Alteration in Terminal Server's Listening Port

As I have described earlier about Application Server Security that is securing your Terminal Servers now will describe how to alter listening port of your Server.

It is a well-known fact that TCP port 3389 is used by Terminal Server and Windows 2000 Terminal Services for client connections. Alteration in this port is not recommended by Microsoft. But you can change this port. You have to perform this task carefully, otherwise you will face serious problems.

• You have to give more concentration while modifying the registry. If you want to change the default port, then you have to follow these steps:


• You start with the task of running Regedt32 and go to this key, HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp.


• Then you have to find the port number subkey and notice the value of 00000D3D, hex is for 3389.


• After this, you have to change the port number in Hex and save the new value

If you want to change the port for a particular connection on the Terminal Server, then follow these steps:

• You have to run Regedt32 and go to this key, HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\connection.


• After this, you have to find the port number subkey and notice the value of 00000D3D, here hex is for 3389.


• Then you have to change the port number in Hex and save this new value.


• After performing this, you have to make alteration in the Port on the Client Side.

Follow these steps to perform this:

• You have to open Client Connection Manager.


• Then on the File menu, click on New Connection and then create the new connection. After executing the wizard, you will view a new connection listed there.


• Then you have to ensure that new connection is highlighted. After this, on the File menu, click Export.


• Then you have to edit the .cns file using Notepad. You have to make modifications in the server port, Server Port=3389 to Server Port= new port number, that you had specified on Terminal Server.


• Now import the file back into Client Connection Manager. Then you will be demanded to overwrite the current one.


• If it has the same name, then overwrite it.

In this way, you will receive a client that has the correct port settings to match your Terminal Server settings. Hope it will help you out, Don’t Forget to subscribe to my blog for more tips and tricks on server and Microsoft Server Support Services

Why Reliable Web Hosting is Essential?

For those individuals who have web hosting needs where security and uptime are paramount, the world is a very happy place. Most webhosts can offer uptime guarantees which are above 99%. This figure is enough to make any business owner smile. It does not, however, mean that all of those webhosts that offer this figure are equally reliable. There are other factors involved in webhosting which may not frequently manifest as advantages or disadvantages but, when they do come into play, can make the difference between suffering and surviving an absolute disaster.

Webhosts generally operate out of what's called a "server farm". If one were to visit one of these facilities, they would find racks upon racks of servers humming away and serving up their client's web pages. These farms have certain requirements to ensure that they're reliable and safe. Most importantly, they need to be protected from human and environmental security threats that could compromise the well-being of the sites hosted on them. This is not a simple endeavor and any reputable webhosting company will be more than happy to answer any questions related to their facility. If they're not willing to offer straight answers about their facility, look elsewhere.

A server farm should have a backup system that allows it to keep functioning in the event of a local power outage. This is a basic question to ask of any webhost. It should also be insulated from other environmental threats such as floods, hurricanes and tornadoes. This is a basic measure for any company which does most of its business online. If the site goes down, the business goes down and customers on the Internet are notoriously unforgiving of downtime. To avoid downtime, there is a technology called "fail-over" which means that, essentially, if one's primary server should fail that another will take up the work. Ask about this feature.

Be sure to ask about server security where one's users are concerned. Any webhosting company should be willing to provide a secure server-called an SSL connection-to any one of their clients. This is needed for any exchange of personal data or financial information. Make certain that one's webhost not only supports the sale and installation of this feature but that their technical support can help clients setup and maintain this technology if need be. Oftentimes, solid reliability in a webhost means skilled technical support!

How To Protect Your PC

In the current scenario where computer security issues have come front-and-center for small businesses of all types. And for good reason. Your company's computers contain valuable, irreplaceable data that make them a target for hackers, data thieves and others up to no good.

Keeping your computers and their contents safe and secure is crucial to continued business growth, as well as your personal sanity. A breach in security could be disastrous for you and your company.

Security slips can cause of :

• Lose precious data


• Leak company or trade secrets


• Disclose sensitive customer information


• Unleash viruses on your computers


• Lead to unproductive downtime


• Require time and money to correct

If you do the following following activity, then there is fair chances that your system would be free from virus, spyware or malicious stuffs:

Take Computer Security Seriously
Every business, no matter how small, has computer security needs. If you're operating a network, using email, conducting business through a Web site, using wireless equipment or planning to grow, your security needs can be wide ranging and complex, even for a one-person operation.

Connect with Security Product Vendors Online
A wide range of vendors supply computer security products and services designed specifically for small business.

