Antivirus - MegaCortex Ransomware

I am going to take note on blog mention to this new Ramsoware that work attacking domain controllers at first.

Hoping to find time to create a more detailed specific blog article.

New MegaCortex Ransomware Found Targeting Business Networks

Tips - Live Optics and Vmware 5.1.0 No SOAP response error

Live Optics permits collecting all Hypervisors and VM performance counters. 

https://www.liveoptics.com/about-live-optics/

Live Optics (Dell EMC) is an industry standard method of impartially documenting server/storage configuration and performance as well as observing file characteristics of data. 

This approach permits to analyse existing infrastructure and help decisions about upgrade or hardware renewal as well.

Consider that SAN Optics can be utilized to conduct health assessments on your Storage Area Networks. 

Here it isproblem that we faced (and succesfully fixed):


  • We executed Live Optics software on a W2008 R2 Server related to a Vmware vCenter Server 5.1.0.
  • Collecting was not working using administrator account as well.
  • "LiveOptics_TroubleshootingTrace.txt" was showing these entries

2019-05-06Thh:mm:ss+02:00 SOAP Fault: ServerFaultCode: 
2019-05-06Thh:mm:ss+02:00 Fault detail type
ERROR: 2019-05-06Thh:mm:ss+02:00 No SOAP response!

  • We opened a Live Optics ticket.
  • Support confirmed us that problem was due to an error applicative side.
    This problem was fixed yesterday with below ne version

Live Optics 2.5.20.468497




Networking - Cisco IP Base vs LAN Base differences

Today I would like to mention main differences about IP base vs LAN Base. (Cisco Switches)

High level differences are that LAN Base  support only static IP routing.



More information could be found at below link as well:

https://community.cisco.com/t5/networking-documents/what-is-the-difference-between-an-ip-base-image-and-an-ip/ta-p/3117957

Freeware - HEIC Freeware tool converter

Apple with new iOS releases store images with a new format HEIC that use less space than .JPG but converting free tool for Windows is not so easy to be found.

I share and take note about correct tool that I succesfully identified.

 iMazing HEIC Converter, free tool to convert HEIC to JPG


If you would like to disable your iphone/ipad device storing in HEIC and mantaining it when transferring foto to your pc below pictures are enough clear about necessary settings.



Backup - Client Backup tool - AOMEI Centralized Backupper 2.1

In previous blog article I discussed about Veeam Backup tool focusing on its client backup functionality:

https://www.alessandromazzanti.com/2017/05/backup-veeam-backup-for-free-v20-for.html

Today I would like to mention this product. (AOMEI Centralized Backupper 2.1)

Very briefly:


  • It is a centralized backup management solution that enables you to create and manage backup tasks for all PCs, workstations, servers and virtual machines within LAN from a single central management computer.
  • Price are quite cheap.
  • You could remotely monitor backup jobs for all your clients with the central control server.
  • You could centrally manage and backup of all these clients to network share or NAS.

I did not have time to test it, and I hope to get a free trial licence to do that. Meanwhile I preferred taking note about that on blog and share this information, hoping that would be useful for someone.

More information about features and licensing are at below link

https://www.backup-utility.com/abnetwork.html?from=en_nav_for-business#compare


Tips - Sitemap creation hosted BLOGGER web sites

Today I was working on google search console and I was surprised that only few pages was indexed, searching on internet I found problem resolution and applied some fixes.

Furthermore you may find more technical details and relative workflow.

<===========================>


  • Sitemap file functionality is used mentioning all website pages, unfortunately this is not true for websites hosted on blogger environments.


  • Default blogger XML file refers only to 26 most recent articles.


  • Consequential limitation is easy to be understood (for search engine websites visibility and indexing first)


  • You might override this limitation going to this website https://ctrlq.org/blogger/, indicate your website, get XML text and insert it in your blogger administration console ( Settings – > Search Preferences, the enable Custom robots.txt option (available in the Crawling and Indexing section).


In this way all search engines will discover your XML sitemap and indexing at all.

Here they are some screenshots 









Tips - How to get domain controller ldap string

If you need to find ldap string on Microsoft Domain Controller there are various and quickly way suitable for this purpose:

a.) dsquery

Consider that for help on a specific command, type "dsquery /?" where is one of the supported object types shown above.

For example, dsquery ou /?

