We understood that the problem was not with the mssql.domain_name link but the virus alert only happened after click on ASP .NET Enterprise Manager, Recomended this site. And the link was:

www.referralplanet.com/referral/windows/referralWindow.asp?id=17

Since the site was not hosted with us we had a sigh of relief that the problem is not with the server however we thought we still have a security problem if the link has been injected into ASP .NET Manager site in IIS, may be due to a security issue with Plesk control panel. And after checking several servers we came to know that the problem has happened to the site that is recommended on MSSQL Webadmin site and not the server.

If you want to remove this link from your server as well as from the MSSQL WebAdmin site then follow the steps below:

1. Login into the server through RDP with Administrator user.
2. Go to D:\inetpub\vhosts\sqladmin\mssql\app
3. Open the navbar.aspx page in notepad
4. Go to line number 119 and remove the code below:

<!-- Begin ReferralPlanet.com Referral Script -->
<a onclick="refWindow=window.open('http:// www.referralplanet.com/referral/windows/referralwindow.asp?id=18','referralWindow' ,'width=350,height=520,scrollbars=yes,menubar=no,resizable=yes'); refWindow.focus(); return false;" target=_blank href="http:// www.referralplanet.com/referral/windows/referralWindow.asp?id=17">
<IMG alt="Click Here To Tell A Friend" src="images/tellafriend.gif" border=0></A>
<!-- Begin ReferralPlanet.com Referral Script -->

5. Save the file and exit.

This problem must have infected millions of computer in the world. Let see when chinese hacker stop putting their shit on other’s website and get mature.

We read allot of articles on how one can use MRTG as an Intrusion detection tool or to creating traffic graph for a particular network subnet or a single IP address on Linux platform with Apache web server. But we find very few that allow us to have graphs on Windows Dedicated server with IIS Web Server.

Here are some steps that can be used to create graphs on Windows Dedicated server with IIS as the web servers. And there is no need to take all the efforts to configure MRTG as we can simply have graphs with the use of logparser and the RRDtool from Tobias Oetiker and you can use the RRDtool perfectly without the rest of MRTG.

Logparser

Logparser is a great free tool from Microsoft. It is written by Gabriele Giuseppini a Software Design Engineer from the test department. The first version of logparser was an internal testing tool inside Microsoft. Version 2 was made publicly available at the website, version 2.1 was a part of the IIS resource tools kit and version 2.2 was made available in January 2005.

Here is a brief introduction how logparser works:

Logparser need three things, an input format, an output format and a sort of SQL query. The SQL query is a dialect of SQL.

There are few very interesting articles on Microsoft’s website, one written by the Author himself:
How to use Logparser
Another one from Scripting Guys:

The article from the scripting guys shows you how to use the logparser directly in a script with a com object.

You can download Logparser from the link below:
DOWNLOAD LOAGPARSER

The above download has portable help file in the application directory. This help file give you the parameters of all the properties of the logparser.
There is also an unofficial website specially for logparser:
www.logparser.com

About RRDtool.

What is the RRDtool:

The RRDtool or Round Robin Database tool is a tool that can store date in a database and create graphs with it. The really great thing about RDDTool is that the database does not growing. It will stay almost the same size as when it was created.

On the RRD website
RRDTool Website
there are some really good tutorials, and it is recommended to read them before you use the RRDtool.
From this website you can also download the RRDtool, the only problem is that you need to compile it but if you download it with the MRTGbundle from the link below, it has a completed version of the RRDtool in the packet. If you unpack the MRTGbundle, you can copy the RRDtool directory to your scripting directory or your application directory and start using it.
DOWNLOAD RDDTool Compiled Version

Create Database.

Before you can use the RRDtool you need to create the database.
The link below has all the information on how and why to create a database along with the parameters.
How to create a database
Parameters

You can also use a script to do that.


‘#start script.
Set WshShell = WScript.CreateObject("WScript.Shell")
strCMD = ".binrrdtool.exe create Eservicing.rrd"
strCMD = strCMD & " --start N "
strCMD = strCMD & " -s 300"
strCMD = strCMD & " DS:Hits:GAUGE:600:0:2000000"
strCMD = strCMD & " DS:Error400:GAUGE:600:0:2000000"
strCMD = strCMD & " DS:Error500:GAUGE:600:0:2000000"
strCMD = strCMD & " RRA:AVERAGE:0.5:1:288"
strCMD = strCMD & " RRA:AVERAGE:0.5:2:2016"
strCMD = strCMD & " RRA:AVERAGE:0.5:4:2232"
strCMD = strCMD & " RRA:AVERAGE:0.5:12:8760"

WshShell.Run strCMD
‘#end script.

Here is an explanation of every command in the script:

Set WshShell = WScript.CreateObject("WScript.Shell")
This line create a shell object you need to run the RRDtool .
In the next 10 lines I create the command line that I run in the last line.

strCMD = ".binrrdtool.exe create Eservicing.rrd"
this starts the RRDtool with the create function and give the name of the database.

strCMD = strCMD & " --start N "
–start set the start time of the database and N is the current time. The RRDtool works with Unixtime, this are the seconds from 1 January 1970.

strCMD = strCMD & " -s 300"
-s is the seconds between a database update.

strCMD = strCMD & " DS:Hits:GAUGE:600:0:2000000"
strCMD = strCMD & " DS:Error400:GAUGE:600:0:2000000"
strCMD = strCMD & " DS:Error500:GAUGE:600:0:2000000"
with this three lines I create three data sources. DS stands for data source, Hits is the name of the data source GAUGE is one of the four type’s of data sources, 600 are the seconds between the records if there is no input after 600 the value is NULL, 0 is the minimum value of the record and 200000 is the maximum value.

strCMD = strCMD & " RRA:AVERAGE:0.5:1:288"
strCMD = strCMD & " RRA:AVERAGE:0.5:2:2016"
strCMD = strCMD & " RRA:AVERAGE:0.5:4:2232"
strCMD = strCMD & " RRA:AVERAGE:0.5:12:8760"
this four lines create four Round Robin Archives. RRA stands for Round Robin Archive, AVERAGE is one of the four consolidation functions, 0.5 is the consolidation interval, 1 is the number of data sources that are consolidate in one record in the Round Robin Archive. If every 600 seconds a DS is created and the value is 4 instead of 1 every 2400 seconds there will be a record add to the archive, the last value is the number of records the archive contains.
The first line create a Round Robin Archive with a consolidation interval of 0.5. every data source gets a record in the archive and the archive is 288 records long.

WshShell.Run strCMD
And with this line the command is executed.

Update database.

With the next script we use logparser to evaluate the logfile from a IIS server. We can run this script every 5 minutes. To write the results in RRD database.

‘#start script
Const ForReading = 1, ForWriting = 2, ForAppending = 8
'-------------------------------------------------------------------------
LogDir = "serverd$logsyswwwsiteW3SVC1"
Set WSHShell = CreateObject("Wscript.Shell")
Set fso = CreateObject("Scripting.FileSystemObject")
Set objLogParser = CreateObject("MSUtil.LogQuery")
Set objDictIISlogslist = CreateObject("Scripting.Dictionary")

