Category Archives: Security

Exchange Microsoft Office365 SSL

Exchange: Replacing certificate for Microsoft 365 hybrid connector’s

When certificates needs to be renewed or changed on (on-premise) Exchange server’s, and you have Microsoft 365 hybrid setup though Hybrid Configuration Wizard, a Office 365 connecter is setup as send and receive:

Receive:
Default Frontend xxxx/EXCH01

Send:
Outbound to Office 365
xxxxx send connector

If you try to delete the old certificate, without setting the new cert for the connectors, you will get this in ECP:
“A special Rpc error occurs on server EXCH01: These certificates are tagged with following Send Connectors : Outbound to Office 365. Removing and replacing certificates from Send Connector would break the mail flow. If you still want to proceed then replace or remove these certificates from Send Connector and then try this command.”

So we need to move into Powershell and replace it, because it cannot be done through the ECP:

Get the thumprint for the new cert:

Get-ExchangeCertificate

So here it is, the top level cert, it’s a wildcard cert, thus the “*.” in the subject name, sorry for the maskings, this is from a non-lab environment

Copy the thumprint to notepad for next command.

Read the certificate subject and thumprint into a variable:

$cert = Get-ExchangeCertificate -Thumbprint <paste the thumbprint in here from previous command>

$tlscertificatename = "<i>$($cert.Issuer)<s>$($cert.Subject)" - Do not change anything here!

The replace the connectors:

Send Connector –

Set-SendConnector "Outbound to Office 365" -TlsCertificateName $tlscertificatename

Receive Connector –

Set-ReceiveConnector "EXCH01\Default Frontend EXCH01" -TlsCertificateName $tlscertificatename

Note: replace the word “EXCH01” with the name of your Exchangeserver like “MY-EXCH01\Default Frontend MY-EXCH01”

Run IISRESET

This is because the old and new certificate have the same “issuer” and “subject”, the set-sendconnector and set-receiveconenctor, cannot thereforem tell the difference, but solution is easy:

Just add another cert on the servers thumbprint to the first script, then run all commands throgh, after that, do the same again, but now with the real cert’s thumprint, and it works ?

Note that if you fail to replace your certificate before it expires (You forgot to), your mailflow between on-prem Excahnge and Exchange Online (365) will stop working and you will see this in the logs:

[Message=451 5.7.3 STARTTLS is required to send mail]

source links:

https://martinsblog.dk/exchange-replacing-certificate-for-microsoft-365-hybrid-connectors/
https://martinsblog.dk/exchange-an-error-occurred-while-using-ssl-configuration-for-endpoint-0-0-0-0444/
https://www.azure365pro.com/replacing-send-connector-certificate/

Exchange Microsoft SSL

Configure Wildcard SSL Certificate for POP/IMAP on Exchange 2010 (PowerShell)

It is assumed you have your SSL wildcard certificate already installed on an Exchange 2010 server.

We use Windows Server 2008 R2 Datacenter x64 in this example.

Open Exchange Management Shell as Administrator and get a list of SSL certificates that are available:

[PS]> Get-ExchangeCertificate

Thumbprint                    Services  Subject
----------                              --------  -------
1F70359DC0BE9CAD58F965A3C110  ...WS.    CN=*.example.com, OU=IT Dep, O=Example Comp...
0F7FF199B11E662621D80700D04F  ....S.    CN=ExampleDC

When you enable the wildcard *.example.com certificate for POP service, you normally get the following error:

PS]> Enable-ExchangeCertificate -Thumbprint 1F70359DC0BE9CAD58F965A3C110 -Services POP
WARNING: This certificate with thumbprint 1F70359DC0BE9CAD58F965A3C110 and subject '*.example.com' cannot used for POP SSL/TLS connections because the subject is not a Fully Qualified Domain Name (FQDN). Use command Set-POPSettings to set X509CertificateName to the FQDN of the service.

