Monthly Archives: March 2012

Ceh v8

I see alot of the people that visits my blog, are looking for information regarding Certified Ethical Hacker 8 ( ceh v8 )

I can see that so far not so much information has been released, except this Candidate Handbook. https://cert.eccouncil.org/wp-content/uploads/2011/11/CEH-Candidate-Handbook-v1.6-13022012.pdf

If you have earned v7 you can upgrade this by taking the new exam. Send a mail to certmanagerATeccouncil.org and ask ūüôā

The requirements are the same as before, that you needed atleast 2 years of IT security related work in order to take the exam if you haven’t taken the CEH course.

New topics in v8 is (as I can see so far )
* Mobile communication, smart phones
* Web 2.0
* New tools and applications

Remember if you take this exam, you need to retake it within 3 years in order to maintain the certification. Of course there are other ways to maintain it ( look inside the  Handbook )

Hyper-v 3 commands in powershell

Hyper-v 3 brings alot new functionality on the field in their fight against vmware.
Will this be enough to take on the battle with vmware? In case if you have SCVMM 2012 and Hyper-v3 the gaps are getting closer. .

Some of the main features for Hyper-v 3:

  • No processor/core limit on the Hyper-V host
  • 160 Logical processors
  • 2TB memory on the host
  • 1TB memory per VM
  • 1024 VM‚Äôs per Hyper-V host
  • 32 virtual processors per VM
  • Failover Cluster Support
  • Live Migration
  • Live Storage Migration
  • Shared Nothing Live Migration (without requiring shared storage)
  • RemoteFX with more monitors and resolutions
  • Storage Spaces
  • VMs on File Based Storage (SMB 2.2 Share on a Scale Out File Server)
  • Vendor independent NIC Teaming (This ive explained in earlier post)
  • Hyper-v replica

In a later post ill discuss the connection between scvmm 2012 and hyper-v but for this post ill focus directly on Hyper-v and quick commands you should learn in order to do basic stuff in Hyper-v

First of you can see all the commands, related to Hyper-v by typing the command.
Get-Command -Module Hyper-V

In case there have been some updates from Microsoft you can use the Update-help command to update the help library in Powershell.

Lets do some basic commands:
1: Create a new virtual machine.

New-VM ‚ÄďName ‚Äúnew 2‚ÄĚ ‚ÄďMemoryStartupBytes 1GB ‚ÄďNewVHDPath d:vhdbase.vhdx

This will create a new virtual machine named new 2 with 1 GB of memory and the VHDX is stored on the drive D:

Of course you have alot of other parameters here that you can change, you can use the get-help new-vm you see all the parameters.
In case you have some old virtual machines you want to import in the new Hyper-v you can use the Import-vm command

Import-VM ‚ÄďPath ‚ÄėD:TestVirtualMachines5AE40946-3A98-428E-8C83-081A3C6BD18C.XML‚Äô

Here you just specify XML configuration file of the old virtual machine, and ill will get created with the settings it had.

Of course you can also start and stop the VM using the “Start-vm or Stop-vm
Something that might be useful to remember, is to change the vlan of the network on the virtual machine.

Set-VMNetworkAdapterVlan ‚ÄďVMName test ‚ÄďAccess ‚ÄďVlanId 121

This will change the VlanID on the virtual machine named test to vlan 121 (This is using standard 802.1q trunking protocol) Which all network equiptments support today. Its also the same one that vmware uses.

Just have to shoot in some Cisco commands here as well ūüôā
If you want to change the vlan on a interface that the vm is connected to.

Incase you have the vm connected to a cisco switch you can use this command, to change then vlan ID on the switch interface.

enable
conf t
interface FastEthernet0/1
switchport access vlan 121 

Incase you want to look a bit closer on the Powershell cmdlets for Hyper-v I suggest you check out this Microsoft page on Hyper-v http://technet.microsoft.com/en-us/library/hh848559.aspx

Now this is the end of post 1, more will follow I will try to include SCVMM2012

Networking in Windows 8, part 3

Now, in the last previous posts I’ve posted most of the new features related to Windows 8.
At last I have some new features that I forgot that ill post here.