Dim strDate
Dim count
Error400 = 0
Error500 = 0
‘————————————————————————-
Main
‘————————————————————————-
‘————————————————————————-
Sub Main
Call MakeStrDate
Call GetUniqueHits
Call GetStatus
Call UpdateRRD
End Sub
‘————————————————————————-
‘ —————————————————————————-
Sub MakeStrDate
strMonth = Month(Now)
If Len(strMonth) = 1 Then
strMonth = “0″ & CStr(strMonth)
End If
strDay = Day(Now)
If Len(strDay) = 1 Then
strDay = “0″ & CStr(strDay)
End If
strYear =Right(Year(Now),2)
strDate = strYear & strMonth & strDay
End Sub
‘ —————————————————————————-
‘————————————————————————-
Sub GetUniqueHits
Set objInputFormat = CreateObject(“MSUtil.LogQuery.IISW3CInputFormat”)
objInputFormat.recurse = -1
objInputFormat.iCheckPoint = strDate & “.lpc”
strQuery = “SELECT count(*) as UniqueHits FROM ‘” & _
LogDir & “ex” & strDate & “.log’”
Set objRecordSet = objLogParser.Execute(strQuery, objInputFormat)
Do While Not objRecordSet.AtEnd
Set objRecord = objRecordSet.GetRecord
count = objRecord.GetValue(“UniqueHits”)
objRecordSet.MoveNext
Loop
End Sub
‘————————————————————————-
‘————————————————————————-
Sub GetStatus
Set objInputFormat = CreateObject(“MSUtil.LogQuery.IISW3CInputFormat”)
objInputFormat.recurse = -1
objInputFormat.iCheckPoint = strDate & “Error.lpc”
strQuery = “SELECT sc-status , COUNT(*) as Hits FROM ‘” & LogDir & “ex” & strDate & “.log’ WHERE sc-status > 399 GROUP BY sc-status ORDER BY Hits DESC”
Set objRecordSet = objLogParser.Execute(strQuery, objInputFormat)
Do While Not objRecordSet.AtEnd
Set objRecord = objRecordSet.GetRecord
If objRecord.GetValue(“sc-status”) > 399 And objRecord.GetValue(“sc-status”) < 500 Then
Error400 = Error400 + objRecord.GetValue(“Hits”)
End If
If objRecord.GetValue(“sc-status”) > 499 And objRecord.GetValue(“sc-status”) < 600 Then
Error500 = Error500 + objRecord.GetValue(“Hits”)
End If
objRecordSet.MoveNext
Loop

End Sub
‘————————————————————————-
‘————————————————————————-
Sub UpdateRRD
strRun = “.binrrdtool update Eservicing.rrd N:” & count & “:” & Error400 & “:” & Error500
X = WshShell.Run(strRun,0,True)
End Sub
‘————————————————————————-
‘#end script

We will not explain this script line by line as it is a pretty simple script.

Creating a Graphic with the RRDtool.

With the next script I create a graphic with the RRDtool.

Set WshShell = WScript.CreateObject("WScript.Shell")

strCMD = “.binrrdtool graph .graphintranetNLweek.gif”
strCMD = strCMD & ” –start N-1w –end N”
strCMD = strCMD & ” –vertical-label ” & Chr(34) & “Hits ” & Chr(34)
strCMD = strCMD & ” –title INTRANET”
strCMD = strCMD & ” DEF:Xhits=.databaseintranetNL.rrd:Hits:AVERAGE”
strCMD = strCMD & ” DEF:Xerror400=.databaseintranetNL.rrd:Error400:AVERAGE”
strCMD = strCMD & ” DEF:Xerror500=.databaseintranetNL.rrd:Error500:AVERAGE”
strCMD = strCMD & ” LINE2:Xhits#FF0000:” & Chr(34) & “Hits” & Chr(34)
strCMD = strCMD & ” LINE2:Xerror400#00FF00:” & Chr(34) & “400 Errors” & Chr(34)
strCMD = strCMD & ” LINE2:Xerror500#0000FF:” & Chr(34) & “500 Errors” & Chr(34)

WshShell.Run strCMD

You will make a note of 2 important thing in this script:
1. The DEF line: this line defines the Data Sources you use.
2. The LINE2: This defines the line in the graphic.

Software Requirements

•    Microsoft Windows Server 2003 Enterprise Edition or Windows Server 2003 Datacenter Edition installed on all dedicated servers in the cluster.
•    A name resolution method such as Domain Name System (DNS), DNS dynamic update protocol, Windows Internet Name Service (WINS), HOSTS, and so on.

•    An existing domain model.
•    All nodes must be members of the same domain.
•    A domain-level account that is a member of the local administrators group on each node. A dedicated account is recommended.

Hardware Requirements

•    Clustering hardware must be on the cluster service Hardware Compatibility List (HCL). To find the latest version of the cluster service HCL, go to the Windows Hardware Compatibility List at http://www.microsoft.com/hcl/, and then search for cluster. The entire solution must be certified on the HCL, not just the individual components.

•    Two mass storage device controllers—Small Computer System Interface (SCSI) or Fibre Channel. A local system disk for the operating system (OS) to be installed on one controller. A separate peripheral component interconnect (PCI) storage controller for the shared disks.
•    Two PCI network adapters on each node in the cluster.
•    Storage cables to attach the shared storage device to all computers. Refer to the manufacturers instructions for configuring storage devices..
•    All hardware should be identical, slot for slot, card for card, BIOS, firmware revisions, and so on, for all nodes. This makes configuration easier and eliminates compatibility problems.

Network Requirements

•    A unique NetBIOS name.
•    Static IP addresses for all network interfaces on each node.
•    Access to a domain controller. If the cluster service is unable to authenticate the user account used to start the service, it could cause the cluster to fail. It is recommended that you have a domain controller on the same local area network (LAN) as the cluster is on to ensure availability.
•    Each node must have at least two network adapters—one for connection to the client public network and the other for the node-to-node private cluster network. A dedicated private network adapter is required for HCL certification.
•    All nodes must have two physically independent LANs or virtual LANs for public and private communication.
•    If you are using fault-tolerant network cards or network adapter teaming, verify that you are using the most recent firmware and drivers. Check with your network adapter manufacturer for cluster compatibility.

Shared Disk Requirements:

•    An HCL-approved external disk storage unit connected to all computers. This will be used as the clustered shared disk. Some type of a hardware redundant array of independent disks (RAID) is recommended.
•    All shared disks, including the quorum disk, must be physically attached to a shared bus.
•    Shared disks must be on a different controller then the one used by the system drive.
•    Creating multiple logical drives at the hardware level in the RAID configuration is recommended rather than using a single logical disk that is then divided into multiple partitions at the operating system level. This is different from the configuration commonly used for stand-alone servers. However, it enables you to have multiple disk resources and to do Active/Active configurations and manual load balancing across the nodes in the cluster.
•    A dedicated disk with a minimum size of 50 megabytes (MB) to use as the quorum device. A partition of at least 500 MB is recommended for optimal NTFS file system performance.
•    Verify that disks attached to the shared bus can be seen from all nodes. This can be checked at the host adapter setup level. Refer to the manufacturer’s documentation for adapter-specific instructions.
•    SCSI devices must be assigned unique SCSI identification numbers and properly terminated according to the manufacturer’s instructions.
•    All shared disks must be configured as basic disks.
•    Software fault tolerance is not natively supported on cluster shared disks.
•    All shared disks must be configured as master boot record (MBR) disks on systems running the 64-bit versions of Windows Server 2003.
•    All partitions on the clustered disks must be formatted as NTFS.
•    Hardware fault-tolerant RAID configurations are recommended for all disks.
•    A minimum of two logical shared drives is recommended.

This applies to all versions of Windows 2003 and Windows 2008 and also to Vista and XP Professional. This problem normally occurs to our client with Dedicated Server hosting. So I thought I will create a check list to make their hosting service a bit easy.
Yes, you will need physical access to the machine to check this, it is obvious that you will not be able to check this problem unless you have remote access to the server. These steps can only be performed if you have physical access to the dedicated server or through a Keyboard-Video-Mouse [KVM]. So there we go:

* First thing that you need to check is whether the Remote Desktop Console [RDC] is enabled on your server.
Go to Desktop >> My Computer >> Properties >> Remote Tab
Check the box for “Enable Remote Desktop on this computer” and click OK.

* If the above option is enabled then make sure that the user which you are using to connect the server remotely is added in the “Remote Desktop users” group. Administrators are normally added in the group. This can be confirmed from with the steps below:
Go to Desktop >> My Computer >> Mange
Expand Local Users and Group >> Select Group.
Double click on “Remote Desktop Users” Group and make sure that the user is added in here.

* If both the above settings are correct then you need to make sure that TCP port 3389, which is the default port for RDC is enabled in the firewall of the machine that is used to RDP the server. Vise a verse make sure that the server firewall also has this port added in the exception. The best way to check this is:

First make sure that the server listens to telnet, try telnet of any other port which you are sure is working on the server like port 80 or 25. The command would be:

TELNET ip_address 25

If this works then try telnet on port 3389.

TELNET ip_address 3389

* If the telnet is not working then there are several possibilities, it can be the firewall on your machine or the firewall on the server tha is blocking the port. It can also be the case that Terminal Server Service did not start for some reasons. Or in a very rare situation it could be that the RDP port has been changed by some one. We will rectify all the possibilities one by one:

* Check the firewall on your machine or just shut the firewall down and then try the telnet again.

* If you have Windows Firewall then make sure that Remote Desktop is added in Exception.
Goto Start >> All Programs >> Control Panel >> Windows Firewall
If you have a third party firewall your dedicated server then just disable it and try the telnel option.

* If that is not the firewall issue make sure that Terminal Server Service is set to Automatic and is running. This server depends on Remote Procedure Call Service and you get errors while starting the server and you will need to trouble shoot the problem. If the server is terminating unexpectedly then make sure that the Hardware profile of the server is set to “Enable”:

* Sometimes client with Windows Dedicated Hosting package change the RDP port of their server and forget it, the steps below can be used for checking the RDP port as well as changing it as well, these steps will require to make changes in Registry hence it is recommended to backup the registry before following these steps:

Goto Start >> Run
Type: regedit to open the registry editor MMC
Expand to the Key:
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp]
Modify the value for Key “PortNumber”
Change Base to Decimal

Change Value data to the port your desire for your Dedicated Server
Click OK
Reboot the Machine.

Once the machine is online you will have to define your the port to connect your Dedicated Server remotrly
ip_address:port_number
10.10.10.52:3362

Recently I’ve seen people having issues with certain devices attached via USB to their thinking machines… Issues that included, Spyware, Malware, Viruses.. ugh, many more.. Wouldn’t it be good to disable these unwanted creepy devices when on a shared/public windows  machines? Ok, follow these steps & get yourself a bit secured.

This can be implemented on your local Windows Machine or on the Windows Dedicated servers, please make sure to backup the Windows registry before following these steps. As making incorrect changes in Windows registry can make the system unbootable.

Search for the following keys in your registry to disable each of them respectively or as per your requirement.

SYSTEMCurrentControlSetServices

Notice the value ‘Start‘, this should be 3 by default [3 = enabled]. Switch this value to 4 [4 = disabled], and USB storage devices are disabled. To re-enable the device switch this value to 3.

To disable USB ports:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesUsbStor

To disable CD-ROM drive:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicescdrom

To disable Floppy drive:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesflpydisk

To disable a High Capacity Floppy Drive:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicessfloppy

Once done, you’d need to reboot your machine for the changes to come into effect. That is it

There are 3 types of problems with site preview in Plesk:

1. Site Preview in Windows Plesk will show 404 Page Not Found error
2. Site Preview in Windows Plesk will show Plesk Default page.
3. SitePreview will ask for user name and password.

We will troubleshoot each problem with site preview one by one.

1. Site Preview in Plesk will show 404 Page Not Found error.

Cause: This happens if the sitepreview ISAPI DLL is not loaded correctly in IIS web server.

Troubleshoot steps:
a. First check if a the Virtual folder with the name sitepreview is create in IIS Default Web Site. If it is not created then create it without the application pool and map it to folder “%plesk_dir%isapi”, same as in image below.  Also Make sure that Executable Permissions are set to “Scripts And Executables”

b. Make sure that the Site preview ISAPI DDL is Allowed in Web Exteniosn and look like in image below, if not then Add it in Plesk Extensions.  

c. Also make sure that the Site Preview ISAPI DLL has been loaded with green Arrow in IIS >> Web Site >> Right click >> Properties >> ISAPI Tab. like in the figure below. If it is not loaded then just click on the Add button and browser through “%plesk_dir%isapisitepreview.dll” and restart IIS.

d. If you have IIS7 on Windows 2008 Server then make suer that you have Plesk Site Preview DLL added in IIS >> Click on Server >> IIS Group >> ISAPI Filters.

2. Site Preview in Plesk will show Plesk Default page.

Cause: Related to IP configuration on the server.

Troubleshoot steps:

a. Please fo through all the steps in problem one for this. However the only reason for this problem that I have found is main IP address of the server. Just make sure that you have alleast one site added on the main IP address of the server. To know the main IP address of the server Go to START >> Control Panel >> Network Connections >> Right click on main network adapter >> Click on Properties >> Select TCP IP >> Properties. The IP address list in this windows as IP address is the main IP address of the server. Just make sure that you have atleast one site hosted on this IP address.

The above solution will also apply is Plesk Site Preview option is working with https prefix butnot with http in URL browser.

3. SitePreview will ask for user name and password for all website.

Cause: Related to Permissions and Security Options.

Troubleshoot steps:

a. First check if the URL work fine with the IP address only:

http://192.168.1.52/

if not then there are permissions issue with the default site and if you are using a dedicated IP address instead of shared IP then the problem is with the permissions of the site that holds the dedicated IP.

b. If step “a” is working then try access the link below:
http://192.168.1.52/$sitepreview/

The above link should get redirected to the IP address and show Plesk default page or index.html page in Default Web site but it is is asking for password then permissions on sitepreview virtual directory is not correct. Make sure that IIS_WPG, NETWORK SERVICE, psaadm, psacln & psaserv has read an execute permissions on the virtual folder, do not forget to inherit the permissions to files in it.

c. If it asks password for only one site then the problem should be either with the website permissions or the file you are accessing it.

I think this should cover all the problems with Parallels Plesk Site Preview problems. But if you still face problem and don’t want to use Site Preview then you have try the HACK below.

WINDOWS HACK TO POINT YOUR SITE TO AN IP WITHOUT CHANGING THE NAME SERVERS.

While I was searching for the solution I found the KB articel on Parallels sites below:

http://kb.parallels.com/en/1147

Where they (Plesk adminstrators) have clearly mentioned that custom permissions set on top level folder like httpdocs, statistics, cgi-bin etc will get reset by Plesk. So I decided to make a test, I manually gave write permissions to httpdocs folder and ran webservmng.exe on it and yes it was removed. Then after allot digging I would that there us a file .Security which is saved under the folder with the domain name (parallel to httpdocs folder), that stores all permissions for that domain.

Before we start please be informed that these steps are applicable to Parallel Plesk version 8.4 and above as .Security file was introduced in 8.4 only.

So here are steps to get around the problem permanently:

1. Backup the .Security file and delete it from [drive]:inetpub/vhosts/domain_name, this file saves all the permissions assigned to that user from Plesk on Windows. Deleting it will remove all the records.

2. After renaming or deleting the . Security file, run this command below:

"%plesk_bin%/websrvmng.exe" --reconfigure-vhost --vhost-name=domain_name

3. This command will create a new .Security file with all default permissions on that domain.

4. Now login into Plesk >> Click on Domains >> domain_name >> File Manager >> httpdocs >> golden padlock of folder_name to set perm on >> “Advance” Button >> Select users >> Assign permissions >> OK.

These steps will save new permissions in .Security file and even if you run websrvmng on that domain again, the new permissions that has been set from Plesk will not get removed. There is no need to add any special group or users like, ASPNET or NETWORK SERVICE to any folder as those permissions are handled by IUSR_ & IWAM_/IWPD_ users.

Any permissions that has been assigned directly to httpdocs folder will get reset by Plesk and if you inherit them to sub folder, permissions from sub folder will also get removed.

So the moral is, DO NOT give any permissions from RDP, use File Manager option if you want to keep the trouble of permissions away.

It would not be the case now as I have listed detailed steps along with the images on how to block IP using the IP security policy in Windows. This option is also available in XP as well as Windows 2003 Server edition.

How to BLock IP Using Windows:

You can either open MMC from START >> RUN >> MMC and add a new Snapin for IP Security policy with steps below:

Click ‘Start’ > ‘Run’ >type ‘MMC’ press ok.
In the console click > ‘File’ > ‘Add/Remove Snap in’
In the ‘Standalone Tab’ click The ‘add’ button
Seclect ‘IP Security Policy Managment’ > ‘ADD’ > ‘Local Computer’ > ‘finish’ > ‘close’ > ‘ok’
You should now be back to the Management console.

OR

Just goto START >> PROGRAMS >> ADMINISTRATIVE TOOLS >> LOCAL SECURITY POLICIES ON LOCAL COMPUTER to open the IP Security Management Console.

1. Select IP Security Policy and Right Click on the right pane to select new Policy. The screen will like an image below:

Figure 1

2. This will open the IP Security Policy Wizard, Just click on Next button.

Figure 2

3. On the Next screen you have to define the name of your IP Security policy and its description and then click Next Button.

Figure 3

4. Plesk uncheck the box for “Activate the default Response Rule” and then click Next Button..

Figure 4

5. On the Next screen remove the check for Edit Properties and Click Finish.

Figure 5

6. Once you click on the Finish Button you will see the screen below along with your rule being added to the list. Now we will create an IP filter list to block IPs.

Figure 6

7. Double click on the rule you have just create to open the properties window:

Figure 7

8. Since we have chosen to uncheck “Activate the default Response Rule” in Step 4 the Dynamic rule in not applied. Click on Add button to open Security Rule Wizard and Click again on Add button to open IP Filter List Wizard.

Figure 8

9. You will have a screen some what in Figure 9. Put in the name of your list and Click on the Add button.

Figure 9

10. This will open another window for you to add IP and ports in the IP Filter list. In the Description box just put in the IP address that you want to block and make sure that you keep the check on the box for “Mirrored. Match packets with the exact appropriate source and destination addresses” and click on the Next button.

Figure 10

11. Select My IP address in the Sources Address from the drop down list.

Figure 11

12. You have many more options to select from the list for both in Sources and Destination Address. You will need some advanced knowledge to work with those option. We will select My IP address for now and click on Next button.

Figure 12

13. In the IP Traffic Destination, select “A specific IP Address” and enter the IP address that you want to block on your machine. Here you can also select a sub net from the drop down and block the entire subnet. Once you finish entering an IP/Subnet, click on Next button.

Figure 13

14. Here in IP Protocol Type you can define the protocol that you want to block, it can be any one from the list for example TCP, UDP, ICMP etc. We will select ANY which mean all connect from a specific IP address. If you select a protocol from the list andclick Next it will ask you to enter the port address that you want to block, example 80 (See Figure 14.2). But since we want to block all ports we will select Any and click Next (Figure 14.1) and then Finish.

Figure 14.1

Figure 14.2

15.  After you click on Finish button you will see that the rule has been added in the IP filter list. If you want to add more IP and subnets then click on the Add button to add another rule or block 2nd IP. Once you finish with it you will have rules as in Figure 15.2.

Figure 15.1

Figure 15.2

16. Once your IP Filter List is complete click on the OK button to get back Security Rule Wizard. Select the IP filter list which you have created by clicking on the radio button and click Next.

Figure 16

17. In the Next screen of Security Rule Wizard you will not see any Filter Action as Block as by default it is not created. We will create a Filter action to block connect by click on Add button.

Figure 17

18. In the Name type “Block” and any discryption you like and click on Next.

Figure 18

19. In Filter Action General options select Block and click Next.

Figure 19

20. And then on Finish to get back to Security Rule Wizard.

Figure 20

21. This will add the Filter option as Block in the list, just click on radio button to select it and click Next.

Figure 21

22. Click Finish to complete the security Rule Wizard.

Figure 22

23. You will see the rule added in the list, you can add more rule with the same steps. Now just click OK to finish with the rules.

Figure 23

24. Now since we have already created the rules to block desired IP address just right click on the IP Security Policy and select Assign to apply the rule on the server.

Figure 24

There are allot many option to secure your entire server with IP security policy. You can create more rules to block every one on RDP port TCP 3389 and allow only select IPs. IP Security is IP and port based application and not Services based and you can create the rule as per your need.

– Backup the Registry of your computer and save it on a safe place.

– Now look for another computer who has the same edition of Windows running on it as that on your computer, along with the Server Pack.

– Backup the below registry key that stores the Service information for Windows Firewall, with the export option:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess

– Restore it on the Computer which has the missing service  and Reboot.

Once the computer it online you will see that the Windows Firewall Service/ICS is back in the list and you should be able to manage it again.

P.S: Restoring the key from a computer which does not match your Windows OS edition or Service Pack would make your system unbootable.

Local Group Policy:
Using local Group Policy involves setting up Group Policy on the local machine.This is not very useful for managing computers on a network. Local Group Policy is configured on the local computer.

Site Group Policy:

Site Group Policy is when the Group Policy object is linked to the site. Site Group Policies can generate unwanted network traffic, so use these only when absolutely necessary.

Domain Group Policy:
Domain Group Policy is when the Group Policy object is linked to the domain.This will apply the Group Policy object to all computers and users within a domain.This is especially useful for enforcing company-wide settings.This is one of the two most commonly used applications of Group Policy.

Organizational Unit:
Group Policy When the Group Policy object is linked to the organizational unit (OU). Organizational unit Group Policy is especially useful for applying a Group Policy object to a logical grouping (organizational unit) of users or computers.

When a Windows Server machine logs on to a Windows AD, any legacy Windows 2000 Group Policies will be applied to and work on Windows Server. The new Windows Group Policy snap-in will work on a Windows 2000 AD as well as Windows 2003.You can use the Windows Group Policy snap-in to connect to any Group Policy object in the Active Directory.You can also create a new Group Policy object using this snap-in. When you connect to a GPO using this snap-in, the ADM files are automatically updated using the newer versions of these files found on Windows XP.

Windows has over 200 policies.These policies are reflected in the new ADM files that are updated on the domain.The Windows admin snap-in shows what policies work on which clients. Best practice in a mixed environment: Use the Latest Windows Group Policy snap-in to administer Group Policy because it will display what policies are supported on what clients.

Group Policy Order

When Group Policies are applied in Windows Server, they are applied in a specific order.This is important to note because the order applied can affect the resulting policy. Group Policy is applied in the following order:

■ Windows NT 4 Policies (if any exist)
■ Windows 2000 Policies
■ Local Group Policies
■ Site Group Policies
■ Domain Group Policies
■ Organizational Group Policy Objects (going from Highest Parent in the chain to lowest)

Additionally, the result of all of the applied policies can be determined by using the Resultant Set of Policy (RSOP) snap-in. More information on this topic is covered later in the “Resultant Set of Policy (RSOP)” section. Figure A.1 shows how Group Policy is applied by different organizational units along with the domain Group Policy.

Certificates are parallel with asymmetric keys in the SQL Server 2005 encryption hierarchy. A certificate is simply a method of using asymmetric encryption. Certificates bind public keys to individuals who hold the associated private key. Certificates use the same RSA algorithm as asymmetric keys; therefore, they are resource-intensive and their use is normally restricted to encrypting other keys. SQL Server contains an integrated certificate authority, which it uses to issue its own selfsigned, and industry standard X.509 certificates. Alternatively, you can import certificates from an external certificate authority.The use of external certificates allows you to use a wider range of key lengths, which can provide enhanced security. Certificates are the most secure way in which to encrypt data natively within SQL Server 2005.You can use the CREATE CERTIFICATE statement to create a certificate within SQL Server 2005.

