How to setup SSL LDAP between servers?

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - Restoring WindowsXP SP2 Firewall service after malicious software attack Hello! My computer (WinXP SP2 fully patched - including yesterdays patches) was compromised today with brand new attack vector which has done the following: 1. Disabled built in WinXP firewall 2. Downloaded several trojans 3. Crashed system with bluescreen of death 4. After system reboot several applications were infected with trojans 5. Permanently damaged WinXP firewall by uninstalling its service 6. Damaged internet connection sharing service This new vector was send to KasperskyLabs and confirmed to be new malicious software (lab singature [KLAB-1097372]). I am still trying to recover full system functionality after attack and have performed several scans with: 1) rootkit detectors, 2) anitvirus software. 3) sfc tool which was used to restore original windows files Tried to reinstall SP2 as well (orirginal system was SP1) but it did not help in restoring firewall and internet connection sharing services. Anyone have an idea how to restore original firewall/internet connection services? MS documentation is obviously missing in that area and I would prefer to avoid system reinstallation or repair installation. Tag: How to setup SSL LDAP between servers? Tag: 86118
  - 2
    - Microsoft Windows Malicious Software Removal Tool Each month after the 2nd Tuesday security updates, usally there is bundled an updated Malicious Software Removal Tool. A few questions on this: 1. Are we supposed to run this or does it run automatically? I never see anything indicating it has run or any information that we are supposed to run it or what. 2. If you see here http://support.microsoft.com/?kbid=890830 I see a fair amount on the tool _EXCEPT_ the actual name of the executable. How are we suppose to run it if we dont know what it is called? 3. Is it usually installed on the menus somewhere (Windows 2000 Professional)? What should I be looking for in terms of "name" and where on the menus? 4. Is it the same thing as Windows Defender? 5. Seems to me that there is an awful lot of unintentional mystery surrounding Microsoft security tools and far too many of them. So far I know of : Microsoft Base Line Security Analyser Windows Defender (new Beta version & old Beta version) Windows Malicious Software Removal Tool OneCare Are any of the above the same thing as each other just with a rebadged name? Thanks Stephen Howe Tag: How to setup SSL LDAP between servers? Tag: 86112
  - 3
    - This mornings critical update links don't work? Anyone else notice how none of links for this mornings critical updates don't work? Security Update for Microsoft .NET Framework, Version 2.0 http://go.microsoft.com/fwlink/?LinkId=67181 Security Update for Windows XP http://go.microsoft.com/fwlink/?LinkId=66151 Security Update for Windows XP http://go.microsoft.com/fwlink/?LinkId=64331 Update for Windows XP http://support.microsoft.com/kb/916595 Tag: How to setup SSL LDAP between servers? Tag: 86107
  - 4
    - Winlogon.exe issue Dear all, We have intalled a network logon system based on smart cards. We use a Smart Card (and CSP) with a digital certificate inside to boot up the PC's. Some times, in different PC's and with no apparent cause or action with the smart card we get an error from the winlogon.exe process that conducts to a reboot. These exceptions didn't happen before the smart card winlogon installation. All the information we get is that there is a problem with the winlogon.exe process, but we don't know if it is a bug in the OS caused by using smart cards to boot up the PC's or if it is our software (CSP or GINA) which is causing the winlogon process to fail. No debugging is possible because the problem can not be reproduced and the PC is rebooted automatically after clicking Ok in the alert window. As I mentioned before, the exception may happen without accesing to the card (neither physically nor through any software), just working normally with a MSoffice aplication, for example. We have no idea of what may be going on. Has anyone notice this issue before?, Is it an OS bug or may be our software that is causing the winlogon process failure?, Any idea?. Thank's for any clue. Best regrads Fer Tag: How to setup SSL LDAP between servers? Tag: 86106
  - 5
    - How to install LDAP? Newbie O.k., So as not to confuse anyone, I'm gonna start a new thread on this subject. What I've been requested to do is setup an Active Directory server to allow secure LDAP communication between our "Unix" guys "Jabber" server and our Active Directory Services. They tell me they have their end set and ready to go, but they need a server from A.D. listen on a port for LDAP requests. Hand on the buzzer, if anyone knows what they are talking about? I'm not sure what they mean? I thought like previous statements that as long as I gave them an ID in A.D., they could configure their stuff fine, but I don't think that is what they mean? Thanks for the thoughts... -- Matty Tag: How to setup SSL LDAP between servers? Tag: 86093
  - 6
    - New MSSECURE.XML Version 2006.07.11.00 Available This announcement is specific to MBSA 1.2.1 and the underlying MSSecure.XML file that services the MBSA 1.2.1 tool. MSSECURE.XML Data Version 2006.07.11.0 (for use by MBSA 1.2 and SMS 2.0 and SMS 2003 using the Software Update Inventory Tool) was last modified today, July 11, 2006, and is now available for all supported languages (English, French, German and Japanese Today's release contains 7 new bulletins and 6 of which are fully supported by MBSA. The standalone EST tool is required to support detection for MS06-033 (.Net framework). The June EST tool is being re-released for MS06-023. June EST re-release: 1) MS06-023- KB917344 Jscript. This bulletin is supported with the EST tool and affects Jscript 5.1 on Windows 2000 SP4, Jscript 5.5 on Windows 2000 SP4, Jscript 5.6 on Windows 2000 SP4, Windows XP SP1, Windows XP SP2, Windows 2003 RTM and Windows 2003 SP1. New July Bulletins: 1) (MS06-033) - KB917283 .Net Framework, This bulletin is supported with the EST tool and affects Windows 2000 SP4, Windows XP SP1/SP2, and Windows 2003 Server RTM/SP1. 2) (MS06-034) - KB917537 IIS, This bulletin affects Windows 2000 SP4, Windows XP SP1/SP2, and Windows 2003 RTM/SP1 and is supported by the MSSECURE.XML file. This bulletin does not supersede any previous update. 