Blog (at) Mreza.Info

How do you backup EFS certificates?

I personally use this method from command line:

cipher.exe /x

Simple a? :)

And warning. Store this backup certificate to safe (also physical safe) place!!!

EFS (Encrypted File System) is a built in feature in Windows 2000, XP and 2003 that allows users to securely encrypt files and folders. But you can change encryption algorithm if needed.

By default EFS use the DESX algorithm for encryption in Windows 2000 and Windows XP. In Windows XP SP1 and Windows Server 2003 default encryption algorithm is Advanced Encryption Standard (AES) using 256-bit key. For users requiring greater symmetric key strength with a FIPS 140-1 compliant algorithm, the 3DES algorithm can be enabled in Windows XP and Windows Server 2003. This can be done via GPO or registry.

When enabling 3DES using Group Policy both IPSec and EFS will use the 3DES algorithm. If you change this in registry changes will aplay only to EFS. Find the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS

Create a new REG_DWORD named AlgorithmID and set the HEX value to 0x6603. After rebooting computer it will use 3DES instead of DESX or AES. Recommended and most secure algorithm is AES in this case. Stay away from 3DES or DESX. [:P]

Today I spent some time playing arround Windows Vista Beta 2. There is one interesting thing that i found out. It has ASLR (Address Space Layout Randomization) and it is turned on by default. It is a great against defense against buffer overrrun exploits called address space layout randomization. This defense is of course not a replacement for insecure code but it is indeed a usefull in Mult-Llayered defense. So remote exploitation of overflows has just got a lot harder.

So what is ASLR?

Address space layout randomization (ASLR) is a computer security feature which involves arranging the positions of key data areas, usually including the base of the executable and position of libraries, heap, and stack, randomly in a process' address space. This hinders some types of security attack by preventing an attacker being able to easily predict target addresses, for example attackers trying to execute return-to-libc attacks may find it harder to locate the code to be executed. Several security systems implement ASLR, notably OpenBSD and the PaX and Exec Shield patches for Linux.

ASLR relies on the low chance of an attacker guessing where randomly placed areas are located: the odds are 1 / 2b, where b is the number of bits of entropy used to determine the position of the data area. In many systems, 2b can be in the thousands or millions; on modern 64-bit systems, these numbers typically reach the millions at least. Some systems implement Library Load Order Randomization, a form of ASLR where the order in which libraries are loaded is randomised. This leaves libraries at unpredictable positions: the chances of an attacker correctly guessing the location of a library is 1 / n, where n is the number of libraries loaded.

I changed engine and look of my blog... Hope you like it.

Exchange 12 uses Active Directory sites as a basis for choosing which servers to communicate with directly. What that means? When running native Exchange 12 organization no additional routing configuration is required. It automatically routes with minimal hops (shortest path between the source and destination). Each Active Directory site is considered a hop.

If no Bridgehead servers whithin site are available due to temporary network outages, mail will be queued at the point of failure. To avoid this kind of failures deploy multiple Exchange 12 Bridgehead servers whitin site. In this configuration mailflow between the Bridgehead and Mailbox servers is automatically load balanced by default. If one Bridhead server is unavailable (due failure or maintance) failover to other Bridgehead servers is automatic by default.

In march, Cisco will introduce the next release of Call Manager (version 5.0) at the VoiceCon show. Lots of changes are to be expected, including support for Linux in addition to Windows Server, and finally support for SIP clients.

Call Manager is the only major IP PBX to not offer SIP client support. Cisco has offered SIP trunking and offers a SIP proxy server for the carrier market, but has no such offering for the enterprise.

Cisco's SIP adoption may well address at least some of those problems. With SIP support, clients will be able to carry rich presence, reflecting various states and not just whether they’re online. Mobility will also be enhanced as next generation mobile services use IM, which is SIP based.

Does that mean end to SIP proxy (gateway) devices between Live Communication Server 2005 SP1 (LCS2005 SP1) and Cisco Call Manager (CCM)?

This time I was at ID&T Innercity, the biggest and finest Holland indoor music festival! ;) This year they changed concept of party. This year main theme was music and not fancy show (Las Vegas,...)! Great party with touch of "underground" music!

More pictures can be found at my gallery - Cybershoot.NET - Innercity 2005, Amsterdam RAI

;-)

In celebration of 15 years of the World Wide Web, CNN has compiled its list of the 10 greatest moments of the web's first 15 years of existence. In 1990, Tim Berners-Lee launched the World Wide Web, a multimedia branch of the Internet.

March 1989
    First project proposal written and circulated for comment (TBL) . Paper "HyperText and CERN" (in ASCII or WriteNow format) produced as background.
October 1990
    Project proposal reformulated with encouragement from CN and ECP divisional management. RC is co-author.
November 1990
    Initial WorldWideWeb prototype developed on the NeXT (TBL) .
November 1990
    Nicola Pellow joins and starts work on the line-mode browser . Bernd Pollermann helps get interface to CERNVM "FIND" index running. TBL gives a colloquium on hypertext in general.
Christmas 1990
    Line mode and NeXTStep browsers demonstrable. Acces is possible to hypertext files, CERNVM "FIND", and internet news articles.

We all remember Netscape vs. Microsoft Internet Explorer war, Hotmail offering free e-mail, Yahoo!, eBay, Amazon and of course Google! Probably i forgot some of the important factors in todays World Wide Web. ;-)

Microsoft has announced Windows Server 2003 R2 today!

Windows Server 2003 R2 includes Windows Server 2003 SP1 and several new components. It will be available in Standard, Enterprise, Datacenter, Small Business Server and Storage Server editions for x86 and x64.

Components new or updated in R2 include:

• Branch office framework
• Completely redesigned Distributed File System that is more scalable than its predecessor, File Replication Services.
• Remote Differential Compression.
• Print Management Console with new richer view of network printer toplogy.
• Enhanced DFS Namespaces UI
• File Server Resource Manager
• Active Directory Federation Services to share identity over federation trusts.
• Active Directory Application Mode (ADAM)
• Windows Sharepoint Services v2 SP2
• .Net Framework v2
• MMC 3.0 with relibaility enhancements and Whidbey snap-in authoring.
• Subsystem for Unix Applications - Interix Subsystem.
• Unix Identity Management with AD & NIS interoperability.
• Network File System with Unix interoperability.
• Quota Management with directory quotas, storage reports, and file screening.
• Simple SAN Management which allows easy setup and management of simple SAN configurations.
• Common Log File System with ARIES logging support.
• New roles : Sharepoint, File Server Role, and Print Server

Links:

• Introducing Windows Server 2003 R2
• Find out what's new in Windows Server 2003 R2
• Download trial version Of Windows Server 2003 R2

This is actually old news now, but at the Microsoft IT Forum 2005, Microsoft confirmed rumors that Exchange 12 will be 64-bit only.

Some quick facts:

• Most of the server-class hardware that is shipping today is already capable of running Microsoft Windows 2003 64-bit
• The initial performance testing on the early versions of Exchange 12 running on 64-bit hardware found a 75% performance improvement in I/O when compared with the 32-bit version
• Exchange 12 will probably be available in 2007. By that time, most organizations will upgrade hardware to 64-bit. Usually organizations upgrade their hardware when upgrading to a never version of Exchange Server.
• The announcement now will ensure that 3rd party vendors (antivirus, backup,...) get their 64-bit products ready
• Little off-topic: Exchange 2003 has been awarded Common Criteria Certification EAL 4. The Microsoft commitment to Security is directly reflected in the successful effort to design Exchange Server 2003 to meet and exceed the EAL4 security requirements specified for commercially available systems. More information about EAL4 can be found here.