  • Remote Desktop version 8
    Not sure what enhancements this gives yet, except that you have the ability to RDP client to automaticly adjust the session based on the network speed.And some added Group Policy Enhancements.
  • SMB 2.2
    SMB 2 has been in Windows since Vista, but with some enhanctements. You now have the option to do multichannel, where file share data transfer automatically spans multiple NICs with fault tolerance. Now you have to option to store virtual machines of a filserver if both the host and the filserver have Windows 8 or above.
     
  • Powershell 3
    With it you can now have an powershell accessable trough http/https. You can add this using the “Add role and features wizard”
  • Central Management
    Now you can sentrally manage all your servers from one interface in the server dashboard, and you can group them like 1 group for terminal server, 1 for SQL and such. This is also improved in RDS role, you can centrally manage a terminal server farm. (See my previous post regarding Terminal Servers)

Networking in windows 8, part 2

In the first post, I went trough alot of the powershell commands avaliable in Windows 8, in this post ill write about whats new of features and such.

Lets start with the obvious new features.

NIC TEAMING ( Which I also went trough in my previous post)
Allows you to team 2 Network interface cards for higher bandwitdh and with a failover solution. Before you had to have vendor spesific software to do this, now it is implemented in the operating system

DNSSEC
Dnssec is not something new to windows, it was also in Windows 2008 R2. But the implementation was a bit uneven. In order to sign it you had to take it offline and running some dnscmd commands.In Windows 8 Its new DNS does NSEC3 and can be configured to automatically sign your zones as they change.

DHCP Failover clustering
In the previous version you needed to setup a san based solution in order to setup the cluster. Now the DHCP server share the configuration between them directly.

IPAM
Ip adress management is included as a role in windows 8. It allowes you to manage and tracking the use of ip adressing space. It is aware of DNS and DHCP and combines the knowledge from these. Quote from Microsoft. “Automatic IP address infrastructure discovery: IPAM discovers domain controllers, DHCP servers, and DNS servers in the domains you choose. You can enable or disable management of these servers by IPAM.”

Hyper-V

  • Single Root I/O Virtualization (SR-IOV)¬†¬†SR-IOV enables network traffic to bypass the software switch layer of the Hyper-V virtualization stack.¬†¬†As a result, the I/O overhead in the software emulation layer is diminished and achieves network performance that is nearly the same performance as in nonvirtualized environments.
  • ARP/ND Poisoning (spoofing) protection:¬†Provides protection against a malicious VM using Address Resolution Protocol (ARP) spoofing to steal IP addresses from other VMs. Provides protection against attacks that can be launched for IPv6 using Neighbor Discovery (ND) spoofing.
  • DHCP Guard protection:¬†Protects against a malicious VM representing itself as a Dynamic Host Configuration Protocol (DHCP) server for man-in-the-middle attacks.
  • Port ACLs:¬†Provides traffic filtering based on Media Access Control (MAC) or Internet Protocol (IP) addresses/ranges, which enables you to set up virtual network isolation
  • Trunk mode to a VM:¬†Enables administrators to set up a specific VM as a virtual appliance, and then direct traffic from various VLANs to that VM. Using the standard trunking protocol 802.1q
  • Network traffic monitoring:¬†Enables administrators to review traffic that is traversing the network switch
  • Isolated (private) VLAN:¬†Enables administrators to segregate traffic on multiple vlans, to more easily establish isolated tenant communities.
  • QoS:¬†More features allows you to specify bandwitdh for virtual machines.


Networking i Windows 8

This might be a long post. So ill try to split it up where I think it should.
The post will cover whats new in networking in windows 8 including Hyper-V.
Also how you can manage your network via powershell.

In Windows 8 Server, you can manage (mostly)everything from Powershell.
In previous versions of Windows you could manage most of the networking configuration in the command netsh

So when you try to use a command in netsh command interface you get this message.
So Microsoft has moved the functionality out of netsh and into regular cmdlets.

And first its not easy to find the cmdlets that are used to change the for instance “ip adress for an interface” so I had to use the get-command and take a look trough the list, and voila!
You have some modules that you need to take a look at.
First the NetTCPIP module.
This is the module you can use such as to alter IP adressing (IPv4 & IPv6) show and alter TCP connections.

