Pages

Wednesday, December 11, 2013

How to check if SSL 2.0 is disabled on a website

During the PCI compliance Audit , it is generally compulsory to disable SSL 2.0 on the website. But important thing is to identify if SSL 2.0 is disabled on an IIS website or not. 

There are many sites available on internet who can check the status of SSL 2.0 on Public site but if it comes to Intranet websites , we need to use OpenSSL to check the same.

How to :


1. Download and Install OpenSSL for Windows from : http://gnuwin32.sourceforge.net/packages/openssl.htm

2. Once Installed OpenSSL on your machine, Go to the following path on the command prompt of your machine. : C:\Program Files\GnuWin32\bin>

3. Type Following command : openssl s_client -connect hostname:443 -ssl2

4. If the results are as following, SSL V2.0 is disabled on your server 
     419:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428:
     420:error:1406D0B8:SSL routines:GET_SERVER_HELLO:no cipher list:s2_clnt.c:450:

5. If you get the actual certificate information then SSL V2.0 in enabled on your Server.



Enjoy


at No comments:
Labels:

Tuesday, November 5, 2013

Error 0x80010108 -The object invoked has disconnected from its clients- on TMG Forefront 2010 server

Issue : 

Receiving - error 0x80010108, The object invoked has disconnected from its clients - on TMG forefront 2010 server


Resolution  : 

Reboot the secondary node of the TMG Forefront Array and make sure that following services have been started after the reboot.

1. Microsoft Forefront TMG Control
2. Microsoft Forefront TMG Firewall
3. Microsoft Forefront TMG Job Scheduler
4. Microsoft Forefront TMG Managed Control
5. Microsoft Forefront TMG Storage


In most of the cases this resolves the issue.

Enjoy....
at No comments:
Labels:

Wednesday, October 23, 2013

IIS Error : Could not load file or assembly 'System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified.

Error


Some times we face Application error in "/" application after migration the ASP.net site from one server to other ever after making all the changes perfect.

Error :  Could not load file or assembly 'System.Web.Extensions,
Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of
its dependencies. The system cannot find the file specified.



Resolution: 



1. Check if you application folder contains a folder with name "ajax" when you copied it from old server.



2. If yes then download and install the Ajax Extensions 1.0 for ASP.NET 2.0 on new server.



3. Reset the IIS (though it is not necessary but its good to reset IIS after such installation.)







You can download Ajax Extensions 1.0 from from Microsoft Download Center.











Solution Applies to:







Windows Server 2003. IIS 6.0, ASP.Net 2.0














at





No comments:
  


















Labels:

















          

        

          

        

Tuesday, October 15, 2013


          

        









How To Check If Trace\Track is Enabled on an IIS server












What is Trace \ Track on IIS



Trace \ Track is a vulnerability that is usually identified on an IIS server when we run PCI compliance and find this vulnerability. A hacker can run a Trace attack on IIS Website and get information about the Backend server and other important information.



In latest versions on IIS (IIS 6.0, 7.5) Trace is disabled by default but still it is good idea to make sure that Trace is disabled on IIS.



Testing if Trace \ Track is Enabled on a IIS website or not



Follow these steps :



1. Go to command Prompt of your Machine.

2. Type telnet <URL of the website> 80 (this will open a telnet session of that website on port 80)

3. Type following commands on the telnet session screen in exact same order: 



      TRACE / HTTP/1.0

    Host: <hostname_you_are_testing>

    TestA: Hello

    TestB: World


4. Press enter twice. 



If Trace is enabled on your server, you should see following results:



      HTTP/1.1 200 OK

    Server: Microsoft-IIS/5.0

    Date: Tue, 04 Aug 2009 20:17:15 GMT

    Content-Type: message/http

    Content-Length: 76 



And If you receive following results on the telnet screen, then Trace is enabled :



     HTTP/1.1 501 Not Implemented

    Content-Type: text/html

    Server: Microsoft-IIS/7.5

    X-Powered-By: ASP.NET

    Date: Tue, 15 Oct 2013 12:21:33 GMT

    Content-Length: 1508



    Connection: close




Disabling Trace or Track on IIS



The easiest way to mitigate the risk of Trace \ Track on iis is  : installing URLScan from Microsoft, 

The urlscan.ini file is included as part of URLScan . This sets by default a configuration setting "UseAllowVerbs=1".  In this [AllowVerbs] section of the ini file, only http methods that are allowed are GET, HEAD, and POST so simply by installing URLScan on an IIS server , we can assume that it  protected from TRACE or TRACK.  























at





1 comment:
  


















Labels:

















          

        

          

        

Thursday, June 20, 2013


          

        









How to connect SQL Embbeded Version via Management Studio












Use the following connection string in SQL Management Studio while trying to connect SQL Database server running Embedded Edition :



\\.\pipe\MSSQL$MICROSOFT##SSEE\sql\query





Applicable for SQL Server 2005 and SQL Server 2008












at





1 comment:
  


































        

      









Subscribe to:
Posts (Atom)