Edit DWORD (32-bit) Value window, in the Value Data box change the value to 1 and then, click OK.
10. In the navigation tree, under SSL 3.0, right-click on Server, and in the pop-up menu, click New > DWORD (32-bit) Value. Name the value Enabled.
11. In the navigation tree, under SSL 3.0, select Server and then, in the right pane, double-click the Enabled DWORD value.
12. In the Edit DWORD (32-bit) Value window, in the Value Data box leave the value at 0 and then, click OK.
13. Restart your Windows server.

Once you have disabled the protocols, you may test your server at www.poodlescan.com.

Friday, August 29, 2014

Where Threats Live


During the course of a day we sideline lots of bad guys. Some countries are more active than others, and not in a good way. Sign into the Dashboard to see the Top Threats to your server and the countries where they live.

CN84,27273.99%
US3,6963.24%
RU3,5843.15%
UA3,3922.98%
FR2,9922.63%
CA2,0321.78%
KR1,8081.59%
CZ1,5521.36%
HK1,2801.12%
BG1,0880.96%
TH1,0400.91%
RO9600.84%
JP9280.81%
TW8480.74%
TR7520.66%
NL5760.51%
VN5280.46%
DE3200.28%
CH2720.24%
BR1920.17%
BY1280.11%
EC1280.11%
AL1120.1%
AE960.08%
GB960.08%
PL960.08%
SE800.07%
MD800.07%
IN800.07%
IL640.06%
EU480.04%
IR480.04%
ID480.04%
A1480.04%
BZ480.04%
PH480.04%
SA480.04%
SG320.03%
PA320.03%
MT320.03%
MU320.03%
AT320.03%
IT320.03%
ME160.01%
MN160.01%
IE160.01%
GH160.01%
ES160.01%
CO160.01%
AU160.01%

Tuesday, May 27, 2014

404 Error Could Be Your DNS Cache

Overview

Your DNS cache stores the locations (IP addresses) of webservers that contain pages which you have recently viewed. If the location of the web server changes before the entry in your DNS cache updates, you will be unable to access the site. If you encounter a large number of HTML 404 error codes, you may need to clear your DNS cache. This will force your local computer to request new DNS information from its assigned nameservers rather than pull previously retrieved information from its local resolver cache.

How To Clear Your DNS Cache

The following methods allow you to remove old and inaccurate DNS information that may result in 404 errors.

Windows 8

  1. Press Win+X to open the WinX Menu.
  2. Right-click on Command Prompt and select Run as Administrator.
  3. Type the following command and press Enter:
    ipconfig /flushdns

Windows 7

  1. Click the Start button.
  2. Enter cmd in the Start menu search field.
  3. Right-click on Command Prompt and select Run as Administrator.
  4. Type the following command and press Enter:
    ipconfig /flushdns

Windows XP, 2000, or Vista

  1. Click the Start button.
  2. On the Start menu, click Run....
  3. If you do not see the Run command in Vista, enter run in the Search bar.
  4. Type the following command in the Run text box:
    ipconfig /flushdns

MacOS 10.7 and 10.8

  1. Click Applications.
  2. Click Utilities.
  3. Double-click the Terminal application.
  4. Type the following command:
    sudo killall -HUP mDNSResponder

MacOS 10.5 and 10.6

  1. Click Applications.
  2. Click Utilities.
  3. Double-click the Terminal application.
  4. Type the following command:
    sudo dscacheutil -flushcache

Once you clear your DNS cache, your local computer will query its nameservers and begin using newly changed information.