The common syntax of the CREATE CERTIFICATE statement is as follows:

CREATE CERTIFICATE CERTIFICATE_NAME [AUTHORIZATION USER_NAME]
{FROM FILE = 'PATH_TO_PRIVATE_KEY'
WITH PRIVATEKEY [, ENCRYPTION BY PASSWORD = 'PASSWORD' |
, DECRYPTION BY PASSWORD = 'PASSWORD']}
WITH SUBJECT = CERTIFICATE_SUBJECT_NAME, |
[START_DATE = MM/DD/YYYY
END_DATE = MM/DD/YYYY]

Here are definitions of the arguments in this syntax:

FILE = PATH_TO_PRIVATE_KEY Specifies the directory and the file name to the private key.
ENCRYPTION BY PASSWORD = ‘PASSWORD’ Specifies the password that will be used to encrypt the certificate private key.
DECRYPTION BY PASSWORD = ‘PASSWORD’ Specifies the password originally used to encrypt the private key.
CERTIFICATE_SUBJECT_NAME A descriptive string that will be embedded into the certificate metadata.
START_DATE Specifies the date in which the certificate becomes valid.
END_DATE Specifies the date in which the certificate expires.

For a full listing of all statement arguments, please refer to SQL Server 2005 Books Online.You will need the CREATE CERTIFICATE permission within the database to create a certificate.The following syntax creates a certificate and encrypts the certificate private key with the supplied password:

CREATE CERTIFICATE Certificate01 ENCRYPTION BY
PASSWORD = '&7YuKj%4@)aSZ@'
WITH SUBJECT = 'Certificate to test encryption',
START_DATE = '8/13/2007',
EXPIRY_DATE = '8/13/2011'

Unlike symmetric and asymmetric keys, certificates can be backed up individually. To back up a certificate, you can use the BACKUP CERTIFICATE statement:

BACKUP CERTIFICATE CERT_NAME TO FILE = 'PATH_TO_FILE'
[WITH PRIVATE KEY
(FILE = 'PATH_TO_PRIVATE_KEY_FILE',
ENCRYPTION BY PASSWORD = 'ENCRYPTION_PASSWORD',
DECRYPTION BY PASSWORD = 'DECRYPTION_PASSWORD')]

Here are definitions of the arguments of this syntax:

CERT_NAME Specifies the name of the certificate to be backed up.
PATH_TO_FILE Specifies the directory path and the filename that will be used for the certificate public key backup.
PATH_TO_PRIVATE_KEY_FILE Specifies the directory path and the filename that will be used for the certificate private key backup.
ENCRYPTION_PASSWORD Specifies the password that will be used to encrypt the certificate private key backup.
DECRYPTION_PASSWORD Specifies the password that will be used to decrypt the certificate private key within the database.

To execute the BACKUP CERTIFICATE you will need the CONTROL permission on the certificate and the VIEW DEFINITION permission on the database. The following syntax uses the BACKUP CERTIFICATE statement to back up both the public and private key of your previously created certificate, and encrypts the private key backup file with a user-supplied password:

BACKUP CERTIFICATE Certificate01 TO FILE =
'C:\backup\certificates\Certificate01.pub'
WITH PRIVATE KEY
(DECRYPTION BY PASSWORD = '&7YuKj%4@)aSZ@',
ENCRYPTION BY PASSWORD = '9UyZ%E!b8%7Ly#',
FILE = 'C:\backup\certificates\Certificate01.prv')

For a complete listing of statement arguments and permission requirements, please see SQL Server 2005 Books Online.To restore a certificate from a backup file, you can use the FROM FILE argument within the CREATE CERTIFICATE statement, which we covered earlier.The following syntax restores your previously backed up public and private key:

CREATE CERTIFICATE Certificate01 FROM FILE =
'C:\backup\certificates\Certificate01.pub'
WITH PRIVATE KEY (FILE = 'C:\backup\certificates\Certificate01.prv',
DECRYPTION BY PASSWORD = '9UyZ%E!b8%7Ly#',
ENCRYPTION BY PASSWORD = '&7YuKj%4@)aSZ@')

Note that if you created Certificate01 previously, you will need to drop the certificate prior to running the preceding syntax.You can obtain a listing of all certificates present in your database by using the sys.certificates view:

Select * from sys.certificates

To change the properties of a certificate you can use the ALTER CERTIFICATE statement:

ALTER CERTIFICATE CERTIFICATE_NAME
REMOVE PRIVATE KEY |
WITH PRIVATE KEY (FILE = 'PATH_TO_PRIVATE_KEY' |
DECRYPTION BY PASSWORD = 'PASSWORD' |
ENCRYPTION BY PASSWORD = 'PASSWORD')
WITH ACTIVE FOR BEGIN_DIALOG = [ON | OFF]

Here are definitions of the arguments of this syntax:

CERTIFICATE_NAME The name of the certificate to be altered.
REMOVE PRIVATE KEY Removes the private key from the certificate.
FILE = ‘PATH_TO_PRIVATE_KEY Specifies the directory and the file name to the private key.
DECRYPTION BY PASSWORD = PASSWORD Specifies the password in which to decrypt the private key.
ENCRYPTION BY PASSWORD = PASSWORD Specifies the password in which to encrypt the private key
ACTIVE FOR BEGIN_DIALOG Enables or disables a certificate for use with Service Broker.

To run the ALTER CERTIFICATE command you will need the ALTER permission on the certificate.The following syntax changes your certificate private key protection method from user-supplied password to database master key:

ALTER CERTIFICATE Certificate01
WITH PRIVATE KEY (
DECRYPTION BY PASSWORD = '&7YuKj%4@)aSZ@')

To encrypt data using the certificate public key, you can use the ENCRYPTBYCERT statement:

ENCRYPTBYCERT (CERTIFICATE_ID, 'PLAINTEXT')

In this statement, CERTIFICATE_ID specifies the ID of the certificate to be used for encryption. PLAINTEXT is the data string you wish to encrypt.

You will need the VIEW DEFINITION permission on the certificate to execute the ENCRYPTBYCERT statement.The following syntax uses the ENCRYPTBYCERT statement to encrypt the supplied string using your certificate:

SELECT ENCRYPTBYCERT(Cert_ID('Certificate01'), 'certificate encryption test')

Here are the results:

0x50BCA9702D6999578923DAEC2B3EE96E69174429EBF54C392A532919679624097CD050110CEEF4DDB3BF
22656549268848C2F6E6BA70C0E543DFB411B654302AB9582A525DB835940FB76F9AAC501BBC5E3D689FB0
431BA7AF3C51A4DCDC5BCB7D101324E466A23447DF916E80D026E2A2E6D5A433E75804ADF8E9B75BF0E097

As we mentioned earlier, the preceding results will differ from what you receive on your SQL Server.To decrypt the cipher text, you can use the DECRYPTBYCERT statement:

DECRYPTBYCERT (CERTIFICATE_ID, 'CIPHERTEXT', CERT_PASSWORD)

Here are the definitions of the arguments of this syntax:

CERTIFICATE_ID The ID of the certificate to be used for encryption.
CIPHERTEXT The string that was previously encrypted with the certificate public key.
CERT_PASSWORD The password that encrypts the certificate private key.

