Monday, June 25, 2007

How to enable the 75 gigabyte limit on Exchange 2003

So you've implemented Exchange 2003 and installed it with service pack 2. Your database grows up to 20 GB from all that migration suddenly the Information Store stops with an error. Well, don't panic.

In Microsoft Exchange 5.5 until 2003 standard editions , the database logical store cannot reach more than 16GB otherwise the information store will stop gracefully. There's an allowance given by Microsoft to increase this limit 1GB more until you've cleaned up the database size and make it smaller than 16 GB. Now with SP2 on Exchange 2003, the limit is increased by default to 18GB. But they said SP2 can grow up to 75GB..?

Yes, this is possible but you need to set it through a registry key and specify the size of your database.

Here's how and where ...http://support.microsoft.com/kb/912375/en-us

Happy bloating your mailboxes!

Wednesday, June 13, 2007

Safari for Windows Beta 3 - Vulnerabilities found in found in mere minutes



Apple corporation released Safari 3.0 beta 3 and works on Windows as well. I downloaded and tested B3 after Frank sent an email of this release. Just cruising the web i found already 10s of vulnerabilities in this browser by far. This was further confirmed by an email i received just hours after downloading Safari 3.0 Public Beta. One researcher apparently could perform a BO using a standard fuzzer in mere minutes from Apple's release!


Hmm, this makes we wonder if these products from not-so-adopted platforms and companies are put to the masses (making it available on Window for example) get to taste reality and i question the fundementals of vulnerabilities disclosure numbers.


So the question is: Is having lesser vulnerability disclosures eludes us to believe it is more secure or it is not exposed enough to know for sure?


Explanation: Just say with a Mac, there's only 10 people using it out of 1000 and 990 are using Windows. It can be safely assumed that a majoriy vulnerabilities may be exposed on Windows as opposed to a Mac. Now take a Mac application that runs on Windows, now the exposure number is no longer 10, but 1000 (10 + 990)...




Safari for Windows: http://www.apple.com/safari/


Wonder when Google's gonna' punch something out...?

Thursday, June 7, 2007

Stirling- The fore front to Microsoft FOREFRONT

Its about time someone envisions something like this. Imagine, a centralized desktops and servers management platform, with anti-malware, email message protection, workstation access validation, centralized log correlation, personal firewall and what have you. It all spells ONE CONSOLE, ONE INTERFACE which equates SIMPLICITY. The key to any success, in my belief, at least.

Stirling
Microsoft released a press statement of it's upcoming security powerhouse, codename Stirling. In a Microsoft camp(people who use a lot of MS technologies) this would be a dream product to integrate almost all the security a company would need (including firewalls) under on hood. It would be easy for CIO and whomever to produce a single piece of report snap-shotting your company's state of security and threat.

I am hoping to get involved in the TAP and work with Microsoft Malaysia on this. Till i get more information and product demos, stay tuned. This piece of product could potentially turn heads :)..kinky...

FAQs-http://www.microsoft.com/forefront/prodinfo/roadmap/faq.mspx

Security Showdown


Graph source, http://blogs.zdnet.com/security/?p=135

A recent study by ZDnet reveals Vista has way lesser vulnerabilities and high fixes rate as compared to other OSes like RHEL, MacOS. Vista, is what i would imagine, a begining to what will be of the security enabled operating systems, come fully hardened. There's only getting better from here on..SP1 of Vista will prevail :)
To read more, check out http://blogs.zdnet.com/security/?p=135


Tuesday, June 5, 2007

Things to consider before going for Citrix or Terminal Services

I had a chance to "play" around with a few virtualization and thin client architectures lately and i must say, before you proceed in spending your big bucks in them, consider the following ..

Top 5+1 things to consider before going for Citrix or Terminal Services

1. Not all applications can work with virtualization. If they work in Terminal Service for instance, they don't necessarily work on other platforms or virtualization thin clients. Test each and every business critical functions with end users (people who will eventually use the app)

2. Will this application be able to run on server platforms. It makes no sense to run them on workstations as workstations software have very limited hardware scalability. Furthermore, Citrix and TS only works on Windows Servers. Ensure you get proper papers to say it does work and fully supported on server platforms.

3. What type of specialized hardware or other related software your application require? Will that hardware/software work with virtualization? Simple example would be, your graphics card, when running graphics intensive applications, will they or not take advantage of this hardware when virtualizing? What if that hardware is required to run the app?

4. Is your application client server based? I don't think it makes any sense if there's no client server architecture involved when using virtualization technologies. Outlook and Exchange example here, you publish Outlook and hence run multiple instances of Outlook on a single server would make absolute sense. In a weird twist, if you publish Exchange and it creates an entire new DB for every new virtual instance, whoa, you need serious hardware power man.

5. Does your application maintenance support complies this sort of deployment? Otherwise, you may end up having the support people say, "sorry, we do not support this sort of configuration"..you're in a little bit of trouble

and just for the heck of it the #6 ...

6. Will it benefit in the sense of the amount of hardware+software+service+maintenance you will achieve vs. decentralizing. Also remember, crucially, availability, if decentralized, one PC goes down, one PC is affected, if in virtualization, one server goes down, 10s of clients are affected. How would you address availability, clustering? NLB? Layer7 switching? Built-in application HA?

Hashbreaker

5b69d4f5b5e7929b5c593e1d63cfc078 - Thats "password" in MD5digest. How to crack more hashes? Try www.hashbreaker.com. Register very quickly and use their free version. If you like it, use their paid service. They use Rainbowtables at the backend, which is an open source hash cracking tool available with gigs of hashvalues in a table. To avoid all that, just use this service. How effective? Well, make a hash value and test it out for yourself. :)

Oh, hashing is no longer secure, by the way, try encrpyting the transport then hashing the secret values, that should be the best.

Windows IPSEC

I was doing lots of testing using IPSEC over the weekend (yea, don't have a life). I must say, in Windows client and server environment, it's really simple to implement it. Unlike popular application, IPSEC can be centrally deployed and managed in Windows through Group Policies.

IPSEC will ensure that wiretapping is literally impossible, data remains intact and assured of it's source and destination. It's like having VPN connections with every device in your network that supports IPSEC.

Note there's overheads. Like any encryption technologies, it will require processing power and lots more overhead in transport. But seriously, thesedays with Gigagbit networks and very powerful computing ends (server/client), it's really not much of an issue. Unless you have a 10bt network and really old computers, you should consider implementing IPSEC across your entire organization.

Since IPSEC works below the TCPIP layer, it can support most of your applications natively, unless they are broadcast or multicast enabled (see more unsupported configuration in this KB http://support.microsoft.com/kb/253169/)

Also, please do test in a non-production environment, setup monitoring tools and enabled logging extensively during your testing to ensure IPSec is correctly working and is compatible to your applications.

Happy IPSECing...