Tuesday 18 November 2014

McAfee ePO 5.0.1 and later — Update on POODLE (CVE-2014-3566) OpenSSL Vulnerability

McAfee has determined that customers who upgraded to ePO 5.0.1 and later FROM ePO 4.x version may be vulnerable to the POODLE OpenSSL 3.0 vulnerability (CVE-2014-3566) due to a Java security setting migration issue. SSL protocol 3.0, as used in Tomcat 5.5.x and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain clear text data via a padding-Oracle attack, such as the POODLE issue. The security configuration for ePO 5.0.0 and later disables the SSLv3 protocol by default for clean installations of ePO. However, ePO 5.0.1 and later versions may be vulnerable if they have been upgraded from a previous ePO 4.x version. For more information on resolution please visit the ePolicy Orchestrator Sustaining Engineering Statement (SSC1410161) provided by McAfee

Wednesday 24 September 2014

Mozilla Products NSS RSA Signature Security Bypass (BERserk)

The Intel Security Advanced Threat Research Team has discovered a critical signature forgery vulnerability in the Mozilla Network Security Services (NSS) crypto library.

A vulnerability in some versions of Mozilla NSS could lead to a security bypass. The flaw is a variant of the RSA signature verification vulnerability discovered in 2006. It is caused by an error in the checking of the signature padding, allowing an attacker to forge a signature without the need to know the private RSA keys. Successful exploitation could allow an attacker to bypass SSL authentication in any domain, and intercept and monitor secure traffic.

Mozilla have released an update to resolve this issue and public details have been disclosed.

Mozilla Foundation Security Advisory 2014-73
McAfee Threat Advisory MTIS14-147

Monday 15 September 2014

Microsoft Release AzureAD Basic

Microsoft have recently released their Mid-Tier AzureAD offering, in addition to AzureAD Free and AzureAD Premium.

This new offering is geared towards Enterprises who want to equip their 'deskless' employees with an Active Directory integrated Sign On experience without the Multifactor Authentication and similar features not required for these types of users.

Thursday 11 September 2014

McAfee Product Specialist - ePO

After much procrastination I finally took the Certified McAfee product specialist - ePO exam and passed!

Monday 8 September 2014

McAfee Threat Intelligence Exchange RC available to download

McAfee have annouced that the 'Release Candidate for their new Threat Intelligence Exchange Architecture and Endpoint enabled products is now available to download frrom the TIE Beta Community.

Tuesday 19 August 2014

Netgear FSM726 Emergency Password Reset Procedure

Ever bought a switch second hand, only to find out that the previous owner hasn't factory reset it before shipping it to you, YUP!

I have 2 Netgear FSM726V1 managed switches that I could do anything with because I didn't have the Terminal User password or the Enable password, and after about two weeks of digging around the internet I managed to find the following set of instructions which worked for me and I now have two switches I can configure.

You need to interrupt the boot sequence and use a hidden system command to disable the password for the switch on reboot.
  1. Power on switch, press "ESC" key very quickly to go to Mini Boot Monitor mode. (If you press too late you will go into the option to boot from Flash or Net via TFTP.) 
  2. Press "Enter" key. 
  3. At the commend prompt Type: . EmergencyPasswordReset (Exactly as written it is case sensitive and doesn't like spaces. This is a hidden command.) 
  4. There is then a question . "Are you sure? (y/n)". The answer is "X". This is a capital X - It will disable the switch password for the default admin user. 
  5. You will get a response that the system password has been disabled - if you don't get this confirmation it hasn't worked because you have mistyped something but it won't tell you that.) 
  6. Enter "g" to reboot.

Thursday 7 August 2014

ePolicy Orchestrator 5.1.0 Revised Documentation Now Available

Revised versions of the McAfee ePolicy Orchestrator 5.1.0 Product Guide and the McAfee ePolicy Orchestrator 5.1.0 Installation Guide are now available.

