Security

Today I was configuring a new FTP server based on IIS7 (well, 7.5 technically as it’s a Server 2008 R2 host), and I wanted an easy way to add and remove allowed IP addresses based on either an XML config file or a CSV import. Customers’ IP addresses are added or removed regularly, but I didn’t want to have to update their details twice, once on the server and once in the documents.

In this post I will be installing a TMG Array as a “back firewall” behind a hardware firewall. The Array will consist of two virtual servers, TMG01 and TMG02 which each have 3 NICs. One NIC will be dedicated to the LAN network, accessible internally. One NIC will be dedicated to the DMZ network, accessible to the outside world on a static mapped IP. The third NIC will be a dedicated intra-array communications NIC as per Microsoft’s recommendation.

If you have a Windows Server 2008 box in a workgroup that you require access to one of the admin shares, it can be a little more complicated than with Server 2003. In my case, we had a SQL server on the back end which was trying to access the web server in the DMZ using PSExec.exe to remotely run a process. Executing PSExec and passing the correct credentials failed with “Access is Denied”.

Why should a home user backup? Most don’t, most people just have their photos, music and video collection on a single hard drive, maybe an external drive or even a USB key. Unfortunately, no-one ever thinks about what they’d do if their drive were to fail, losing all their precious holiday snaps, their slightly embarrassing music collection, or perhaps their family finances. But stop and think for a second – can you really replace those holiday snaps?

I’m in the middle of rolling out Sophos as a replacement to the incumbent McAfee at work. One interesting thing that I found as I rolled out to some test users was that they were unable to log on to one of our internal systems using NTLM (integrated authentication). Instantly the roll out of Sophos was blamed - and I can understand why - the problem did not occur until Sophos was installed.