IIS Security Scan: The remote service supports the use of weak SSL ciphers

Synopsis: The remote service supports the use of weak SSL ciphers. Description : The remote host supports the use of SSL ciphers that offer either weak encryption or no encryption at all. See also : http://www.openssl.org/docs/apps/ciphers.html Solution: Reconfigure the affected application if possible to avoid use of weak ciphers. Risk Factor: Medium / CVSS Base Score : 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N) Plugin output : Here is the list of weak SSL ciphers supported by the remote server : Low Strength Ciphers ( 56-bit key) SSLv3 EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export The fields above are : {OpenSSL ciphername} Kx={key exchange} Au={authentication} Enc={symmetric encryption method} Mac={message authentication code} {export flag}

Our ISA 2006 server failed the SecurityMetrics PCI scan yesterday with this reason.  We fixed the security issue by doing the following:

1. Open Registry Editor.
2. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\ SCHANNEL\Ciphers (I recommend that you create a backup of this section of the registry before continuing).
3. Select a cipher that has a number less than 128/128 (examples: DES 56/56, RC2 40/128, RC4 40/128, RC4 56/128) and add a DWORD value with the name “Enabled” and Value Data: 0.
4. Repeat Step 3 for all ciphers less than 128/128.

After doing the above, we ran the SecurityMetrics scan again and it didn’t find any vulnerabilities this time.

You might also want to disable SSL 2.0 support while you’re here as this is another security issue (we had to do this last year to pass).  To do so, simply add the same DWORD value to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\ SCHANNEL\Protocols\SSL 2.0\Server.

Credit goes to this website for this solution: http://www.curtis-lamasters.com/2008/06/21/windows-iis-ssl-restrict-weak-ciphers/

More on Downadup/Conficker worm…

“It has the potential to infect about 30% of Windows systems online, a potential 300 to 350 million PCs,” says Don Jackson, director of threat intelligence in the counter threat unit at SecureWorks. The worm, first identified in November and suspected to have originated in the Ukraine, is quickly ramping up, and while Downadup today is not malicious in the sense of destroying files — its main trick is to block users from accessing antivirus sites to obtain updates to protect against it — the worm is capable of downloading second-stage code for darker purposes. Many experts anticipate that could occur soon.

Read the full article.

Dell Coupon Codes

I’ve been getting these Dell coupon codes in the mail.  Hope you find them useful.

15% off select electronics, software, and accessories

• 3M1M4WG4ZX4?LZ
• XWX9BR9PVNXV4H

25% off select systems

• RCRKBSFPVFSTMH
• 8G?B$MNP4VGF9H

25% off select servers, storage, and switches

• R5WDXDHWBQKL46
• XCHSJ54MT89FDM

Offers valid 11/7/2008 - 1/30/2009 - Enjoy!

Worm Infects 9 Million Windows PCs

Make sure you have KB958644 installed.

Early Friday, the Finnish firm revised its estimate of the number of computers that had fallen victim to the worm, and explained how it came to the figure. “The number of Downadup infections [is] skyrocketing,” Toni Koivunen, an F-Secure researcher, said in an entry to the company’s Security Lab blog . “From an estimated 2.4 million infected machines to over 8.9 million during the last four days. That’s just amazing.”

On Tuesday, Koivunen put the number of infected systems at 2.4 million, then updated the estimate Wednesday to 3.5 million, an increase of 1.1 million in just 24 hours .

Read the full article here.

Sacrifice your Facebook friends for a Whopper?

I just saw this article on Digg, I thought it was pretty funny.

Fast-food chain Burger King has created “Whopper Sacrifice,” a Facebook app that will give you a coupon for a free hamburger if you delete 10 people from your friends list.

Burger King has put out some interesting campaigns as of late (”Whopper Virgin,” “Subservient Chicken”), but this one piques our interest because of how gleefully it pokes fun at our social-networking obsessions. “Now is the time to put your fair-weather Web friendships to the test,” the Whopper Sacrifice site explains. “Install Whopper Sacrifice on your Facebook profile, and we’ll reward you with a free flame-broiled Whopper when you sacrifice ten of your friends.”

I’m tempted to do it, but if I delete 10 Facebook friends I won’t have any left…

How to change from ACPI Multiprocessor HAL back to ACPI Uniprocessor HAL in Windows 2003

“Warning: Changing the number of virtual processors after the guest OS is installed may make your virtual machine unstable.”

You’ve probably seen this message before while working with VMware, especially if you’ve done physical to virtual migrations.

As a best practice, it is recommended to always start with only 1 vCPU when creating virtual machines and only increase the number of vCPUs if you think it’s necessary and if the virtual machine is actually running applications that can utilize multiple processors to avoid wasting resources.

