Recommended Network Card Configuration for ISA 2004/2006 Firewall Servers

A common question about ISA Server configuration by people on the forums is:

How should I configure the network interfaces on my ISA Server?

A high-level overview of NIC configuration best practice is provided below:

• The network card name used within the operating system should be changed to closely match the associated ISA Server network name. This clarifies assignment and improves supportability.
• Only one network interface should be configured with a default gateway.
• Only one network interface should be defined with DNS servers.
• Unused or unnecessary bindings should be removed from all interface, where possible, to improve security. This is often termed ‘interface hardening’.
• The default bind order should be amended to define a specific customised order.

Based upon these best practices, the configuration shown below is the standard approach that I normally use as part of my usual ISA Server build process.

Multiple NIC Deployment - ISA Server Standard Edition

Rename NICs:

Rename all NICs to descriptive names that ideally match the ISA Server network names.

Internal Network
Anonymous Access Perimeter Network
Authenticated Access Perimeter Network
External Network 
Etc.

By matching the names, this makes mapping networks between ISA Server and Windows much easier when troubleshooting…

Configure NICs: 

Internal Network

1. Default Gateway should not be defined
2. DNS Servers should be defined
3. Register this connection’s address in DNS – Enabled 
4. File and Print Sharing for Microsoft Networks – Disabled 
5. Client for Microsoft Networks – Enabled
6. NetBIOS over TCP/IP – Enabled
7. Show icon in notification area when connected – Enabled

Perimeter Network(s) 
1. Default Gateway should not be defined
2. DNS Servers should not be defined
3. Register this connection’s address in DNS – Disabled 
4. File and Print Sharing for Microsoft Networks – Disabled 
5. Client for Microsoft Networks – Disabled
6. NetBIOS over TCP/IP – Disabled
7. Show icon in notification area when connected – Enabled

External Network 
1. Default Gateway should be defined
2. DNS Servers should not be defined
3. Register this connection’s address in DNS – Disabled 
4. File and Print Sharing for Microsoft Networks – Disabled 
5. Client for Microsoft Networks – Disabled
6. NetBIOS over TCP/IP – Disabled
7. Show icon in notification area when connected - Enabled 

Please Note: Disabling the 'File and Print Sharing for Microsoft Networks' binding on the ISA Server internal interface will prevent you from connecting to shares on the ISA Server computer, irrespective of ISA Server system policy or other custom rules that may allow it. This approach is recommended for better security, as your firewall should not beaccessible as a file server!

Amend Bind Order: 

Edit the bind order as follows:

Internal Network (Highest)
Perimeter Network(s)
…Others…
External Network (Lowest)

Multiple NIC Deployment - ISA Server Enterprise Edition

With ISA Server Enterprise Edition, it is recommended to add a dedicated Intra-Array NIC. Therefore, we need to consider this additional interface in our configuration.

Rename NICs:

Rename all NICs to descriptive names that ideally match the ISA Server network names.

Internal Network
Intra-Array Network 
Anonymous Access Perimeter Network
Authenticated Access Perimeter Network
External Network
Etc.

Configure NICs:

Internal Network

1. Default Gateway should not be defined
2. DNS Servers should be defined
3. Register this connection’s address in DNS – Enabled 
4. File and Print Sharing for Microsoft Networks – Disabled 
5. Client for Microsoft Networks – Enabled
6. NetBIOS over TCP/IP – Enabled
7. Show icon in notification area when connected – Enabled

Intra-Array Network 
1. Default Gateway should not be defined
2. DNS Servers should not be defined
3. Register this connection’s address in DNS – Disabled
4. File and Print Sharing for Microsoft Networks – Enabled
5. Client for Microsoft Networks – Enabled NetBIOS over TCP/IP – Enabled
6. Show icon in notification area when connected – Enabled

Perimeter Network(s) 
1. Default Gateway should not be defined
2. DNS Servers should not be defined
3. Register this connection’s address in DNS – Disabled 
4. File and Print Sharing for Microsoft Networks – Disabled 
5. Client for Microsoft Networks – Disabled
6. NetBIOS over TCP/IP – Disabled
7. Show icon in notification area when connected – Enabled

External Network 
1. Default Gateway should be defined
2. DNS Servers should not be defined
3. Register this connection’s address in DNS – Disabled 
4. File and Print Sharing for Microsoft Networks – Disabled 
5. Client for Microsoft Networks – Disabled
6. NetBIOS over TCP/IP – Disabled
7. Show icon in notification area when connected – Enabled

Amend Bind Order: 

Edit the network bind order as follows:

Internal Network (Highest)
Intra-Array Network
Perimeter Network(s)
…Others…
External Network (Lowest)

Single NIC Deployment – ISA Server Standard Edition

For a single NIC deployment, the following actions are recommended.

