Help Fight Spam in Exchange 2003

Spam is a difficult animal to tame, so any product that can help fight it will certainly be regarded by network admins, even more so if it is FREE!

In Exchange service pack two Microsoft integrated an Intelligent Message Filter or IMF. You can use IMF and IMF tools to set thresholds on SPAM Emails. IMF also includes a builtin way to dynamically check Realtime Block Lists (RBL’s). RBL’s are pretty self-explainatory, they are dynamically updated lists that provide domain names and IP addresses of SPAMing sources. Two organizations that are known for keeping great RBL’s are spamcop.net and spamhaus.org. Both of these site even provide up-to-date stats on the world of SPAMing.

In order to use RBL’s from spamcop and spamhaus, follow these steps:

1. Go into your Exchange 2003 System Manager.

2. Go to the Global Settings -> Message Delivery

3. Right click on Message Delivery and select “Properties” from the drop down menu

4. Go to the “Connection Filtering” tab.

5. Click on the “Add” button.

6. For “Display Name” you can add whatever you like, but usually the name of the RBL server is what you want to put in there.

7. For “DNS Suffix of Provider” you will want to put the url to the server - for example the one for Spamhaus is zen.spamhaus.org

8. If you think you want a custom error message, then fill out that field with whatever you want it to be.

9. Finally click OK and the RBL will be assigned to IMF.

As you can see on that main screen there is the ability to have a global accept and deny list with IP addresses, as well as an exception list - this is where you can whitelist/blacklist people in if you like.

After you are done adding your RBLs, click on OK for the main menu and then you will likely get a popup reminding you that you need to activate these rules.

Just like that popup says, you need to activate them - so if this is your first time setting up a connection filter, then go into the System Manager -> Administrative Groups -> and then to the server that you want to activate this on.

Once in the section for your server, then go to Protocols -> SMTP -> Default SMTP Virtual Sever and then right click on that and select “Properties” from the menu that comes up.

1. Under the General tab, click on “Advanced”.

2. Select the port 25 identity and click on the “Edit” button.

3. Check the “Apply Connection Filter” and then select OK all the way out until you are back at the System Manager.

4. Watch you SPAM messages typically get cut in half!

The two filter manager URL’s we used are as follows:
Spamhaus: zen.spamhaus.org
SpamCop: bl.spamcop.net

Disable “Run-Once” from Internet Explorer

I have finally had it with Internet Explorer loading the Run-Once page everytime I open a new browser window. These Microsoft “Features” have to stop! If you are annoyed as I am about this default webpage, just follow the steps below to rid yourself of Run-Once rage.

 

 

Disabling Run-Once
At least relief is not a hard pill to swallow, the fix is actually pretty simple.
1. Create a new notepad document.
2. Paste the following into the document:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

“RunOnceHasShown”=dword:00000001

“RunOnceComplete”=dword:00000001

3. Now choose Save As and save the document as a registry file by choosing Save As Type = All Files and by naming the file Killrunonce.reg.
4. Finally set your new registry values by double-clicking the registry file you just created. (Note: You will need to say Yes to the prompt.)

 

Open Internet Explorer again and you should see your wonderful new homepage and your Run-Once anger will quickly melt away.

Forward, Backward, who cares? It’s just a slash!

I am writing this post partly in frustration and partly because, well … let’s face it we all need a refresher course! As my readers probably know by now, I work and play in the I.T. environment. I am constantly asked a variety of questions both beginner and advanced. One of the things that comes up when troubleshooting any question is the difference between a forward-slash and a backslash. I find it comical, when in the midst of troubleshooting, I can ask a novice or expert to type, backslash backslash (\\), so as to navigate to a network share, and hear the response It’s not working, it says it can’t find the path specified?. After going through multiple other steps to figure out why the server is down or the share isn’t available, I come to find out they type two forward-slashes (//) instead. I am sure many of you can relate, and some of you are probably offended because you too have fell victim to the backslashes evil twin. Just remember that no question is to dumb, so if you can’t remember, just ask!

\\ Happy slashing \\

Conveniently display computer info on your desktop.

This is a very convenient tip that will not only help you but will help those individuals that work on your computer. It is called backinfo.exe and is part of a windows development pack. This little executable will reside in your C:\windows or C:\winnt folder along with a configuration file. Simply create a shortcut to the executable in your startup folder and you will see the results everytime you login.

I have displayed the computer name, number of processors and their speed, total ram, domain, ip address, and login date/time.

 

You can download backinfo.exe here and my sample configuration script here. (Right-Click links and choose Save As to download.)

Now the next time you need to know some quick facts about your computer or server, look no further than your desktop!

Can’t access files on a slave drive?

Recently this question came across my desk by a user who was fearing the worst about his do-it-yourself storage upgrade.

Background: The user had an older machine which contained two drives, one for his OS (Windows) and the other for his files (documents, pictures, etc..). He had a few directories in his file structure that contained personal documents and decided to modify permissions to only allow his username access. Because of his aging computer, he purchased a new machine to replace it.   

Can you see where I’m going with this…?

He un-boxed his new machine and because he had a separate drive for his files, he simply transferred that (slave) drive to the new machine. Unfortunately when he tried to access his personal directories on the file share, he was presented with an “Access Denied” message. Fearing the worst, and not having a backup of his files, he sent me an email outlining his dilemma and asked me for some help.

Solution: The user simply needs to take ownership of the files. Trying to “re-modify” the permissions to include a new username or to include “Everyone”, will not work. I directed him to a Microsoft knowledge base article on how to recover ownership of his files.  http://support.microsoft.com/kb/308421 

 

Following these steps helped him recover ownership and ultimately allowed him access to his files again. I did scold him about not backing up his files though! 

 

Create a hidden share.

This is a pretty simple post but a useful one, that is why I am putting in the Journal section.

If you have ever wanted to create a shared drive or a shared folder but don’t want it to be visible to the entire network you can use a $ sign at the end of the share name to hide it from windows explorer.

This is not a major security precaution, you will need to use specific permissions to deter unwanted users, this is just a means by which you can share a folder or a drive without it being seen by all users on your LAN. To specifically access a hidden share you will need to type the specific share name in your windows explorer address bar. (i.e. \\mycomputer\hidden_share$) Now you can secretly share all those weekend photos with co-workers, without you boss knowing!

Network Lag…

Recently I received a call from an IS manager who described with great anguish, his local network lag time. He reported to me that his client’s access to a local file server was jaw droppingly slow. He went on to tell me that after checking the configurations of the switches and the file server, he did not see any irregularities. He could access other servers on the same network segment but for some reason he was having issues with this particular server.

Here is a visual:

As you can see I ran traces on the different network segments and I focused most of my attention on the file server/ media convert/ switch. I did not find any configuration issues with any of the network equipment and the file server seemed to be doing its job. After running the traces I did notice that packets were being dropped at the file server and runts were being detected.

In my experience physical connections/hardware or configuration is the leading cause of dropped packets. Since my customer thoroughly checked his hardware, the configuration piece could still be a problem. Looking back at my traces, there is one segment that could still be misconfigured. The inbound switch and the client computers.

…Conclusion

As you might expect, there was a configuration issue but it wasn’t as obvious as you might think. The clients were set to auto negotiate and the switch was hard-coded at Full duplex, the Windows clients could not negotiate a duplex with the switch and subsequently defaulted to half duplex, creating a mis-match.

Because of the duplex mismatch, packets were being dropped and therefore never made it to the File Server for acknowledgement.

The dropped packets caused retransmissions from the client, which resulted in huge network latency directly effecting the end-users.

To correct the issue the configuration of the client or the switch will need to be modified to allow proper duplex negotiation.

OSI Review

OSI Model

The OSI isn’t a physical model, rather, it is a set of guidelines that will allow many different operating system platforms to transfer data over a network. The OSI has seven different layers and is divided into two groups. The top three layers (5-7) are used to communicate with the application and the end user. The bottom four layers (1-4) define how the data is transmitted from node to node. The OSI model is a hierarchical structure that consists of seven layers all of which define the requirements to communicate over a network. Because the OSI model is layered, each layer operates independent of the other, this is ideal for implementing new technology without interruption. For example, a packet filter.

