Thursday, May 24, 2012

TechNode - Secure your IIS 7.5

OK, everybody knows that some parts of every website (or almost every website) should be secured by SSL,
but some people are not aware of SSL internals as such. I'll try to write some quick tips how to harden our SSL.

First of all check your SSL secured website using this online tool. Default IIS installation with regular SSL certificate (I use StartSSL) should score around 83-85. Now we can try to add few tweaks.

1. Enable TLS 1.1 and/or TLS 1.2 on your Windows 7/ Windows Server 2008 R2 bu applying this patch - link.

2. Open command line, type gpedit.msc and go to Computer Configuration, Administrative Templates, Network, and then click SSL Configuration Setting. Under SSL Configuration Settings, double click the SSL Cipher Suite Order setting.The cipher suites TLS_RSA_WITH_RC4_128_SHA and TLS_RSA_WITH_RC4_128_MD5 must be put first on the line. You can use following list (remember to remove all new lines and white spaces):


Enable your rule and restart your Windows server. After reboot re-run online validation.
The main goal is to get rid of issues related to BEAST vulnerability (read more here).

3. Optionally you can use Nartac's IIS Crypto tool (available for free).
It allows you to configure your IIS to be PCI and FIPS compliant.

After playing around you should be able to achieve around 93 points in online scan and get rid of BEAST attack vulnerability.

Enjoy :)

Tuesday, May 15, 2012

TechNode - Issues with iDrive backup

iDrive works great as a backup tool, but recently I found small issue which (as always) causes big problems.
After one of our servers crashes I was restoring content from backup. The issue was that iDrive doesn't create empty folders even that they exists in backup set - it was especially problematic for VisualSVN server because it was unable to create lock file. After recreating default folder structure everything starts working OK.
Possible solution - create a script which will store and recreate folder structure, at least for common folder schema.
TechNode - How to sync time on Windows 2008 R2 using script?

Create .bat (for examle time.bat) file with following content:

@echo off
w32tm /config /update / 
/reliable:yes /syncfromflags:all

Setup Task Scheduler to run it every day at 00:00.

Thursday, May 10, 2012

Our Chicago node will be down for maintenance on Thursday, the 10th of May 2012 between 10:00AM and 11:30AM GMT.
This year is announced as the IPv4 exhaustion year so it seems very important to get familiar with IPv6 - next generation of IP protocol. It can be achieved by taking a course or certification like the on from Hurricane Electric. After few weeks and passing few tests (some of them require your own environment) you can get Sage level like I did :)
TechNode - How to use 32bit IBM Informix .NET driver on 64bit Microsoft Windows platform

1) Download 32bit version of IBM Informix Driver from IBM's website
2) Extract it
3) Create .bat file (for ex. install.bat) with following content:
@echo off
4) Run the install.bat file
5) After installation completed type in command line:

6) Click "Environment variables" button and set new variable "INFORMIXDIR" and point it to the right directory ("c:\Program Files (x86)\IBM\Informix\Client-SDK-x32\" on my setup)
7) You can now use reference to IBM.Data.Informix assembly which is located in "%INFORMIXDIR%\bin\netf20" directory and compile you project as 32bit.

Wednesday, May 9, 2012

Preparing the lunch of our first publicly available service. We hope that it will be something completely new (OK, maybe not completely) and will change a market a little bit. Probably next week we should post additional details.