Rename NICs:

Rename all NICs to descriptive names that ideally match the ISA Server network names.

Internal Network 

By matching the names, this makes mapping networks between ISA Server and Windows much easier when troubleshooting…

Configure NICs: 
Internal Network

1. Default Gateway should be defined
2. DNS Servers should be defined
3. Register this connection’s address in DNS – Enabled 
4. File and Print Sharing for Microsoft Networks – Disabled 
5. Client for Microsoft Networks – Enabled
6. NetBIOS over TCP/IP – Enabled
7. Show icon in notification area when connected – Enabled

Please Note: Disabling the 'File and Print Sharing for Microsoft Networks' binding on the ISA Server internal interface will prevent you from connecting to shares on the ISA Server computer, irrespective of ISA Server system policy or other custom rules that may allow it. This approach is recommended for better security, as your firewall should not beaccessible as a file server!

Single NIC Deployment – ISA Server Enterprise Edition

For a single NIC deployment, the following actions are recommended.

Rename NICs:

Rename all NICs to descriptive names that ideally match the ISA Server network names.

Internal Network
Intra-Array Network

By matching the names, this makes mapping networks between ISA Server and Windows much easier when troubleshooting…

Configure NICs: 
Internal Network

1. Default Gateway should be defined
2. DNS Servers should be defined
3. Register this connection’s address in DNS – Enabled 
4. File and Print Sharing for Microsoft Networks – Disabled 
5. Client for Microsoft Networks – Enabled
6. NetBIOS over TCP/IP – Enabled
7. Show icon in notification area when connected – Enabled

Intra-Array Network 
1. Default Gateway should not be defined
2. DNS Servers should not be defined
3. Register this connection’s address in DNS – Disabled
4. File and Print Sharing for Microsoft Networks – Enabled
5. Client for Microsoft Networks – Enabled NetBIOS over TCP/IP – Enabled
6. Show icon in notification area when connected – Enabled

Please Note: Disabling the 'File and Print Sharing for Microsoft Networks' binding on the ISA Server internal interface will prevent you from connecting to shares on the ISA Server computer, irrespective of ISA Server system policy or other custom rules that may allow it. This approach is recommended for better security, as your firewall should not beaccessible as a file server!

Amend Bind Order: 
Edit the network bind order as follows:

Internal Network (Highest)
Intra-Array Network

I hope this helps!

Original Source. Another Source.

Microsft ISA Server 2006 Configure HTTP filter for blocking applications

If you know attributes of each HTTP traffic, you can block MSN/Yahoo Messenger, Bit torrent, web mail, disallow post on web boards, etc by allow or block HTTP traffic using HTTP filter.

HTTP Traffic
HTTP Traffic on ISA Server is a data that pass through ISA Server using HTTP protocol (by default is on port 80) which is the protocol that is used by most applications. On each HTTP connection, there will be a header information about client that send to server or server to client. These information are such as Request Methods (GET, POST ,etc.), HTTP Versions (1.0,1.1,1.2), User-Agent (Mozilla/4.0, Firefox, etc.), Content-Type (application/xml, image/jpeg, text/xml, etc.), etc. I will not go into deep detail about HTTP protocol if you want more information, you can find at Wikipedia – HTTP. With these header information, ISA Server can filter HTTP traffic to allow or block specific application or traffic.

To see some sample of HTTP traffic, you can use sniffer program to capture each data packet that pass in/out a computer. The popular one is Ethereal. I have installed Ethereal on a computer which running a web server. Let see the different example of each HTTP header information below.
Configurations
To configure HTTP filter, you need to know what attribute and value need to be configured. On this post, I will show only the following:
1. Block specific browser: Firefox.
2. Block MSN Messenger, Windows Live Messenger.
3. Block download file .torrent.
4. Block AOL Messenger.
5. Block Yahoo Messenger.
6. Block Kazaa.
7. Block free web mail. (e.g. hotmail.com, mail.yahoo.com, etc.)
8. Block post on web boards.
Step-by-step

1. Open Microsoft ISA Server Management Console

2. Right-click on the rule that being configured HTTP filter -> select Configure HTTP.

3. Click on Signatures tab and click Add.

4. Block download file .torrent.
To block download any .torrent files by configure signature to “application/x-bittorrent”, “Content-Type” in HTTP Header and Request headers in Search in.

