Exchange Server, Windows Server, ISA, SEO, Photography

Comments : 33

ISA 2006 Website Block List

Posted by Vishal Vasu | Posted on 14-07-2009

One of the features in ISA Server 2006 is the ability to block traffic based on URL or Domain name. This means that traffic can be blocked for a particular website from ISA Server without disrupting the general Internet access rule.

I’ve compiled some Domain Name Sets and URL Sets from the Internet and zipped them for easy availability for ISA administrators. Download the ZIP file and extract it. Under Network Objects in the Toolbox tab, right click URL Sets and click Import. Choose a single XML file from the unzipped folder of URLs. Once you have imported all XMLs, follow the same procedure for Domain Name Sets.

The next step is to create a rule which denies traffic to the websites which are listed in the XML files that we imported. Start by creating a new rule. I’ve named my rule as “Block Custom Sites”.

In the Access Rule, choose “Deny”.

Under protocols, choose HTTP and HTTPS.

Under Sources, choose Internal and VPN Clients.

Under Destinations, choose the XML lists that we imported. You can add multiple XML files.

Remember to shift the rule that we created to the top of all rules and we are done.

Comments : 6

Backup Exchange Server 2007 on Windows 2008 using NTBackup

Posted by Vishal Vasu | Posted on 25-06-2009

Category : Exchange Server, Microsoft Windows Server

Tags: Exchange 2007, Windows Server 2008

All those System Administrators running their Exchange Server 2007 on a Windows 2003 (64-bit) server have the previlage to get access to the traditional NTBackup utility to backup their exchange stores. But those who are running their Exchange Server 2007 on Windows 2008 (64-bit) must have faced the dilema of which tool to use to backup their mail stores. This is because Windows Server Backup in Windows Server 2008 no longer supports Exchange-aware backups or restores. In order to back up and restore Exchange Server 2007 Service Pack 1 (SP1) on Windows Server 2008, you must use an Exchange-aware application that supports the Volume Shadow Copy Service (VSS) writer for Exchange 2007, such as Microsoft System Center Data Protection Manager, a third-party Exchange-aware VSS-based application, or a third-party Exchange-aware application that uses the streaming backup APIs locally on the Exchange server to make a backup locally on the Exchange server.

What does all this mean? Nothing but shelling out extra $$$ to invest in a backup solution unless you are interested in a very simple backup solution to assure that the logs get truncated and you have backup copies which you can restore. Here is a basic hack which can help one save a couple of $$$.

Step #1

Get access to a Windows 2003 R2 Server which is running a 64-bit OS. Assuming that you are not running your production Exchange Server 2007 in 32-bit environment, we require the 64-bit version library files. If you do not have a one handy, you can get the source files and then expand the DLL’s or install one in a virtual environment.

Step #2

Copy the ntbackup.exe, ntmsapi.dll, and vssapi.dll files from C:\windows\system32 into a new folder on your Exchange Server 2007 running on Windows 2008. I created a folder called NTBackup under Program Files and placed them there.

NT Backup Exchange 2007

Step # 3

Right click Ntbackup.exe and choose “Run as administrator”.

Your should see the Exchange Server Information Store as part of your backup wizard.

Select the Information Stores that you want to backup. Choose the Backup media or filename and the path where you want to store your backups. Once you have finished the configuration, click on Start Backup and the exchange store backups should start.

Once the backup is complete, you should see all the transaction logs getting truncated (hope circular logging is not enabled) and also the mail store would be stamped with the Last Full Backup date and time stamp.

One thing to note though: you cannot back up a storage group in a Standby Continuous Replication (SCR) environment. Backups of storage group copies are available for Local Continuous Replication (LCR) or Cluster Continuous Replication only.

Comments : 2

Securing Microsoft SQL Server

Posted by Vishal Vasu | Posted on 15-06-2009

Category : Microsoft Windows Server

Tags: MS SQL

Here is a quick check list for System Engineers and Data Base Administrators to lock down MS SQL Server and secure the database server:

Communication: If possible and if budget permits, do not expose the SQL Server directly to the Internet. Allow the communication from a web server to the SQL database server over an internal IP address.

Strong Passwords: Ensure that the server uses a strong password for the “sa” account. Use a combination of letters, numbers and symbols. This make it difficult for Brute Force hacks to guess the password.

Authentication: Keep this to Windows Authentication if possible and avoid setting SQL to run under Mixed Mode. Windows Authentication will require SQL server to check the Active Directory and moreover the logins will not be stored in the SQL server.

Service Packs and Updates: Make sure that the SQL Server is always patched with the latest Service Pack and Security Updates. This ensures that the latest security vulnerabilities are addressed and blocked.

Service Accounts: Run both MSSQLSERVER and SQLSERVERAGENT under the Domain User permissions. Do not run them under any Administrator account. This ensures very less damage in case the user account or the server is compromised.

Block Ports: If there is no need to expose the MS SQL Server to the Internet, block port 1433 and 1434 at the firewall. This means that the SQL Server will not be accessible from the Internet, thus making it hard for outside attackers to reach to the server. It also prevents worms and viruses.

Backups: Encrypt and compress the backup files. Put a password on the backups and store them to a safe location. Do not keep them on the server.