3) (MS06-035) - KB917159 Server Driver, This bulletin affects Windows 2000 SP4, Windows XP SP1/SP2, and Windows 2003 RTM/SP1 and is supported by the MSSECURE.XML file. This bulletin supersedes MS05-027 for Windows XP SP1/SP2 and Windows 2003 RTM/SP1. 4) (MS06-036) - KB914388 DHCP, This bulletin affects Windows 2000 SP4, Windows XP SP1/SP2 and Windows Server 2003 RTM/SP1 and is supported by the MSSECURE.XML file. This bulletin does not supersede any previous update. 5) (MS06-037) - KB917285 Excel, This bulletin affects Excel 2000, Excel 2002, and Excel 2003. This security update is supported by MBSA via the built in Office Detection Tool (ODT). This bulletin supersedes MS06-012. 6) (MS06-038) - KB917284 Office MSO, This bulletin affects Office 2000, 2002 (XP), 2003, Project 2000, 2002 and and Visio 2002. This security update is supported by MBSA via the built in Office Detection Tool (ODT). This bulletin does not supersede any previous update. 7) (MS06-039) - 915384 Office PNG, This bulletin affects Office 2000, 2002 (XP), 2003, and Project 2000, 2002. This security update is supported by MBSA via the built in Office Detection Tool (ODT). This bulletin does not supersede any previous update. What is the Enterprise Update Scanning Tool (EST)? As part of an ongoing commitment to provide detection tools for complex updates for bulletin-class issues that are not supported by MBSA 1.2, a stand-alone tool may be provided for certain bulletins. Microsoft will evaluate the detection and deployment complexity of each bulletin, and provide detection support based on the specifics of each release. When a detection tool is created for a specific bulletin, customers will be able to script running the tool from a command line interface, and process the results using an XML output file. Detailed documentation will be provided with the tool to ensure customers can leverage it quickly. See the following link for details http://support.microsoft.com/default.aspx?id=894193. NOTE: The EST tool is only for use with MBSA 1.2 to support limitations in the MBSA 1.2 scan tool to ensure complete security update detection support for all bulletins released this month. -- Charles Weidner [MSFT] cweidner@online.microsoft.com If newsgroup discussion with experts and MVPs is unable to solve a problem to your satisfaction, feel free to contact PSS for support on the Microsoft Baseline Security Analyzer (MBSA). Information is available at the following link: http://support.microsoft.com/default.aspx This e-mail address does not receive e-mail, but is used for newsgroup postings only Tag: How to setup SSL LDAP between servers? Tag: 86089
  - 7
    - New MSSECURE.XML file still not available ??? Hi, There're some new MS patches released for july 2006 but the MSSecure.CAB file is not up to date on the site http://go.microsoft.com/fwlink/?LinkId=23130 . Please help !!! Usually the file is already released at this time. Thanks for your help. Cedric.AW. Tag: How to setup SSL LDAP between servers? Tag: 86088
  - 8
    - Preventing Access to Network Printers by Computer I have an odd situation in which I need to prevent a particular computer on our network from being able to access/install one of our network shared printers. I can simply tell the user not to install it but if the printer is installed by mistake and a job is sent, it causes the spooler services to crash on both the workstation and on the Windows 2000 server. Is there a simple method in Windows 2000 or AD to deny this single computer from accessing a single printer on the network server while still allowing the computer to print and install other network printers? Tag: How to setup SSL LDAP between servers? Tag: 86082
  - 9
    - Security Patch MS06-023/KB917344 for Jscript 5.6 Win2000 SP4 Does anyone know of a way I can verify this patch has been installed? I have to develop a batch file that checks if patches have been installed or not. Usually I can just check the registry but this patch doesn't appear to leave an entry in the registry or an uninstall file, any idea's appreciated? Tag: How to setup SSL LDAP between servers? Tag: 86080
  - 10
    - Retrict Access to Start/Stop Service I need to allow a user to remotely start and stop a single designated service on a 2003 server machine without making them a local administrator. I attempted to use a security template on the server to specify permissions for this user for the desired service as per KB 325349, http://support.microsoft.com/kb/325349/en-us. However, the user still cannot start or stop the service using both the MMC or the netsvc utility. When using MMC, the error is "Unable to open service control manager database on \\server Error 5: Access is denied." When using the netsvc command, the error is also "Access is denied." Please note that if I make the user a local administrator, they can access all services via the MMC for the server, but the netsvc command still says "Access is Denied". On the other hand, if I log in as one of the domain admin accounts, which is also a member of the local administrator group, and run the netsvc command, I can successfully start and stop the service. At this point I am stuck and either need to resolve one of the existing issues with MMC or NETSVC or come up with an alternate solution. Tag: How to setup SSL LDAP between servers? Tag: 86077
  - 11
    - AD Administrator Password Hi all, I have a friend that manages a Windows 2003 Server AD Network. He forgot the Administrator password and also don't remembers stand-alone administrator password as well. How can he recover or reset Domain Admin password? Thank's in advance. Pedro L. Tag: How to setup SSL LDAP between servers? Tag: 86075
  - 12
    - Windows 98 / ME Support Ended Microsoft ends support for 98[se] / Me. For more information on the timeline, and potential attacks on 98 users: http://www.theregister.co.uk/2006/07/11/ms_ends_windows98_support/ -- - Mark Randall http://www.temporal-solutions.co.uk "We're Systems and Networks..." "It's our job to know..." Tag: How to setup SSL LDAP between servers? Tag: 86072
  - 13