5. Block AOL Messenger.
To block users to use AOL Messenger by configure signature to “Gecko”, “User-Agent” in HTTP Header and Request headers in Search in.

6. Block Yahoo Messenger.
To block users to use Yahoo Messenger by configure signature to “msg.yahoo.com”, “Host” in HTTP Header and Request headers in Search in.

7. Block Kazaa.
To block users to use Kazaa by configure signature to “KazaaClient”, “User-Agent” in HTTP Header and Request headers in Search in.

8. Block free web mail. (e.g. hotmail.com, mail.yahoo.com, etc.)
To block users to access free web mail, block any URL that contain string “mail” by configure on signature to mail.

9. Block specific browser: Firefox.
To block users to use Firefox browser by configure signature to “Firefox”, “User-Agent” in HTTP Header and Request headers in Search in.

10. Block MSN Messenger, Windows Live Messenger.
To block users to use MSN Messenger and Windows Live Messenger.
o To block MSN Messenger by configure signature to “msnmsgr.exe”, “User-Agent” in HTTP Header and Request headers in Search in.

o To block Windows Live Messenger by configure signature to “login.live.com”, “Host” in HTTP Header and Request headers in Search in.

Summary
This is the end of this serie. After complete this serie, starting from install ISA Server, configure the network topology, configure basic rule, configure client types and configure HTTP filter, now you have basic knowledge and understanding how to operate ISA Server on your own. But there are some configurations, I don’t cover for instance how to configure cache on ISA Server, how to implement VPN, etc. If you need more information, try visit ISA Server.org

Original Source:

How to get your Dell Service Tag from the command line in Windows and Linux

There’s plenty of times you can need the serial number (aka Service Tag) from a Dell machine, but not be able to physically look at the label. It’s a server in a data center, it’s your laptop and it’s on a dock, etc, etc. Fortunately, there are easy commands to get the serial number right from the command line in both Windows and Linux.

Windows:

From a command prompt, type:

wmic bios get serialnumber

Linux (Ubuntu and others):

From a terminal, type:

sudo dmidecode -s system-serial-number

How to configure PPTP VPN Server in MikroTik Router

MikroTik is a quite popular router that power by Linux OS, for the first time technician to configure that router feel that it's really complicate, to me i can Yes because we don't familiar with it's interface yet.

Anyway, after spend time to play around with it then we will start to understand MikroTik step by step. Today i'm gonna show about how to configure PPTP VPN Server on MikroTik router and VPN Client configuration on Windows 7.

Let's get start.....

1. You need to download winbox.exe file direct from MikroTik router via web access then you can connect to you MikroTik router via winbox instead.

2. From the left hand Manu, Click on PPP then PPTP Server.

3. Once you click on PPTP Server Tab another dialog box will come up then you just tick Enable then OK.

4. On the Interface tab, you simply click on + sign to add PPTP Server, another dialog box comes up, at the name you might put any name you like.

5. After you click OK, you are done on your PPTP Server

6. Now it's time to create username & password for VPN client to access, you just simply click on Secret Tab then click on + Sign. At the name field, Password field, Server field, Profile field, Local Address, Remote Address then Click OK

Note: Local Address is your Local network class rang. Remote Address is your VPN Client address, it's can be any type of address.

7. On Profiles Tab, you need to modify your default-encryption to put your local DNS server IP then click OK to finish the modify.

8. Your PPTP VPN Server on MikroTik Router is completed, next you need to configure VPN access from client pc.

Let's get start....


8.1. Open your network setting or  go to Control Panel -> Network and Sharing Center then click on Setup a new connection or network.

8.2. Click on Connect to a workplace then click Next.

8.3. Click on No, Create a New Connection then click Next

8.4. Click on Use My Internet Connection (VPN)

8.5. Fill in the username and password that you have create on MikroTik VPN Server for a client then click Connect.

9. Now your client has been connected to MikroTik VPN Server, to view your client connection, you just simply click on Active Connection on your MikroTik Router.

Here is the video link.

Good luck.....!

How to find your Host Name & IP Quickly

Many of normal users are hardly to find their own computer host name or ip address for IT Administrator to help them verify something or allow them on the firewall for the internet access permission.

With this article you will find a one simple program that will have you to identify your host name and IP address of your own PC, just simply download a small program from the link below and run on your pc.

Thanks to Mr. Kiv Chanrotha for his program, he promises to add another feature is about domain or work group pc check up.

Download here.

Multiple Drives Mapped With Rename Function

For those who are working as Network Administrator must use Network Drive to map drive for all client computers to access to Drive that share from the server.

We can have several way to to do, like write a net use script ans save as .bat file extension but it's not much flexible as .vbs script when we want to switch the server in the script.

