Setup & configure a certificate authority on Windows Server 2008

So you host a bunch of internal SharePoint sites, Websites and other internal web applications. You want to secure them with SSL but you cannot afford a certificate from a third party certificate authority right now.  I am going to walk you through installing a new CA, request a certificate, approve a certificate and then install a certificate.

CA Install:

 

Go to start and click on “Server Manager”

Select ”Roles”

 

Click on “Add Roles”

 

Select “Certificate Services” and click next

 

I typically choose “Certification Authority” and “Certification Authority Web Enrollment” and click next

NOTE: I choose the web enrollment so I can request certificates and download them from the web browser.

Read more

Step-by step guide on how to protect your network from spam

Intro

Spam, or more accurately Unsolicited Commercial Email, is still on the rise, with some estimates measuring it at 90% of all email traffic. It’s a nuisance for users, a storage nightmare for admins, and often a vector for phishing attacks and malware. Using a defense in depth approach, this article provides steps an email administrator can take to protect their network from spam.

Step one-user training

Users should be educated on how their actions can lead to or reduce the amount of spam destined for their inbox. Using corporate email for personal use, subscribing to mailing lists, registering their email address for promotions and giveaways, and forwarding chain mails are all vectors that can lead to spam. Consider disabling html support to prevent downloads that can confirm an address is valid, as well as to reduce the risk of email based malware.

Step two-web content

Spammers frequently scan websites looking for embedded email addresses in contact information. Raise awareness with your web developers and establish a policy that all email addresses in web pages should be masked using JavaScript or other encoding that allows a person to click or read the address, but makes it more difficult for a spider to harvest it. Use contact forms when possible instead of displaying email addresses.

Step three-tighten up your SMTP gateway

Disabling the verify command (VRFY) on your SMTP gateway makes it that much harder for spammers to check for valid email addresses. If supported, implement a delay before your server responds to a request with its banner. Legitimate email servers will wait for the 220 response before trying to send email, while many programs/scripts used by spammers will not. Your server can then drop email from this misbehaving sender. If your SMTP gateway supports Quit detection, configure it to drop email that it receives from a host that don’t close the session properly. Legitimate email servers end a session with the QUIT command, but many programs/scripts used by spammers don’t.

 

Read more

How to setup VPN Access on Server 2008

In this post I will cover how to setup and configure a Windows 2008 server as a VPN server. There are several different steps and configurations that need to be done. There are 4 parts to this setup that I will walk through.

Part #1 Installing NPAS and RRAS:

Open Server Manager and open roles

 

 

Click on add roles and add the Network Policy and Access Services role (NPAS)

Click next on the informational screen

On the role services screen choose Routing and Remote Access Services (RRAS) and click next

 

On the next screen click install

When it is done it will give you a screen telling you if it installed successfully or failed

If it was successful click close and choose to restart when it prompts you

Read more

How to Install Skype on CentOS

I am currently studying for the Linux + certification. I work with Linux alot becuase of my web site work. This is typically all command shell through SSH, Webmin, or WHM. I am forcing myself to use Linux on a daily basis as my workstation so I will learn it even more. The flavor of Linux I am using is CentOS. One of the tools I use is Skype. Skype does not have a RPM package for CentOS. This application has to be installed manually. I had to figure out how to get this installed. Here are the steps I took to install this and configure it.

INSTALL:

Skype only comes in 32 bit so if you have a 64 bit machine you need to run the following to install 32 bit libraries. This is required to run the 32 bit Skype application.

yum install glib2.i386 qt4.i386 zlib.i386 alsa-lib.i386 libX11.i386 \ libXv.i386 libXScrnSaver.i386

Read more

Access Window shares in OWA

You can access window network shares through Outlook Web Access (OWA).

 

You need to allow the servers you want users to access first or you will see an error. The error is:  For security reasons, Outlook Web Access is configured to prevent access to this type of document or folder. For more information, contact technical support for your organization.”

 

  • How to add server shares in Exchange:

 

Open Exchange Management Console and expand Server Configuration –> select Client Access Server.  Then right click on the OWA directory –> Select Properties.

 

 

 

Read more

Incoming SMTP blocked by ISA

I ran into an issue with my recently deployed ISA firewall. It was blocking any STMP incoming traffic. This made it so my Exchange users could send  email just fine but could not receive any incoming email. I checked the  Event Viewer and saw this: Event Type:        Warning Event Source:    Microsoft Firewall Event Category:                None … Read more