Friday, 8 November 2013

IIS 7 Security most forgotten steps

Back again and this time to talk about URL filtering. Assuming you where good administrator and installed URL filtering option along with your IIS 7 or later build you came make use of a lovely option to filter out commands to pages

appcmd.exe set config "Default Web Site" -section:system.webServer/ecurity/requestFiltering /+"filteringRules.[name='BlockSqlCommands',scanQueryString='True']"

appcmd.exe set config "Default Web Site" -section:system.webServer/security/requestFiltering /+"filteringRules.[name='BlockSqlCommands',scanQueryString='True'].appliesTo.[fileExtension='.asp']"

appcmd.exe set config "Default Web Site" -section:system.webServer/security/requestFiltering /+"filteringRules.[name='BlockSqlCommands',scanQueryString='True'].appliesTo.[fileExtension='.aspx']"

appcmd.exe set config "Default Web Site" -section:system.webServer/security/requestFiltering /+"filteringRules.[name='BlockSqlCommands',scanQueryString='True'].denyStrings.[string='--']"

appcmd.exe set config "Default Web Site" -section:system.webServer/security/requestFiltering /+"filteringRules.[name='BlockSqlCommands',scanQueryString='True'].denyStrings.[string=';']"

appcmd.exe set config "Default Web Site" -section:system.webServer/security/requestFiltering /+"filteringRules.[name='BlockSqlCommands',scanQueryString='True'].denyStrings.[string='/*']"

appcmd.exe set config "Default Web Site" -section:system.webServer/security/requestFiltering /+"filteringRules.[name='BlockSqlCommands',scanQueryString='True'].denyStrings.[string='@']"

appcmd.exe set config "Default Web Site" -section:system.webServer/security/requestFiltering /+"filteringRules.[name='BlockSqlCommands',scanQueryString='True'].denyStrings.[string='char']"

appcmd.exe set config "Default Web Site" -section:system.webServer/security/requestFiltering /+"filteringRules.[name='BlockSqlCommands',scanQueryString='True'].denyStrings.[string='begin']"

appcmd.exe set config "Default Web Site" -section:system.webServer/security/requestFiltering /+"filteringRules.[name='BlockSqlCommands',scanQueryString='True'].denyStrings.[string='cast']"

appcmd.exe set config "Default Web Site" -section:system.webServer/security/requestFiltering /+"filteringRules.[name='BlockSqlCommands',scanQueryString='True'].denyStrings.[string='create']"

appcmd.exe set config "Default Web Site" -section:system.webServer/security/requestFiltering /+"filteringRules.[name='BlockSqlCommands',scanQueryString='True'].denyStrings.[string='cursor']"

appcmd.exe set config "Default Web Site" -section:system.webServer/security/requestFiltering /+"filteringRules.[name='BlockSqlCommands',scanQueryString='True'].denyStrings.[string='declare']"

appcmd.exe set config "Default Web Site" -section:system.webServer/security/requestFiltering /+"filteringRules.[name='BlockSqlCommands',scanQueryString='True'].denyStrings.[string='delete']"

appcmd.exe set config "Default Web Site" -section:system.webServer/security/requestFiltering /+"filteringRules.[name='BlockSqlCommands',scanQueryString='True'].denyStrings.[string='drop']"

appcmd.exe set config "Default Web Site" -section:system.webServer/security/requestFiltering /+"filteringRules.[name='BlockSqlCommands',scanQueryString='True'].denyStrings.[string='end']"

appcmd.exe set config "Default Web Site" -section:system.webServer/security/requestFiltering /+"filteringRules.[name='BlockSqlCommands',scanQueryString='True'].denyStrings.[string='exec']"

appcmd.exe set config "Default Web Site" -section:system.webServer/security/requestFiltering /+"filteringRules.[name='BlockSqlCommands',scanQueryString='True'].denyStrings.[string='fetch']"

appcmd.exe set config "Default Web Site" -section:system.webServer/security/requestFiltering /+"filteringRules.[name='BlockSqlCommands',scanQueryString='True'].denyStrings.[string='insert']"

