October 15th, 2008 by Gabriel

MRTG :-

MRTG (Multi Router Traffic Grapher) is a simple tool to administer the network traffic with IIS.
It queries SNMP counters and generate HTML pages with current network graphs for incoming and outgoing bytes. You can get detailed explanation of your traffic with MRTG.
MRTG is one of the intrusion detection tool it gives you the big picture of your network traffic in diffeent views like week, month, or year.

MRTG plays a very important role in case of hacking and attacking of server.  It helps to track down the exact cause and source of attack by allowing to monitor network traffic, number of packets, connections to server, protocol error messages, number of connected users, requests, CPU/RAM/disk usage, processes that are currently in execution state in memory etc.

MRTG installation on Windows server :-

Before we proceed to install MRTG we have to install SNMP with following steps

Go to Control Panel >> Add or Remove Programs >> Add/Remove Windows Components >> select Management and Monitoring Tools >> click on Details button >> enable the check box for “Simple Network Management Protocol” >> Click on OK then click on Next to proceed with installation.

Here you have installed SNMP for your server

MRTG is a Perl script hence you will need to download and install ActivePerl. You can refer following link to download and more information on Activeperl-
http://www.activestate.com/Products/ActivePerl/

Now downlaod the latest version of MRTG at - http://tobi.oetiker.ch/  OR  http://winadmin.co.uk/MRTG_files.zip

Extract the files into C:\Program Files\MRTG

Now we either create a web site for MRTG or create a virtual directory under any exisiting web site.
Set the MRTG site to not run scripts or executables and provide only Read access.
Move all the configuration files in to C:\Program Files\MRTG\Bin directory.
To test the configuration execute following command at mentioned location on command prompt -

C:\ProgramFiles\MRTG>perl mrtg mrtg.cfg

after SUCCESSFULL execution of above command you should now have some more files created in your MRTG web directory.

Now browse the web site/virtual directory you have created to get the MRTG output

October 15th, 2008 by Gabriel

Here is CDONTS mail script :-

—————————

<%
sch = “http://schemas.microsoft.com/cdo/configuration/”

Set cdoConfig = CreateObject(”CDO.Configuration”)

With cdoConfig.Fields
.Item(sch & “sendusing”) = 2 ‘ cdoSendUsingPort
.Item(sch & “smtpserver”) = “92.48.69.32″  ‘ your smtp server IP address
.update
End With

Set cdoMessage = CreateObject(”CDO.Message”)

With cdoMessage
Set .Configuration = cdoConfig
.From = “supp0rt24×7@gmail.com”
.To = “supp0rt24×7@gmail.com”
.Subject = “Sample CDO Message”
.TextBody = “This is a test for CDO.message”
.Send
End With

Set cdoMessage = Nothing
Set cdoConfig = Nothing
%>

October 15th, 2008 by Gabriel

Here is CDOSYS mail script :-

—————————

<%

‘CDOSYS Configuration
Set oMail = Server.CreateObject(”CDO.Message”)
Set iConf = Server.CreateObject(”CDO.Configuration”)
Set Flds = iConf.Fields

iConf.Fields.Item(”http://schemas.microsoft.com/cdo/configuration/sendusing”) = 2
iConf.Fields.Item(”http://schemas.microsoft.com/cdo/configuration/smtpserver”) = “localhost”
‘Note use “localhost” If mail is routed from same server.
‘Use Server IP like “203.90.78.221″ if Domain has MX record having IP “203.90.78.221″ OR Mails are routed from that IP

iConf.Fields.Item(”http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout”) = 10
iConf.Fields.Item(”http://schemas.microsoft.com/cdo/configuration/smtpserverport”) = 25
iConf.Fields.Update

Set oMail.Configuration = iConf
oMail.To = “supp0rt_24×7@yahoo.com”
oMail.From = “supp0rt_24×7@yahoo.com”
oMail.Subject = “Script TEST.”

‘If message body is in HTML FORMAT
oMail.BodyPart.ContentTransferEncoding = “quoted-printable”
oMail.HTMLBody = HTML
oMail.Send
Set iConf = Nothing
Set Flds = Nothing

%>

<html>

Message Sent !!!

</html>

October 14th, 2008 by Gabriel

Following are few of the new features and improvements introduced in Microsoft SQL 2005

Manageability :-

SQL Server 2005 makes it easy to deploy, manage, optimize data.
A single integrated management console enables database administrators to easily monitor and manage distributed data.It provides an extensible management infrastructure that can be easily programmed using SQL Management Objects.

