FortiGate Securing Remote Administration
KB ID 0001734 Problem When considering Securing FortiGate remote administration, I’ve written about changing the https management port to something other than TCP 443 before, I suppose that’s security by obfuscation (though even a script kiddy with one hours experience, will be able to spot an html responses). Typically with other vendors you limit remote administration access, to specific IP addresses (or ranges). So...
The Web Site for the CA Must be Configured to use HTTPS
KB ID 0000838 Problem When attempting to contact a server running the Certification Authority Web Enrolment role, you may see the following error. In order to complete certificate enrolment, the Web site for the CA must be configured to use HTTPS authentication Solution The correct fix is to set the web server (IIS) to serve the certificate website securely using https, though you can just set Internet explorer to ‘work’...
Cisco AnyConnect – With Google Authenticator 2 Factor Authentication
KB ID 0001256 Problem This was asked as a question on Experts Exchange this week, and it got my interest. A quick search turned up a bunch of posts that said, yes this is possible, and you deploy it with FreeRADIUS and it works great. The problem was, a lot of the information is a little out of date, and some of it is ‘wrong enough’ to make the non-technical types give up. But I persevered, and got it to work. Disclaimer:...
IIS: How to Create a Certificate Request
KB ID 0000840 Problem If you would like to obtain a digital certificate either from your own CA, or from a public certificate vendor, you need to submit a certificate signing request (csr) first. Solution Note: I’m making the assumption you have already installed the Web Server (IIS) role on your server. 1. Windows Key+R > iis.msc {Enter} > Select the servername > Server Certificates. 2. Create Certificate Request >...
Windows Server 2012 – Install and Configure an FTP Server
KB ID 0000847 Problem FTP might be an ages old solution for moving files around, but a lot of people swear by it. With Windows Server it’s still supported, even if it is hidden as a ‘role service’. Solution Create a Security Group For Domain FTP Access Note: For a Standalone/Workgroup server see below for setting up users and groups. 1. Launch Server Manager > Tools > Active Directory Administrative Center. 2....