OSI Layers

(Layer 7) Application Layer

This is the layer where the users actually communicate with the computer. A great example of someone using the application layer is when you use a browser to access the internet. Every time you click a link or enter a search in a search engine, you are giving a set of parameters to be used to access your network.

(Layer 6) Presentation Layer

The Presentation Layer modifies the data from the Application Layer to be used effectively by all of the other layers. It also translates your incoming network requested data into a useable form for your application.

(Layer 5) Session Layer

The session layer controls sessions between nodes (computers) across a network. It establishes, manages and terminates connections between applications.

(Layer 4) Transport Layer

The Transport Layer allows the transfer of data between end users. It is responisble for end-to-end error recovery and flow control.

(Layer 3) Network Layer

The Network Layer allows the data to be routable through many different physical networks and provides a means for transferrring variable length data sequences.

The Network Layer is responsible for:

addressing

determining routes for sending

managing network problems such as packet switching, data congestion and routing

(Layer 2) Data Link Layer

The Data Link Layer provides the physical transmission of the data and handles errors in the physical layer. The Logical Link Layer (LLC) is responisble for frame synchronization, flow control, and error checking. Most importantly this layer encodes and decodes data packets into bits.

(Layer 1) Physical Layer

The Physical Layer defines the physical medium and electrical specifications of a network. The Physical Layer is responsible for the transmission of raw bit streams and defines the techniques to transfer the bit stream through cable.

Securing your Passwords

Password Security Explored

In this article we will discuss the security issues surrounding passwords. We will show how passwords can be compromised, how to ensure you maintain a good password set, and we will provide links to tools that can be used to audit your passwords’ effectiveness.

A password is usually the first and sometimes the only security defense guarding sensitive data. With all of the modern tools and technology that your business or home network may employ, the password can act as a “window” in a largely inpenatrable fortification. As a systems administrator, I feel that a compromised password may not be a top priority for your IT staff. Large and mid-size companies have other measures in place to protect the sensitive corporate data. A compromised password may effect you more personally though. Because your password is the primary security measure in place, if someone can gain access to your password(s) they can have access to all of the information that password protects. In most cases a person’s password is the same from business to home, which can translate to total access of your personal information. The intruder could then gain access to your business/personal contacts, they can run malicious programs that “sniff” out other passwords (i.e. email, financial) and they can do all of this undetected because you have no way of knowing your password has been stolen.

Password security, like network security, is more of a philosophy. For your password to help protect you, you must help protect your password.

First let’s discuss choosing a password. Since a password is so important to your overall security it should not be chosen in haste. I would highly recommend using a password generator. Password generators create a random password that consists of letters, numbers and symbols in no distinguishable order. These generators can be downloaded to your computer or usb drive, there are also some on-line password generators. At the bottom of this article I will provide links to some well known password generators.

If you choose to create your own password you should keep the following in mind:

• Choose a seemingly random set of letters, numbers and symbols while varying the case. (i.e. TXUu39!Q$66)

• Choose a lengthy password roughly between 8 and 12 characters

• If you have many password protected accounts, choose a password that can be decramented. (i.e. TXUu39!Q$66 -yahooID, TXUu39!Q$65 -googleID, TXUu39!Q$64 -workID)

• Which brings me to my next point … pay attention, this is important … Do NOT use a universal password! If the password to your workID account is compromised then all of your accounts have been compromised. You don’t use the same key for your house, car, and lockbox, do you?

• Finally, memorize! Don’t write your password(s) down and don’t write down an obvious hint. Simply say your password in your head for a while and memorize it.

Next, let’s take a look at what the Bad Guys are doing to compromise your passwords.

Most people today that have a computer also have some sort of Anti-Virus software installed. This software protects you from a variety of viruses and malware programs, including some of the favorite programs used by attackers … Keyloggers. These nifty little programs contain a very small footprint on your system resources and can run in the background collecting all of your keystrokes, web pages visited, and sometimes programs launched. Keyloggers are definitely one of the best ways to spy on a user or set of users on a computer. Keyloggers do not have to be programs run on your machine either, attackers can actually attach a hardware keylogger to the back of your computer (plugged directly into your keyboard port). Needless to say not many people (at least marginally sane people) check the back of their computer everyday for keyloggers! Other methods of obtaining your passwords can be a little more sophisticated, like: wireless traffic sniffing, dictionary attacks, man-in-the-middle attacks, memory image forensics, and much more!