Get a Firewall
A firewall is a program or hardware device that filters information coming through the Internet to your computer or network. If the firewall detects information that could be destructive to your computers or network, it blocks it. Most small business owners can get by with a software firewall or a firewall that's included in a router (a router is what connects several computers to one modem).

Prevent Viruses
Viruses can clutter your email inbox with virus emails, make your computer run slower than usual and in worst-case scenarios, erase your hard drive.

Install A Firewall [APF] : Secure Your Server

If you are concern about server security or your system. Then you mush have to install a firewall(APF) on your system. Now just follow me to how to install or configure it;

1. To install APF SSH into server and login as root.


2. At command prompt type: cd /root/


3. type: wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz


4. type: tar -xvzf apf-current.tar.gz


5. type: rm -f apf-current.tar.gz


6. type: cd apf-0.9.4-6


7. type: sh ./install.sh


8. After APF has been installed, you need to edit the configuration file.
   At command prompt type: cd /etc/apf
   Then type pico -w conf.apf


9. Scroll down and find
   
   USE_DS="0"
   
   change it to
   
   USE_DS="1"


10. Now scroll down and configure the Ports. The following ports are required for CPanel Servers for example - this may not be exactly what you need, but you can change the list to what you do need.
    
    Common ingress (inbound) TCP ports
    IG_TCP_CPORTS="21,22,25,53,80,110,143,465,953,993,995,2082,2083,2084,2086,2087,2095,2096,3306,6666,7786,3000_3500"
    
    Common ingress (inbound) UDP ports
    IG_UDP_CPORTS="53,6277"
    
    Common ICMP (inbound) types
    IG_ICMP_TYPES="3,5,11,0,30,8"
    
    Common egress (outbound) TCP ports
    EG_TCP_CPORTS="21,25,37,53,80,110,113,#123,443,43,873,953,2089,2703,3306"
    
    Common egress (outbound) UDP ports
    EG_UDP_CPORTS="20,21,53,873,953,6277"
    
    Common ICMP (outbound) types
    EG_ICMP_TYPES="all"
    
    Save the changes then exit. To restart APF type: /usr/local/sbin/apf -s


11. Open a new SSH Session to the server
    
    After you are sure everything is working fine, change the DEV option
    
    At command prompt type: cd /etc/apf
    
    At command prompt type: pico -w conf.apf
    
    
    Scroll down and find
    
    DEVM="1"
    
    change it to
    
    DEVM="0"
    
    
    Save changes, exit and then restart firewall,
    
    At command prompt type: /usr/local/sbin/apf -r

Still you are concern about more security, then we are 24/7 with you for all type of server secirity solutions and services.
So please call us at : 1-866-914-9838 or just login at: http://www.iyogibusiness.com

How about a Microsoft Security Essentials for servers?

Desktop PCs can always be reimaged. It’s a pain, but downtime only affects one person. Servers, on the other hand, need to be up the vast majority of the time. Rebuilding servers affects lots of people, often in mission-critical ways. While most servers don’t spend much time browsing the web or receiving emails, some have quite a bit of exposure.

While every Windows server obviously needs anti-malware protection, terminal servers and others providing virtual desktops or remote access could clearly benefit from the real-time protection promised by Microsoft’s Morro project (now officially known as Microsoft Security Essentials). There are those, in fact, who see it as Microsoft’s responsibility to provide malware protection for all of its products, given their penchant for attracting malicious code.

Unfortunately, MSE is only available for Windows XP, Vista, and 7. No mention of servers. No Googling suggested that server support is in the pipeline. While Clamwin does a perfectly adequate job protecting servers, full-blown server anti-malware solutions aren’t cheap and, again, lack MSE’s near real-time updates.

Then again, would you entrust your mission critical servers to a Microsoft anti-malware solution? Take the survey and talk back below.

Should Microsoft provide a server anti-malware solution?

* Yes! I need to save the money and I want the real-time updates
* Yes they should, but I'd still use a 3rd-party solution
* No, Morro should stay consumer-oriented; I want a robust solution
* Who cares? That's what Clamwin is for
Source: zdnet

Microsoft patches WebDAV security vulnerability in bevy of updates

Microsoft patched a WebDAV security vulnerability in Microsoft Internet Information Services (IIS) Web server as part of its monthly Patch Tuesday bulletin release. In all, the software giant issued 10 bulletins, six labeled critical in a mammoth release of security fixes addressing 31 vulnerabilities.