Increasing the number of processors from 1 to 2 or more is actually not a problem with Windows Server 2003 because it will automatically change the HAL to ACPI Multiprocessor PC.  But setting the number of virtual processors back to 1 won’t automatically change the Windows 2003 HAL back to ACPI Uniprocessor PC.

According to Microsoft, “If you run a multiprocessor HAL with only a single processor installed, the computer typically works as expected, and there is little or no affect on performance.”  But if you’re like me and just want to be absolutely sure that there won’t be issues, switching back to the uniprocessor HAL in Windows Server 2003 is pretty easy:

1. Make sure you have at least Windows Server 2003 Service Pack 2 installed.
2. Shut down the virtual machine.
3. Change number of virtual processors to 1.
4. Power on the virtual machine.
5. In Windows, go to Device Manager -> Computer.
6. Right-click “ACPI Multiprocessor PC” and choose “Update Driver…“.
7. Select “No, not this time” option -> “Install from a list or specific location” -> “Don’t search.  I will choose the driver to install.” -> select “ACPI Uniprocessor PC.”
8. Reboot the virtual machine.

That’s it! You’re all set!

Untangle Network Gateway

Another great open source software. 

Untangle is basically a Unified Threat Management (UTM) solution designed for SMBs (up to about 300 users, although there are people who have successfully deployed it in much bigger environments, like this one, for example, with 1600+ users).  Untangle packaged all these great open source security software together and then provided a really nice and very intuitive user interface for them simplifying installation and management.  They also have commercial add-ons and provide live support for a fee.

Here’s the product overview.

Open Source and Free

• Firewall - Just like most firewalls, nothing really special.  You can add a description to each rule (yes, I had to mention this because our current SonicWALL firewall at work doesn’t have this option!!!).
• Web Filter - 14 categories.  Uses a local database with data downloaded from URLBlacklist.com.  I asked in the forums how often it gets updated and someone mentioned he thinks it’s every 6 hours but I haven’t confirmed it.
• Spam Blocker - Uses SpamAssassin.  Gets updated every hour.
• Phish Blocker - Based on ClamAV engine and phish signature database which gets updated every hour.
• Spyware Blocker - I really like this one.  Seems to be blocking a lot of stuff.  Sometimes you’ll see websites with just a big white section somewhere where an ad used to be :).
• Virus Blocker - Based on ClamAV.  Signature gets updated every hour.
• Protocol Control - Uses “L7-Filter Netfilters to classify protocols based on OSI layer 7 data, regardless of port or port-hopping.”  Let’s say you want to block AIM, but AIM has the option use a different port, like port 80 for example, so blocking just the default AIM port on the firewall won’t work.  With Protocol Control, it doesn’t matter which port AIM is using, it can detect it based on its signature.
• Intrusion Prevention System - Uses Snort signatures.
• Attack Blocker - Blocks attacks :).  This prevents DoS attacks.
• OpenVPN - Well, just like what the name says, it uses OpenVPN.  They made it really easy to set up.  You can also control which network to give a user access to and override DNS settings.
• Untangle Reports - I love this one.  Gives you  a nice summarized and detailed report (Daily, Weekly, and Monthly).

Commercial Add-ons

• Active Directory Connector - Uses a logon script that tells the server what IP a user is using.
• Policy Manager - Lets you create multiple custom racks and assign them to certain users or IP addresses.
• Branding Manager - Lets you change the look of the block pages.
• eSoft Web Filter - A better web filter with 53 categories.  It also allows you to block https.  It’s a bit pricey though.
• Kaspersky Virus Blocker - Adds another layer of protection.
• PC Remote
• Remote Access Portal

You can deploy Untangle as a router, a transparent bridge, or a re-router.  I’ve been using it at home in router mode (virtual machine) for over a month now (I started with v5.4 and I just upgraded today to v6.0.2) and it’s great so far.  Very stable and seems to be doing its job.  You can manage everything using the web interface (Java is no longer required starting with v6.0).

We’re actually planning on using this at work to replace our old SonicWALL firewall (which we’ve been planning on replacing since last year but kept getting pushed back due to budget cuts) and this would save us thousands of dollars from buying a commercial UTM appliance.

Billionaire Blowups of 2008

Happy New Year!

I was just checking out the Bogleheads Forum and someone posted this link from Yahoo! Finance about some of the richest people in the world who lost billions of dollars in the last few months.

More than 300 of the 1,125 billionaires we tallied on our annual list last March have since lost at least $1 billion; several dozen lost more than $5 billion. The 10 richest from our 2008 rankings dropped some $150 billion of wealth, dragged down by steel tycoon Lakshmi Mittal, estranged brothers Mukesh and Anil Ambani and property baron K.P. Singh, who together dropped $100 billion. America’s 25 biggest billionaire losers of 2008 lost a combined $167 billion.