Windows_Server Archive

I did some work recently assessing how Microsft’s Hypervisor (Hyper-V) addresses (or doesn’t address) some common network security based threats in a multi-tenant public cloud environment. I then set out to test whether there are controls in place to mitigate those threats. I would have liked to compare different Hypervisors and their capabilities, but I have yet to do that comparison. If you’re interested in testing independently, there are several good tools out there including nmap, yersinia, hping and scapy. Those four tools will allow you to test every scenario in this document. Some detail on the test case is provided in each section. First, some basic definitions that I use in this post: TOR switch: Top of rack switch Switch: Generally references the network [&hellip

Read More...

It is undeniable if you read the news these days – many enterprises are moving data centers applications to the public cloud. In my experience, many security organizations aren’t prepared for the fundamental shift in security models that comes with the cloud. They may opt to build a WAN into the cloud provider to extend their existing and traditional security controls. They may opt for a premium cloud service provider that offers managed security services. Or, they may run software based network function virtualization such as Cisco’s Nexus 1000V. The reality is, with this movement comes a new paradigm in perimeter security. Major cloud providers leave network security to the Enterprise and don’t offer any more capability than security groups or SLB endpoints. A natural [&hellip

Read More...

In my last post, I came up with a solution to run anycast DNS locally within a LAN. This next post extends that concept to provide anycast DNS services across a WAN using BGP on Windows Server 2012 R2. I didn’t personally try it on non-R2 versions as the author of the powershell script said it only worked on R2. The configuration was simple and straight-forward — took only a few minutes. As with the other approach – the first pre-requisite is to add the Route and Remote access role within Windows Server. Again, the only option I had to turn on when I enabled routing and remote access was the “Custom / LAN routing” option. After enabling the feature, it was necessary to edit [&hellip

Read More...

My home wireless gateway the D-Link DWL 7700AP apparently only supports one DNS server when it is the DHCP server. It also doesn’t function properly for certain clients (IPhones specifically) when it forwards DHCP requests to another device on the network. So, I’ve been living with having one DNS server specified — which works fine except when your DNS server crashes or needs to undergo maintenance. So, I came up with a way to have a local anycast DNS server using Windows Server 2012 and a Juniper SRX210 (my home gateway router). The first step is to install a loopback interface that will be assigned the anycast address. In my case, I used 1.1.1.1. I gave it a /32 subnet mask, a default gateway of the server’s [&hellip

Read More...


Warning: file_get_contents(/opt/httpd/sites/rickmayberry.com/gpslogger.txt): failed to open stream: No such file or directory in /var/sites/rickmayberry.com/wp-content/plugins/google-maps-widget/google-maps-widget.php on line 150