Clicky

20150728

Lekker breed he?

Blogspot toont standaard de gegevens in een nogal smal venster. Even Googlen en in het Blogspot Template programmeren en het blog is "fluid". Breder en schaalt (beperkt) met de breedte van het venster.

Briljante tip hier.

20150727

Country blacklisting in hMailserver

hMailserver is a free Windows based email server. One of the nice features is that certain email events are available through a COM interface. In this article we use hMailserver events to check if a connection comes from a country that is blacklisted.

This is how it works:
1. Look up country from IP address
2. Check if that country is in your Blacklist
3. If yes, stop processing of that email and log the blacklist event

The people from Geobytes provide a free service to determine the ISO3166 country code based on an IP address. This is the link that returns Geobytes information:

http://getcitydetails.geobytes.com/GetCityDetails?fqcn=1.2.3.4

One return variable, "geobytescode", provides the ISO3166 2 character country code, e.g. with this IP address (1.2.3.4):"TW" (Taiwan). We filter this variable with a Regular Expression.

Now we can check if this code is in our Blacklist and if it is, stop all further processing of that email.

This is the code (add this to hMailserver's EventHandlers.vbs)

   Sub OnClientConnect(oClient)
        

        '--- ISO3166 2 character list of blocked countries...
        Const BlackList="AR VN CN"
       
        Dim IP, Port, locationRaw, locationArray, s, regExp, CountryCode
        Const chr34="\"""
        Const Accept=0
        Const Deny=1

        '--- Get IP:port...       
        IP = oClient.IPAddress
        Port = oClient.Port

        '--- Exclude local IP addressess...       
        if not (InStr(IP,"127.")=1 or InStr(IP,"192.168.")=1) then

        '--- Prepare regular expression...
            Set regEx = New RegExp
            '--- Search for first `"geobytesinternet":"AA"` occurence...
            regEx.Pattern=chr34 & "geobytesinternet" & chr34 & "\:" & chr34 & "[A-Z]{2}" & chr34
            '--- Match case...
            regEx.IgnoreCase = False  
            '--- First match only...
            regEx.Global = False  
       
        '--- Get GeoIP information...       
            Set locationRaw = CreateObject("MSXML2.XMLHTTP")
            locationRaw.open "GET", "http://getcitydetails.geobytes.com/GetCityDetails?fqcn=" & trim(oClient.IPaddress), False
            locationRaw.send        
           
        '--- Search for CountryCode...
            Set Matches = regEx.Execute(locationRaw.responseText)
            '--- If found then set CountryCode...
            if Matches.Count=1 then CountryCode=mid(Matches(0).value,21,2) else CountryCode="??"
       
        '--- Check for blacklisted country and abort session if so...
            If InStr(Blacklist,CountryCode)<>0 then
                EventLog.Write("Blacklisted: " & IP & ", " & CountryCode)
                Result.Value=Deny
            End if                 
        End If       
   End Sub


Check the new EventHandlers.vbs in the hMailserver console (hMailserver>Settings>Advanced>Scripts>[Check Syntax]) and reload the hMailserver script (hMailserver>Settings>Advanced>Scripts>[Reload scripts]).

20150719

A 30+ year old security problem solved

In many companies system administrators log on with a simple username and password. This is a big security risk. When the sysadmin's password leaks, all security is flawed. You could implement multifactor authentication but there are security concerns too because the sysadmin could logon from an untrusted computer. The best solution would be that the sysadmin can only do his admin tasks from a trusted computer.

Windows supports "Smartcard logon" which requires that the user inserts a smartcard in the smartcard reader of the computer. However, this method is not suitable for this purpose since the sysadmin can insert his smartcard into any computer with a smartcard reader and authenticate.

When a Virtual Smartcard is used, the sysadmin credentials are stored in the Trusted Platform Module. A TPM is a security chip that is soldered on the motherboard of the computer. Now the sysadmin can only logon to his own computer through Windows Smartcard Logon using a Virtual Smartcard.

Now comes the beauty: when the A.D. domain policy is set to logon only with a (virtual) smartcard, the sysadmin can logon only from a managed and trusted corporate computer!

This is how this works. The sysadmin must provide a PIN (or a password) to logon to his computer. The PIN is verified by the Windows Smartcard Logon against the TPM. When OK, Windows logs the sysadmin on to a domain controller.


The sysadmin will see this logon screen:


The Smartcard logon (right) is the only method that allows sysadmin tasks. The sysadmin's normal user tasks (e.g. email) can be done through a 'normal' user account (left).

Windows 8.1 and 10 have support for Virtual Smartcard but these methods are unmanaged. E.g.there is not central PIN recovery system.

Wave has a Virtual Smartcard solution that provides Virtual Smartcard support for Windows 7 (!), 8, 8.1 (and 10). This solution also provides central (and automated) Virtual Smartcard management and "Zero Knowledge" PIN recovery methods. In this case the helpdesk does not know or require any old or new PIN or password. A Challenge-Response method is used.




Real Time Web Analytics