Cisco - How to backup Cisco switches using TFTP

There are several ways on how backup Cisco switches (or other vendors name) can be done.

One of them is downloading TFTP client server

https://tftp.en.uptodown.com/windows

Launching it and deciding where saving configuration files.

Be aware taking note about client IP.

Later you need to connect to switches using any SSH clients (I warmly suggest using these clients:

  1. Solar-PuTTY Connect to any server or device in your network with Solar-PuTTY for Windows. This is an interesting Putty or PuttyCM alternative.

https://www.alessandromazzanti.com/2018/11/freeware-solarwinds-software-free-tools.html

and execute below commands on switches:

Router#copy tftp: running-config

Address or name of remote host []? 64.104.207.171

Source filename []? backup_cfg_for_my_router

Destination filename [running-config]?

Accessing tftp://10.66.64.10/backup_cfg_for_my_router...

Loading backup_cfg_for_router from 64.104.207.171 (via FastEthernet0/0): !

[OK - 1030 bytes]

1030 bytes copied in 9.612 secs (107 bytes/sec)

CE_2#

Where:

  • 64.104.207.171 must be substituted by your client ip address where tftp is under execution.

  • backup_cfg_for_my_router is backup file name that will be created on client where tftp is under execution.
You can configure automatic backups, you simple need to read all article below indicated.

[original article]

https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-software-releases-122-mainline/46741-backup-config.html 

 

Tips - English video and audios subtitles (on Chrome)

There is a new native chrome option that permit to view videos or audios adding, in real time, subtitles (that are quite precise).

Here it is procedure to enable this option on chrome italian version.



Settings --> click advanced --> accessibility --> Real time subtitles 


[Original article]

https://www.hwupgrade.it/news/web/chrome-arrivano-i-sottotitoli-in-tempo-reale-per-qualsiasi-contenuto-sul-web_96356.html

Tips - How to run application with Administrative rights

If you need to execute single application with administrative rights (without giving Administrative end users permissions) you can proceed in this way:

C:\Windows\System32\runas.exe /user:computername\Administrator /savecred "X:\path\filename.exe" 

Be aware that changing previously syntax, with other executable program file, you will be able to execute it with administrative rights (creating a small security hole)



Windows 10 - HyperV installation for free

There is an interesting feature available on Windows 10.

HyperV capability permit you to easily create VM on your Windows 10 Laptop/PC/Workstation. Obviously same feature is available on Microsoft Windows server editions.

On Windows Server and Windows 10 your hardware must support virtualization.

You should decide if start using VM generation 1 or 2:

https://docs.microsoft.com/it-it/windows-server/virtualization/hyper-v/plan/should-i-create-a-generation-1-or-2-virtual-machine-in-hyper-v

https://www.windowserver.it/2014/03/hyper-v-vm-generation-2-deep-dive/

About ram there is dynamic memory feature.

Veeam 11 - CDP (RPO= 0) and immutable storage backup against ransomware

 Veeam 11 released new features, here they are two that, imo, are very interesting:


  1. Continuous Data Protection (CDP) with RPO equal to zero:

    https://community.veeam.com/blogs-and-podcasts-57/veeam-v11-continuous-data-protection-cdp-configuration-265

    Using vSphere APIs for IO Filtering (VAIO)

  2. Immutable primary backup storage with a hardware-agnostic touch: enables you to store your short-term retention backups locally onsite for fast recovery with the protection of immutability. In addition, you can now tier those backups into an immutable object storage offering offsite, giving you additional protection against unforeseen malicious activity or accidental deletion. (protecting you against ransomware and malicious acts)

    The new hardened repositories are compliant with the SEC 17a-4(f), FINRA 4511(c), and CFTC 1.31(c)-(d) regulations. They can effectively prevent ransomware encryption or accidental/malicious deletions. The great thing about the new feature is it is based on "bring your own" Linux, so there is no vendor hardware lock-in.