To execute the DECRYPTBYCERT statement, you will need the VIEW DEFINITION permission on the certificate.The following syntax uses the DECRYPTBYCERT statement to decrypt the cipher text and convert the results into the human readable varchar data type:

SELECT CAST (DECRYPTBYCERT(Cert_ID('Certificate01'),
0x50BCA9702D6999578923DAEC2B3EE96E69174429EBF54C392A532919679624097CD050110CEEF4DDB
3BF22656549268848C2F6E6BA70C0E543DFB411B654302AB9582A525DB835940FB76F9AAC501BBC5E3D
689FB0431BA7AF3C51A4DCDC5BCB7D101324E466A23447DF916E80D026E2A2E6D5A433E75804ADF8E9B
75BF0E097)
AS varchar)

Note that you should substitute the cipher text in the preceding statement with the cipher text that you obtained from the earlier ENCRYPTBYCERT statement. Here is what the results of running the preceding statement will look like:

certificate encryption test

When you no longer need a certificate, it can be removed from the database using the DROP CERTIFICATE statement:

DROP CERTIFICATE CERTIFICATE_NAME

In this statement, CERTIFICATE_NAME specifies the name of the certificate to be removed.
To execute the DROP CERTIFICATE statement, you will need the CONTROL permission on the certificate.The following syntax drops your previously created certificate.

DROP CERTIFICATE Certificate01

The following script outlines the certificate encryption process from end to end:

-- Demonstration of certiifcate encryption
-- Create Database
CREATE Database CertEncryptDemo
GO
USE CertEncryptDemo
--
-- Switch to database context
--
-- Create table for data to be encrypted
CREATE Table Customers(
FirstName varchar(30),
LastName varchar(30),
CreditCardNum varbinary(300))
--
-- Create Database Master Key
CREATE MASTER KEY ENCRYPTION BY PASSWORD = '5YtF4$aQ#W4d^W'
--
--** You should backup the Database Master Key immediately after creation! **
--
--Create certificate and use the databse master key to encrypt the private key
CREATE CERTIFICATE Certificate02
WITH SUBJECT = 'Test certificate for encryption',
START_DATE = '1/1/2007',
EXPIRY_DATE = '1/1/2012';
--
-- Populate table with data included encrypted credit card numbers
INSERT INTO Customers Values('Blake', 'Cabbage',
EncryptByCert(Cert_ID('Certificate02'), '342724356361631'))
INSERT INTO Customers Values('Colin', 'Edwareds',
EncryptByCert(Cert_ID('Certificate02'), '4516525615214110'))
INSERT INTO Customers Values('Anoson', 'Monroe',
EncryptByCert(Cert_ID('Certificate02'), '5582858885802510'))
Data Encryption • Chapter 8 241
--
--View the contents of the table
Select * from Customers
--
--View table data including the decrypted plain text credit card numbers
--
SELECT Firstname,LastName, CAST(DecryptByCert(Cert_ID('Certificate02'),
CreditCardNum) AS varchar) as 'CreditCardNum' from customers
--
--Clean-up demo
DROP CERTIFICATE Certificate02;
DROP MASTER KEY;
USE TEMPDB
DROP DATABASE CertEncryptDemo;
--END

EFS can be used to encrypt SQL Server 2005 data files and folders. EFS is supported on Windows 2000 and later operating systems with New Technology File Systems (NTFS) formatted drives. EFS uses a combination of symmetric and asymmetric methods to provide transparent SQL Server 2005 data encryption. On Windows 2003 Server and newer operating systems, EFS by default creates a random File Encryption Key, which is a 256-bit AES key to perform data encryption.The File Encryption Key is then itself encrypted with the user’s public key and stored within the encrypted file or folder.

To encrypt SQL Server 2005 data files and folders using EFS, follow these steps:

1. Stop the SQL Server service.
2. Log out and log in using the SQL Server service account credentials.
3. Right-click on the file or folder to be encrypted and select Properties | General Tab | Advanced.

4. Within the Advanced attributes window, select Encrypt contents to secure data.
5. Within the Advanced attributes window, press OK.
6. Within the Properties tab, press OK.
7. If you are encrypting a folder containing subfolders, you will be presented with another window asking if you would like to  encrypt them as well. Press OK.
8. EFS encrypted files and folder names should now appear in green within any Windows file explorer window.
9. Restart the SQL Server services.

If errors are generated, you may have encrypted the SQL Server data files using an account that is not linked to the SQL Server service account.You can decrypt the data folders by reversing the steps above and trying again. When encrypting individual database files, EFS first creates a plain text copy of the file to be encrypted, encrypts the target file, and then deletes the temporary file.This temporary file is not securely deleted and can be recovered using common data recovery tools. To prevent local file disclosure, you should use a secure data deletion tool to overwrite the areas of disk containing the temporary file. Alternatively, you can simply encrypt the parent folder that contains the database files to ensure any temporary files are also encrypted.

EFS encryption is beneficial if the database media is stolen or misplaced. When transferring EFS encrypted files over the network, Windows first decrypts the file and then transfers the plain text equivalent. Some administrators perform manual backups of database files prior to implementing changes on the database server. If this backup involves copying data files from one server to another, you will effectively be storing an unencrypted copy of your database on the destination server.

Encryption File System Contains Inherit Flaws

On Windows Server 2003, EFS uses a strong 256-bit AES key to encrypt data. Under most circumstances, this would be an effective method of encryption; however, this AES key is protected by the user’s public key, which is based on the user’s Windows login password. This ultimately reduces EFS protection to the strength of the user’s Windows password. There are publicly available tools that can successfully decrypt EFS encrypted data by exploiting this flaw. Because of this, EFS should not be used to encrypt sensitive database data.

Working with EFS Encrypted Data

EFS encryption is managed by the operating system, and seamlessly provides file and folder encryption to SQL Server 2005. All SQL Server functions and operations remain unchanged when using this encryption method. Because EFS is handled outside of SQL Server 2005, encryption keys must be backed up separately in addition to your database backups.

Databases often contain sensitive financial, healthcare, and corporate data. As mentioned earlier, data security breaches are occurring at an alarming rate and international legislations have been passed, which set regulations on how organizations must protect this sensitive data. The Payment Card Industry (PCI), Health Insurance Portability and Accountability Act (HIPAA), Personal Information Protection and Electronic Documents Act (PIPEDA), Gramm-Leach-Bliley Act (GLBA), and the UK Data Protection Act are just a few of these regulations. Several regulations require that sensitive data be encrypted and that organization’s must identify and report data disclosure or misuse. If these regulations are not followed, organizations can face serious repercussions, ranging from financial penalties to imprisonment of responsible parties. Depending on the nature of your business, the above regulations may not apply, but before you discount the need to encrypt data

consider that sensitive information can also include corporate information including confidential HR data, trade secrets, patents, designs, or client listings, which, if disclosed to unauthorized individuals, could have a grave impact on your organization. At this point you may be wondering,“why not just encrypt all data using a secure algorithm?” instead of determining specifically what data elements require encryption.The answer is that there is a  significant performance impact when encrypting data, as SQL Server must perform authentication, encryption, and decryption functions seamlessly to encrypt and decrypt the data. In addition, there are several other side effects associated with data encryption, which we will touch on later in this chapter. For these reasons, you should use data encryption only when required and only on the required data elements.

Ways to encrypt data in MSSQL 2005:

EFS Encryption
Native SQL Server 2005 Encryption
Using Keys to Encrypt Data
Using Certificates to Encrypt Data
Using Pass Phrases to Encrypt Data
Working with Data Encrypted
Indexing Encrypted Data
Replicating Encrypted Data
Symmetric Key Usage Tracking
Replicating Encrypted Stored
Using Endpoint Encryption

C:\DOCUME~1\USER~1\LOCALS~1\Temp\WER8bd7.dir00\appcompat.txt

Above error pop ups when Error Reporting is enabled on your system and w3wp.exe faces an error.
Windows Error Reporting increases Hard Disk space , by adding above pop ups in two different dump files i.e. HDMP and MDMP
HDMP (Heap Dump) – Uncompressed error dump file generated by Windows when a program has an error or crashes.
MDMP (Mini Dump) – Compressed Heap Dump files are saved as Mini dump (MDMP) files and may be sent to Microsoft as part of an error reporting process.

Windows Error Reporting settings are stored in Windows Registry at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting

However, if you do not choose to send files to Microsoft. These dump files will gradually go on clogging up your system disk space.
To avoid this you have to fix error in application and delete dump files present at
C:\WINDOWS\pchealth\ERRORREP\UserDumps

Read further for Customizing or disabling Windows Error Reportin.

