01/24/11

Permalink 10:06:04 am, by Derrick Taylor, 141 words
Categories: Systems Security Management

Microsoft's Exchange Server Deployment Assistant

Microsoft has developed a web-based tool called "Exchange Server Deployment Assistant," which helps walk you through the Exchange upgrade or new implementation process for Exchange 2010.  You can find the tool here: http://technet.microsoft.com/en-us/exdeploy2010/default.aspx

It asks you a few simple questions about your existing environment, how your new environment will look, then creates a step by step checklist for you to go through while doing your Exchange installation.

A major concern for me when doing Exchange upgrades in the past has been: "Which tasks should I complete first, and in what order?" and "How will the completed steps affect the existing environment?"

I feel that this tool does a great job of prioritizing what needs to be completed first, outlining which steps to take, and giving referenced Technet documentation as to why, all along the way.

 

01/20/11

Change DNS settings for Active Directory migration through BigFix

Overview

I recently worked with one of our customers on a project to migrate their Active Directory domain controllers running on Server 2003 to new servers running Server 2008 R2. Part of the project included changing clients to use the new servers as DNS servers. With a large server environment, having to manually change IP settings would be a very resource intensive effort and slow down the project considerably. That's when I decided that having BigFix do the work for me automatically would save time and help move the project along.

BigFix Task Info

The task I created is meant for Windows clients with static IP addresses only. I have tested with success using BigFix version 8 on Windows 2000, XP, Server 2003, Windows 7, Server 2008, and Server 2008 R2 but you should perform testing on your own environment before rolling this out in production. I will post the relevance and the action script so that all you need to do is copy and paste into your own custom task or fixlet (changing the IP's for your environment of course).

Relevance

The relevance is looking first for any Windows machine. You may want to change this if you have a version of Windows you do not wish to target with the task. The relevance then checks to make sure that the network adapter that it's about to check the settings on actually has an IP address. This weeds out bad information from the virtual adapters, WAN adapters, and other devices that show up in Windows as network cards but aren't actually used by the machine. The relevance also checks to make sure that the network adapter has a static IP address. Once it's gone through those checks it will see if any statically assigned adapter has an entry for your old DNS server IP addresses. You will need to change the IP addresses in the relevance I post to those of your own DNS servers that you are moving off of.

(name of operating system as lowercase starts with "win") AND ((not exists adapter whose (address of it != "0.0.0.0" AND dhcp enabled of it) of network) AND (exists addresses whose (it as string = "10.1.1.1") of dns servers of network OR exists addresses whose (it as string = "10.1.1.2") of dns servers of network))

 

 

Action

The action script is actually going to write out a vbscript to do the work for us. Using the "createfile" command, the script will write everything after that to a buffer and then write it to a file of our choosing. Pay attention to the line in the vbscript file where there are two "{" characters. This is because the "{" character has special meaning in BigFix action language so to actually have it written out to a file we just use two of them. The resulting vbscript file that is written to disk will be correct.

After the vbscript file is written to disk then the script writes a quick bat file and kicks off the vbscript which takes care of changing the DNS server IP settings on any network card that has IP enabled on the machine. Be sure and change the IP addresses in the action script to those of your new DNS servers.

 

//saves a vbscript to disk and then executes it
delete __createfile
delete __appendfile
//vbscript - line 11 has extra bracket because of BigFix action language, its an escape character
createfile until END_CREATE

On Error Resume Next

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set colNetCards = objWMIService.ExecQuery _
    ("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled = True")

For Each objNetCard in colNetCards
    arrDNSServers = Array("10.1.1.3", "10.1.1.4")
    objNetCard.SetDNSServerSearchOrder(arrDNSServers)
Next

END_CREATE
//end vbscript
move __createfile changedns.vbs

//create bat file to execute changes and call vbscript
appendfile cscript changedns.vbs
appendfile ipconfig /flushdns
move __appendfile changedns.bat
runhidden changedns.bat

 

 

Conclusion

You may need to edit the script for your purposes or create multiple instances of it based on how many DNS servers exist in different parts of your environment, but this should take a good deal out of the manual work involved in changing DNS server IP's. Thanks to BigFix we were able to make the change in a matter of minutes instead of taking hours and days.

 

 

12/28/10

Permalink 10:42:41 am, by Larry Boggis, 157 words
Categories: Cisco NAC, Cisco Security

Cisco NAC EOL/EOS December Round-Up

In case you were out playing in the snow and missed the recent EOL/EOS announcements from Cisco relating to their NAC family of products, here's a brief round-up:

If you are effected by these recent announcements, please take the time to fully read the entire announcement to better understand Cisco's recommendations and support timelines.   For information and questions regarding Priveon's NAC support services, please contact us directly.

 

12/07/10

Permalink 10:04:38 am, by Larry Boggis, 56 words
Categories: Cisco MARS, Security Information Management, NitroSecurity

EOL/EOS for the Cisco Security Monitoring, Analysis, and Response System

Cisco has announced the end-of-sale and end-of life dates for the Cisco Security Monitoring, Analysis, and Response System (Cisco MARS).   For detailed information about this announcement:

http//www.cisco.com/en/US/prod/collateral/vpndevc/ps5739/ps6241/eol_c51-636888.html

For additional information and Priveon recommendations for migrating to the NitroSecurity solution, please contact us.

09/21/10

Permalink 03:47:31 pm, by Larry Boggis, 145 words
Categories: Cisco ASA, Cisco Security

Cisco AnyConnect Secure Mobility Client for iPhone iOS 4

The Cisco AnyConnect Secure Mobility Client for iPhone iOS 4 is now available from the App store.

Features include:

  • Automatically adapts its tunneling to the most efficient method possible based on network constraints using TLS and DTLS
  • DTLS provides an optimized connection for TCP-based application access and latency-sensitive traffic, such as VoIP traffic
  • Network roaming capability allows connectivity to resume seamlessly after IP address change, loss 2of connectivity, or device standby
  • Wide Range of Authentication Options: RADIUS, RSA SecurID, Active Directory/Kerberos, Digital Certificates, LDAP, multifactor authentication
  • Supports certificate deployment using Apple iOS and AnyConnect integrated SCEP
  • Compatible with Apple iOS Connect On Demand VPN capability for automatic VPN connections when required by an application
  • Policies can be preconfigured or configured locally, and can be automatically updated from the VPN headend
  • Access to internal IPv4 and IPv6 network resources
  • Administrator-controlled split / full tunneling network access policy

<< 1 2 3 4 5 6 7 8 9 10 11 ... 41 >>

Priveon, Inc.

Today's complex security and networking solutions require a great deal of knowledge to successfully support and operate. Priveon uses the field experience of its expert staff to develop and maintain a positive reinforcement loop between business practices and to provide the latest information to our customers. The information posted here is supported by Priveon subject-matter experts.

Search

XML Feeds

Archives