    The new hardened Linux-based repositories with immutable backups will take ransomware protection to the next level for on-premises backup storage. Businesses can ensure business-critical backups are protected for the time specified for the immutable backup repository.

    https://www.veeam.com/blog/v11-immutable-backup-storage.html

    https://helpcenter.veeam.com/docs/backup/vsphere/hardened_repository.html?ver=110



Other articles:



Tips - Network Configuration Operators Group

If you have normal user permissions and you need to change network adapters TCP/IP configuration you can do that without having administrative rights. 

Infact you need to simple add your user to below local group

Network Configuration Operators





Software - FastStone Capture #Screenshots tool

There is an interesting tool that works fine taking desktop screenshots (a.e. using keyboard combinations)

https://www.faststone.org/FSCaptureDetail.htm

Normally I utilize 5.3 version picking up only .exe file (taken after a software fresh installation).

Furthermore I am coping, previously .exe file, on any other pcs where screenshots are necessary to be taken.


FastStone Capture 5.3

http://www.oldversion.com/windows/faststone-capture-5-3

Here they are older versions links:

http://www.oldversion.com/windows/faststone-capture/

P.S. I knew this tool during my pharmaceutical working experiences and it was a nice discovery, indispensable for GMP Validations and any other importants IT activities

DNS - Security

Some services can also block access to phishing or infected sites, and a few offer content filtering to keep your kids away from the worst of the web.

OpenDNS


Primary, secondary DNS servers: 208.67.222.222 and 208.67.220.220

With filtering or pre-configured protection, you can safeguard your family against adult content and more. It’s the easiest way to add parental and content filtering controls to every device in your home.

Cloudflare


Primary, secondary DNS servers: 1.1.1.1 and 1.0.0.1

Privacy is another major highlight. Cloudflare doesn't just promise that it won't use your browsing data to serve ads; it commits that it will never write the querying IP address (yours) to disk. Any logs that do exist will be deleted within 24 hours. And these claims aren't just reassuring words on a website. Cloudflare has retained KPMG to audit its practices annually and produce a public report to confirm the company is delivering on its promises

Google Public DNS
Primary, secondary DNS servers: 8.8.8.8 and 8.8.4.4


Quad9





<======================>

DNS Jumper is a portable freeware tool which tests multiple public DNS services to find out which delivers the best performance for you.

The program has a lot of options, but isn't difficult to use. Launch it, click Fastest DNS > Start DNS Test, and within a few seconds you'll be looking at a list of DNS services sorted by speed.

DNSPerf tests multiple DNS services every minute from 200+ locations around the world and makes the results freely available on its own website

[original Article]

Microsoft 365 - Apps activation on shared computer

About environments accessed by multiple users you can keep in mind below Microsoft article.

Be aware that shared computer activation is required for scenarios where multiple users share the same computer and the users are logging in with their own account. 

Infact, normally, users can install and activate Microsoft 365 Apps only on a limited number of devices, such as 5 PCs.

To enable Shared computer activation you should have Office 365 E3, E5 or business premium.

If you want to enable shared computer activation during the initial installation of Microsoft 365 Apps, you can instruct the Office Deployment Tool to do so during installation.

In case you already installed Miscrosoft 365 Apps there are 3 method to change activation ways (GPO, Register modify or download Microsoft Support and Recovery assistant)

more details can be found here:

https://docs.microsoft.com/en-us/deployoffice/overview-shared-computer-activation

In case you want to verify type of Microsoft 365 Apps activation are in plase you can review below article:

https://docs.microsoft.com/en-us/deployoffice/troubleshoot-shared-computer-activation#Enabled

Licensing token renewal The licensing token that is stored on the shared computer is valid only for 30 days. As the expiration date for the licensing token nears, Microsoft 365 Apps automatically attempts to renew the licensing token when the user is logged on to the computer and using Microsoft 365 Apps.

Activation limits Normally, users can install and activate Microsoft 365 Apps only on a limited number of devices, such as 5 PCs. Using Microsoft 365 Apps with shared computer activation enabled doesn't count against that limit.

