If you're new here, you may want to subscribe to my RSS feed. So that you can read the latest updates about Web2.0 tools, Making Money Online, Tips in SEO, Ajax and many more. Thanks for visiting ProgramimiCOM!

1) Start Internet Information Services Manager or open the Internet Information Services (IIS) snap-in.

2) Expand Server_name, where Server_name is the name of the server, right-click Default SMTP Virtual Server, and then click Properties.

3) Click the Access tab, and then under Access control, click Authentication.

4) Click to select either or both the Basic authentication and the Integrated Windows authentication check boxes, click to clear the Anonymous access check box (if it is selected), and then click OK.

By doing so, authentication is required before access is granted to the SMTP virtual server. In this case, if the user or computer does not successfully authenticate, the user or computer cannot send mail to the server.

NOTE: If you click to select the Anonymous access check box and do not click to select the Basic authentication and the Integrated Windows authentication check boxes, all users and computers are able to access the SMTP virtual server.

This disables authentication.

5) Under Relay restrictions, click Relay.

6) Note the options that are available in the Relay Restrictions dialog box. By default, the Only the list below option is selected and this list is empty. Additionally, the Allow all computers which successfully authenticate to relay, regardless of the list above option is selected. With this feature, users and computers that can authenticate with the server can relay through the server. All computers are blocked except those that meet the authentication requirements that you configured earlier in the Authentication dialog box of the Access tab.

Note that if you allow only anonymous access, the server does not authenticate users or computers.

7) Click Add, and then do one of the following to add a single computer, group of computers, or a domain:

Click Single computer.

Type the IP address of the computer that you want in the IP Address box, and then click OK.

Click Group of computers.

Type the subnet address and the Subnet mask of the group into the corresponding boxes, and then click OK.

Click Domain.

Type the domain name that you want in the Name box, and then click OK.

If you do not want to add a computer, group or computers, or a domain, click Cancel.

8) Click OK, and then click OK.

• 0 Comments

APF firewall can deny ALL connections for ssh and allow only a single or select few of IPs to connect to your server. We’ll guide you through DENY ALL with APF firewall.

PROBLEM:
You want to deny all IPs to connect to shell/ssh on you server but only allow a select one or few to connect with APF firewall.

APF SOLUTION:
1) Login to your server as the root user.

2) cd /etc/apf

3) Use vi or nano to edit the /etc/apf/allow_hosts.rules file
EG: vi /etc/apf/allow_hosts.rules

4) Scroll down until after their last comment with the ##

Add the following in:

tcp:in:d=22:s=YOURHOMEIPHERE
out:d=22:d=YOURHOMEIPHERE

The d=22 part is the port, so you can repeat for other services as well to limit connections if you like.

Save the changes.

5) Edit the /etc/apf/deny_hosts.rules file
EG: vi /etc/apf/deny_hosts.rules

Scroll down until the last default comment ## then below it add the following:

tcp:in:d=22:s=0/0
out:d=22:d=0/0

Save the changes.

6) Restart APF firewall
apf -r

Your server is now only allowing connections to the SSH service from one IP using APF. To add more than one IP repeat the steps in 4) adding a new tcp and out line for each IP.

Cheers

• 1 Comment

You can use a group policy to protect your server from known viruses that require an executable to run. For example, Sobig.F and Blaster are two fine examples.Go to Run > Type MMC to open the Microsoft Management Console.

Select File > Add/Remove Snap-in > Add > Group Policy Object Editior

Allow it to modify the Local Computer in the wizard. Close > OK

Navigate to Local Computer Policy > User Configuration > Administrative Templates > System Click on Systems on the left hand pane. You should get some choices in the right hand pane.

Select Don’t Run Specified Windows Applications.

Select Enable and then Show > Add

Add any applications you want to restrict. Blaster and Sobig.F are

WINPPR32.EXE
MSBLASTER.EXE

Click OK and close out of the MMC. You are now protected.

This is no substitute for AV Protection and a Firewall. This is just another layer of protection.

• 0 Comments