Trying to setup a Mimecast Sync Engine Application on Prem out the Box comes up with
“validation failed: invalid mimecast user or insufficient permissions”
This is because by default 2fa is enabled on all Accounts created in Mimecast , you need create a new Authentication Profile and Disable 2fa on this , then assign it to that user group and bind it all together with a Profile
https://www.socketlabs.com/smtp-server-connection-diagnostics-tool/
https://www.adminkit.net/smtp_diag_tool.aspx
Now I will show a flow trace from my computer to 4.2.2.2
diagnose debug reset diagnose debug flow filter saddr 10.22.22.122 diagnose debug flow filter daddr 10.100.1.1 diagnose debug flow show function-name enable diagnose debug enable diagnose debug flow trace start 100 #display the next 100 packets, after that, disable the flow: When complete, you can disable manually with diagnose debug disable
The output, it will show you what interface the connection came in on, because of the function-name enable you will see NAT, Routing, etc, IPS, offloading to NPU and SPUs, etc.
You can also see the sessions using the following commands
diagnose sys session filter clear diagnose sys session filter dst 4.2.2.2 diagnose sys session filter dport 53 diagnose sys session list #show the session table with the filter just set
Use the filter that work for you from a source or destination as well as ports
With this filter, you can clear the sessions based on the filter you created by issuing the diagnose sys session clear NOTE: Without the filter in place, you will clear ALL sessions on the FortiGate. It is always a good habit to run diag sys session filter ? to list the filter you have configured.
You can either use the GUI or the CLI to run packet captures.
diagnose sniffer packet any 'host 8.8.8.8' 4 4 l diagnose sniffer packet any 'host 8.8.8.8 and dst port 53' 4 10 a diagnose sniffer packet wan1 'dst port (80 or 443)' 2 50 l
The verbosity is controlled by the following:
verbose: 1: print header of packets 2: print header and data from ip of packets 3: print header and data from ethernet of packets (if available) 4: print header of packets with interface name 5: print header and data from ip of packets with interface name 6: print header and data from ethernet of packets (if available) with intf name count: number of packets time-format:
a: UTC time l: local time
You can use the GUI by going to Network then Packet Capture then Create .
Disable low Data Rates
To turn off rates 1, 2, 5.5, and 11, you go into the CLI on the FortiGate and use the following:
config wireless-controller vap edit <vap_name> set rates-11a 12-basic 18 24 36 48 54 set rates-11bg 12-basic 18 24 36 48 54 end
Avoid 80+ MHz wide channels in 5GHz and only use 20 MHz channels in 2.4GHz. There are use cases for wider channels, but there is not enough spectrum available today for proper channel reuse in an enterprise deployment or a multitenant environment. You will end up with CCI and ACI (co-channel and adjacent channel interference).
Use the Widest Channel Available
Check your counteries DFS Channels – That means these have special rules and have to coexist with things like weather radar and military functions. When an AP detects a “hit” on DFS it has to change to a non-DFS channel for a specified time in order to free up that spectrum. In some places DFS is nearly unusable because of so many DFS hits. In many cases DFS is usable and frees up spectrum. This allows more channels which also means the potential for using 40 MHz wide channels because you have less chance of CCI and ACI.
No 802.11b Devices = SGI (Short Guard Interval) On , otherwise Off. Use of 11b clients necessitates use of low (non-OFDM) data rates, which forces the use and ripple of protection mechanisms (e.g. RTS/CTS and CTS-to-Self)
Reduce SSID’s and Split Networks using Authentication methods ( Radius -> Corporate , Guest to Guest )
As Google is decommissioning their Google Play Music service you have to transfer to YouTubeMusic
Upon selecting the Transfer link I got
YouTube channel you’re currently using isn’t supported for the Google Play Music transfer.
This is because my Youtube was a brand account
You can move your Brand account to a Google account so that all your music history data is there: https://support.google.com/youtube/answer/3056283?hl=en
if you go to your advanced account settings: http://youtube.com/account_advanced
And choose
After this it will let you transfer
Trying to deploy a MAM policy and the Teams app asked to sign into the Intune Portal App which would not let the user.
This seemed to have worked. I went on to test whether the security worked.
Recently got a second-hand washing machine, upon running through a test wash, the Hot water ran , but never shut off which could have flooded the area.