Licensing token roaming Starting with Version 1704 of Microsoft 365 Apps, you can configure the licensing token to roam with the user's profile or be located on a shared folder on the network. Previously, the licensing token was always saved to a specific folder on the local computer and was associated with that specific computer. In those cases, if the user signed in to a different computer, the user would be prompted to activate Microsoft 365 Apps on that computer in order to get a new licensing token. The ability to roam the licensing token is especially helpful for non-persistent VDI scenarios.




Security - Exchange Zero Date Vulnerability #CVE-2021-26855

These vulnerabilities permits to access, without any authentication, to all Exchange mailboxes contents.

This is possible on all Exchange servers that are published, on internet, through OWA (attacker need onlty to know user account name)

Afterward attackers created several backdoors, through aspx webshell, creating AD credentials dump. (having horizontal attacks possibility)

There are two scenarios:

  1. Standalone: require single user (SID) (more difficult)
  2. Cluster (DAG) only end user email name is required.

Attack is possibile only if you know server FQDN (but this is easy to be knwon sending an http post call to Exchange Web Services)

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26855

Patches are here available: (for Exchange 2010 too)

https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-march-2-2021-kb5000871-9800a6bb-0a21-4ee7-b9da-fa85b3e1d23b

Other articles:

https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/

https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-server-2016-and-the-end-of-mainstream-support/ba-p/1574110

https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/

https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2021-exchange-server-security-updates/ba-p/2175901

https://blogs.microsoft.com/on-the-issues/2021/03/02/new-nation-state-cyberattacks/

https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/

https://docs.microsoft.com/en-us/exchange/troubleshoot/client-connectivity/exchange-security-update-issues

[original articles]

https://www.windowserver.it/2021/03/exchange-server-sotto-attacco-cosa-sta-succedendo/

https://www.wired.it/internet/web/2021/03/05/microsoft-exchange-hacker-cina/


[update 2021.03.19]

Automatic on-premises Exchange Server mitigation now in Microsoft Defender Antivirus

https://www.microsoft.com/security/blog/2021/03/18/automatic-on-premises-exchange-server-mitigation-now-in-microsoft-defender-antivirus/

[update 2021.03.24]

https://edge9.hwupgrade.it/news/security/attacco-ad-exchange-server-anche-tim-business-colpita-e-intanto-microsoft-teme-la-fuga-di-notizie-interna_96269.html

[update 2021.03.29]

How to Recover Exchange Server after Black KingDom Ransomware Attack?

https://www.stellarinfo.com/blog/recover-exchange-server-after-black-kingdom-ransomware-attack/


Ransomware - QNAP affected #eCh0raix #Qlocker

Today I would like to mention Ransomware eCh0raix. 

Qnap devices are affected and need firmware updates.

Old QTS and Photo Station versions are affected.

https://www.qnap.com/it-it/security-advisory/qsa-20-02

It should be available on line a decryptor tool too.

Other than firmware upgrade it is highly suggested to use strenght passwords, enablbe NAP (Network Access Procection against brute force attacks, disable SSH and Telnet)

Evaluate Qnap snapshot tool too:

https://www.qnap.com/solution/snapshots/en/

More information are available here:

https://www.tomshw.it/hardware/nas-qnap-sotto-attacco-fate-attenzione/


[update 2021.05.08]

Be aware about qlocker too

https://www.hwupgrade.it/news/sicurezza-software/attenzione-a-qlocker-il-ransomware-che-attacca-i-nas-qnap-e-usa-7-zip-per-bloccare-i-file_97217.html

Server - Active Directory Time syncronization problems

During these years I faced, on server and clients, several authentication problems due to wrong time and date.

