IIS 7.5 Hardening – A rating on SSL Labs

A Basic Reg file is all you need.
This was tested on a Server 2008R2 with all the latest patches

This Disables all old protocols (Only TLS1.0, 1.1, and 1.2 are enabled)
Be Careful, as this will Disable SSL3.0 which is used by the previous Standard SMTP:587 and you will need to migrate everyone to use TLS SMTP, which can be set to any port as you wish, but exchange likes port 25 for TLS.

Its probably best to do this one step at a time, and reboot after each step to see what you may have broke. (backup software, all webpages, sql server, smtp, webmail, etc, etc

First you need to Configure all your Protocols
Continue reading “IIS 7.5 Hardening – A rating on SSL Labs”

Cisco OSPF routing

Create an ospf record ID, then add your Networks that you are connected to and want used for Routing detection (inside network, Tunnel Network, etc) Using Wildcard mask


router ospf 1
 network 172.16.1.0 0.0.0.255 area 0
 network 172.16.12.0 0.0.0.3 area 0

Cisco 1921 Dual ISP config

Source

Basic configuration for setting up the Dual ISP on cisco Routers


hostname Router 
!

ip cef

!####Establish sla monitors for use in tracking objects####!

ip sla monitor 1
  type echo protocol ipIcmpEcho 12.34.45.1
  threshold 3 
  frequency 5

ip sla monitor schedule 1 life forever start-time now

ip sla monitor 2 
  type echo protocol ipIcmpEcho 23.34.56.1 
  threshold 3 
  frequency 5

ip sla monitor schedule 2 life forever start-time now

!

!####Configure Tracking objects (referencing IP SLA monitor’s above)####!

track 101 rtr 1 reachability
! 
track 102 rtr 2 reachability 
! 
! 
! 
! 
!####Configure Interfaces with NAT####!

interface FastEthernet0 
  ip address 192.168.1.254 255.255.255.0
  ip nat inside 
! 
interface s0/0 
  ip address 12.34.45.2 255.255.255.0 
  ip nat outside 
! 
interface s0/1 
  ip address 23.45.67.2 255.255.255.0 
  ip nat outside 
! 
ip classless

!####Configure gateway of last resort with tracking objects####! 
ip route 0.0.0.0 0.0.0.0 12.34.45.1 track 101 
ip route 0.0.0.0 0.0.0.0 23.45.67.1 track 102

!####Configure NAT statements for most outbound traffic####! 
ip nat inside source route-map ISP1 interface s0/0 overload 
ip nat inside source route-map ISP2 interface s0/1 overload

!####Configure NAT statements for your mail server####! 
!(remember to setup dns for mail on both public IP addresses)!

ip nat inside source static tcp 192.168.1.10 25 12.34.45.2 25 route-map ISP1 extendable 
ip nat inside source static tcp 192.168.1.10 25 23.45.67.2 25 route-map ISP2 extendable 
! 
! 
access-list 10 permit 192.168.1.0 0.0.0.255 
! 
!####Configure route maps for reference in NAT statements####!

route-map ISP2 permit 10 
  match ip address 10 
  match interface s0/1

! 
route-map ISP1 permit 10 
  match ip address 10 
  match interface s0/0 
!