Secure MS SQL 2005 Database with EFS Encryption
Wednesday, February 18th, 2009 | Author:

EFS Encryption

EFS can be used to encrypt SQL Server 2005 data files and folders. EFS is supported on Windows 2000 and later operating systems with New Technology File Systems (NTFS) formatted drives. EFS uses a combination of symmetric and asymmetric methods to provide transparent SQL Server 2005 data encryption. On Windows 2003 Server and newer operating systems, EFS by default creates a random File Encryption Key, which is a 256-bit AES key to perform data encryption.The File Encryption Key is then itself encrypted with the user’s public key and stored within the encrypted file or folder.

To encrypt SQL Server 2005 data files and folders using EFS, follow these steps:

1. Stop the SQL Server service.
2. Log out and log in using the SQL Server service account credentials.
3. Right-click on the file or folder to be encrypted and select Properties | General Tab | Advanced.

more…

Importance and Ways to Secure SQL 2005 Database
Tuesday, February 17th, 2009 | Author:

Why Secure Data in your Windows MSSQL database?

Databases often contain sensitive financial, healthcare, and corporate data. As mentioned earlier, data security breaches are occurring at an alarming rate and international legislations have been passed, which set regulations on how organizations must protect this sensitive data. The Payment Card Industry (PCI), Health Insurance Portability and Accountability Act (HIPAA), Personal Information Protection and Electronic Documents Act (PIPEDA), Gramm-Leach-Bliley Act (GLBA), and the UK Data Protection Act are just a few of these regulations. Several regulations require that sensitive data be encrypted and that organization’s must identify and report data disclosure or misuse. If these regulations are not followed, organizations can face serious repercussions, ranging from financial penalties to imprisonment of responsible parties. Depending on the nature of your business, the above regulations may not apply, but before you discount the need to encrypt data

more…

Mail Enable Mail Server
Friday, February 13th, 2009 | Author:

Smooth working of Mail server totally depends upon Mail Enable Mail Transfer Agent , as the name suggest, Mail Enable MTA is a program running on Mail Server responsible for transferring email messages between computers over the Internet.

Mail Server works with other programs in collaboration  to make up what we know as Messaging System. Messaging system must work without any flaws to keep smooth movement of Inbound and Outbound emails. Mail System uses following protocols to send and receive email messages.

SMTP (Simple Mail Transfer Protocol) – For Sending emails

POP3 (Post Office Protocol 3) or         -  For Receiving emails.

IMAP (Internet Message Access Protocol)

At any point you found out that emails are not reaching their destination, there are high chances of these emails would get stuck in Mail Queue. Only way to release emails from mail queue is to restart mail services. Restarting mail services is done from Mail Server. Make sure before restarting mail service you ask anyone who has good knowledge of doing it.

Secure MS SQL – BEST PRACTICES
Monday, February 02nd, 2009 | Author:

There are several points that Microsoft suggests before configuring your MS SQL Server.

BEST PRACTICES ACCORDING TO MICROSOFT

  • Install only those components that you will use immediately. Microsoft recommends that you create a list of components that you will be using, and only enable those. If the need arises, you can install the additional components at that time. The components in a SQL Server installation are the Database Engine, Analysis Services Engine, Reporting Services, Integration Services, Notification Services, and Documents and Samples. more…
Category: ASP.NET Web Hosting, MSSQL Server, Window Hosting |  Comments off
Difference between SQL Server 2005 and SQL Server 2008
Wednesday, January 14th, 2009 | Author:

difference-between-2005-2008

MS SQL 2005 Server was released after 5 servers of it previous SQL version, MS SQL 2000, Hence it required allot to revisions to cope up with the current windows development environment. Therefore MS SQL 2005 SP2 had major changes in it, with too many performances and security fixes. Microsoft could not add few revisions due to its basic development structure however they had all the scope to introduce them in SQL 2008 release. And indeed, MS SQL 2008 has many installation as well as performance fixes being applied to it and allowing Windows Administrators to have full control on SQL activities. The biggest advantage of SQL 2008 over SQL 2005 is the ability to manage and maintain server performance. SQL 2008 does not require too much resource which is the best deal for today’s Shared Hosting environment. Also an upper hand to whose to do not want to invest too much on hardware of their dedicated servers just to run SQL server on it.

more…

Category: ASP.NET Web Hosting, MSSQL Server, Window Hosting |  Comments off
Backup MySQL using VBS scripts
Monday, January 12th, 2009 | Author:

I have seen so many people searching ASP or ASP .NET scripts to backup their MySQL databases. Not only this but my Blog has been getting to many hits for the search term “backup mysql asp”. After seeing the need of so many people for the script I decided to write a VBS script to backup all or single MySQL database on Windows server. I am not very good at ASP so I didn’t write the script in ASP or ASP .NET but one can convert this script in either ASP or ASP .NET, it should not be a huge problem I suppose.

backup-mysql-asp more…

Windows Error Reporting
Saturday, December 06th, 2008 | Author:

C:\DOCUME~1\USER~1\LOCALS~1\Temp\WER8bd7.dir00\w3wp.exe.mdmp

C:\DOCUME~1\USER~1\LOCALS~1\Temp\WER8bd7.dir00\appcompat.txt

Above error pop ups when Error Reporting is enabled on your system and w3wp.exe faces an error.
Windows Error Reporting increases Hard Disk space , by adding above pop ups in two different dump files i.e. HDMP and MDMP
HDMP (Heap Dump) – Uncompressed error dump file generated by Windows when a program has an error or crashes.
MDMP (Mini Dump) – Compressed Heap Dump files are saved as Mini dump (MDMP) files and may be sent to Microsoft as part of an error reporting process.

more…

How to install phpMyAdmin on Windows
Saturday, November 15th, 2008 | Author:

These steps can be followed on Windows 2000, Windows NT servers, Windows 2003, Windows 2008 and Windows XP.

For steps on Linux refer the link below:

How to install PHPMyAdmin on Linux

How to install phpMyAdmin 2.11 on Windows Desktop and Server

Here are steps that will help you installed PHPMyAdmin on a Windows server.

REQUIREMENTS:

>> PHP 4.3/4.4/5.1
>> MySQL 4.0/4.1/5.0

DOWNLOAD:

This installation was tested on phpMyAdmin-2.11.1
You can select the file from PHPMyAdmin Downloads

more…

close Port 445:

  • Click Start >> Run, to open the Run dialog box
  • Here, type regedit to open the registry.
  • Navigate to the following registry key – HKEY_LOCAL_MACHINE >> System >> CurrentControlSet >> Services >> NetBT >> Parameters
  • On the right-hand pane find the option TransportBindName.
  • Double
    click
    on
    TransportBindName and delete the existing default value.

  • click
    Ok

From the above, it is clear, that you have closed Port 445 by giving a blank value to TransportBindName for NetBT services.

close Port 135:

  • Click Start >> Run, to open the Run dialog box
  • Here, type regedit to open the registry
  • Navigate to the following registry key – HKEY_LOCAL_MACHINE >> software >> microsoft >> Ole
  • On thee right hand window pane find an option called EnableDCOM
  • Double-click EnableDCOM and change the value from Y to N
  • click Ok
  • Close the Registry Editor and restart your computer

These steps will only work for a standalone servers. Any serveres that are in a cluster state such as Active Directory, SQL failover cluster, Network Load Balancing [NLB] or Windows Replication service that NEVER-EVER follow these steps as it will simply diable port 135 which is used my Distributed File System [DFS] for the servers to comunicate with each other. Disabling it will just wont allow the servers to communicate and the services will fail.

Category: ASP.NET Web Hosting, MSSQL Server, Window Hosting |  Comments off
Secure your MS SQL Database Connection String
Tuesday, November 11th, 2008 | Author:

Ways to secure your MS SQL connection string in ASP .NET.

We have seen allot of people looking to have the best option to secure the connection string in their ASP .NET code to connect the MS SQL database since it contains the username and password of their database. It is very important to use a secure method for corporate clients and those who save Credit Card details in their MS SQL database. Or they will easily get hacked and all the important data will be exploited by the hacker. And also for those who store important data in MSSQL.

Here are the list of methods that can be used to secure your MS SQL connection string in your ASP.NET application.

METHODS:

1. Using a DSN connection string:

more…

Enable SQL 2005 Remote Connections
Monday, November 10th, 2008 | Author:

Enable remote connections for SQL Server 2005 Express or SQL Server 2005 Developer Edition

You must enable remote connections for each instance of SQL Server 2005 that you want to connect to from a remote computer. To do this, follow these steps:

1.    Click Start, point to Programs, point to Microsoft SQL Server 2005, point to Configuration Tools, and then click MS SQL Server Surface Area Configuration.
2.    On the MS SQL Server 2005 Surface Area Configuration page, click Surface Area Configuration for Services and Connections.
3.    On the Surface Area Configuration for Services and Connections page, expand Database Engine, click Remote Connections, click Local and remote connections, click the appropriate protocol to enable for your environment, and then click Apply.

Note Click OK when you receive the following message:
Changes to Connection Settings will not take effect until you restart the Database Engine service.
4.    On the Surface Area Configuration for Services and Connections page, expand Database Engine, click Service, click Stop, wait until the MSSQLSERVER service stops, and then click Start to restart the MSSQLSERVER service.