    - Questions about CDP an AIA distribution points Hi I want to install a PKI test environment. I take the recommendation written in the dokument "Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure". http://technet2.microsoft.com/WindowsServer/en/Library/091cda67-79ec-481d-8a96-03e0be7374ed1033.mspx?mf r=true Now I have some questions about CDP an AIA distribution points. For the offline Root CA I design the distribution points in printed order 1. %WINDIR%\system32\CertSrv\CertEnroll 2. http 3. LDAP I want to assign the parameters with the following script certutil -setreg CA\CRLPublicationURLs "1:%WINDIR%\system32\CertSrv\CertEnroll\%%3%%8%%9.crl\n8:http://pki.ww-intern.de/certdata/%%3%%8%%9.crl \n10:LDAP:///CN=%%7%%8,CN=%%2,CN=CDP,CN=Public Key Services,CN=Services,%%6%%10" certutil -setreg CA\CACertPublicationURLs "1:%WINDIR%\system32\CertSrv\CertEnroll\%%1_%%3%%4.crt\n2:http://pki.ww-intern.de/certdata/%%1_%%3%%4.c rt\n2:LDAP:///CN=%%7,CN=AIA,CN=Public Key Services,CN=Services,%%6%%11" Now I have some questions to the parameters befor the protocol value. In AIA I get the parameter value 1 at file or LDAP when I take it out of the table for AIA properties Include in the AIA extension of issued certificates = 1, recommendation set Include in the online certificate status protocol (OCSP) extension = 2, recommendation clear I the Best practice document is the scipt displayed with parameter 2 for both values. Is this an Error in the document or do I make a mistake in calculating the parameter values. The same probles are in CDP extensions and in AIA and CDP for the policy and Issiung CAs. Can someone define the correct procedure ? For the Issuing CA at first place in distribution points I want to set the HTTP path (like displayed in document). If there is an XP client with membership in the AD domain is the order of CDP or AIA extentions like displayed or is for the XP Domain member the first distribution points the LDAP path independed from the definition on CA. Thank you for help Ingo Tag: How to setup SSL LDAP between servers? Tag: 86063
  - 14
    - HELLO HIYA -- \m/ O_O \m/ Laura..... :) Liverpool, England Tag: How to setup SSL LDAP between servers? Tag: 86057
  - 15
    - Forcing XP Clients to use NTLM instead of Kerberos Authentication Howdy We are in the middle of an in-place upgrade from NT4 to Windows 2003 SP1 AD. We are using the NT4Emulator key as a transitional step to prevent Windows XP SP1 clients from using Kerberos for a range of reasons. We are about to neutralize all machines in our upgraded domain which will mean that all clients will begin to use Kerberos once their secure channels are reset. We have chosen this method over simply removing NT4Emulator as it gives us a better back-out option (i.e. we can selectively back out machines from Keberos without having rejoin the whole fleet to the domain). My question is - once we remove the Emulator keys from the Domain Controllers and all the clients are using Kerberos, is there any way we can force the clients to use NTLM? The reason I ask is that we are concerned that Kerberos may break some of our key applications and would like to ensure that once the emulator is removed, we have an alternative to revert to NTLM without rejoining everything to the domain. Regards, DB [Note: This is a cross post as the topic was noted as less applicable in the Windows XP Security newsgroup] Tag: How to setup SSL LDAP between servers? Tag: 86047
  - 16
    - firewalls vs. wireless Hi. I have a McAfee firewall 6.0, but even if you don't have this particular firewall you might be able to answer my question. You can also consider this a question about firewalls in general. My configuration: wall socket from cable company, from there a cable to my cable modem, from there a cable to my router, from router to adapter on computer in different room a wireless connection, WPA-PSK security. No other devices in network. What is the place of the firewall in the configuration ? WHAT I'D REALLY LIKE TO KNOW IS IF ANY (INCOMING) DATA THAT GOES THROUGH THE ADAPTER ON THE COMPUTER, WILL AFTER THAT WILL HAVE TO GO THROUGH THE FIREWALL. Or is it possible to connect wirelessly to my computer without having to go through the firewall ? (wl-143 sitecom router and wl-142 adapter) Please ignore the issue about WPA-PSK security. Thank you. Tag: How to setup SSL LDAP between servers? Tag: 86042
  - 17
    - FTP and it's security Gurus, Everyone knows that FTP is inherently insecure. What with it's passwords sent in clear text and the un-encrypted data stream. But what about using a program like WinZip to encrypt the data that is being FTP'd? Wouldn't that meet today's security standards, especially in a situation where an FTP hosts only accepts data from a certain IP address? We have a government manager who says FTP is insecure and wants to implement an SSH solution. I say we have no time to do that an that WinZip encrypting the documents being FTP'd out are good enough. I don't need more work I am already busy enough. -- Spin Tag: How to setup SSL LDAP between servers? Tag: 86041
  - 18
    - How to clean AD from enterprise certification authority I noticed that somebody played with C.A. and removed th autority but there is still some traces in the configuration partition in AD. Can I safely remove it with ADSIEDIT or is there more precautions and cleanup to do. Thanks Tag: How to setup SSL LDAP between servers? Tag: 86038
  - 19
    - Enrollment agent cannot enroll on behalf of a user... Hello, I've got an enterprise certificate authority. When I try to request a certificate on behalf of a user the root certificat authority is not retreived nor shown in the web page. IT as worked... I get an error in the server event log : Active Server Page Id 5 "The Template Persistent Cache initialization failed for Application Pool 'Application_Pool_Name' because of the following error: Could not create a Disk Cache Sub-directory for the Application Pool" A client can successfully request a certificate from the webpage. I checked a lot of things but cannot find the problem! Thanks for your help Tag: How to setup SSL LDAP between servers? Tag: 86036
  - 20
    - QoS??? What Quality of service (QoS) will we worsen, if we use a more rigorous detection system of intruders? thnaks Tag: How to setup SSL LDAP between servers? Tag: 86027
  - 21