Below is my .vbs script to map drive the client and automatically rename the drive name to what we want without showing the name of server we store file on.

Multiple Drive Mapped with no Rename function

Single Drive Without Rename Drive.

Single Drive With Rename Drive.

Multiple Drives Without Rename Drive, but if you want the multiple Drive with Drive Rename you can use the script below.

Multiple Drives With Rename Drive: Copy Script below, paste into Notepad then save it as .vbs file extension (Ex. mapdrive.vbs)។

‘ Mapping Drive and Rename.vbs
‘ VBScript to map a network drive and rename them.
‘ By Sok Sopheak
‘
‘ —————————————-’
‘\\ServerName\ShareName – “Q:\”
‘\\ServerName\ShareName – “P:\”
‘\\ServerName\ShareName – “Z:\”

Option Explicit

Dim objNetworkP, strDriveP, objShellP
Dim strRemotePathP, strDriveLetterP, strNewNameP
strDriveLetterP = “P:”
strRemotePathP = “\\ServerName\ShareName”
strNewNameP = “New Name that you want to display”

Set objNetworkP = CreateObject(“WScript.Network”)
objNetworkP.MapNetworkDrive strDriveLetterP, strRemotePathP
Set objShellP = CreateObject(“Shell.Application”)
objShellP.NameSpace(strDriveLetterP).Self.Name = strNewNameP

Dim objNetworkZ, strDriveZ, objShellZ
Dim strRemotePathZ, strDriveLetterZ, strNewNameZ
strDriveLetterZ = “Z:”
strRemotePathZ = “\\ServerName\ShareName”
strNewNameZ = “New Name that you want to display”

Set objNetworkZ = CreateObject(“WScript.Network”)
objNetworkZ.MapNetworkDrive strDriveLetterZ, strRemotePathZ
Set objShellZ = CreateObject(“Shell.Application”)
objShellZ.NameSpace(strDriveLetterZ).Self.Name = strNewNameZ

Dim objNetworkQ, strDriveQ, objShellQ
Dim strRemotePathQ, strDriveLetterQ, strNewNameQ
strDriveLetterQ = “Q:”
strRemotePathQ = “\\ServerName\ShareName”
strNewNameQ = “New Name that you want to display”

Set objNetworkQ = CreateObject(“WScript.Network”)
objNetworkQ.MapNetworkDrive strDriveLetterQ, strRemotePathQ
Set objShellQ = CreateObject(“Shell.Application”)
objShellQ.NameSpace(strDriveLetterQ).Self.Name = strNewNameQ

WScript.Quit

‘ End of Example VBScript.

Multiple Drive Mapped with Rename function

Thanks to Mr. Sok Sopheak for the scrip editing.

Show Hidden Files or Folders by virus

Caution:   

I recently meet people whose files has been hide by virus, after i did some analysis, I found out the files are still there but a virus had modified the file properties to ‘Hidden’ and hide all files in the thumb drive, although i tried to “Show Hidden Files” but the virus does not allow me to view them.

Folder Hide has been hidden by virus.

Solution:
I. Show Individual Files or Folders:

1. Insert the thumb drive to an empty USB slot. check your for drive letter. For an example your USB drive is assigned to , F:

2. Press Windows + R, and type cmd then press Enter

3. Type in command below,

    attrib -s -h -r f:/*.* /s /d

4. Press Enter and wait for the command to execute.

5. Open the thumb drive and you should see the files or folders that were hidden by the virus back to normal as picture below.

Folder Hide that was hide by virus, now back to normal state.

*Example: -s -h -a f:/Hide /s /d then press Enter. 

*Case folders or files name with space, you can type: -s -h -a f:/"Hide file Folder Name" /s /d then press Enter.

Note: 

*Folders or files name with space you must use quotation mark. "." 
*Hide is a folder in my USB drive that has been hidden by virus.

II. Show Hidden Files or Folders in the Whole Drive

1. Insert your USB drive in USB slot, Example your USB is assigned to drive F:

2. Press Windows + R Key and type cmd then press Enter

3. Type F: 

4. Press Enter

5. Type attrib /s /d -s -h -a

5. Press Enter


*Example: F:\>attrib /s /d -s -h -a

Attribute Command Parameters

• -  means clears an attribute
• H means hidden file attribute
• S means system file attribute
• A means archive file attribute
• R means read-only file attribute
• /S means process matching current folder and all subfolders
• /D means process folders

Tips on how to be safe and secure

• Update your Antivirus 
• Never install unknown software 
• Disable your Autorun if necessary