Second is the netadapter module, here you can alter for instance driver settings for the spesific interface. For instance you can use the Get-networkadapteradvancedproperty and you can see if flow control is enabled, or jumbo packet is enabled. You can alter those settings with the set-networkadapteradvancedproperty (phuh! long command)

Third it the netsecurity module here you can alter the firewall settings. Create IPsec rules and such.

Fourth is the netlbfo module  from here you can create load-balancing and failover NICs. Before you had have a vendor software for instance (broadcom) installed and create nic teams from there. But now Microsoft has implemented this in the Operating system.

And of course there are other modules regarding to Hyper-v QoS and virtual switching but ill get to that later. You can use the command get-command -module net* so see all the commands regarding networking.

Now for the quick walktrough of some useful commands. I will create a Nic team with failover and disable firewall for the new team and add an ip adress of 10.0.0.1 and see how it works.

Now that you can see here I have two interfaces. Remember NIC teams can only be formed between homogenous NICs. So two 1GB NICs can be teamed, or two 10GB NICs can be teamed, but you cannot team a 1GB and 10GB NIC, so for this purpose I have 2 virtual indentical NICs

If the individual NIC members each support Receive Side Scaling (RSS), the NIC team also supports RSS. Hence it is a good idea to team NICs that support RSS. The resulting NIC team is also highly capable and does not lose any functionality.

I run the command new-netlbfoteam and enter the parameteres. and presto I have a teamed interface and I should now have a new interface named “TEAM – 1” which I should be able to alter the IP adress for.

I type the command GET-netipadress -interfacealias “TEAM1 – default” and I see my adresses for IPv4 and IPv6 and I need to change that. So I set the ip to 10.0.0.1 with a subnet prefix of /24 (255.255.255.0)

Got an error message, but when I check my interface I have the correct IP. Since it now appears as a regular interface I can see its advanced adapter settings, fancy?

And last but not least disabling the firewall (for the domain profile)


Stay tuned for part two of this blog.

Xenapp webinterface default domain

This is going to be a quick post,
since I see from my site statistics that many that come ot this site is actually searching for this quick change.

When a user logs onto a Xenapp webinterface (if its configued to) users have to type their domainusername & passord  to login.

If you are in a single domain you can define this in the configuration file for the webinterface so the users doesn’t have to type the domain name each time.

In order to do this, open webinterface.conf as administrator, find the parameter
# DomainSelection=[Domain 1,domain 2,…] and umark it and add a domain name like;
DomainSelection=test.local

Since you have already added the domain name, you can as well hide the domain name box from appearing on the webinterface. Find the parameter # HideDomainfield=off and unmark it and change it to HideDomainfield=on.

In case you want to get bether aquainted with the confing file, head over to the citrix guide.
http://support.citrix.com/proddocs/topic/web-interface-impington/wi-webinterface-conf-parameters-gransden.html

Citrix service XML broker port

When you install Citrix Xenapp with the default settings, the XML Service Broker will listen on port 80 by default. Usually this is the easiest way, since most ACLs/firewalls have port 80 open, but in case you want to change it, this is how.

The XML Broker is the ‘point of contact’ in your presentation server farm used by Web Interface to autheticate users and enumerate applications.

When you enter your credentials, they are passed to the XML broker configured in Web Interface Admin, which then passes them on to the IMA service, which ultimately fulfills the authentication request.

You can change it by opening a cmd shell and using the command -> ctxxmlss.exe

CTXXMLSS.EXE Command Line Usage

The command-line syntax below applies to all MetaFrame environments:

Syntax:

CTXXMLSS [switches] [/Rnnnn] [/Knnn] [/U] [/?]

Parameters:

/Rnnnn – Registers the service on port number nnnn
/Knnn – Keep-Alive nnn seconds (default 9).
/U – Unregisters the service.
/? (help) – Displays the syntax for the utility and information about the utilities options.

If its already registered to port 80, you have to type ctxxmlss.exe /u first then
ctxxmlss.exe /r8080 (in this case port 8080 is used.)