    - How to create a LDAP service account user and assign permissions I want to setup an account in AD that allows some third-party systems to query the AD using LDAP or secure LDAP to validate users credentials. We have systems like WebSense that need to use a special LDAP account that has rights to validate users ID and passwords before they are allowed access to the Internet. How to I get this to work? Tag: How to setup SSL LDAP between servers? Tag: 86022
  - 22
    - BLOCK SKYPE Skype can be blocked in ISA 2004 if you allow only AUTHENTICATED USERS instead of ALL USERS, this will allow authentications methods which Skype is unable to overpass..... I have tried and Works!!!!!! Tag: How to setup SSL LDAP between servers? Tag: 86018
  - 23
    - CRL CDP LDAP question... Is there a tool that will validate/fetch a CRL via a LDAP distribution point? A windows tool would be ideal. But I'll take anything. Thanks in advance Tag: How to setup SSL LDAP between servers? Tag: 86017
  - 24
    - Windows Defender nor running scheduled scans I recently installed Defender beta 2 and scheduled it to run at 2am every morning but it will not run. Does any1 know how to fix this. Is ther a solution wher are all the so called experts????????? Is any1 else experiencing the same thing Tag: How to setup SSL LDAP between servers? Tag: 86016
  - 25
    - permanent solution to viruses Did you ever wonder....do antivirus companies genuinely hope that hackers will have a change of heart and stop trying to infect other people's computers? That's obviously not the case. For the antivirus companies, such as Norton, a reduction in number of hackers/viruses would cause their business to fail. Norton, like law-enforcement, THRIVE BECAUSE of the bad things that people do. This in and of itself is not a bad thing. But now I'm gonna show you my point. If you found out that by sitting at your computer for a mere 5 minutes a day, you could generate thousands of dollars in revenue for your company each month, would you do it? Of course you would. What business owner would take steps to make sure she MISSES OUT on this money-making opportunity? Well now... if companies like Norton thrive on the existece of hackers (sort of like Satan, who is responsible for keeping the church in business), then what exactly would prevent the stock-owners of that company from hiring anonymous geeks to spread new viruses, thus ensuring Norton will be continually needed in the future by ignorant poeple who shore don't want any viruses? Perhaps you are familier with CPS (Child Protective Services). Know what happens if the reps they hire go too easy on the families accused of crimes against children? They ensure that their local CPS office will have progressively less and less work, and eventually ensure the future loss of their job. How can they avoid this? By turning mountains into molehills. If your child falsely accuses you of abusing them, you can be sure CPS will justify their continued future employment by dragging you through the courts, threatening to take away your child if you don't conform, or threating not to give the child back. Wow, ain't nothing like drumming up business for yourself which guarantees your own employment security, amen? This CPS thing is an analogy to the antivirus companies. In short, the very idea that they truly wish all hacker would come to know Jesus and stop this virus stuff immediately is ridiculous. It doesn't take a rocket scientist to figure out that IF companies like Norton secretly hire hacker to continually infest the internet with ever-new viruses, they assure themselves a very prosperous future in that business. The analogies are endless. Suppose a cop gets a mean talk from his Sergent for not fulfilling his monthly quota of arrests? Being in the privileged position he is in, what could he do to make his boss very happy? You guessed it, start arresting people more often when he otherwise would let the issue die with just a warning. Speeding tickets are so easy. If his boss says he ain't giving out the full quota expected, he can just start pulling people over for doing 60 in a 50 mph zone, instead of waiting to zap the 70 mph speeder. Hell, why not carry a little cocaine around in a plastic bag on the job (whose gonna frisk a cop?), and the next time he's called to the scene of a relatively calm situation, he can request to search the car, or have it towed away then searched if they don't comply (guaranteeing the driver will allow the search), and he can plant his cocaine on the guy, and be the hero of the day back at the cop shop. Think about it....that cop will lose his house and credit cards and probably his family if we all started obeying the laws of the land like paranoid monks. It should now be as clear to you as the sun on a cloudless day at noon....that antivirus companies can be fully expected to guarantee humanity will need them in the future by spreading newer and newer virus threats themselves. Now that the sermon is over, you don't need antivirus software to stay safe from the onslaught of online hackers. All you need are two hard drives and one copy of Norton Ghost. Use one hard drive for your operating system. Use the other for storage only. Run Norton Ghost and make a back up of your operating system before you surf the internet. Now surf all you please. If your computer starts manifesting symptoms of spyware/virus infection, such as slowing down, acting inconsistent... simply run Norton Ghost and tell it to replace your current operating system with the pristine back up copy. Now you've surfed where you wanted, and it only took 5 minutes of Ghost Restore to put your computer back in perfectly clean top running shape. Now unless you only surf hacker/porn/illegal/cracks type websites, you should be able to access your hotmail, yahoo, use google to search and click on the search hits, for at least a month before you find it necessary to run Ghost and restore your computer. Personally, I have my computer set up to automatically run Ghost every night after I go to bed. I am greeted in the morning by one beautiful woman and one very clean and virus-free computer. The only sacrifice you have to make is that whatever you download from the internet or save from cd-rom, must be placed on the second hard dive, where the Ghost back up files are. Cuz if you just download stuff to your desktop, theywill all be wiped out with everything else as soon as you run the ghost restore. I haven't used