Wednesday, February 25, 2009

Microsoft Releases Security patch for old Windows versions

Microsoft has rereleased an update that patches a remote code execution security issue in the Graphics Rendering Engine in old versions of Windows. Most users do not have to worry about installing the update.

Microsoft has rereleased a security update that was originally released back in 2005. It was revised to address minor issues "unrelated to the stability of the update or the security of the intended target systems." Most users have already applied this update and don't need to apply it again. The vulnerability is only found in older versions of Windows, 32-bit and 64-bit versions of Windows Server 2003, Windows Small Business Server 2003, Windows XP Tablet PC Edition, Windows 2000 SP4, and Small Business Server 2000.

However, the rereleased update (4.8MB) is only for various editions of Windows Server 2003 64-bit. Server 2003 customers who never installed the previous update will now be offered the revised one. The update should be offered automatically to these users.

When originally disclosed, the vulnerability was given a Critical rating by Microsoft because it included a remote code execution security issue in the Graphics Rendering Engine that could allow an attacker to remotely compromise the Windows-based system and gain control over it. Microsoft Security Bulletin MS05-053 has more information about the security issue that was fixed.

Source: http://arstechnica.com/microsoft/news/2009/02/security-patch-rereleased-for-old-windows-versions.ars

Thursday, February 12, 2009

Windows Server 2003 Security

Windows Server 2003 has some of the following features to help protect your corporate enviroment:

There is now forest trust that allows you to authenticate other companies in your WAN thru Active Directory, this simplifies some security issues for security and network administrators.

Kerberos is now availiable through Windows Server 2003 to allow for better and more secure authentication.

Credential Manager allows secure storage for usernames and passwords as well as certificates. You can now delegate what services can access other resources on your network.

.NET password is now integrated with Active Directory aloowing SSO or single sign on.

RBAC or Remote Based Access Control you can assign more efficient restrictions to manage access to information.

Systems administrators can disallow software to run, with the Software Restrcition Policy. In Windows 2003 you can audit system alerts and even set up audits of individual users!

Account Management logs IP addresses and even calls for Logon and Logoff events.

You can now log security events in real time and export them to a SQL database to anaylze later.

PKI or Public Key Infrastructure is is system of digital certificates and CA or Certificate Authorities to verify you are who you really say you are. This is great for ecommerce systems, think E-Bay. You want to know if your really giving your credit card information to E-Bay or E-fake.

Windows Server 2003 now helps with Wireless 802.1x., you can enable PEAP which is protected EAP for authentication. I suggest using WPA in conjuction. he encrytpion protocl they use is called EFS.EFS uses AES-256 which is very strong encryption. There should be security in depth applied.Two form authentication should be applied such as biometrics and passwords.Take a look at RSA secure ID cards.

Source: http://www.anyarticles.com/Computers-and-Technology/Software/Windows-Server-2003-Security.html

Wednesday, February 4, 2009

Key Small Business Server 2008 Log Files

In SBS 2008 we have centralized the location of log files, all log files will now be placed in C:\Program Files\Windows Small Business Server\Logs. From a server support perspective this is a big plus in simplifying troubleshooting as you will always know where the log file will be located. We have compiled a list of important logs and their associated wizards below.


C:\Program Files\Windows Small Business Server\Logs
Console.log SBS Console Log
CTIW.log Logs events of the "Connect to the Internet" wizard
DCPromo_yymmdd.xxxxxx.log DCPromo that ran during SBS install
DPCW.log Logs events of the "Set up your Internet address" wizard
ERRORLOG.TXT Logs any errors that occurred during SBS setup
ExtSchemaTask.log Logs result of SBS AD schema additions
FinishSetup.log Logs the completion of the SBS 2008 install
GPOTask.log Logs the creation of the SBS Group Policy objects
olsignupwiz.log Logs events of the "Set up your Microsoft Office Live Small Business Web site" wizard
pop3connectorinstall.log Install log for the POP3 Connector
SBSHook.log Logs hooking of SBS install shell to Windows install and runonce modification
SBSSetup.log Logs all events that occurred during SBS setup
adduser.log Logs events of the "Add a new user account" wizard
addgroup.log Logs events of the "Add a new group" wizard
CreateUserRole.log Logs events of the "Add a new user role" wizard
CopyConnectComputer.log Logs events of the "Connect computers to your network" wizard
SBCW.log Logs events of the "Configure server backup" wizard
fncw.log Logs events of the "Fix My Network" wizard
AddMultipleUsers.log Logs events of the "Add multiple user accounts" wizard
FaxRoleInstallation.log Install log for Fax
FaxCW.log Logs events of the "Configure the fax service" wizard
MoveData.log Logs events of the "Move Exchange Server Data", "Move Windows SharePointServices Data", "Move User's Shared Data", "Move User's Redirected Documents Data", and "Move Windows Update Repository Data" wizards
CIMW.log Logs events of the "Configure a Smart Host for Internet e-mail" wizard
TrustedCert.log Logs events of the "Add a trusted certificate" wizard
VPNCW.log Logs events of the "Configure a virtual private network" wizard
C:\Program Files\Windows Small Business Server\Logs\MonitoringServiceLogs
Contains logs for SBS Monitoring and it's associated data collection tasks
C:\Program Files\Windows Small Business Server\Logs\pop3connector
Pop3service.log POP3 Connector log
C:\Program Files\Windows Small Business Server\Logs\WebWorkplace
W3WP.log IIS worker process log for RWW

Please note that you will also find many event log (*.evt) files in the SBS log directory. These files are a snapshot of the event logs at the completion of the SBS install. These are kept for historical purposes and for trouble-shooting installs.