Category: Security

Finally…strong ESX 4.1 root passwords. SHA512 baby!

Historically VMware has not used the strongest hashing algorithms to store root passwords on ESXi or ESX hosts. And to make matters worse, ESX/i 4.1 had a major security hole that was open for over four months, which you can read about here. The short story is that ROOT passwords...

Free Microsoft security tool: EMET for you!

Yesterday I stumbled upon a blog post about a free Microsoft security tool. No matter how secure you think your system is, it can always be more secure. So I eagerly read Ed Bott's article about Microsoft's EMET (Enhanced Mitigation Experience Toolkit). I quickly installed it, configured it for maximum...

Alka-Seltzer for your Windows Token Bloat

As most Windows administrators know when you logon to any system locally or remotely Windows generates a token that contains a list of security identifiers of all the groups the user belongs to. In large environments or where you have implemented granular role-based security, top-tier users could be a member...

How strong is your SSL? Sniff and find out!

Today a colleague of mine asked me if I really thought one could tell what cipher strength is used during SSL transactions. I said sure! Piece of cake if you know what to look for. Just like in the movie Matrix, if you stare at the cipher text long enough...

Enable SQL SSL with low-privileged service account

One of the neat security features with SQL 2005 and later is the ability to use a SSL certificate to encrypt off-host SQL server communications over port 1433. Encrypting communications between your SQL server and your remote applications is strongly recommended. Do you really want credit card data, personal information...

PowerShell command to change Windows Cipher Suite Order

While journying down the whole cipher suite road this weekend, I put together a little one liner that reconfigures the cipher suite order that Windows will try and use. As I mentioned in a previous blog, you can configure this via GPO. But, maybe you want to build in the...

Easily configure your Windows Cipher Suites!

After many hours of digging around the Windows registry and experimenting with various keys to enable TLS 1.2 on Windows Server 2008 R2 and Windows 7 (see my blog post here), I found this free tool that gives you one click access to configuring your Windows Cipher Suites. The Harden...

Beta VMware vSphere Hardening Guides

VMware has finally released their draft version of the security hardening guides for vSphere 4.0. After taking a look at some of them, I'll make a few observations:1) Totally different format than previous versions, now organized in tables. Very similar to the DISA STIG security guides.2) VMware adopted various security...

vSphere ESXi SSL mystery solved

For quite a while I've been trying to get SSL certificates uploaded to an ESXi 4.0 host which were issued by our internal Microsoft CA. Unfortunately I ran into issues, the last being that adding an ESXi 4.0 host to vCenter 4.0 with the certificate would die at 80%.After additional...

Page 3 of 3 1 2 3
Scroll to Top