Security

Domain Controllers “Grayed out” in SCOM 2012

Posted on

I did a few new SCOM 2012 installs recently and noticed that after pushing the agent to the DCs, they showed up grayed out in Ops Manager. Here’s a quick tip on how to fix that.

Logon to the DC(s), and with an administrative comand prompt run the HSLockdown tool, and add the local system account to the allowed group.

C:\Program Files\System Center Operations Manager\Agent:

agent

 

Run the command “HSLockdown /L” to show what accounts are being allowed or denied. In this case, my local system isn’t even populated.

 

L

 

 

Now run the HSLockdown tool again with the add switch to allow local system.

“HSLockdown /A “NT AUTHORITY\SYSTEM”

add

 

Restart the agent with “net stop heathagent && net start healthagent” and give it 5 minutes or so then it should be all green in your dashboard.

 

Hope this made your day at least a little easier!

 

Decrypting HTTPS (SSL/TLS) Tunnels Using Fiddler

Posted on

A few days ago the phone rings, I get an ear-full about how some application isn’t working correctly and how it’s all the network’s fault and the repercussions of this outage will possibly cause so much damage that the world will start turning…the OTHER DIRECTION. Unfortunately for us IT Professionals, this is all too common of an occurrence. Nonetheless, I jumped in to see what I could do. I had never seen this application before so I had to start troubleshooting from the ground up. Very quickly I noticed it was running (or supposed to be running) over web protocols, so I whipped out the handy-dandy wireshark to get a look. Hm…it establishes a TLSv1 tunnel and shoots all the data at the server that way. Well, the Apps team was no where to be found so I had to find out what was moving across the wire here to figure out the issue. This is where fiddler comes in to play *Trumpets Fanfare*.

Fiddler is a fantastic little tool that does different things with packet captures and things of the sort. For this blog, I want to talk about its’ ability to man in the middle your own machine to provide visibility into an encrypted tunnel. Lets do a little demonstration here.

I’ve done a quick search in on bing, using HTTPS — thing fancy here at all.

encrypted_search_browser

 

 

I started fiddler prior to performing the search above, and this is what it shows up with, a whole bunch of nothing. Tunnel Tunnel Tunnel Tunnel…dang security.

fiddler_encrypted

 

 

Alas, fiddler has an option to man in the middle yourself and decrypt the tunnel! Just go to Tools > Fiddler Options > HTTPS > and check the box that says “Decrypt HTTPS traffic”. I chose browsers only for this demonstration, though you can do all traffic for other uses and applications.

select_decrypt

 

 

It lets you know that you’re doing something that defies the laws of CAs.

scary_rootcert

 

Now here we go, re-launch the browser and go to https://bing.com, it throws a security error stating that the certificate is untrusted.

untrusted

 

For this to work, you will need to add the exception, if you view the cert you can see that it was assigned to fiddler, when it’s clearly stating that it is for bing.com

cert_fiddler

 

Once that is all excepted, you can do the same search we did before — plain and simple.

encrypted_search_browser

 

Back to Fiddler, and ta-da! Congratulations, you’ve bypassed the security of your own data and now have visibility into the tunnel.

viewing_encrypted

 

 

That’s it, very simple. You can view inside your SSL/TLS tunnel using fiddler in just a few simple steps. Side note, I was able to use that to determine what was happening on the wire for my application failure and was able to remedy the failure.

 

I hope I’ve made your day at least a little bit easier!

 

 

5 free security tools for testing Windows

Posted on

One of the things you often find yourself thinking is, hmm…I should probably test my windows machines for security flaws, right? I’ve decided to share some very good tools for testing security from basic button clicking to advanced security testing.

As it relates to Windows-based computers, there are seven general types of security testing tools. These are:

  1. Port scanners
  2. Network/OS vulnerability scanners
  3. Application/database vulnerability scanners
  4. Password crackers
  5. File searching tools
  6. Network analyzers
  7. Exploit tools

All of these types of tools can and should be used when performing penetration tests, vulnerability assessments, and security audits on your Windows systems.

For the most part with security tools, you get what  you pay for. There are, however, a handful of free tools that are a solid choice.

Super Scan v3:  Very fast and easy to use port scanner that can find live systems, look for open ports and running services, grab banner information including software versions.

superscan

http://www.mcafee.com/us/downloads/free-tools/superscan3.aspx

 

 

SoftPerfect Network Scanner:   Maps MAC addresses to IP addresses which can help you locate rogue wired and wireless systems.

softperfect_network_scanner_network___internet_trace___ping_tools-18961

http://www.softperfect.com/products/networkscanner/

 

– WebFingerPrint:   Windows enumeration tool that can ferret out patch levels, NetBIOS information, user information, and more.

winfingerprint_1

http://winfingerprint.sourceforge.net/

 

Microsoft Baseline Security Analyzer:  Checks your local machine to identify missing security updates and common security misconfigurations.

 

Microsoft-Baseline-Security-Analyzer

 

http://www.microsoft.com/en-us/download/details.aspx?id=7558

 

– Metasploit:  A great tool to exploit those Windows-based vulnerabilities that other tools find, for advanced users only.

metasploit2

 

 

http://www.metasploit.com/free-download/

 

 

 

As you build your compilation of security testing tools over time, you’ll find that there is no one best tool. Keep in mind that security tools are not the “easy button” for finding security vulnerabilities. That’s where Operating System, Application, Networking Knowledge, and most importantly, experience will come into play.

 

Where tools are required, you’ll see that the ones that are more specialized in finding specific types of vulnerabilities will provide you with the best results. It all comes down to personal preference and how comfortable you feel using each tool, but in the end your goal should be to find the greatest number of vulnerabilities, exerting the least amount of work, in the shortest amount of time. Get to know the tools on this list, use them consistently and you’ll be well on your way to a storm of work that you never thought you had before ;).