appcmd.exe set config "Default Web Site" -section:system.webServer/security/requestFiltering /+"filteringRules.[name='BlockSqlCommands',scanQueryString='True'].denyStrings.[string='kill']"

appcmd.exe set config "Default Web Site" -section:system.webServer/security/requestFiltering /+"filteringRules.[name='BlockSqlCommands',scanQueryString='True'].denyStrings.[string='open']"

appcmd.exe set config "Default Web Site" -section:system.webServer/security/requestFiltering /+"filteringRules.[name='BlockSqlCommands',scanQueryString='True'].denyStrings.[string='select']"

appcmd.exe set config "Default Web Site" -section:system.webServer/security/requestFiltering /+"filteringRules.[name='BlockSqlCommands',scanQueryString='True'].denyStrings.[string='sys']"

appcmd.exe set config "Default Web Site" -section:system.webServer/security/requestFiltering /+"filteringRules.[name='BlockSqlCommands',scanQueryString='True'].denyStrings.[string='table']"

appcmd.exe set config "Default Web Site" -section:system.webServer/security/requestFiltering /+"filteringRules.[name='BlockSqlCommands',scanQueryString='True'].denyStrings.[string='update']"

Why Cloud is still two years away for most companies

There is allot of hype about Cloud these days and I have very mixed opinions about it as some people seem to see it as the basket to throw all their eggs and others want to use it but don't understand what it means for them.

So I'm going to break down the business part of this, first of all people think cloud will save them money (wrong it won't) cloud is about scaling up and down as needed. If you use a server 90% of the time it will cost you more than if you had it in the conventional data center before, same goes for storage, you should not put Terabytes of data into the public cloud unless you like throwing money away.

So what is cloud good for I hear you say well, if you a web based application that needs to be publicly available its good but remember the data should be pushed or replicated back to somewhere you have cheaper storage as leaving that data in the cloud will cost more.

Now the reason most companies can't move today is simple, applications. well what good is a computer without applications to run on it? and cloud is the same since the last 40 years people have been developing with client server programming most are used to the concept that you have a server. well in cloud you could have one or you could have ten or more, that isn't the problem but the way code has been developed is as it works mostly with fixed names that in cloud could change to dynamic for example alias needs to be used as moving from one set of hardware to another should be seamless not hours of downtime or even downtime.

Also depending on if you make use or multiple servers as many programmers make the mistake of having the back office, application and UI layer all on one server making it hard to near impossible to scale up.

Until the short comings in these areas are address and for many companies this will take years because of the number of programs they have moving to cloud will be slow.

SQL instance discovery

Along time ago I wrote about making your own disk capacity tool, now i'll show you how to collect SQL instance. now most of you know that SQL browser can help with this however because of firewalls or just instance running on strange ports.
So can get the instance names and the version from the registry, sadly Microsoft never use the same place twice so here is my solution to get the result to text file.
for /f %i in (c:\list1.txt) do REG QUERY "\\%i\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server" /v InstalledInstances |findstr /i "InstalledInstances" >>Instances.txt

for /f %i in (c:\list1.txt) do REG QUERY "\\%i\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\90\Tools\Setup" /v Edition |findstr /i "Edition" >>2005.txt


for /f %i in (c:\list1.txt) do REG QUERY "\\%i\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\100\Tools\Setup" /v Edition |findstr /i "Edition" >>2008.txt


for /f %i in (c:\list1.txt) do REG QUERY "\\%i\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\110\Tools\Setup" /v Edition |findstr /i "Edition" >>2012.txt


for /f %i in (c:\list1.txt) do REG QUERY "\\%i\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\SQLEXPRESS\MSSQLServer\CurrentVersion" /v CurrentVersion |findstr /i "CurrentVersion" >>SQLExpress.txt

Hope you all find this useful for whatever reason you need to find the SQL edition or instance name without accessing the SQL for example when your systems are secure to prevent record changes but you need to know what patches to apply.