After registering the service, go to Web Interface Mgmt, right-click the Xenapp site, click Server Farms. Highlight Farm1, click Edit. Change the port to the new port (e.g. 8080).

Staying ahead of the Certification loop

As an active certification taker, Its getting harder and harder to stay ahead of the new releases.
Since many have an expiration date of 3 years, and some are just replaced with new versions.

So far this year I’ve taken:
CCA Xenapp 6.5 (Which I plan to build further with CCAA) 
CCNA Security  (Which I plan to build further with CCNP Security, need to take 4 exams first)
CEH V7 (Schedulded on the 15th March)

So far I see that I have to replace my Windows Server certifications when the new version gets released. My ConfigMgr 07 gets replaced by SCCM 2012. SQL Server gets replaced when 2012 arrives.

I also see that CEH V8 is supposed to arrive soon, my Comptia certifications have a 3 year lifespan so I plan to take the CASP and extended to lifespan of all my Comptia exams.

The CCNP Security objectives just got updated, so I most likely have to get new books or update myself on what new objectives there are.

Not easy to keep yourself updates. But most of these companies have an educational twitter account that you can follow. And Most have their own certification site.

Microsoft: http://www.microsoft.com/learning/en/us/certification/cert-overview.aspx
Citrix : http://www.citrixtraining.com/courses/certifications/
Cisco: http://www.cisco.com/web/learning/le3/learning_career_certifications_and_learning_paths_home.html
Comptia : http://certification.comptia.org/home.aspx
EXIN: http://www.exin.com/NO/en/exams/

If you plan on taking any certifications, I suggest you take a look at this site. It might contain usefull information regarding the exam you plan to take.
http://www.itcertificationmaster.com/
 

How to Shut Down or Reboot Your Windows 8 PC

yeah, you’re right, the title of this article should make you laugh, and with good reason: it should be easy to shut down your PC, right? Well, Windows 8 makes it a little more confusing. Here’s how to do it if you haven’t figured it out already.

Shutting Down or Rebooting Your Windows 8 PC

There‚Äôs more than one way to get to the shutdown function‚ÄĒthe first method, which is mostly useful for a tablet user, is to move your mouse to the upper right-hand corner to trigger the Charms menu (or you can use Win + C )

The second method is to simply use Win + I (that’s a capital letter i ) and the Settings panel will slide right out with the Power button on it.

Windows 8 terminal server setup

So, Im guessing most have tried the windows 8 beta now ? ūüôā
I am so far impressed with the new features that are implemented. Still things could change before the final release. I thought I would take a quick walk trough on the windows 8 server remote desktop services installation.

To start the installation go the the Dashboard of the server manager, and choose add features and roles. From here choose Remote Desktop Services scenario-based innstallation.
(Im missing a screenshot from the next part, but you have the option to choose quick install. This will install all the roles on 1 server.

Here I’ve finished the installation, and I’ve added the other server to the Dashboard view, now from here I get shown all the different roles both of them have on the left side. And if I choose to mark one of them I get the event log from that spesific server.

If I go into the Remote Desktop Services Role on the left side, I get an overview over the infrastructure. As you can see this server has the
* RD Web Access
* RD Connection Broker
* RD Session Host
If I press the + sign I get the option to add that spesific role.
But for my purpose I only need those 3 roles I already have installed.

By default the installation creates a “Collection” which is basicly a collection of computer which have some application published.

By default the “QuickSessionCollection” has most of the Administrative Tools already published so If you go to the webpage of the RD Web Access.
https://server/rdweb and login you will get most of the administrative tools avaliable.

But for my part I want to publish applications that people actually use ūüôā
So I deleted the default collection, created one of my own, and added mspaint.


As you can see here, you get an overview of which server are in this collection and which applications are in this collection. It also shows you who is connected. ¬†Now this is something Windows didn’t have before, earlier you couldn’t see all the connected users to a farm.

First of, when you publish an application you have the option to add it to a folder, this folder will appear in the RDweb page. Gives you a bit more options regarding where to place the application. So you don’t have to place all your 100+ apps on one webpage.

All is well, and when I go back to the Dashboard, I see both of my servers in the overview. This is something I actually might get used to.


Stay tuned in for more.