SQL Server Management Studio :-

SQL Server Management Studio is a new database management tool for database administrators, developers and end users. It combines the functionality of Enterprise Manager and Query Analyzer. It allows management and authoring for SQL Server 2005 Reporting Services (SSRS), Integration Services, Notification Services, replication, and previous versions of Microsoft SQL Server, all through the same interface.

Enhanced Query Authoring :-

SQL Server 2005 introduces Query Editor which is integrated into SQL Server Management Studio. Query Editor also allows you to write and execute scripts such as multidimensional expressions (MDX), data mining expressions (DMX) and XMLA. Its nothing but the replacement for SQL Server 2005 Query Analyzer.

Security :-

SQL Server 2005 makes significant enhancements to the security model which is already explained at-
http://winadmin.co.uk/microsoft-sql-server/security-features-in-sql-server-2005/

Integration Services :-
SQL Server 2005 includes Integration Services (SSIS) which enables organizations to more easily integrate and analyze data from multiple heterogeneous information sources. By analyzing data across an array of operational systems, organizations may gain a competitive edge through a holistic understanding of their business.

October 14th, 2008 by Gabriel

Microsoft SQL server 2005 has been designed to be more secure with many features that increase the degree of protection.
Authentication, Authorization and encryption are the key features.

Authentication :-

Mixed and windows authentication are the two authentication modes supported by SQL 2005.

In Windows Authentication mode access is given based on a security token assigned during successful domain logon by a Windows account, which obviously have full access to SQL server. The Windows authentication mode only allows you to login/connect to SQL Server with Windows authentication. Windows Authentication is for the environment that all of your users are part of a Windows domain. Your access to SQL Server is controlled and authenticated when you log on to the Windows operating system. If you are a member of Windows’ administrator group then you should be able to use Windows Authentication to connect to SQL Server.
When a user connects through a Windows user account, SQL Server validates the account name and password using the Windows principal token in the operating system. This means that the user identity is confirmed by Windows. SQL Server does not ask for the password, and does not perform the identity validation.

The mixed authentication mode stipulates that the SQL Server authentication be done on the verification of credentials stored and maintained by the SQL Server. The logins are created in SQL Server that are not based on Windows user accounts.Users connecting using SQL Server Authentication must provide their credentials (login and password) every time that they connect.

Password Complexity :-

1. The length of the password used,
2. The type of characters that can be used like special characters, alphabets, numbers etc.
3. System reserved words should not be allwed to use,
4. Non blank password should be disallowed

Password Expiration :-
Password Expiration is determined by the value of “Maximum password age” group policy setting. The group policy settings are defined using the CREATE_LOGIN T_SQL statements.The password expiration and policy for individual accounts can be obtained from the SQL Server Management Studio interface.

Lockout Behavior :-
Lockout behavior is determined by the values assigned to “Account lockout duration”, “Account lockout threshold” and “Reset account lockout counter after” settings.

Authorization :-
Authorization features determine the level of access rights/previleges assigned to a user.
SQL 2005 allows separation of user schema objects and database objects.A schema is nothing but group of objects so that the set of objects in a schema can be treated as a unit for owning permissions.For example Execute permissions can be allowed on a role of stored procedures.

October 14th, 2008 by Gabriel

Microsoft SharePoint is a browser based document-management platform.
It can be used by the web sites that access shared workspaces and documents, applications like wikis, blogs etc.
SharePoint interface is a web interface. Share point sites are mainly .Net sites with MS SQL as back end database.
It provide content management features, implement business processes, and supply access to information that is essential to organizational goals and processes.Support specific content publishing, content management, records management, or business intelligence needs.It provide centralized repository for shared documents, as well as browser-based management and administration of them.
Some of its good features includes workspaces and dashboards, navigation tools, lists, alerts (including e-mail alerts), shared calendar, contact lists and discussion boards etc.

The SharePoint family -

Windows SharePoint Services (WSS) :-
Windows SharePoint Services 3.0 (WSS) is a free addon in Windows server which offers the infrastructure, supporting HTTP and HTTPS based editing of documents, as well as document organization in document libraries, version control capabilities, wikis, and blogs etc.
WSS 3.0 is built on top of ASP.NET 2.0.

Microsoft Search Server (MSS) :-
Microsoft Search Server (MSS) is a search platform supported by Microsoft. MSS shares its architectural underpinnings with the Windows Search platform for both the querying engine as well as the indexer. MOSS search provides the ability to search metadata attached to documents.Microsoft has made Microsoft Search Server available as Search Server 2008, released on March 2008. A free version, Search Server 2008 Express, is also available.