virus protection for the last three years, and yet I surf the internet sometimes up to 10 hours a day (I'm retired, I hope you get something more out of this post than the mere shock that other poeple have no kids and more time than you. Here's a parting thought: You realize that you have to download ANTI-virus definitions, so that you antivirus software knows what to look for to disinfect your computer, right? Those antivirus definitions, though small, are nevertheless all necessary to make sure your computer doesn't get infected by any of the thousands of viruses that are out there now, and that have been around since 1996. Ever wonder how much space those definitions are gonna take up on your hard drive after 10 years goes by? In the year 2016, you will all probably need an extra 200 gig hard drive just to hold all the anti-virus definitions that will be necessary to keep up with 10 years of new viruses! But don't worry...I'm sure Norton and Microsoft will figure out a way to get you those extra hard drives real cheap. Ain't that just sweet of them? I never wait around to hear you say thanks. I KNOW you are thankful that my parents met each other. Just look down whenever I walk by and we won't have any mess, kapeesh? Tag: How to setup SSL LDAP between servers? Tag: 86010
- Next
  - 1
    - Question regarding Cryptographic Hash ... Sorry for posting this purely theoritical question in this forum. Members may say that this question better suited to be posted in any other newsgroups. Since, I am not clear where exactly to post this question, and this forum also deals with security, I have posted it here. With a thought, that many members must be knowing in details of Hashing algorithm they use, here goes the question: I was asked a question in B-Level exams for Network security. Long after 6 months, the question still remain unanswered to me. I am very interested for getting answer for this question. Can you please elaborate on this ? ------------------- Consider the random cipher model with random variables M, C and K for plain text, cipher text and key, respectively. Give an interpretation in cryptographic terms of this equation: H(M,C) = H(M) + H(C) Also specify an example of a cryptosystem, which has this property. ------------------- As far as I know, this is computing Hash of M and C separately and cancatinating them. Also, it claims that when a Hash is computed with M and C (combined), it is same as the cancatination. Is it possible given the rules of strong hash functions? Anyway, the above was my Interpretation, please let me know the Experts comments on this. Thanks, *(Vipul)() ; Tag: How to setup SSL LDAP between servers? Tag: 86009
  - 2
    - Security Updates BOOCOOP@HOTMAIL.com Why does my computer log off several times a day? I get the message "windows has currently dowloaded and installed an important security update......." Tag: How to setup SSL LDAP between servers? Tag: 86004
  - 3
    - How to restrict users to access web pages all exept one Hi, I should set up a computer to a stand. How could I simply restrict users to freely browse the internet - all except the one site that we would want? Internet options seem to have very little tools for that. Should I really buy an extra software for that purpose? TIA, Mika Tag: How to setup SSL LDAP between servers? Tag: 85993
  - 4
    - The Oscarbot.IV, Peerbot.B and Netsad.B worms Oscarbot.IV is a worm that opens several communication ports on infected computers, allowing attackers to access the system remotely. It also drops the Protestor.A Trojan on the system, which can capture screenshots and steal user data. Oscarbot.IV spreads via America On Line Instant Messenger, sending messages to all active user contacts. When run, it is installed on the system as a service called "Windows Genuine Advantage Validation Notification", trying to pass itself off as a Microsoft antipiracy service and ensuring it is run on every system startup. Peerbot.B can open a backdoor to receive commands from an attacker via IRC. It can also steal data from SQL Server or Mysql databases on the computer, which it then sends out via email. When run, the worm creates several files on the system, such as Taskdrv.exe (a copy of the worm itself) and Libmysql.dll, a library belonging to the Mysql database. Peerbot.B can spread using email or P2P file-sharing programs. It creates numerous files in the shared folders in P2P programs under names that refer to cracks for well-known applications and games. When other users of the P2P program run a search, they could find the infected files of the initial victim among the results. To avoid detection, Peerbot.B terminates a long list of processes related mainly with security tools, firewalls or even other malware. It also modifies the hosts file to block access to web pages related with security products. Netsad.B is a worm that spreads as an email attachment, using messages such as "sharing files is the essence of living". It also uses several P2P applications, including Kazaa or Emule, creating copies of itself in shared folders so that it can be downloaded by other users. Netsad.B can only operate if the computer has Microsoft .NET framework 2.0. When run, it creates a copy of itself called winservices.cab.bak.exe in the Windows system folder. It also creates copies of itself with a variety of names, including some related to antiviruses, in the other system drives. In order to remain hidden, the worm terminates a series of security-related processes, leaving the computer vulnerable to further attack. Tag: How to setup SSL LDAP between servers? Tag: 85990
  - 5
    - AD Security reporting tool Dears; How I can get a reporting tool for w2k give me whole details of users security informations and permitions on all the active directory? Tag: How to setup SSL LDAP between servers? Tag: 85989
  - 6
    - Monitoring Servers Hey guys, I've been a lurker here for a while, but I need some specific answers on this one. I have a network with about 14 windows 2003 servers, Exchange 2003, and also host two website in house. We have a PIX firewall and an IDS System on the outside of the PIX. But I really need a good solution for securing and monitoring our servers and network. right now I really have no way of telling if someone has gotten in to our network.Can someone give me some ideas? thats for all the help L Smith Tag: How to setup SSL LDAP between servers? Tag: 85987
