Security

Powershell to disable NetBIOS over TCP/IP

Alex Mags
You don’t need your machines talking to each other via NetBIOS over TCP/IP. Turn this off to cut down on network chatter and reduce your attack surface. The following PowerShell is useful as step during OS deployment (one-off config), or as a Group Policy startup script (every boot). # disable NetBIOS over TCP/IP on new adapter (legacy protocol not required) $NETBIOS_DISABLED=2 Get-WmiObject Win32_NetworkAdapterConfiguration -filter "ipenabled = 'true'" | ForEach-Object { $_.

OS Hardening guides

Alex Mags
In the bad old days Windows would install in user friendly, super accessible mode. You’d then run scripts to lock it down, improving security permissions on registry keys, files and folders, reg tweaks, and potentially break stuff too. There were lots of security guides around. I’d use these NSA guides and tips from McGraw Hill’s Hacking Exposed. Now days Windows comes secure out of the box and you install roles before it’ll do anything.

Lost the administrator password? Break into Windows

Alex Mags
If you come across a machine that has disconnected from the domain, and you don’t have a system to recover the local administrator password, you’ll need to break in. If you have physical access to the machine, and can access the OS files from another OS (disk is not encrypted), then you can make offline changes to Windows. Boot into your Windows Preinstallation Environment (WinPE), typically used for OS deployment. See Microsoft Deployment Toolkit.

Test intranet access from Blackberry and other mobile platforms

Alex Mags
If you’re accessing intranet websites using Blackberries and other mobile platforms like Good for Enterprise you can get Kerberos working to provide single sign-on/passthough authentication. Staff can then browse intranet pages that are secured by Windows authentication, URL filtering or NTFS without having to type in their (probably complex) Windows password on a teeny tiny phone keypad. I use the Active Server Page (ASP) below on IIS to test if Kerberos is working.

Website change alerts with powershell

Alex Mags
Had a requirement to monitor a website for changes. Used free online tool www.changedetection.com. But set up a second monitoring tool using PowerShell and a scheduling system. Remix the following code in your own monitoring projects. Maybe turn it into a function. Maybe test for an expected string (eg the HTML for login form). There’s no defensive code to recover if the website is inaccessible (needs a try-catch there). Could add some code to raise a SNMP trap, or create a support ticket.

Using Microsoft NetMon to troubleshoot application network communications

Alex Mags
Recently showed NetMon to a developer for troubleshooting IntelliJ. The Java development environment app was freezing and we found it was attempting to go direct to Maven central repository instead of our internal repository or out via the web proxy. NetMon is a network capture tool. Rather than showing you raw data like wireshark, it breaks down the traffic into “conversations” per process (and process ID). This makes it easier to see the forest for the trees, or the tree you’re interested in instead of the whole forest.

PowerShell update-help proxy authentication

Alex Mags
PowerShell 3 installs without help files. You download these from Microsoft using the command update-help. Use the following PowerShell to make the .Net web client pass your session credentials to the (auto detected) proxy. Now you can wget, curl or update-help $wc = New-Object System.Net.WebClient $wc.Proxy.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials update-help This tip was from_:_ http://blog.stangroome.com/2013/08/02/powershell-update-help-and-an-authenticating-proxy/

The 10 Immutable Laws of Security

Alex Mags
Attended a security webinar titled 11 Most Effective Ways to Lockdown Active Directory. The 10 Immutable Laws of Security was referenced (in the context of VMware admins having equivalent of physical access to VMs, law #3). Law #1: If a bad guy can persuade you to run his program on your computer, it’s not solely your computer anymore. Law #2: If a bad guy can alter the operating system on your computer, it’s not your computer anymore.