Website Security Suggestion: Get rid of cruft! (script included)

Right: One of my pet hates is cruft on a production website. Cruft is stuff – files – which has accumulated because nobody’s paying attention. Cruft includes sampleware. Developer experiments. Readmes. Sample configs. Backups of files which never get cleaned up. Just general accumulated stuff. It’s website navel lint. Hypertext hairballs. Cruft. Has. No. Place….

0

Sunsetting TMG with some (free!) Best Practices

Long and boring post ahead. So KITTENS! There. Fluffy now. As one of the Premier Field Engineers performing ISA Health Checks and then TMG configuration reviews (by default, from my long association with Proxy 2.0 and then ISA!), I was reviewing a document I put together for a customer just before shredding it, and thought:…

2

TMG Rollup 3 out now; so’s Mod_Security for IIS

TMG SP2 Update Rollup 3 As the ISA Blog mentions, Rollup 3 for TMG Service Pack 2 is now available: We are happy to announce the availability of Rollup 3 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2 (SP2). TMG SP2 Rollup 3 is available for download here: Rollup 3 for Forefront Threat…

0

Is it time for you to reset your online identity?

Lots of account hacking activity in the news recently. The Blizzard hack (via RPS) caught my eye because of some of the wording used to describe it: “Some data was illegally accessed, including a list of email addresses for global Battle.net users, outside of China. For players on North American servers (which generally includes players…

2

TMG SP2 Update Rollup 2 out now

Several reliability fixes included: http://support.microsoft.com/kb/2689195   To install UR2, you need to be running SP2 (with or without UR1) already.

3

IUSR vs Application Pool Identity – Why use either?

(pasted from my email clippings. I’m on holiday right now, catching up on paperwork!) The TLDR version is: using AppPoolIdentity as both the App Pool Account and Anonymous user account lets you have multiple isolated anonymous websites on one box. IIS 7.x and upwards (as of Win2008 R2 and Windows 2008 SP2, also in IIS 8.x in Windows Server…

6

Configuring Kerberos for SharePoint farms - a generic gotchas list

Recently, I worked on a Kerberos configuration issue with a customer; these are my notes from the visit. You’ll see some common themes with Kerbie Goes Bananas, and it puts much of that into practice. Speaking of, I must redo Kerbie with SetSPN -S  (shameface)   1. DNS should use an A record to refer…

2

(The catchily-titled) TMG 2010 SP1 SU1 UR4 is out now!

That’s Forefront Threat Management Gateway 2010 + Service Pack 1 + Software Update 1 + Update Rollup 4 to its friends. This is the latest 2011 update for TMG – see the fix list at the KB article. http://support.microsoft.com/kb/2517957   The larger list of ISA Server build numbers is still here – wonder if there’s…

0

ISA 2000: The End Draws Near

While updating some documentation today and noticing it’s 2011 (when, exactly, did that happen?), I dug up the ISA Server 2000 Lifecycle information. Paraphrasing the table here:   Availability Mainstream Support Ends Extended Support Ends Internet Security and Acceleration Server 2000 Enterprise Edition 18/03/2001 11/04/2006 12/04/2011 That’s right, kids, it expires on April 12 this…

0

TMG 2010 Service Pack 1!

Missed this completely while working onsite for the last {forever}! TMG SP1 is here. There’s an X64 version for the Server and/or EMS, and a 32-bit version for just the MMC bits on computers you use to remotely manage the boxes. Installation Instructions Downloads: http://www.microsoft.com/downloads/details.aspx?FamilyID=f0fd5770-7360-4916-a5be-a88a0fd76c7c&displaylang=en

0