Description: This tool's commands suite allow you to query the directory
according to specified criteria. Each of the following dsquery commands finds
objects of a specific object type, with the exception of dsquery *, which can
query for any type of object:

dsquery computer - finds computers in the directory.
dsquery contact - finds contacts in the directory.
dsquery subnet - finds subnets in the directory.
dsquery group - finds groups in the directory.
dsquery ou - finds organizational units in the directory.
dsquery site - finds sites in the directory.
dsquery server - finds AD DCs/LDS instances in the directory.
dsquery user - finds users in the directory.
dsquery quota - finds quota specifications in the directory.
dsquery partition - finds partitions in the directory.
dsquery * - finds any object in the directory by using a generic LDAP query.

For help on a specific command, type "dsquery /?" where
is one of the supported object types shown above.
For example, dsquery ou /?.

Remarks:
The dsquery commands help you find objects in the directory that match
a specified search criterion: the input to dsquery is a search criterion
and the output is a list of objects matching the search. To get the
properties of a specific object, use the dsget commands (dsget /?).

The results from a dsquery command can be piped as input to one of the other
directory service command-line tools, such as dsmod, dsget, dsrm or dsmove.

Commas that are not used as separators in distinguished names must be
escaped with the backslash ("\") character
(for example, "CN=Company\, Inc.,CN=Users,DC=microsoft,DC=com").

Backslashes used in distinguished names must be escaped with a backslash
(for example,
"CN=Sales\\ Latin America,OU=Distribution Lists,DC=microsoft,DC=com").


Examples:
To find all computers that have been inactive for the last four weeks and
remove them from the directory:

        dsquery computer -inactive 4 | dsrm

To find all users in the organizational unit
"ou=Marketing,dc=microsoft,dc=com" and add them to the Marketing Staff group:

        dsquery user ou=Marketing,dc=microsoft,dc=com | dsmod group
        "cn=Marketing Staff,ou=Marketing,dc=microsoft,dc=com" -addmbr

To find all users with names starting with "John" and display his office
number:

        dsquery user -name John* | dsget user -office

To display an arbitrary set of attributes of any given object in the
directory use the dsquery * command. For example, to display the
sAMAccountName, userPrincipalName and department attributes of the object
whose DN is ou=Test,dc=microsoft,dc=com:

        dsquery * ou=Test,dc=microsoft,dc=com -scope base
        -attr sAMAccountName userPrincipalName department

To read all attributes of the object whose DN is ou=Test,dc=microsoft,dc=com:

        dsquery * ou=Test,dc=microsoft,dc=com -scope base -attr *

Directory Service command-line tools help:
dsadd /? - help for adding objects.
dsget /? - help for displaying objects.
dsmod /? - help for modifying objects.
dsmove /? - help for moving objects.
dsquery /? - help for finding objects matching search criteria.
dsrm /? - help for deleting objects.

b.) Meanwhile you could find LDAP connection string launching ADSI Edit snapin:



c.) Consider that 



Microsoft - Windows 7, SQL 2008, 2008 R2 Server, Exchange 2010, Office 2010 EOL - End of life date

Just a quick post taking note about several Microsoft Products where End Of Life date is 2019 or 2020, the first important effect would be related about product and security patches unavailability.

End Of life Product and date


Windows 7 --> January 14, 2020
Office 2010 EOL --> October 13th, 2020
SQL Server 2008 and 2008 R2 Extended Support --> will end on July 9, 2019
Windows Server 2008 and 2008 R2 Extended Support --> will end on January 14, 2020.
Exchange Server 2010 --> January 14, 2020

Products Reaching End of Support for 2019

Products Reaching End of Support for 2020 


Here they are some interesting information:

- Windows 7 Embedded editions follow different EOL dates, you could use following official link.
- You could upgrade compatible Windows 7 PCs based on these requirements with a full license. 
- About SQL 2008 and W2008 R2 please review this article.
- Here it is indicated how Microsoft threat all its products since first release about Mainstream Support and Extended Support.
- About Windows Server Microsoft propose Microsoft Server upgrade center.
- To have visibility about all Microsoft Product EOL here it is correct link.

Network - Cisco Smart Net Total Care Service

Today I am going to take note on my blog about different Cisco Services that are provided to end users.

At below link you might find more information and specific Cisco document .pdf with whole information.

https://www.cisco.com/c/en/us/services/technical/smart-net-total-care.html#~stickynav=2

https://www.cisco.com/c/dam/en/us/products/collateral/cloud-systems-management/smart-net-total-care/datasheet-c78-735459.pdf

What I would like to focus is on below image/Table for quick reading purpose:




Office 365 - Email and applications encryption

Office 365 delivers multiple encryption options like Office Message Encryption (OME), S/MIME, Information Rights Management (IRM), and introduces Transport Layer Security (TLS).