Enable the SQL Server Browser service

If you are running MS SQL Server 2005 by using an instance name and you are not using a specific TCP/IP port number in your connection string, you must enable the SQL Server Browser service to allow for remote connections. For example, MS SQL Server 2005 Express is installed with a default instance name of Computer Name\SQLEXPRESS. You are only required to enable the SQL Server Browser service one time, regardless of how many instances of SQL Server 2005 you are running. To enable the MS SQL Server Browser service, follow these steps.

more…

Category: ASP.NET Web Hosting, MSSQL Server |  Comments off
Remove Viruses without using Antivirus !
Friday, October 31st, 2008 | Author:

One of the ways by which Computers get affected by viruses is through USB Pen drives. Anti viruses are unable to detect them and even if they do, in most cases they are unable to delete the virus. Following are the precautions you can take when plugging USB Drive on your Computer.

Whenever you plug a USB drive in your system (which you think is infected by virus), do not open it -  Do not click ‘OK’ !
click on ‘Cancel’. Now open Command Prompt by typing ‘cmd‘ in run box.
Type dir /w/a and press enter.
Above command will display list of files in pen drive. Check in the list if the files are not

* Heap41a
* New Folder.exe
* Autorun.inf
* svchost.exe
* Ravmon.exe
* or any other exe file which may be suspicious.

If any of the above files are present in the list, then your USB drive is infected. To remove these files, type the following command in command prompt
attrib -r -a -s -h *.* and press enter.
This will remove from files  Read Only, Archive, System and Hidden attributes .

The files which you will now be looking on are the junk files (viruses) and can be deleted using  del command. Delete all those files which you find suspicious. To be on a safer side, just scan again your  USB Pen drive using a anti virus to check whether it is free of virus or not.

Hotlink Protection
Sunday, October 26th, 2008 | Author:

What is Hot linking ?

The process of direct linking to websites files such as images, videos etc is called as Hot Linking. It is like using an image (tag/image link) which you have found on someone else web page, and would be using on your blog. Every time the blog is browsed image will be shown because it is Hot linked from it’s original source.

This becomes a point of concern when your website is Hot linked by someone else.

Let me explain
Every website has a fixed bandwidth (bandwidth - Amount of data transferred from website to a users computer). When any internet user browses a website and if that website is hot linked to your site then your website’s
bandwidth is used in transferring the requested data.
??? => This means you are paying for the bandwidth which is not used by you.

To overcome Hot linking(Bandwidth Theft) Hotlink Protection is used. It prevents other websites from directly linking to files (as specified above) to your website.
Hotlink Protection can be set from Plesk Control Panel as well.

Category: ASP.NET Web Hosting |  Comments off
Using Pass Phrases to Encrypt Data in MSSQL 2005
Wednesday, October 22nd, 2008 | Author:

Using Pass Phrases to Encrypt Data

A password that allows for spaces can be referred to as a pass phrase. The benefit of pass phrases is that you can make them meaningful and easy to remember. Instead of creating and managing encryption keys or certificates in your database server, you can encrypt data using only a pass phrase.The ENCRYPTBYPASSPHRASE statement uses the supplied pass phrase to generate a symmetric key, which is used to perform the actual data encryption. No key management is required, as the key will be recreated each time the same pass phrase is supplied.The common syntax of the ENCRYPTBYPASSPHRASE statement is as follows:

ENCRYPTBYPASSPHRASE ('PASSPHRASE', 'PLAINTEXT')

In this statement, PASSPHRASE specifies the data string to be used to derive an encryption key. PLAINTEXT specifies the data to be encrypted. No permissions are required to run the ENCRYPTBYPASSPHRASE statement.

The following syntax encrypts the string using the supplied pass phrase:

more…

Host Header Settings
Tuesday, October 21st, 2008 | Author:

To set more than one website on server you are required to set Host Headers
Procedure to set Host Headers
1) Load  IIS (Start >>> Run>>>type “inetmgr” hit enter)

2) On left pane, expand server name, then click “Web Sites“>>>right click on right pane>>>select  New>>>Web Site

3) Website Creation Wizard will open , here you have freedom to write absolutely anything (we will write – Testing) >>> Click Next

4)Under IP address and Port settings
Enter Ip address and port number (Default port – 80) and Host Header for the website >>> Click Next

5) Enter the path for Websites Home Directory and tick (check) “Allow anonymous access to this website” >>> Click Next

6) Under Website Access Permissions , necessary permissions for using ASP , Run Scripts can be used as per requirement. >>> Click Next

7) Click Finish and you’re done.

Category: IIS |  Comments off
Backup and Restore MySQL database using phpmyadmin
Monday, October 13th, 2008 | Author:

Log into Plesk Control Panel and  steer yourself to “phpMyAdmin

For Backup of MySQL database click on Export.

1) Make sure that entire database is selected for Export, and not just one table.
All the Tables under Database list should be added in Export List.