Microsoft SharePoint Designer (SPD) :-
The “What You See Is What You Get” editor MS SharePoint Designer focus on design of SharePoint sites and end-user workflows for WSS sites. Its nothing but the next-generation Microsoft replacement for Microsoft FrontPage
SPD requires that IIS has Frontpage extensions installed on the server.

October 13th, 2008 by Gabriel

Benefits -

# Improve the performance with faster files

# Reduce Bandwidth Costs with Immediate effect

# Save server resources and in turn save money

Very basic steps that you can easily implement for IIS compression are as follows(provided you have some basic knowledge of IIS :)  )

[Note : Do not forget to  backup your metabase before you proceed ]

You will have to create a temporary folder to cache static file compression with any familiar name or even you can use default folder “%windir%\IIS Temporary Compressed Files”. Make sure IUSR have read/write permissions on this folder.

# Now open your IIS, at the left pane right click on Web Sites and select Properties

# click on Service tab - Enable Compress application files

# enable Compress static files

# change temporary directory to the folder you have created or default temp folder

# set max size of temp folder depending on the size of your hard drive

# Save and close

# edit the metabase at C:\Windows\system32\inetsrv\metabase.xml in Notepad

# locate for IIsCompressionScheme

# There should be two of them, one for deflate and one for gzip.  Basically they are two means of compression that IIS supports.

# add aspx,  asmx, php and any other extension that you need to the list extensions in HcScriptFileExtensions.

# HcDynamicCompressionLevel has a default value of 0, which can vary 0 -10, set it as per the need

# restart the World Wide Web Publishing Service

That’s it

October 12th, 2008 by Gabriel

Some basic security policies that a Web Administrator should have to consider are -

1. who/which user is allowed to use the system
2. when the user is allowed to use it
3. which user granted which level of access
4. procedures for granting access to the system
5. remote and local access methods
6. system monitoring
7. suspected security breaches

If you don’t have a clear picture of what is permitted, you can never be sure when a violation has occurred.

General security precautions to take -

1. Limit the number of login accounts available on the machine and delete inactive users.
2. The Crack programs help to detect poorly chosen passwords hence force the people to use strong             passwords who have login privileges.
3. Unused services should be turned off. For e.g. if FTP is no longer needed then it should be stopped.
4. Check system regularly for suspicious activity.
5. Make sure that permissions are set correctly on system files.

October 12th, 2008 by Gabriel

IIS allows you to display your own custom error pages instead of ugly default error pages. You will have to create an HTML or ASP page with the desired information you want to display.

Following are the steps -

1. Open Internet Information Server
2. Select your Web site in the tree view at left pane, right-click and choose Properties
3. Click on the Custom Errors tab.
4. Scroll down to the error you wish to change
5. select it, and click the Edit Properties button.
6. Enter the URL to your page that you have created
7. Click Ok at the bottom.

your customized error page will be displayed next time instead of old ugly and unfriendly default error page 

October 10th, 2008 by Gabriel

Here are some useful tools that help us in configuring IIS server and track the problematic web sites easily :

1. IIS Passwords Sync:

IIS 6.0 web sites run under anonymous user accounts. It is IUSR_<machine name> (by default) or other user accounts created by your web hosting control panel. The users’ passwords are set automatically set and are never known. However, sometimes for some reason the passwords get out of sync or corrupted and need to be reset. The easiest way to reset these passwords is to use IIS Passwords Sync program. It extracts the passwords that Microsoft IIS 6.0 has in its metabase and updates the accounts in “Local Users and Groups” to use that passwords.

Download link - http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1742

2. IIS Pool:

With IIS Pool tool we can easily search the problematic sites which have default application pool.

IIS Application Pools Monitoring and Analysis:

This program allows monitoring of IIS 6 application pools. All the monitoring data is stored in log files. It is possible to analyze a pool to find a website (or a virtual application) using too much resources. …

Overview -

IIS Application Pools Monitoring and Analysis:

* This program allows monitoring of IIS 6 application pools.

* All the monitoring data is stored in log files.

* It is possible to analyze a pool to find a website (or a virtual application) using too much resources.

Features -

* IIS application pools monitoring

* IIS application pools analysis

* Find websites using too much resources

Download link - http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1728

3. IIS Report:

Overview -

IIS Report is a command line tool. It allows us to create different IIS related reports. For example it can get the list of all SSL websites and sort it by IP address, or get the list of all websites and sort it by application pool name and then by website name, …

There is no installation required. Just download and unrar the archive file. Then start the program with:

C:\>iisreport.exe /?

to get more information and see all the parameters available.

Benefits -

* Easy-to-use

* Fast

* It is possible to import the reports with Excel

* It is possible to parse the reports with VBS or BAT programs and other administration applications.

Download link - http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1730