Here it is Microsoft related article with all details. (about Office 365 email and application encryption features)

https://docs.microsoft.com/it-it/office365/securitycompliance/ome

Linux - Elementary OS

I would like to mention this Linux O.S. that aims to be a replacement (and similar) to MacOS or Windows O.S.

If you are interested you might visit official website:

Monitor - 40 monitoring Network & Server Tools

Today I would like to merge old articles and indicate other Monitor tools:


  1. PRTG monitors is freeware using up100 sensors.
    https://www.it.paessler.com/
    From my experience it work fine with all devices such switches, Firewall, client, Server, Hypervisors, SNMP devices and so on.
    An interesting tips is installing different PRTG istances on different servers (bypassing 100 sensor free limits) using PRTG client software that permit you to have single management console, without having necessity to purchase license.
  2. SolarWinds All Free Network/System/Security/DB/clients monitoring tools
    https://www.alessandromazzanti.com/2018/11/freeware-solarwinds-software-free-tools.html
  3. MAP Toolkit 9.8
    https://www.alessandromazzanti.com/2018/03/server-map-toolkit-98.html
  4. Veeam One
    https://www.alessandromazzanti.com/2017/05/monitor-veeam-one-free-edition-95.html
  5. Naemon Monitoring Server
    https://www.alessandromazzanti.com/2017/03/monitoring-naemon-monitoring-server.html
  6. OpManager is an excellent monitoring platform, I used during these years and is free to monitor up to 10 devices:
    https://www.manageengine.com/network-monitoring/
    https://www.manageengine.com/network-monitoring/download-free.html
  7. AD Lockout Monitoring tool (such as Netwrix, Microsoft tool....)
    https://www.alessandromazzanti.com/2016/10/ad-lockout-events-on-domain-controller.html
  8. Scripting - Monitor disk space, cpu load, memory and send html report through email
    https://www.alessandromazzanti.com/2016/06/scripting-monitor-disk-space-cpu-load.html
  9. AD health check with Powershell
    https://www.alessandromazzanti.com/2016/06/monitoring-ad-health-check-with.html
  10. Exchange 2010 - How to monitor Exchange Health
    https://www.alessandromazzanti.com/2016/05/exchange-2010-how-to-monitor-exchange.html
  11. Exchange 2013 - How to monitor it with powershell command
    https://www.alessandromazzanti.com/2015/06/exchange-2013-how-to-monitor-it-with.html
  12. Exchange - Microsoft Exchange Server User Monitor
    https://www.alessandromazzanti.com/2012/10/exchange-microsoft-exchange-server-user.html
  13. Monitor Wall Board for IT Rooms, tools and tips:
    https://www.alessandromazzanti.com/2016/03/monitoring-virtualwin-with-autoswitcher.html
  14. How to monitor website (for free) via email/smshttps://www.alessandromazzanti.com/2016/01/monitoring-how-to-monitor-website-for.html
  15. Netwrix Tools auditing, security and monitoring
    https://www.alessandromazzanti.com/2015/09/security-netrwrix-tools-auditing.html
  16. Netwrix Auditor:
    https://www.netwrix.com/auditor.html
  17. True last logon to monitor AD
    https://www.alessandromazzanti.com/2015/09/security-true-last-logon-to-monitor-ad.html
  18. 2012 R2 Server - Install SNMP and enable monitoring
    https://www.alessandromazzanti.com/2015/06/2012-r2-server-install-snmp-and-enable.html
  19. 2012 Server - How monitor 2008 server on 2012 dashboard
    https://www.alessandromazzanti.com/2014/09/2012-server-how-monitor-2008-server-on.html
  20. Utility that lists computers and devices connected to your network
    https://www.alessandromazzanti.com/2013/11/server-new-utility-that-lists-computers.html
  21. NetTools
    https://www.alessandromazzanti.com/2012/10/programma-nettools-per-monitorare-la.html
  22. Zenoss Monitor solution:
    https://www.zenoss.com/get-started
    https://www.zenoss.com/product/unified-monitoring
    https://www.alessandromazzanti.com/2012/09/network-disponibile-zenoss-core-42.html
  23. JFFNMS - Just For Fun Network Management System is written in PHP Language Devices are continuously polled, or JFFNMS can collect events from SNMP traps and syslog messages.  The web GUI displays the status of the devices’ interfaces as well as report on rolling statistics, such as error counts or traffic on an interface.
    Here they are some interesting features like * TFTP Configuration Download and Archival (Cisco IOS & CatOS) and screenshots
  24. LogicMonitor
