Everybody knows about free Windows System Update Service/WSUS. But i feel this service needs some extra explanations, recommendations for newbie sysadmins.
At first why do you need it? – briefly: for security and to fix software glitches. Proper and in time hotfixing/patching has paramount importance for security (maybe even more important than to have weak antivirus, IDS/IPS, firewall and other standard protection measures, which also should be regularly updated) If your health is bad or even if you are close to die then just screening from hackers will not help you. The weaker you are the more expensive protection, … Read the rest
In May 2017 Intel publicly confirmed the vulnerability in own firmware for vPro/AMT.
To download and patch such computers from Dell use links inside the PDF file from following link.
But as i mentioned in my linkedin post it’s possible to protect even noname computers (without updated BIOS) with compromised ME firmware — implementing SSL/TLS certificates for mutual authentication. In this post i will show how it can be done.
At first let’s consider that
- you know that your computer supports vPro/AMT, ME version, you know AMT type (ISM or full AMT and so on)
- you already use intel
… Read the rest
Let’s Encrypt free certificates are very useful for Microsoft web servers, MS Dynamics Nav web client access, Exchange and Lync/Skype for business external accesses and so on (better to use it with windows ACME clients for auto prolongation of certificate)
But if you have problems with publishing 80/443 port of your web server (conflict with router admin port, or maybe even server is not in public Internet access and so on, maybe you should configure manually Let’s encrypt SSL for your testing environment)
1. go to https://zerossl.com
Certbot/ACME clients use “HTTP verification”. We will in this post use … Read the rest
In the previous post i recommended for non-critical web services to start using free certificates from “Let’s encrypt”.
Many people refuse to use this kind of certificates thinking that it’s not good enough and moreover it’s only for 3 months and that it would be annoying to prolong it manually each 3 months and not forget about it. As for “not good enough” – even if you don’t trust free SSL certificates for web server authentication it’s always better to have enabled SSL than to go without SSL – at least channel will be encrypted (unlike free self-signed certs which … Read the rest
Microsoft stopped the support for XP, but for WannaCry attack they made exclusion:
If you have too many XP as a pos stations you can use registry hack to enable again Windows Update for extra 5 years.
… Read the rest
Sometimes temporary, moreover free VPS hosing for 1 year is great and generous opportunity. Usually it’s very handy for testing (for example to install linux, configure lamp, wordpress, 2fa, freeSSL, plugins and so on ), web development, personal blogs, short-term projects like election events and so on.
Amazon Web service suggests a such ‘halyava’ for whole 1 year. Just be VERY careful to not trespass limits of free tier (for example AWS automatically has done EBS snapshots during import of my vmware ova to AWS AMI and later on to free tier instance — although 09 cents were generously forgiven … Read the rest
Have you ever lost access to your linkedin, microsoft, skype, yahoo, twitter, facebook IDs? Do you know what pain is it to restore access? If the answer is yes, then you know what i mean. #2fa is what you need.
There are a lot of hardware and software keyloggers to steal your credentials (username and password). In this article i am going to give you some initial recommendations how to protect your internet accounts.
The most widespread type is surely software keyloggers inside various viruses and other malware, so good antivirus is first defensive line. Just don’t relax too early, … Read the rest