Here they are some commands and tips useful for this troubleshottoing purpose:

1. Command useful on DC to see any time differences in place and relative (offset)

w32tm /monitor 

2. Run the following command on the PDC emulator:  

w32tm /config /manualpeerlist:timeserver /syncfromflags:manual /reliable:yes /update

Once done, restart W32Time service.

net stop w32time | net start w32time 

3. Run the following command on all other DCs (that are not PDC):  

w32tm /config /syncfromflags:domhier /update

Once done, restart W32Time service:

net stop w32time | net start w32time 

I have often, in recent years, to solve problems of e-mail or authentication domain generated from misconfigurations time servers. 

4. To check the source time server: 

w32tm /query /status

5. 
You can check registry entries if the domain controller is using NTP (should be on PDC) or NT5DS (on non-PDC):
Find the value of Type under 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters

reg query 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters

6. re-sync the w32time service using the following command:

w32tm /resync /rediscover

<---------->
7. Execute the following command to actually perform a time synchronization with the external source

w32tm.exe /config /update


Some articles and tools

port query Tool GUI


https://www.microsoft.com/en-us/download/details.aspx?id=24009


Technet - Windows Time Service Tools and Settings


https://technet.microsoft.com/en-us/library/cc773263(v=ws.10).aspx

Time Configuration in Active Directory

http://blogs.technet.com/b/nepapfe/archive/2013/03/01/it-s-simple-time-configuration-in-active-directory.aspx

Configure DC to synchronize time with external NTP server

https://community.spiceworks.com/how_to/65413-configure-dc-to-synchronize-time-with-external-ntp-server


[update 2021.03.04]

Here they are register keys related to date and time Windows services

Microsoft Registry
HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config
HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient
HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer


SQL - Dbatools SQL Server PowerShell module

Here it is an interesting Tutorial about SQL Server powershell module named Dbatools used primarly about disaster recovery. (it is free dbatools.io/download)

Estensive documentation:

dbatools.io/Test-DbaLastBackup

dbatools.io/Set-DbaSpn

Some videos:

dbatools.io/youtube

https://channel9.msdn.com/Shows/Data-Exposed/How-to-Automate-Disaster-Recovery-in-SQL-Server-On-Prem

<iframe src="https://channel9.msdn.com/Shows/Data-Exposed/How-to-Automate-Disaster-Recovery-in-SQL-Server-On-Prem/player" width="960" height="540" allowFullScreen frameBorder="0" title="How to Automate Disaster Recovery in SQL Server On-Prem - Microsoft Channel 9 Video"></iframe>

Have a look to below screenshots:









Security - VMSA-2021-0002 Vmware 6.5/6.7/7.0 Vulnerability Severity 9.8

VMware vCenter Server updates address remote code execution vulnerability in the vSphere Client (CVE-2021-21972)

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

Known Attack Vectors

A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. 

Resolution

To remediate CVE-2021-21972 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below to affected deployments.

Workarounds

Workarounds for CVE-2021-21972 have been listed in the 'Workarounds' column of the 'Response Matrix' below.

More details here

https://www.vmware.com/security/advisories/VMSA-2021-0002.html

https://edge9.hwupgrade.it/news/security/gli-hacker-vanno-alla-ricerca-dei-server-vmware-non-patchati-una-grave-falla-permette-agli-attaccanti-di-violarli-facilmente_95865.html


Cisco - AnyConnect Domain Password change

Using Cisco Any Connect with AD users you may face that you account password is expired and you are unable to connect. To override problem you need to configure Cisco ASA to authenticate, to DC, indeed with normal LDAP standards (over 389 TCP port) using LDAPS (636 TCP port).

Your AD server must be able to authenticate via LDAPS (normally is not configured)

Here it is an article that explain how to do that

https://www.petenetlive.com/KB/Article/0001273

About LDAPS you can give a look to below article to have a major idea:

https://techcommunity.microsoft.com/t5/sql-server/step-by-step-guide-to-setup-ldaps-on-windows-server/ba-p/385362

https://www.petenetlive.com/KB/Article/0000962


P.S. 1 for LDAP(s) testing purposes you can use ldp.exe DC utility Open utility:

C:\> ldp.exe

From Connection, select Connect.