  - 7
    - Securing a Mobile 5 Device Hello all, I am cross posting to Security and SBS since we are an MSBS with our M5 devices connecting to SBS environments. We are migrating our organization, and subsequently clients, from Palm to M5 devices. On the Palm, we have an easy to manage encryption software package that encrypts data on the device and on the SD card. Is there anything out there that is reasonably priced for small business that is similar in its abilities? We are looking to encrypt the Outlook data on the M5 device itself, since it contains sensitive information... The remote wipe will not work if the unit is in a faraday cage or in some way radio isolated. It also will not take care of the data on any media cards inserted in the M5 device. We are also looking to encrypt the contents of the media cards. Any help pointing us in the right direction is greatly appreciated! Thanks, Philip Elder MSBS Tag: How to setup SSL LDAP between servers? Tag: 85986
  - 8
    - Invalid Digital Signature in Certificate Dear All, I have a digital certificate which when opened (double-clicking) with Windows 2000 Professional or Windows XP shows the following error message "The integrity of this certificate cannot be guaranteed. The certificate may be corrupted or may have been altered" The same certificates opens up without any such error in Windows 98/Windows NT machines. Is this any Patch problem ? If yes, Please let me know which patch has to be applied? Tag: How to setup SSL LDAP between servers? Tag: 85985
  - 9
    - Problems with SQL Server after installing security updates Hello I have SQL server with service pack2, and i just installed the hotfix for the worm which came out few weeks back, after installing the fix i am unable to connect to my local SQL server, though am able to connect to remote SQL server instances, but when i try and connect to the local SQL server, the whole thing just freezes... Tag: How to setup SSL LDAP between servers? Tag: 85980
  - 10
    - two-factor authentication for both local and remote login Can anyone here suggest a solution for two-factor authentication (e.g., password and USB key) that would work both for normal Windows login (i.e., user is sitting at PC) *and* for remote login via Remote Desktop (or some equivalent remote access solution)? The solution must support the *same* two-factor method for *both* kinds of access. Cheers, James Tag: How to setup SSL LDAP between servers? Tag: 85978
  - 11
    - Local Certificate Authority Server Hello I have configured an enterprise Certificate Authority Server that will issue each email user a USER Certificate for Digital Signature purposes. On our internal email with digitally signed mail we can read the email but when I mail a free mail servers like yahoo or gmail the message is place on a smime.p7m file. How can our local CA server be trusted? Tag: How to setup SSL LDAP between servers? Tag: 85974
  - 12
    - Computer(s) keep trying to crash on me. It seemed to start about 6 months after I bought a new computer from infotech. It is running XP pro, has an MSI motherboard and cable modem. I was running Defender antivirus and firewall, but someone was able to disable the firewall and antivirus (from a remote location) without me noticing. I usually turn the computer off at night, or if I won't be using it for a while, but evidently the computer doesn't need to be on to access it remotely. Anyway, I turned it on one morning and noticed the display was different, the mouse and keyboard both had their drivers removed and all my email was gone. Shortly after that you could hear the harddrive running like crazy. I assumed it was a virus, so i tried going into msconfig to turn most of the stuff off. I noticed windows explorer was running, along with remote desktop and a few other web-publishing programs most of which I have never used. When I attempted to restart the computer, all I got was a "no operating system found" error. I have lots more info, but no time right now to go into detail. If anyone has had a similar problem or has any suggestions, I would appreciate it. Thanks!!!! Tag: How to setup SSL LDAP between servers? Tag: 85970
  - 13
    - CA store Windows has a Certificate store Manager; Tools>Options|Content tab and click [certificates]. There are [import and export] and [Advanced] buttons. How do I get an CA digital ID out of there for use in email. Why is this a problem for users when seeking digital ID for encryption algorithms of work data? Tag: How to setup SSL LDAP between servers? Tag: 85968
  - 14
    - Permissions I need help here. I have a SBS2003 network with a member server running Windows 2003 Server. I have setup volumes on the machine, i.e. H, T, V drive etc... Now, what I have done is I have shared out these volumes, e.g. T drive with the Share to have Everyone=Read. The Security tab also has the same, Everyone=Read. Now, a user has setup a folder in T drive (called EEE) and shared this as well. This time, the share permissions are for that user only=Full Control, and in the security tab that user is set to=Full Control. Via Network Neighbourhood>Windows Network>etc... the user can paste into the subfolder in T drive (shared as EEE) with no problem, but when he goes through machinename\T\EEE he is unable to. He does not understand the fact that right-clicking the EEE folder has the same permissions (i.e. Full Control is greyed out) but going in via the correct share he will have different rights. He believes that no matter what, that user has the same permissions via any share he goes through on T drive - i.e. T or EEE. Furthermore, I need to understand the logic myself before I speak to him, so please can someone make me understand this. Thanks, S Tag: How to setup SSL LDAP between servers? Tag: 85962
  - 15
    - Excel Attempts to contact Akamai.com every time it's started Can anyone tell me why Excel (2002) has just recently started to try to contact akamai.com every time I start it (Excel) up (I know this because my Firewall intercepts the attempt) and how I can stop it from doing so Tag: How to setup SSL LDAP between servers? Tag: 85960
  - 16