Microsoft acknowledged the IIS Web server flaw last month after the U.S. Computer Emergency Response Team warned of publicly available exploit code and active exploitation of the vulnerability. MS09-020 patches a remote authentication bypass vulnerability in the IIS WebDAV extension, a collection of tools used to publish content to IIS Web servers. The WebDAV vulnerability, which was discovered by security researchers at Palo Alto Networks, is due to the lack of proper checks on the URL in a WebDAV request, leading to a bypass on IIS directories. Microsoft IIS versions 5.0-6.0 are affected. The update is rated important. If successfully exploited, it could give an attacker elevated privileges to gain access to sensitive data.

Researchers at security vendor Core Security Technologies discovered one of the IE flaws in October 2008. A security zone bypass vulnerability allows a website to perform actions, such as executing code, despite being disabled by the security level of a given Security Zone.

"In this case this is a variation of a previous bug, but this is a very important one," said Ivan Arce, chief technology officer of Core Security. "This is important enough to require people to address it quickly."

Other Microsoft Bulletins:

MS09-018: Two vulnerabilities were repaired in implementations of Active Directory on Microsoft Windows 2000/2003. A remote code execution flaw results in an incorrect freeing of memory when processing a malicious LDAP or LDAPS request. An attacker who successfully exploits the vulnerability could take complete control of an affected system remotely. Also patched was Active Directory Application Mode (ADAM) when installed on Windows XP Professional and Windows Server 2003. This flaw could be exploited by an attacker to conduct a denial-of-service attack. MS09-021: Seven remote code execution vulnerabilities in Microsoft Excel could allow an attacker to gain complete control of an affected system. In order to exploit the flaws, Microsoft said a user must open a malicious Excel file that includes a malformed record object. The update is rated critical for all versions of Microsoft Office Excel 2000. MS09-022: Three buffer overflow flaws in Microsoft Windows Print Spooler could allow remote code execution if an affected server received a specially crafted RPC request, Microsoft said. The update is rated critical for Microsoft Windows 2000; moderate for users of Windows XP and Windows Server 2003; and important for Windows Vista and Windows Server 2008. MS09-023: Microsoft fixed a vulnerability in the way file previews are generated in Windows Search. The bulletin is rated important and could result in information disclosure if the search returns a special crafted file as the first result. The flaw affects Windows Search 4.0 on Windows XP and Windows Server 2003. MS09-024: A critical buffer overflow vulnerability was repaired in Microsoft Works converters. The flaw could allow remote code execution if a user opens a malicious Works file. If exploited, an attacker could gain the same user rights as the local user, Microsoft said. MS09-025: Repairs four flaws in the Windows kernel that could allow elevation of privilege. Three kernel pointer validation errors and a desktop kernel validation error could be exploited remotely or by anonymous users to run code in kernel mode. The vulnerabilities could not be exploited remotely or by anonymous users, Microsoft said. The update affects Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008. MS09-026: Microsoft issued another update to the Windows remote procedure call (RPC) facility. According to the software maker, the RPC Marshalling Engine does not update its internal state appropriately. The bulletin is rated important and affects Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008. MS09-027: Two buffer overflow vulnerabilities in Microsoft Word could allow remote code execution if a user opens a malicious Word file. The flaws could be exploited to take complete control of an affected system, Microsoft said. The update is rated critical for all versions Microsoft Office Word 2000.

Source: searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1358796,00.html

Cloud computing security to grow in 2009

While enterprise users continue to spend a large percentage of their workday involved with messaging activities, the Internet remains a dangerous place for users. Websense, for example, reported that 57 percent of attacks are delivered via the Web. Commtouch found that SPAM accounted for 72 percent of all email traversing the Internet in the first quarter of 2009.

At the same time, today’s economic climate favors cost-effective solutions. IT expects to spend significantly less in 2009 than in 2008 on messaging. Nearly half (47 percent) of respondents expected IT spending to be lower in 2009 versus 18 percent who made similar projections last year.

As such, while server-based solutions will continue to dominate the messaging security market, cloud-based solutions will constitute a growing percentage of purchases. The number of respondents who deployed hosted security services grew by nine percentage points since last year. Over the next 12 months hosted anti-spam services, such as those offered by Kaspersky, Trend Micro and more recently Microsoft, are also expected to show their greatest growth.

Comprehensive security solutions will be particularly hot over the next 12 months. Although the vast majority of enterprises today deal with separate vendors for their various best-of-breed solutions, the number of respondents preferring a consolidated comprehensive centrally managed messaging security solution double while individual best of breed solutions dropped significantly.