2) Now, follow the steps given
select “SQL” for output format
Check “Structure”
and “Add AUTO_INCREMENT” value
Check “Enclose table and field name with back quotes”
Check “DATA
check use “hexadecimal for binary field”
Export type set to “INSERT

3) Check “Save as file”, it is not necessary to change the file name.
Click “GO” to download the backup file.

Backup of your MySQL database is created !

Now, for Restoring backup of MySql database

1) Click on SQL tab, to start restoration of your backup file.

2) Un-Check “Show this query here again”.

3) Browse to your database backup file.

4) Click – “GO”

Backup is Restored !

Large MySQL Backups:

Error: MySQL has gone away

To restore large SQL backups there are 2 setting that you will need to take of:

1. Make sure that you PHP upload size is great than your MySQL backup file, this setting will be needed to be changed in php.ini file. Only those who has server administrator access would be able to make changes in PHP.INI file. Hence you will have to contact your Hosting provider if you are hosted on a Shared server. But if you have a Dedicated Server then this file is normally stored in C:\Windows\php.ini or you can esily get the path from phpinfo() page. The option that you need to change is upload_max_filesize. It is also suggested that you increase the following parameters as per the size of your MySQL backup file:

max_execution_time = 30     ; Maximum execution time of each script, in seconds
max_input_time = 60    ; Maximum amount of time each script may spend parsing request data
memory_limit = 8M      ; Maximum amount of memory a script may consume (8MB)

2. You will need to increase the MySQL buffer size in MySQL configuration size, the file is my.cnf in Linux server and my.ini on Windows Server. The parameter that you need to change is:

read_buffer_size

By default it is set to 1MB, if the entry is not present then add it under [MYSQLD] section.

Please Make sure that you restart IIS webserver after making change to php.ini and restart MySQL after making changes in my.ini file.

If you looking backup MySQL using VBS or ASP script then refer the link below:

How to backup MySQL using VBS or ASP script.

NTFS File System
Sunday, October 12th, 2008 | Author:

What is NTFS ?

The File system comes with Windows NT. (NT File System) An optional file system for Windows NT, 2000, XP and Vista. NTFS is the more advanced file system, compared to FAT32. It improves performance and is required in order to implement numerous security and administrative features in the OS. NTFS supports Active Directory domain names and provides file encryption. Permissions can be set at the file level rather than by folder, and individual users can be assigned disk space quotas. NTFS is designed to log activity and recover on the fly from hard disk crashes. It also supports the Unicode character set and allows file names up to 255 characters in length. See FAT32 and file system.

more…

Category: Hosting Security, Window Hosting |  Comments off
PROCEDURE TO MAKE CDONTS WORK ON A WINDOWS 2003 SERVER
Sunday, October 12th, 2008 | Author:

Microsoft Windows Server 2003 does not install Collaboration Data Objects (CDO) for
NTS (CDONTS). Therefore, applications that use   do not function on a Windows
Server 2003-based computer.

Windows Server 2003 provides improved alternatives to CDONTS. To make CDONTS
functioning on a Windows Server 2003-based computer, use one of the following

solution:

more…

Category: ASP.NET Web Hosting, Exchange Hosting, Window Hosting |  Comments off
Protect Apache WebServer From DDOS with mod_evasive
Sunday, October 12th, 2008 | Author:

What is Apache ?

The Apache HTTP Web Server, we all well know it as Apache, is one of the world’s most widely used Web servers. It is very popular because of its strong security features, most outstanding performance & the fact that it does cost us any thing. It comprehensively supports and it is most recommended for MySQL & PHP/Perl/Python (and now also supports Ruby) programming languages.

mod-evasive-apache-DDOS

It’s available for all flavours of Unix (GNU/Linux & UNIX systems), Microsoft Windows including other OS as well, for Example Linux distros such as  RedHat, SuSe, Debian, CentOs, Gentoo, Mandrake, Fedora, etc etc. Apache is used to serve both dynamic static content & static Web pages on the Internet. Some web applications are developed expecting the features & environment that Apache provides. It is one of the most basic feature in the hosting world is what allows your website to be seen by the world.

What is a DDoS attack ?

more…

Install RRDTool On Windows Server
Friday, October 10th, 2008 | Author:

We all have an impressions that it is very difficult to install RRDTool on a Windows Server but that is not the case. There are few very Simple Steps to install RRDTool on a Windows server:

STEPS:

1. Create a Folder on any of your drives with name RRDTool.

2. Download the latest version of RRDTool from the link below:

DOWNLOAD RRDTool

3. Extract the ZIP in RRDTool folder.

4. Open START >> Run >> type cmd to open Windows command prompt.

5. Type following command on prompt to use the RRDTool.

cd C:\RRDTool\

That is it…!!!! You are ready to use your RRDTool on your Windows machine.

These steps are applicable to all Windows versions including Windows XP, Windows Vista, Windows NT and Winsdows 2003/2008 Servers.

Category: Window Hosting |  2 Comments