By this point you are probably getting a little paranoid, if you’re not then you should be. These methods I just mentioned and the tools that employ them are being distrubuted over the internet freely and for the use of many different skill sets. Some of these hacking tools have become as easy as clicking a button. So you might be asking yourself, “How do I protect myself from these types of attacks?” The short and disturbing answer is “you can’t”, but that is a result of only the most determined attackers. For the casual kid in the basement attack there are some things you can do to protect your passwords.

Here are a few:

• Create a good password (as mentioned above)

• Don’t share your password with ANYONE

• Change your passwords regularly

• For those of you afraid of keyloggers, try filler characters. If you are entering your password “flower81″ start by typing “fl” in the box, then click away and type rubish “asdkf;lkj” then click back into the box and finish with “ower81″. If a keylogger is present your password will look like “flasdf;lkjower81″.

• Do not go to sensitive areas (like bank websites) when you are unknown or “coffee shop” networks.

• Always look for the “https” or secure lock icon on your browser when entering sensitive areas. (Https means your communication is encrypted)

• Always lock your computer or laptop before leaving it.

• Don’t use important dates or names for passwords.

• I’m going to push this one again … Memorize your passwords!

Following these rules can help deter attackers and help protect you from potential headache or worse, Identity Theft!

As I promised, here are a few links to some great password applications.

Online password strength tester: Microsoft Password Checker

Online password generator: www.techzoom.net/security-password.

Password generator and safe: Keepass (Highly recommended!!)

Secure your communication: PGP

Secure your data: True Crypt

Enjoy!

10 Ways to Secure your Computer

Top Ten Ways to Secure Your System

1. Use anti-virus software and update it regularly.

If you have a PC, antivirus software is a must. Many companies offer antivirus software and some are even freely downloadable.

2. Keep Windows and your other software current.

Keeping your OS and your software up-to-date is crucial. Many patches and vulnerabilitie fixes that can pose a major threat to your software are offered through updates.

3. Strengthen your passwords.

Creating a hard to guess password is, in most cases, the first and only line of defense against an attacker. Try not to use passwords that have significant value to you. There are many random password generators on the web, but if you create your own then be sure to use letters, numbers and some special characters.

4. Enable your Windows firewall or a third party firewall.

Firewalls are used mostly to block ports and malicious internet requests. In most cases using a firewall will hide your existance on the internet from would be attackers. If you use a router you already have a firewall.

5. Use anti-spyware software.

If you are an internet web surfer then you need anti-spyware software. Spyware programs are the annoying programs that tend to make your internet experience and your computer slower. Collecting a bunch of these programs could lead to an alomost worthless computer. There are many free anti-spyware programs on the web.

6. Be cautious of installing computer software from unknown sources.

A big portion of the spread of viruses and spyware today is due to users installing software they “found” on the internet. While the software may look appealing and useful, it may contain viruses and malware code.

7. Be cautious of downloading email attachments from unknown sources

Another great way to transmit viruses and worms is by downloading email attachments from unknown sources. Rule of thumb: if you are not expecting an attachment, don’t open it!

8. Encrypt or password protect your files.

This is especially true if you own a laptop or a thumb drive. A great way to do this is by downloading the free software called True Crypt. I use it and it works great!

9. Secure your wireless connection.

If you are connected to a network wirelessly this step is a must. Without wireless security features such as WEP or WPA-PSK, you are leaving your internet transmissions open for capture. That’s right! By not using wireless encryption methods, hackers can use techniques to “listen in” to your internet browsing. They can gain passwords, account numbers, and other personal information.

10. Back Up! Back Up! Back Up!

I hope we got our point across. Back up’s are extremely important and can save you from a major headache and heartache. Just think of your impressive music collection or all of your priceless family photos … gone in a flash! If just the thought of this doesn’t set you running for an extra hard drive, then the what about all those hours of financial data you’ve set up in Quicken or Money? Your best bet is to find a back up solution and stick with it, trust us.

« Previous Page