Enter name of target domain controller.

Enter 636 as port number (this is the LDAPS port).

Click OK to confirm the connection works.

You're all done!


P.S. 2 consider that Citrix Netscaler requires LDAPs to permit users to change password when it is expired (otherwise user is blocked)

Tips - Errore di autenticazione La funzione richiesta non è supportata La causa potrebbe essere la Correzione crittografia Oracle per CredSSP.

 During these days I faced below error when trying to logon on remote clients/servers:


Connessione Desktop Remoto

Errore di autenticazione.

La funzione richiesta non è supportata.

Computer remoto:

La causa potrebbe essere la Correzione crittografia Oracle per CredSSP.

Per altre informazioni, vedi 

https://go.microsoft.com/fwlink/?linkid=866660

I followed below article instructions.

Basically I changed gpedit.msc single setting and then launched 

start --> CMD --> Gpudate /force.

After these actions problem was succesfully fixed.

http://www.marioserra.eu/2018/05/18/rdp-update-windows-10-errore-crittografia-oracle-per-credssp/

Cisco - WLC 3504 how to create new SSID and reset password

If you manage your wireless infrastructure using Cisco WLC 3504 here they are steps to create a new Wireless SSID and how you can reset password:

Outlook - How to defer all email sent after xy minutes

In real world it might happen to send wrong emails ( contents and destination contacts) and realize, after a while, that you already clicked on Outlook send button.

To avoid this kind of mistakes you can configure your outlook to send all emails only after waiting xy amount of time. (from 1 to 120 minutes)

Original article and more details can be found at below link:

https://www.ablebits.com/office-addins-blog/2019/09/25/schedule-email-delay-delivery-outlook/

Here they are basics step by step screenshots that well explain how to get that.























Apple - Automate tasks/actions with "Shortcuts" app

Today I would like to share and mention this Apple App that work fine with iPad and Iphone.

It permit to create automatic tasks,shortcuts with multipe steps scripts, scheduling, one click actions  and automating things you do regularly on your iPhone and iPad.


https://apps.apple.com/us/app/workflow/id915249334 




2016 - Print Server and XP incompatibility

There is a well known Windows XP and 2016 print server incompatibility.

If you try to add a printer you will receive below error.


Workaround is, on XP clients, adding a new local printer as below screenshots



You must refer to print server printers using a similar link a.e. \\printserveripaddress\printername

Choose correct printer driver:


Latter point you must assign printer name.


[other articles ]

Monitoring - SNMP

About SNMP I am taking note about this iteresting Paessler article that well explain some SNMP basics and tool useful to be used with PRTG monitoring tools.

Have a nice reading time:

https://blog.paessler.com/snmp-monitoring-via-oids-mibs

Explore some standard MIB files with a tool that allows you to, like the Paessler MIB Importer (free). Pro tip: If you are a PRTG Network Monitor user, the MIB folder under the installation path of your PRTG instance is a little treasure chest.

Check the capabilities of your own devices. Pro tip: To easily get an overview, you can run an SNMP walk over the main branch OID with a suitable tool, like the Paessler SNMP Tester (free).


Citrix - Netscaler backups approaches

In Citrix environments an important components is NetScaler.

It permit remote connection without using VPN clients.

There are several corrects VM backups ways.

Below article well explain how to:


Freeware - Adobe connect

Today I would like to indicate Abobe connect, software suite for web conferencing, presentation, desktop sharing and remote training.


Meeting rooms are organized into "pods" with a specific role (note, whiteboard and so on)

Here they are major capabilities:

  • VOIP
  • Mobile app
  • HTML 5 clients.
  • Meeting recording.

Here it is video presentation and official Adobe link

https://www.adobe.com/products/adobeconnect.html

https://video.tv.adobe.com/v/27698?autoplay=true 

And Wikipedia explanation:

https://en.wikipedia.org/wiki/Adobe_Connect