A washing machine has two inlet valves, one for the hot water and one for cold water. The water inlets on this obviously fails to closed position when shut off ( or it would of started to fill up when I turned the tap on ) but the electronics could not shut the valve to off when needed to only let a certain amount of water in.
You can swap inlet valves yourself with a screwdriver and pliers and they cost around 20USD delivered, you can find them on eBay for the right model Make sure you get the right one , hot and cold water inlets are different
Items checked
Add the account trying to create this as Owner to the subscription
Legacy block ciphers having a block size of 64 bits are affected by a vulnerability, known as SWEET32. A man-in-the-middle attacker who has sufficient resources can exploit this
vulnerability via “birthday” attack By misusing the SWEET32 vulnerability, an attacker can send in a large volume of dummy data and get blocks of ciphertext that matches
that of the organisation.
Attack Process
1. The attacker sniffs all data sent to your customer (external user).
2. The attacker sends dummy data to your server until a key used for a customer matches the attacker’ssession key.
3. Once there’s a match, sensitive data can be decrypted by determining how the key was chosen.
Fix
https://gallery.technet.microsoft.com/Solve-SWEET32-Birthday-d2df9cf1
And
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56
“Enabled”=dword:00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168
“Enabled”=dword:00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128
“Enabled”=dword:00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128
“Enabled”=dword:00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128
“Enabled”=dword:00000000
Default or misconfigured web servers often disclose the version at multiple locations like HTTP response headers, and at error pages. Attackers can perform banner-grabbing against the webserver by using netcat or telnet, which reveals the webserver, version, and operating system.
Using the Registry key.
Create a DWORD entry called DisableServerHeader in the following Registry key and set the value to 1.
HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters
2) 1. Install URLScan (this is a free tool available from Microsoft)
2. Open the URLScan.ini file with a text editor. The file is usually located in the
%WINDIR%System32InetsrvURLscan directory.
3. Search for the key RemoveServerHeader, which by default, is set to 0. Set the value to 1 in order to
remove the Server header.
If Poodle SSLv3 is enabled on any website, then it is vulnerable to a poodlebleed attack. The remote service accepts connections encrypted using SSL 3.0. These versions of SSL reportedly suffer from several cryptographic flaws.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 3.0\Server]
“Enabled”=dword:00000000
Disable SSL V2
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 2.0\Server]
“Enabled”=dword:00000000
A string matching an internal IPv4 address was found on this page. This may disclose information about the IP addressing scheme of the internal network. This information can be used to conduct further targeted attacks. Internal IP addresses are usually hidden or masked behind a Network Address Translation (NAT) Firewall or proxy server. This may also affect other web servers, web applications, web proxies, load balancers, and a variety of misconfigurations related to redirection.
appcmd.exe set config -section:system.webServer/serverRuntime /alternateHostName:”remote.server.domain.com” /commit:apphost
To prevent internal IP address disclosure, take the following steps.
1. Open a command prompt and change the current directory to c:\inetpub\adminscripts or to where the adminscripts can be found.
2. Run the commands
adsutil set w3svc/UseHostName True
net stop iisadmin /y
net start w3svc
This will cause the IIS server to use the machine’s hostname rather than its IP address.
If running the above on IIS 7 you will get :
ErrNumber: -2147463162 (0x80005006)
Error Trying To SET the Property: UseHostName
Diffie-Hellman key exchange is a popular cryptographic algorithm that allows Internet protocols to agree on a shared key and negotiate a secure connection. It is fundamental to many protocols, including HTTPS, SSH, IPsec, SMTPS, and protocols that rely on TLS. The current Modulus being used is a weak one and can be exploited by a determined hacker. Update to DHE-2048 Bits
Fix
Make sure that you have KB 3174644 installed on the affected server.
Run Regedit on the affected server
Navigate to the following Registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SChannel\KeyExchangeAlgorithms
Create a new sub key named Diffie-Hellman (if it didn´t already exists)
Inside that create a new DWORD called “ServerMinKeyBitLength” with the value “00000800” (for 2048 bit)
Problem Description:
UCS-FI-M-6324
UCSM:Package-Vers: 3.1(3a)A
Action Taken:
+ Tried changing the power cap policy from Chassis level to blade level and back to chassis level, fault did not clear.
Rebooted FI-IOM B, all faults are cleared.