The revised documents include information about these commonly-accessed Knowledge Centre topics:
  • Required SQL permissions
  • Changing SQL credentials for connecting McAfee ePO to the database
  • Supported user name and password formats
  • Ports needed for communication through a firewall
  • Changing the Agent-Server Communication Port
  • Changing the Console-Application Server Communication Port
  • Changing the Client-Server Authenticated Communication Port
PD24807 - ePolicy Orchestrator 5.1.0 Installation Guide
PD24808 - ePolicy Orchestrator 5.1.0 Product Guide

This information was provided by the McAfee Support Notification Service (SNS). The sign up for SNS alerts visit here.

Monday 4 August 2014

Upgrading to ePO 5.1.1 - Where is the Patch file?

After receiving the much awaited SNS Notice announcing that (ePO) 5.1.1 is now available...... where do I get it from.

I looks like we have been struck by the usual issues from McAfee with different product teams uploading the patches to different places.

After visiting the 'Product and Solutions' page, entering my Grant number, visiting the ePO 5.1 Management Solutions page and browsing the 'Patches' tab.... its not there. So where have McAfee put the ZIP file?

After some digging, and vaguely remember I have had this issue in the past, lets try logging into my Support Portal (which you have to sign up for independently of receiving your grant letter). Lets go to Patches and Downloads, same place as logging in with my Grant number right? Nope Wrong!

This takes you to the 'Full Products Downloads and Updates'. Under the Patches Section, filter the list to ePolicy Orchestrator, and Ta Dah, the ePO 5.1.1 patch can be downloaded.


Tuesday 11 February 2014

Scheduled NTBackup jobs failing after local profiles have been cleaned up

We currently use NTBackup to backup our Active Directory System State, but we discovered through our Telemetry that some of the Backup jobs were failing after some local profiles on the server had been cleaned up, but why?

Wednesday 5 February 2014

Free ebooks from Microsoft Press on MVA

If like me your always on the lookout for free stuff, the latest collection of free ebooks from Microsoft Press are now available on the MVA (Microsoft Virtual Academy)

The latest collection include titles for:

  • Microsoft System Center 2012
  • Microsoft Windows Server 2012 R2
  • Windows Azure
  • Windows 8.1
  • App Development

Pop along to the MVA and grab your free ebooks here.

Windows Server 2003 doesn't have Win32_Products CLass by default

I'm in the process of writing a prerequisite checking script to deploy PowerShell to all our server and I came across a little annoying error that prevented me from using the Win32_Product Class to check if the .NET Framework was installed on remote machine.

After coming across this Windows Management Infrastructure Blog I discovered an additional gotcha where the Win32_Product class must be added to Windows Server 2003. This can be achieved by adding the "WMI Windows Installer Provider" Windows component under Management and Monitoring tools in Add/Remove Windows Components.

Thanks to Steve Paruszkiewicz [MSFT] for pointing this one out.

Tuesday 4 February 2014

PowerShell Scripts and Version Control

If like me, you are constantly creating and updating your PS scripts and modules, your probably thinking "How do I protect my scripts from loss or damage".

Well thanks to Microsoft Scripting Guy, Ed Wilson, we now have the knowledge to check our Scripts into TFS.

Microsoft PFE Stefan Stanger has written up his presentation notes in a Blog format with a full tutorial on how to check-in your scripts to TFS Source Control

Hey, Scripting Guy Blog

These Blog post are non of my work, I have just discovered them and thought I would share them with you.

Monday 3 February 2014

get-scripting Blog

I'm always on the look out for more information and blogs/how-to articles around PowerShell and I happen to come accross the get-scripting blog.

The two Presenters post every couple of months some tips, ideas and experiences they come across, and upload a podcast which can be subscribed to via iTunes, so if you a newby looking at PS for the first time or are looking to expand your knowledge, add this blog and podcast to your reading list.

get-scripting Blog