Thursday, 23 May 2013

Windows Hardening - SecureCheq

So I've come across a very nice tool today... SecureCheq is a free tool from Tripwire which uses configuration tests just like the ones defined in CIS, ISO or COBIT standards to harden the following versions of windows:

    Windows Server 2003/2008/2012
    Windows XP/7/8

You can get it from here, it does require registration but so far they have not flooded me with email so.. so far so good!

I do like the whole idea so I gave it a try... according to the site SecureCheq:
  • Tests for a subset of typical (and often dangerous) Windows configuration errors
  • Provides detailed remediation and repair advice
  • Tests for about two dozen critical but common configuration errors related to OS hardening, Data Protection, Communication Security, User Account Activity and Audit Logging.
  • Demonstrates how systems can be continually hardened against attack

 On my Windows 7 Enterprise box

Weird enough I cannot find and fix the one fail that I have left, managed to configure all the goup or security policies following the instructions provided but not the SafeDLL one..

All in all its a good product worth trying it out :)

Wednesday, 15 May 2013

F5 Monitors

Here are some very useful monitors I have created to keep track of services running on nodes using with F5 load balancers.

Shibboleth Monitor
Send String: GET /idp/profile/Status HTTP/1.1\r\nHost: idp.domain\r\nConnection: Keepalive\r\n\r\n
Receive String: ok

Access Gateway Monitor
Send String: GET /nesp/app/heartbeat HTTP/1.1\r\nHost:\r\nConnection: Keepalive\r\n\r\n
Receive String: Success

Access Manager Identity Server Monitor
Send String: GET /nidp/app/heartbeat\r\n
Receive String: Success

ADFS Monitor
Send String: GET /adfs/fs/federationserverservice.asmx HTTP/1.1\r\nHost: \r\nConnection: Close\r\n\r\n
HTTP/1.1 200 OK

 Stay tuned for more