Thursday, March 23, 2017

How to remove entries from a Fortigate IPS block list

If you find that you've got an IP address on the block list that is incorrect, you can remove the entry via CLI.  From the CLI, you can run this command to get the list of blocked IP addresses:

diagnose firewall ip_host list

If the IP address 123.123.123.123 was on the block list, here's how you'd remove it:

diagnose firewall ip_host delete src4 123.123.123.123


Wednesday, March 22, 2017

Set up IPS on Fortigte firewall to block brute force RDP attacks

Like most people, my terminal servers are constantly being probed via brute force attacks trying to find a weak spot.  The better answer is to put the terminal server behind a VPN.  Short of that, I like setting up Duo Security for two factor authentication.  Another alternative (and perhaps in addition to Duo) is to detect and protect against brute force attacks on your firewall.

Here's how I configure that on my Fortigate firewall.

First, enable the Intrusion Prevention module (if not already done) in Config -> Features




First, I enable the IPS rule for RDP brite force attacks. I set a threshold of 15 over 900 seconds (15 minutes) with a block duration of 259200 seconds (3 days).




















Then you go to your RDP policy and set the default policy for your RDP policy.




















That's all you need to do.  If you want to see what IP addresses have been blocked, go to Log & Report -> Security Log -> Intrusion Protection





















Monday, March 20, 2017

Enabling two factor authentication in Outlook 2013 with Office365

This post will go over what you need to do to enable two factor authentication in Office 2013 with a backend Office365 mail server (so you don't need to use app passwords).  This process sets up the 'modern authentication' login window for Office 2013 programs.

Step one - from a Powershell command prompt run this command (info from here):
Set-OrganizationConfig -OAuth2ClientProfileEnabled $true

Step two - Add group policy to push modern authentication registry entries to Office 2013 computers

After step two is complete, I'd recommend waiting a couple days for all the users to get these settings added to their registry via group policy..  


Step three - enable 2FA from the Office Portal:

















Thursday, March 9, 2017

Windows 7 not installing updates

As of March 2017, I rarely ever touch a Windows 7 machine anymore, but I did today, and the machine was checking for updates over and over again.  I googled and found a solution in my case (below).  The machine I was working on had installed updates in October 2016.  In general, I'd say my process for updating Windows 7 machines is this:

Install the convenience update if the most recent updates were older than April 2016

If the convenience update is installed, then I'd recommend these commands from an elevated command prompt:

net stop wuauserv
net stop cryptSvc
net stop bits
net stop msiserver
ren C:\Windows\SoftwareDistribution SoftwareDistribution.old
ren C:\Windows\System32\catroot2 catroot2.old
net start wuauserv
net start cryptSvc
net start bits
net start msiserver

Sunday, March 5, 2017

Start menu organization in Windows 10

I used to leave the Windows 10 menu alone with all the default bloatware garbage on it, but I've started arranging the menu and putting the critical programs, weather, and news (changed from small to large window size) on the start menu,  I prefer a nicely organizard tile section in my start menu, so why not make it that way for the users?  This is what my typical start menu looks like: