RDS and the Case of the Mistaken PKI OID

Earlier this morning, I was working with our support team to work out an issue they were having in an environment where Remote Desktop Services had stopped working. Trying to connect to a server via RDS simply failed with a Network Level Authentication warning, strange, given it was a domain environment and everything should be trusted and all good. The issue started life as support seeing Event ID 1058 and Event ID 36870 errors in the event log and they had been looking at https://blogs.technet.microsoft.com/askperf/2014/10/22/rdp-fails-with-event-id-1058-event-36870-with-remote-desktop-session-host-certificate-ssl-communication/ for guidance to this point with no success.

I quickly discovered that a GPO had recently been implemented that enforced NLA for RDS and also assigned a certificate template to use for Remote Desktop instead of the default self-signed version. I hopped onto the certificate authority to check out the certificate template that had been configured and compared it to the recommendations of the Microsoft article for assigning certificates to RDS sessions at https://blogs.technet.microsoft.com/enterprisemobility/2010/04/09/configuring-remote-desktop-certificates/ as this is an article I have referred to before and know it works.

Read the Full Post

Working Hard on Web Security

As anyone who visits my site on a regular basis may have noticed, I’ve been working hard on securing up this blog to make it follow more best practices and more in keeping with modern web security given it’s been quite a while since I’ve touched that side of the site, and there have been numerous things that I have implemented and I thought I would give a little run down of them.

Read on after the fold for the low down on each of the features and how it works.

Read the Full Post

Public Cloud Security Verses On-Premise

Our MD at Fordway authored an article on freshbusinessthinking.com back in November 2014 which I was drawn to today which for me really hits the nail on the head about security and how public cloud addresses it and the simple fact is, is your organisation fully PCI DSS compliant or do you hold an ISO 27001 certification? How about the myriad of other industry security certifications such as SOC, FIPS 140-2, HIPAA or EAL?

Well public cloud providers often are accredited with a number of these certifications which makes their environments actually more secure than the majority of environments run by in-house IT.

You can read the full article by Richard Blanford at http://www.freshbusinessthinking.com/business_advice.php?CID=0&AID=13699&PGID=1#.VNTgpPkYt9A

Nextgenhacker101 Is the Best

I got sent a link to a Microsoft Blog yesterday by a friend who had posted a link to a funny YouTube video. The blog posting is at http://blogs.msdn.com/larryosterman/archive/2010/01/29/nextgenhacker101-owes-me-a-new-monitor.aspx but I’ll also just link directly to the video below:

This script kiddie (if we can call him that) is so ‘leet that he’s managed to discover a way to monitor who is viewing Google or any other website at a given moment in time: Unless that is, you have an internet connection faster than him else all he see’s is * and Request Timed Out.

Thank you for making my Monday afternoon Nextgenhacker101. For more classics you can also check his Channel on YouTube at http://www.youtube.com/user/NextGenHacker101

 

DNS Exploit Now Officially Breeched

Recently a DNS exploit was discovered by Dan Kaminsky. This exploit was reportedly so big that he decided to keep the details close to hand until everyone had a chance to plug their DNS servers, however this plan failed somewhat and details of it got online.

Whilst most people fixed their DNS some major players like AT&T and Apple are still yet to fix the issue, and the first released reports of the exploit being performed came to light today.

http://www.theregister.co.uk/2008/07/31/dns_cache_poisoning_goes_wild/

Whilst there are incidents prior to this known by Dan Kaminsky he has signed NDA’s to keep the details quiet.

Lets hope people start to look more seriously at fixing this one huh.