    - Hotmail Hacked Hello, My other hotmail account was hacked and consequently money stolen from my paypal account. How can I contact hotmail to tell them this and have them close my account? Lucas Tag: How to setup SSL LDAP between servers? Tag: 85953
  - 17
    - looking for a suitable proxy Hi. I've posted about proxy's before, but now I know better what and how I want to protect myself. Using security services that have a very high security, such as those that send heavily encrypted data, can be counterproductive and attract attention, because someone who would use one of those would probably have something to hide. Wouldn't the NSA or the Israelities/israelies (?) be interested ? I'm just looking for a secure proxy, without taking extreme measures with regard to security. A proxy service through which a lot of traffic would go would be good, I'm less likely to be noticed that way. In the first place I want to protect myself against criminals, hackers, nosy people, organizations and yes, I don't want Big Brother (the state) looking over my shoulder. A proxy in control by a non-profit organization or some other organization that would fight for my privacy, even if pressed by law or security officials or advanced social engineering, would probably be good. Is more anonymity better ? I wonder in which Homeland Security would be interested ... Also important is speed. Often, proxies slow down speed, and I'm using a broadband connection. Essentially my computer name AND IP are static, would proxies hide them ? I know you can't get 100% anonymity, but that's ok. What about www.the-cloak.com ? I live in Western Europe. Any recommendations ? Thank you. Tag: How to setup SSL LDAP between servers? Tag: 85950
  - 18
    - Permissions Removed from Folders Mr. Sanders, is correct. You would need to take ownership of the folder/files and then assign the desired permissions. Tag: How to setup SSL LDAP between servers? Tag: 85947
  - 19
    - SSL/TLS & renegotiation and Internet Explorer Dear All, I am working on my own server that supports SSL, both with and without client authentication. I am in the process of implementing a feature which allows the server to prompt the user to provide his digital certificate whenever he tries to access a resource that requires client authentication. So whenever i get a request for such a Page then my server sends a SSL HelloRequest to the Client thus initiating a SSL renegotiation. The server caches the HTTP request in its Session buffer before it initiates the renegotiation. So, the client re-initiates the handshake by sending the 'client-hello' packet (encrypted with the session key negotiated in the previous session) and the server reciprocates with the serverhello, server cert, client cert request and server hello done packets, all encrypted with the older session key. At this stage, IE closes the connection with the server and prompts the client to choose his digital certificate. When the client chooses the certificate it re-initiates the handshake, establishes a new connection and then starts the handshake process again with the 'client-hello' packet. Now, at this stage I am not sure how to link up the old SSL session and the new SSL session on the server side. Actually I have to forward the HTTP request to another backend server, get the response and forward it to the IE client. My question is how do i link the old and new sessions that i have established with the Internet Explorer. Is there anything that will be common between the two sessions Any help on this would be greatly appreciated. Regards Tag: How to setup SSL LDAP between servers? Tag: 85946
  - 20
    - All permissions removed from folders One of my customers has removed all groups and all permissions from several folders on a Small business Systems 2000 Server. So far all attempts to regain any kind of access or control have failed. Is there any way at all, or perhaps a tool of some kind, that would allow me to manually assign Administrator rights to these directories? Tag: How to setup SSL LDAP between servers? Tag: 85944
  - 21
    - Essentials of Biometrics Training Course Essentials of Biometrics" is set at an introductory level and requires no previous specialist knowledge of Biometrics. The main focus of this course is on:- Raising awareness and understanding of the Biometrics technology in layman's terminology. Providing a comprehensive understanding of the different Biometric technologies. Highlighting the key considerations for implementing a Biometric solution within a security system. Providing an overview of current Government and private sector applications. This course will be useful for managers, senior management, security consultants and anyone who needs a general understanding of Biometrics. By the end of this course the delegates will: Gain an up to date basic knowledge of the Biometrics technology Gain a view of how Biometric applications can best be implemented Understand the factors affecting the performance of a Biometric application Appreciate the social and ethical issues Learn how governments and private sector areas are adopting the technology Availability: July 25th 2006 Fully Booked August 22nd 2006 Fully Booked September 26th 2006 Spaces Available November 7th 2006 Spaces Available November 28th 2006 Spaces Available A synopsis of the course can be found at www.identitysolutions.uk.com/training.html Tag: How to setup SSL LDAP between servers? Tag: 85934
  - 22
    - 'C:\Windows\System32' window pop up at startup Hi, When I start up Windows XP, folder 'C:\Windows\System32' always pops up. I following the suggestions from some articles, and created the following message. Could anyone suggestion how should I proceed? Thank you very much! Key Name: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Class Name: <NO CLASS> Last Write Time: 7/5/2006 - 8:32 AM Value 0 Name: MSMSGS Type: REG_SZ Data: "C:\Program Files\Messenger\msmsgs.exe" /background Value 1 Name: ctfmon.exe Type: REG_SZ Data: C:\WINDOWS\system32\ctfmon.exe Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Class Name: <NO CLASS> Last Write Time: 7/4/2006 - 11:21 PM Value 0 Name: ATIModeChange Type: REG_SZ Data: Ati2mdxx.exe Value 1 Name: SynTPLpr Type: REG_SZ Data: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe Value 2 Name: SynTPEnh Type: REG_SZ Data: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Value 3 Name: QCTRAY Type: REG_SZ Data: C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE Value 4 Name: QCWLICON Type: REG_SZ Data: C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE Value 5 Name: BMMGAG Type: REG_SZ Data: RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor Value 6 Name: TPTRAY Type: REG_SZ Data: C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE Value 7 Name: TP4EX Type: REG_SZ Data: tp4ex.exe Value 8 Name: TPHOTKEY Type: REG_SZ Data: C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe Value 9 Name: NPDTray Type: REG_SZ Data: C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe Value 10 Name: AGRSMMSG Type: REG_SZ Data: AGRSMMSG.exe Value 11 Name: UC_SMB Type: REG_SZ Data: Value 12 Name: Tgcmd Type: REG_SZ Data: "C:\Program Files\Support.com\bin\tgcmd.exe /server" Value 13 Name: OfficeScanNT Monitor Type: REG_SZ Data: -HideWindow Value 14 Name: SunJavaUpdateSched Type: REG_SZ Data: C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe Value 15 Name: AVG7_CC Type: REG_SZ Data: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents Class Name: <NO CLASS> Last Write Time: 7/2/2006 - 8:20 PM Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL Class Name: <NO CLASS> Last Write Time: 7/2/2006 - 8:20 PM Value 0 Name: Installed Type: REG_SZ Data: 1 Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI Class Name: <NO CLASS> Last Write Time: 7/2/2006 - 8:20 PM Value 0 Name: Installed Type: REG_SZ Data: 1 Value 1 Name: NoChange Type: REG_SZ Data: 1 Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS Class Name: <NO CLASS> Last Write Time: 7/2/2006 - 8:20 PM Value 0 Name: Installed Type: REG_SZ Data: 1 Tag: How to setup SSL LDAP between servers? Tag: 85927
  - 23
    - I just don't get it??How to remove threats? Someone please help.For the last couple of months everytime I scan my pc for threats it finds 6 and then there's no option to remove them what do I do I've got norton antivirus and I'm completely lost as to what I do -- Many thanks Zowie Tag: How to setup SSL LDAP between servers? Tag: 85922
  - 24
    - Password safe/vault Hi all, Can anyone recommend a password safe/vault that uses AD authentication? I want to be able to use AD groups to control who has access to the safe and hopefully restrict access to certain password groups. e.g. the logged in user can only access the SQL passwords; another can access only exchange passwords; etc. Does anyone know of products I should avoid? Have you used the product you've suggested in a commercial environment? Did you eval a bunch of products and decide on one? What made you purchase that product over the others available? Of course I'm not expecting answers to all these questions. I just need an idea of what you guys have experienced with this type of product. Thanks, Scott Tag: How to setup SSL LDAP between servers? Tag: 85920
  - 25
    - Need to protect your network from ALL unknown devices, not just USB? Dear All, With rapid advancements in network connectivity such as USB, Bluetooth, WiFi, Firewire etc. and the multitude of peripheral devices available, as you are aware organisations like yourselves have a constant battle against data being stolen or leaked through 'honest mistakes'. Antidote Security Ltd are partnered with SecureWave Ltd whose Sanctuary Suite employs the White List - "Default Deny" approach, which is a proven, positive security model and fast becoming the industry standard. Sanctuary Device Control provides an essential platform to develop, administer and enforce effective granular policies for the safe use of removable devices. Along with detailed auditing and reporting, this solution protects both PC's and servers alike, enabling you to control which devices can be used by whom, when and how! SecureWave customers include, Barclays Bank, Norwich Union, Bank of Tokyo-Mitsubishi, Inland Revenue, Egg, Unisys, Fujitsu, Royal Navy, M.O.D., Metropolitan Police (+ 9 other police forces), PITO, Home Office, Hampshire County Council, Cabinet Office and others. Benefits: a.. Security - Control over what enters and leaves the organisation b.. Confidentiality - Prevent use of unauthorised end user devices c.. Legal - Ensures regulatory compliance d.. Productivity - Lower IT operating costs and improved IT management efficiency e.. Administration is straightforward with a 3-click operation to assign/remove permissions f.. Full auditing of user & administration actions is provided After rigorous testing by the UK Government's Cabinet Office (www.cabinetoffice.gov.uk/csia), Sanctuary has was awarded the CSIA - Claims Tested seal of approval, proving this solution does indeed do what it claims - which is a great accolade to place alongside it's other certifications. Please feel free to download a FREE 30-day evaluation (http://www.securewave.com/public_request_partner.jsp?id=33271) or for further, please forward an email to info@antidotesecurity.co.uk Best Regards Mark Smith Managing Director - Antidote Security Ltd Tag: How to setup SSL LDAP between servers? Tag: 85915

Hey,

I'm trying to configure SSL LDAP between servers. I don't have a CA, but I
will have a Certificate from 3rd party. Anyone know where I can find docs on
how to configure A.D. to communicate via SSL LDAP between servers?

--
Matty

Top

Re: How to setup SSL LDAP between servers? by Chris

Chris
Wed Jul 12 22:05:21 CDT 2006

All you need to do is install a computer certificate onto a domain
controller by referencing this KB Article:
http://support.microsoft.com/kb/321051/en-us

Once a certificate is installed, you will have the option to communicate to
a DC using LDAPS, however if you'd like to force all clients to encrypt all
communication traffic, you'd need to use something like an IPSEC Policy.
This will force all clients to use IPSEC and negotiate communications to
each other and control how traffic traverses the network. Just securing LDAP
with SSL, an application itself will require the option to force it to use
LDAP(636) to communicate.

Chris
"Mrunyon" <Mrunyon@discussions.microsoft.com> wrote in message
news:089BC3F8-9F8E-4AA8-9D97-5AB6F56B29CE@microsoft.com...
> Hey,
>
> I'm trying to configure SSL LDAP between servers. I don't have a CA, but I
> will have a Certificate from 3rd party. Anyone know where I can find docs
> on
> how to configure A.D. to communicate via SSL LDAP between servers?
>
>
> --
> Matty

Top