Windows Error Reporting can be kept disabled or can be customize as per requirement.

On your Windows System >>> Right Click on My Computer >>> Click on Properties >>> Click on Advanced >>> Click on Error Reporting >>> You can Enable or Disable Error Reporting from here >> if you click on Enable >>> Click on Choose Programs for customizing.

To add w3wp.exe in exception list without Disabling Error Reporting navigate yourself as shown below : -

On your Windows System >>> Right click on My Computer >>> Click on Properties >>> Click on Advanced >>> Performance >>> Click on Settings >>> Click on Data
Execution Prevention >>> Turn on DEP for all programs and
services except those I select >>> Add w3wp.exe process in exception list
(Reboot not required)

We have seen allot of people looking to have the best option to secure the connection string in their ASP .NET code to connect the MS SQL database since it contains the username and password of their database. It is very important to use a secure method for corporate clients and those who save Credit Card details in their MS SQL database. Or they will easily get hacked and all the important data will be exploited by the hacker. And also for those who store important data in MSSQL.

Here are the list of methods that can be used to secure your MS SQL connection string in your ASP.NET application.

METHODS:

1. Using a DSN connection string:

If you have the administrator users access to your Windows Server or use a control panel like Plesk then you can create a DSN with ODBC connector that stores the password of your database along with its name.

You will have to go to Start >> Administrative Tools >> Data Sources (ODBC) on your Windows Server with an account that has administrative privileges.

Or if you use a hosting control panel like Plesk that you can create the DSN from the control panel itself.

Once you have created the DNS you will have to mention it in your code as:

oConn.Open "DSN=mySystemDSN"

2. Store your connection string either in web.config or global.asa:

It is safe to have connection string stored in either web.config or global.asa, since IIS does not allow these files to be accessed from the browser. But it is recommended to enable custom errors in web.config or else the browser just displays the exact exact in the event of an error.

An example of web.config would be:

3. Encrypt your connection String stored in Web.config.

To make the connection string more secure you can encrypt your string if you application is written in ASP .NET 2 as this only possible with the new feature in asp.net 2.0 through the config API.

Steps to Encrypt your connection string in web.config:

– Create a connectionstring section in web.config :-

– Run the command below:

aspnet_regiis –pe -app optionally you can provide the machine or user store.

– Get the connection string:-

Response.Write(ConfigurationManager.ConnectionStrings

["Myconnstr"].connectionString.ToString());

– You can also encrypt:

– To decrypt the connection string use aspnet_regiis –pd with the same parameters.

– There are more option available, such as:

aspnet_regiis –pef
aspnet_regiis -pdf

4. Save the connection string in the Windows registry:

You can also save the connection string in the windows registry, the only problem here is you have to give appropriate permissions on the registry so that your web user is able to read the data fron the registry:

Procedure to follow:

Add a registry key for your application under SOFTWARE/[YOUR_COMPANY]/[YOUR_APP]
Add a string value for ConnectionString
Teach your ConnectionFactory to crack open the appropriate registry key (in a static constructor, not every page load).
Export the registry info as a .reg file, add it to source control, modify and apply it as necessary to set up additional machines.

You will also have to make sure that the user have appropriate rights on the register to read the data.

5. Save your connection string in a DLL.

You can also save the connection sting the to a DLL using Visual Studio but this includes few disadvantages like, you will gave to decrypt the DLL to make any changes in the connection string and then again encrypt it. This makes things very complicated for you to manage your applications and specially when you have a shared hosting package.

Whenever you plug a USB drive in your system (which you think is infected by virus), do not open it -  Do not click ‘OK’ !
click on ‘Cancel’. Now open Command Prompt by typing ‘cmd‘ in run box.
Type dir /w/a and press enter.
Above command will display list of files in pen drive. Check in the list if the files are not

* Heap41a
* New Folder.exe
* Autorun.inf
* svchost.exe
* Ravmon.exe
* or any other exe file which may be suspicious.

If any of the above files are present in the list, then your USB drive is infected. To remove these files, type the following command in command prompt
attrib -r -a -s -h *.* and press enter.
This will remove from files  Read Only, Archive, System and Hidden attributes .

The files which you will now be looking on are the junk files (viruses) and can be deleted using  del command. Delete all those files which you find suspicious. To be on a safer side, just scan again your  USB Pen drive using a anti virus to check whether it is free of virus or not.

A password that allows for spaces can be referred to as a pass phrase. The benefit of pass phrases is that you can make them meaningful and easy to remember. Instead of creating and managing encryption keys or certificates in your database server, you can encrypt data using only a pass phrase.The ENCRYPTBYPASSPHRASE statement uses the supplied pass phrase to generate a symmetric key, which is used to perform the actual data encryption. No key management is required, as the key will be recreated each time the same pass phrase is supplied.The common syntax of the ENCRYPTBYPASSPHRASE statement is as follows:

ENCRYPTBYPASSPHRASE ('PASSPHRASE', 'PLAINTEXT')

In this statement, PASSPHRASE specifies the data string to be used to derive an encryption key. PLAINTEXT specifies the data to be encrypted. No permissions are required to run the ENCRYPTBYPASSPHRASE statement.

The following syntax encrypts the string using the supplied pass phrase:

SELECT ENCRYPTBYPASSPHRASE('SQL Server 2005 Pass Phrase Encryption', 'pass phrase encryption test')

Here are the results:

0x01000000B0FA66E0152FB0B655B23439904E36F3ED5B758618BEED0F2A2BF918C6CF9DF685BC2A60A
AD5E81D660BA5A396D1CA89

As mentioned earlier, the preceding results will differ from what you receive on your SQL Server.To decrypt data, you can use the DECRYPTBYPASSPHRASE statement.The general syntax of this statement is as follows:

DECRYPTBYPASSPHRASE ('PASSPHRASE', 'CIPHERTEXT')

In this statement, PASSPHRASE specifies the data string to be used to derive a decryption key. CIPHERTEXT specifies the data to be decrypted. Similar to the ENCRYPTBYPASSPHRASE statement, no permissions are required to execute the DECRYPTBYPASSPHRASE statement.The following syntax uses the DECRYPTBYPASSPHRASE statement to decrypt the previously encrypted data, and converts it into the human readable varchar format:

SELECT CAST (DECRYPTBYPASSPHRASE('SQL Server 2005 Pass Phrase Encryption',
0x01000000B0FA66E0152FB0B655B23439904E36F3ED5B758618BEED0F2A2BF918C6CF9DF685BC2A60A
AD5E81D660BA5A396D1CA89) AS varchar)

Note that you should substitute the cipher text in the preceding statement with the cipher text that you obtained from the earlier ENCRYPTBYPASSPHRASE statement. Here is what the results of running the preceding statement will look like:

pass phrase encryption test

The encryption algorithm and key length used by pass phrase encryption have not been formally documented by Microsoft. Because of this, it is recommended that you do not use this encryption mechanism to encrypt sensitive data.

Flaws within Microsoft Object Encryption

The object encryption used by Microsoft is weak, and there are publicly available scripts that can successfully decrypt the objects. Further, at run-time, SQL Server internally decrypts the object and SQL Profiler can be used to capture object logic in plain text form. Due to this, object encryption should not be used to encrypt sensitive information, and you should not embed key or certificate passwords or pass phrases in SQL Server objects encrypted using objectbased encryption.

The File system comes with Windows NT. (NT File System) An optional file system for Windows NT, 2000, XP and Vista. NTFS is the more advanced file system, compared to FAT32. It improves performance and is required in order to implement numerous security and administrative features in the OS. NTFS supports Active Directory domain names and provides file encryption. Permissions can be set at the file level rather than by folder, and individual users can be assigned disk space quotas. NTFS is designed to log activity and recover on the fly from hard disk crashes. It also supports the Unicode character set and allows file names up to 255 characters in length. See FAT32 and file system.

