diagnose firewall ip_host list
If the IP address 123.123.123.123 was on the block list, here's how you'd remove it:
diagnose firewall ip_host delete src4 123.123.123.123
Thursday, March 23, 2017
How to remove entries from a Fortigate IPS block list
If you find that you've got an IP address on the block list that is incorrect, you can remove the entry via CLI. From the CLI, you can run this command to get the list of blocked IP addresses:
diagnose firewall ip_host list
diagnose firewall ip_host list
Wednesday, March 22, 2017
Set up IPS on Fortigte firewall to block brute force RDP attacks
Like most people, my terminal servers are constantly being probed via brute force attacks trying to find a weak spot. The better answer is to put the terminal server behind a VPN. Short of that, I like setting up Duo Security for two factor authentication. Another alternative (and perhaps in addition to Duo) is to detect and protect against brute force attacks on your firewall.
Here's how I configure that on my Fortigate firewall.
First, enable the Intrusion Prevention module (if not already done) in Config -> Features
First, I enable the IPS rule for RDP brite force attacks. I set a threshold of 15 over 900 seconds (15 minutes) with a block duration of 259200 seconds (3 days).
Then you go to your RDP policy and set the default policy for your RDP policy.
That's all you need to do. If you want to see what IP addresses have been blocked, go to Log & Report -> Security Log -> Intrusion Protection
Here's how I configure that on my Fortigate firewall.
First, enable the Intrusion Prevention module (if not already done) in Config -> Features
First, I enable the IPS rule for RDP brite force attacks. I set a threshold of 15 over 900 seconds (15 minutes) with a block duration of 259200 seconds (3 days).
Then you go to your RDP policy and set the default policy for your RDP policy.
That's all you need to do. If you want to see what IP addresses have been blocked, go to Log & Report -> Security Log -> Intrusion Protection
Monday, March 20, 2017
Enabling two factor authentication in Outlook 2013 with Office365
This post will go over what you need to do to enable two factor authentication in Office 2013 with a backend Office365 mail server (so you don't need to use app passwords). This process sets up the 'modern authentication' login window for Office 2013 programs.
Step one - from a Powershell command prompt run this command (info from here):
Set-OrganizationConfig -OAuth2ClientProfileEnabled $true
Step three - enable 2FA from the Office Portal:
Step one - from a Powershell command prompt run this command (info from here):
Set-OrganizationConfig -OAuth2ClientProfileEnabled $true
Step two - Add group policy to push modern authentication registry entries to Office 2013 computers
After step two is complete, I'd recommend waiting a couple days for all the users to get these settings added to their registry via group policy..
Thursday, March 9, 2017
Windows 7 not installing updates
As of March 2017, I rarely ever touch a Windows 7 machine anymore, but I did today, and the machine was checking for updates over and over again. I googled and found a solution in my case (below). The machine I was working on had installed updates in October 2016. In general, I'd say my process for updating Windows 7 machines is this:
Install the convenience update if the most recent updates were older than April 2016
If the convenience update is installed, then I'd recommend these commands from an elevated command prompt:
net stop wuauserv
net stop cryptSvc
net stop bits
net stop msiserver
ren C:\Windows\SoftwareDistribution SoftwareDistribution.old
ren C:\Windows\System32\catroot2 catroot2.old
net start wuauserv
net start cryptSvc
net start bits
net start msiserver
Install the convenience update if the most recent updates were older than April 2016
If the convenience update is installed, then I'd recommend these commands from an elevated command prompt:
net stop wuauserv
net stop cryptSvc
net stop bits
net stop msiserver
ren C:\Windows\SoftwareDistribution SoftwareDistribution.old
ren C:\Windows\System32\catroot2 catroot2.old
net start wuauserv
net start cryptSvc
net start bits
net start msiserver
Sunday, March 5, 2017
Start menu organization in Windows 10
I used to leave the Windows 10 menu alone with all the default bloatware garbage on it, but I've started arranging the menu and putting the critical programs, weather, and news (changed from small to large window size) on the start menu, I prefer a nicely organizard tile section in my start menu, so why not make it that way for the users? This is what my typical start menu looks like:
Subscribe to:
Posts (Atom)