The same applies to IMAP:

[PS]> Enable-ExchangeCertificate -Thumbprint 1F70359DC0BE9CAD58F965A3C110 -Services IMAP
WARNING: This certificate with thumbprint 1F70359DC0BE9CAD58F965A3C110 and subject '*.example.com' cannot used for IMAP SSL/TLS connections because the subject is not a Fully Qualified Domain Name (FQDN). Use command Set-IMAPSettings to set X509CertificateName to the FQDN of the service.

Set FQDN for POP service to fix the error:

[PS]> Set-POPSettings -X509CertificateName exchange2010.example.com

Do the same for IMAP service:

[PS]> Set-IMAPSettings -X509CertificateName exchange2010.example.com

Verify POP settings:

[PS]> Get-POPSettings

UnencryptedOrTLSBindings  SSLBindings            LoginType    X509CertificateName
------------------------  -----------            ---------    -------------------
{:::110, 0.0.0.0:110}     {:::995, 0.0.0.0:995}  SecureLogin  exchange2010.example...

Verify IMAP settings:

[PS]> Get-IMAPSettings

UnencryptedOrTLSBindings  SSLBindings            LoginType    X509CertificateName
------------------------  -----------            ---------    -------------------
{:::143, 0.0.0.0:143}     {:::993, 0.0.0.0:993}  SecureLogin  exchange2010.example...

Restart POP and IMAP services:

[PS]> Restart-service MSExchangePOP3
[PS]> Restart-service MSExchangeIMAP4

Source link:

https://www.lisenet.com/2014/configure-wildcard-ssl-certificate-for-pop-imap-on-exchange-2010-server/

Exchange Microsoft SSL

Problems with mail flow after changing email certificate

Problems sending email from onpremises to Office 365 accounts in hybrid environment.

 

When configuring a hybrid deployment, you must use and configure certificates that you have purchased from a trusted third-party CA.

 To check if the issue is related to the certificate part, please manually remove the previously created hybrid connectors both in the on-premises Exchange server and Office 365, re-run the HCW (Hybrid Configuration Wizard) to re-create these connectors using the new certificate, then check if the messages can be delivered.

Security SSL

SSL Server Test

https://www.ssllabs.com/ssltest

Backup MySQL Security SQL Tips & tricks Tutorials web services Windows server

Schedule Mysql Backups to Amazon S3 in Windows server 2008 R2

1 – Access Amazon Services, S3
2 – Create a New Bucket if there’s no one.
3 – Create credentials in  IAM Amazon Services
4 – Download the tool s3.exe for windows, from s3.codeplex.com

read more »

Security SSL

ASP.NET application serve pages only over HTTPS?

To Serve all the pages over https add this to the Application_BeginRequest method in your Global.asax file.

 Sub Application_BeginRequest(ByVal sender As Object, ByVal e As EventArgs)
   If Request.IsSecureConnection = False Then
     Dim ub As New UriBuilder(Request.Url)
     ub.Scheme = Uri.UriSchemeHttps
     ub.Port = 443
     Response.Redirect(ub.Uri.ToString, True)
   End If
 End Sub
 
Security

Worm:W32/Bugbear

Your keyboard has one hour to another to duplicate the accents? This is when you press’ or ~ they come out duplicates? This is a symptom of the virus BugBear, which began to spread over the Internet on September 30.

The BugBear (also called Thanatos) is a virus e-mail with behavior similar to “famous” Klez. That is, when your machine is infected, it begins to send emails from your computer. The big problem is that, like Klez, it “spoofs” the sender, picking a random name from your list of emails. That way, when you receive an email with the virus, possibly the e-mail that is marked as the sender is not the person who is actually sending you the virus. So no point in answering the e-mail saying “your computer is virus.”

The biggest problem is that this virus is a “backdoor”, ie the infected machine as well as send e-mail viruses can be easily accessed by hackers, and your data is completely exposed.

The virus prevents you run an antivirus. If you are unable to open your antivirus, then it may mean that your machine is infected.

Remove viruses from your machine is relatively easy, just delete the files from the virus. The problem is that at the time of infection, the files are created with random names, and therefore we can not know the exact name of the files to be deleted. Anyway, there is the Internet a small utility to remove this virus, which can be downloaded for free at ftp://ftp.f-secure.com/anti-virus/tools/f-bugbr.zip. Just download, unzip with Winzip and run.

If your machine is networked, the virus attempts to spread the network as well. Therefore, if local networks, the entire network must be disconnected before moving antivirus on all machines, because otherwise, you can eliminate the virus from your machine, but if another PC is infected shortly after their PC will be infected again, via the network.

This worm exploits the same bug in Internet Explorer and Outlook that uses the Klez, which means that you do not need to run the attachment (the virus) of a message to your PC being infected. If you install a patch existing security on the Microsoft website at http://www.microsoft.com/windows/ie/downloads/critical/q323759ie/default.asp, your computer will be less vulnerable to viruses from e-mails.
read more »

Microsoft Security

Antivírus gratuito da Microsoft disponível em português

A Microsoft Portugal lançou hoje a versão portuguesa do Microsoft Security Essentials, uma solução gratuita de segurança para os computadores pessoais dos utilizadores do sistema operativo Windows.

Este antivírus está disponível a partir de hoje para download gratuito na página do produto e oferece aos utilizadores de tecnologia Microsoft uma protecção contra vírus, spyware e outros tipos de software malicioso, sendo compatível com os sistemas operativos Windows XP, Windows Vista e Windows 7.

security-essentials

homepage: www.microsoft.com/security_essentials

read more »

Security

Os melhores antivírus gratuitos

O pessoal da Revista Info, através de uma iniciativa muito louvável, testou alguns antivírus gratuitos disponíveis no mercado. Infectando um PC com um pacote com 2.019 vírus da atualidade (daqueles que apagam arquivos, roubam senhas e deixam o computador sem funcionar direito), foram feitos testes de varredura e eliminação e os melhores antivírus foram:

1º – Avast! Antivirus Home Edition 4.8: a interface desse antivírus parece um tocador de MP3. Mesmo diferente, ele remove vírus com eficiência e protege o PC durante os download em redes P2P. É o antivírus gratuito com o melhor desempenho no teste: ele removeu 97% (1.964) do pacote de vírus.

2 º – Comodo Internet Security: o grande lance do Comodo é o seu firewall que protege o PC de ataques externos. Outro destaque do programa é o baixo consumo de memória durante a varredura, só 4,6 MB. Dos 2.019 vírus, o Comodo aniquilou 1.773 deles.

3º – AVG 8.5: popular antivírus que protege contra vírus de boot e de arquivo. Tem funções para programar verificações, limpar e-mails infectados e vasculhar a segurança dos links da web. Foi o terceiro melhor programa no teste do INFOLAB: achou 1.530 vírus no pacote com 2.019 pragas.

4º – Avira Antivir Personal 9: nos testes, o Avira teve um desempenho um pouco melhor do que o AVG: encontrou 1.729 arquivos infectados no pacote de vírus. Contudo, o programa consome muita memória na hora de varredura, cerca de 135 MB. Além disso, ele não verifica vírus de e-mail e nem tem firewall.

5º – Rising Free Antivirus 2009:
feito por engenheiros chineses, esse antivirus tem sistema de captcha (um sistema de verificação por senha) e um recurso para monitorar vírus de pen drive. Apesar das inovações, o programa é fraco na hora de detectar vírus: encontrou apenas 1.070 no pacotão de 2.019.

6º – PC Tools Antivirus Free Edition 6: este antivírus tem uma interface bastante intuitiva e fácil de usar (graças aos comandos autoexplicativos e em português). Só que isso esconde um problema: seu pobre sistema de detecção de vírus. O PC Tools localizou apenas 649 vírus do pacotão, ou seja, 32%.

Vale lembrar ainda que um antivírus deixou de ser apenas um programa que acompanha o computador e passou a se tornar parte indispensável para o uso e aproveitamento completo do seu computador. Sem este tipo de proteção, facilidades como acesso a sites de bancos e a tranquilidade de visitar sites com login e senhas, ficam comprometidas.

source