NTFS compared to FAT and FAT32

NTFS has always been a more powerful file system than FAT and FAT32. Windows 2000, Windows XP, and the Windows Server 2003 family include a new version of NTFS, with support for a variety of features including Active Directory, which is needed for domains, user accounts, and other important security features.
FAT and FAT32 are similar to each other, except that FAT32 is designed for larger disks than FAT. The file system that works most easily with large disks is NTFS.

The following will describes the compatibility of each file system with various operating.

NTFS :
A computer running Windows 2000, Windows XP, or a product in the Windows Server 2003 family can access files on a local NTFS partition. A computer running Windows NT 4.0 with Service Pack 5 or later might be able to access some files. Other operating systems allow no local access.

FAT :
Access to files on a local partition is available through MS-DOS, all versions of Windows, and OS/2.

FAT32 :
Access to files on a local partition is available only through Windows 95 OSR2, Windows 98, Windows Millennium Edition, Windows 2000, Windows XP, and products in the Windows Server 2003 family.

The following are comparison of disk and file sizes possible with each file system.

NTFS :
Recommended minimum volume size is approximately 10 MB. Maximum volume and partition sizes start at 2 terabytes (TB) and range upward. For example, a dynamic disk formatted with a standard allocation unit size (4 KB) can have partitions of 16 TB minus 4 KB. Cannot be used on floppy disks.

Maximum file size is potentially 16 TB minus 64 KB, although files cannot be larger than the volume or partition they are located on.

FAT :
Volumes from floppy disk size up to 4 GB. This file system does not support domains controller.
Maximum file size is 2 GB.

FAT32 :
Volumes from 33 MB to 2 TB can be written to or read using products in the Windows Server 2003 family.
Volumes up to 32 GB can be formatted as FAT32 using products in the Windows Server 2003 family.
Does not support domains controller.
Maximum file size is 4 GB.

The Apache HTTP Web Server, we all well know it as Apache, is one of the world’s most widely used Web servers. It is very popular because of its strong security features, most outstanding performance & the fact that it does cost us any thing. It comprehensively supports and it is most recommended for MySQL & PHP/Perl/Python (and now also supports Ruby) programming languages.

It’s available for all flavours of Unix (GNU/Linux & UNIX systems), Microsoft Windows including other OS as well, for Example Linux distros such as  RedHat, SuSe, Debian, CentOs, Gentoo, Mandrake, Fedora, etc etc. Apache is used to serve both dynamic static content & static Web pages on the Internet. Some web applications are developed expecting the features & environment that Apache provides. It is one of the most basic feature in the hosting world is what allows your website to be seen by the world.

What is a DDoS attack ?

A Denial-Of-Service attack (DoS attack) or Distributed Denial-Of-Service attack (DDoS attack) is nopthing but an attempt to make a domain name or a computer resource unavailable to its users by sending mass packets to it. Perpetrators of DoS attacks like to target domains/sites/hosts or services hosted with high profile webhosting servers such as credit card payment gateways, banks, & even root nameservers.

The most common method of attack involves saturating the target (victim) machine with request that communicates externally, such that even the legimate traffic also does not get a response, or respond very slowly as to be effectively unavailable.

In general terms, DoS attacks are set so that the targeted computer(s) is either reset or consume all the available resources so that the target is no longer available to provide its intended service or to obstruct the communication between the users & the victim so that there is no suitable communication between them.

There are several ways to stop such kind of attacks, most of the providers use “Proxy Shield” which is most effective services available today and can handle an attack upto 4GB per second. Although it is a very expensive service and only corporate websites can afford them. If you want to handle small DDos attacks then you can either go for a hardware firewall or a software application like the one below, which is very effective to handle DDos at its initial stage.

About mod_evasive & how does it prevent DDoS attack ?

mod_evasive is basically an evasive maneuvers module configured on Apache web server to provide evasive action where ever there is an brute force attack or DDoS attack or HTTP DoS. You can also use it as a traffic detection or network management tool and can be effective configured to work with ipchains, routers, firewalls etc. You can also set mod_evasive up to send abuse reports via email & syslog facilities.

It creats an internal dynamic hash table of IP Addresses for detections & URIs and denying any single IP if any of the following is true:

– Making any requests while temporarily blacklisted on the server.
– Single page on your website is access for more then n number of time.
– Establishing more than 50 concurrent connections per second on the same child.

This method works well on both attacks, may it be single-server script attackor a distributed attack but like any other evasive tools it is only useful to the point of processor consumption & bandwidth hence to configure this tool with your firewalls & routers gines out the maximum protection to your dedicated server as well as webhosting sites.

This module is instantiated for each listener individually that is every time when there is a HTTP request to Apache Web Server and therefore the evassive tool has a built-in scaling capabilities & cleanup mechanism. Because of this per-child design, only the scripted attacks get cought and blocked access and legitimate requests are never compromised even if they come from NAT addresses or proxies. Even if the user repeatedly click on ‘reload’ button should not be affected unless they do it maliciously. One can tweak mod_evasive fully through the Apache configuration file that is httpd.conf and it is very easy to incorporate into your Linux web hosting server and most important, easy to use.

Here are the steps to install mod_evasive:

Install & configure it on a Linux Server:

Login to the server as root & execute following connabds one bu one:

cd /usr/local/src
wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
tar -zxvf mod_evasive_1.10.1.tar.gz
cd mod_evasive

For Apache 2.0.x

/usr/sbin/apxs -cia mod_evasive20.c

Then add add this too httpd.conf

DOSHashTableSize 3097
DOSPageCount 6
DOSSiteCount 100
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 600

For Apache 1.3.x

/usr/local/apache/bin/apxs -cia mod_evasive.c

Then add this too httpd.conf

DOSHashTableSize 3097
DOSPageCount 6
DOSSiteCount 100
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 600

Now just restart Apache web hosting server & the installation is complete..

/etc/init.d/httpd restart

Congratulations.. your Linux Apache web hosting server is now more safer from the DDoS attacks.

Here are some useful tools that help us in configuring IIS server to be more secure and less resource consuming:

1. IIS Passwords Sync:

IIS 6.0 web sites run under anonymous user accounts. It is IUSR_<machine name> (by default) or other user accounts created by your web hosting control panel. The users’ passwords are set automatically set and are never known. However, sometimes for some reason the passwords get out of sync or corrupted and need to be reset. The easiest way to reset these passwords is to use IIS Passwords Sync program. It extracts the passwords that Microsoft IIS 6.0 has in its metabase and updates the accounts in “Local Users and Groups” to use that passwords.

DOWNLOAD LINK

2. IIS Pool:

With IIS Pool tool we can easily search the problematic sites which have default application pool.

IIS Application Pools Monitoring and Analysis:

This program allows monitoring of IIS 6 application pools. All the monitoring data is stored in log files. It is possible to analyze a pool to find a website (or a virtual application) using too much resources. …

Overview -

IIS Application Pools Monitoring and Analysis:

* This program allows monitoring of IIS 6 application pools.

* All the monitoring data is stored in log files.

* It is possible to analyze a pool to find a website (or a virtual application) using too much resources.

Features -

* IIS application pools monitoring

* IIS application pools analysis

* Find websites using too much resources

DOWNLOAD LINK

3. IIS Report:

Overview -

IIS Report is a command line tool. It allows us to create different IIS related reports. For example it can get the list of all SSL websites and sort it by IP address, or get the list of all websites and sort it by application pool name and then by website name, …

There is no installation required. Just download and unrar the archive file. Then start the program with:

C:\>iisreport.exe /?

to get more information and see all the parameters available.

Benefits -

* Easy-to-use

* Fast

* It is possible to import the reports with Excel

* It is possible to parse the reports with VBS or BAT programs and other administration applications.

DOWNLOAD LINK