    https://www.alessandromazzanti.com/2012/05/server-prodotto-cloud-di-monitoraggio.html
  25. Spiceworks Network Monitor & Cloud Cost monitor
    https://www.spiceworks.com/free-network-monitoring-management-software/?utm_medium=internal&utm_source=community_tools&utm_campaign=%20community_tools
    https://www.alessandromazzanti.com/2012/04/server-spiceworks-programma-gratuito.html
  26. Vmware ESXi Monitoring
    https://www.alessandromazzanti.com/2012/03/vmware-esxi-monitorare-un-server-vmware.html
  27. HyperV - how to monitor 80 functionlaity with script
    https://www.alessandromazzanti.com/2012/03/hyperv-it-does-pretty-much-what-it-says.html
  28. Server - Folder monitoring
    https://www.alessandromazzanti.com/2011/09/server-monitorare-una-cartella-di-un.html
  29. OMD Labs-Edition
    https://labs.consol.de/omd/
  30. Nagios XI, Enterprise Server and Network Monitoring Software https://www.nagios.com/products/nagios-xi/
  31. Nagios Network Analyzer
    https://www.nagios.com/products/nagios-network-analyzer/
  32. AD monitoring Tool (Dovestones)
    https://dovestones.com/download/
  33. The Dude automatically scan all devices within specified subnets, draw and layout a map of your networks, monitor services of your devices and alert you in case some service has problems.
    https://mikrotik.com/thedude
  34. NetXMS Open-source network and infrastructure monitoring and management system
    https://www.netxms.org/
  35. Total Network Monitor
    https://www.softinventive.com/total-network-monitor/
  36. 10-Strike Network Diagram - Software for Creating and Drawing Topology Diagrams
    https://www.10-strike.com/network-diagram/
  37. Multi Router Traffic Grapher (MRTG): Open source Round Robin Database (RRD)–based network monitoring and graphing tool used to show current and historical information about network devices, specifically router and switch interface statistics. This tool is freely available  from oss.oetiker.ch/mrtg/index.en.html.
  38. WhatsUp Gold: Ipswith’s network-device monitoring tool, which is capable of discovering network devices, tracking system health, and receiving Simple Network Management Protocol (SNMP) trap and Syslog data. Ipswitch provides a 30-day evaluation of the product, whose price starts around $1,500 for the ability to manage 25 devices. Check out their website at www.whatsupgold.com.
  39. Cacti: Open source RRD–based network monitoring and graphing tool. If you have used MRTG but wanted something a little flashier or geared towards other types of devices, then Cacti may be for you. Cacti makesit easier to add devices such as servers to your monitored devices list. As with MRTG, this tool is freely available, and you can find it for downloadon their website, www.cacti.net.
  40. Xymon Monitor (formerly Hobbit Monitor): Open source–device monitoring and alerting tool, as shown in Figure 2-4, that displays current status information for network devices. Like Cacti and MRTG, Xymon is capable of gathering a wide range of information about your devices and offers historical information on those devices in the form of RRD–based charts. One difference with Xymon lies in its ability to send out alerts to configured users in the event that certain conditions have been met, such as a device has gone offline for more than 5 minutes or free disk space on a server has dropped below 100 MB. You will find Xymon on itsSourceforge page at xymon.sourceforge.net.
  41. NetFlow: A Cisco Internetwork Operating System (IOS) component that collects and measures data as it flows through switch and router interfaces. While NetFlow on a switch or router collects data, it does not provide any of the analytical functions. For analytics, you will require a NetFlow collector.
  42. Cisco NetFlow Collection Engine: Cisco’s NetFlow gathering and analysis tool that collects NetFlow data from network devices and allows for centralized analysis of the data. This data can be analyzed across the network to ensure that application data is passing over the network in a manner that is appropriate to the application. For example, you could use this tool to ensure that a business-critical accounting system is not being impacted by users watching YouTube videos. You can get more information about the NetFlow Collector Engine from www.cisco.com/en/US/products/sw/netmgtsw/ps1964/index.html, but this product comes with a price tag in excess of $16,000.
  43. Splunk: Log Analyzer
    https://www.splunk.com/it_it