Security on Zachary Loeber's Blog

DevOps – Automating Kubernetes Deployments

Fri, 28 Sep 2018 16:49:46 +0000

If you are deploying your own Kubernetes clusters you already know that:

Kubernetes is hard

But there is hope!

There are a few great projects to keep an eye on in this space. I’ve covered some of them in an article you can read on the Lumen.

Cheers!

Email Reputation and Design: A Condensed Guide

Sat, 24 Feb 2018 15:59:26 +0000

Very few domains implement the holy grail of email identity reputation frameworks, DMARC. This guide will cover all the steps required to get it implemented for your domain along with some best practices for overall email reputation design.

PowerShell: My Profile

Thu, 05 May 2016 02:31:54 +0000

I’m always interested to see how other people setup their working environment or get things done. But rarely do I share my own environment. Since I’m putting the effort into pushing my scripting environment publicly to github I may as well explain a bit more about some of what I’ve setup.

Powershell: Check For Misplaced Certificates

Thu, 11 Dec 2014 03:02:28 +0000

Here is a script I absentmindedly put together one evening while power watching a TV series on Netflix with the wife. The general idea of this script is to check local machine, trusted root, and intermediate trusted root stores for misplaced or duplicate certificates.

Powershell: Check For Misplaced Certificates

Thu, 11 Dec 2014 03:02:28 +0000

Update: Get-CalendarPermission

Wed, 24 Sep 2014 17:43:07 +0000

Going through older code is a bit like looking through an old yearbook or photo album. If the pictures within are old enough you usually end up laughing at how little you recognize yourself and maybe even marvel a bit at how far you have come. This old function I wrote isn’t the worst of my code but I was still able to update it for measurable improvements.

Exchange: Receive Connector Tango! – Part 1

Mon, 07 Jul 2014 03:25:13 +0000

Exchange receive connectors are often configured incorrectly or worse, insecurely. This is the first of a two part series about Exchange receive connectors and what to look out for when setting them up.

Gather Local Group Membership With Powershell

Wed, 11 Sep 2013 14:11:52 +0000

Gather system local groups and their members for one or more systems using wmi, alternate credentials, and multiple runspaces. Function supports custom timeout parameters in case of wmi problems, a switch for inclusion of empty groups in the results, and returns group names with their members. You can view verbose information on each runspace thread in realtime with the -Verbose option.

Version History

1.0.0 – 09/11/2013

Initial release

Notes

None, this is an independent release of a function I’ve recently included in a larger project.

Exchange 2010 Mailbox Audit Report Script

Fri, 10 May 2013 02:33:54 +0000

Exchange 2010 Mailbox Audit Report Script

Recently I’ve released a number of scripts such as the HTML Table Colorizer, Exchange Mailbox Calendar Permission Function, and the Exchange Mailbox GUI. These were all actually created specifically as support scripts for a report generation powershell tool I’ve been working on, the Exchange Mailbox Auditing Tool.

Exchange: Get Calendar Permissions (multilingual edition)

Sun, 28 Apr 2013 17:35:54 +0000

Some time ago I released a rather simplistic GUI for viewing Exchange 2010 mailbox calendar permissions. Because of a semi-related script I’m working on currently I rounded back and recreated that GUI script to be a powershell function instead. This is the result.

Exchange – The State Of External Client Access

Thu, 22 Nov 2012 19:58:04 +0000

Introduction

Most within the messaging and collaboration industry are hyped up about the next wave of Microsoft collaboration and messaging products which are soon to be released. Among these products is Exchange 2013 RTM. This type of release typically precedes yet another wave of architecture upgrades across the corporate landscape. Some of these (beta testers) will be will undoubtedly upgrade to Exchange 2013.

Other corporations will start to feel the burn to upgrade as well. These will be organizations which realize that their Exchange 2003/2007 infrastructure is nearing a decade old existence and cannot meet the demands of their ever growing mobile workforce. Realizing they are behind the curve, they may feel hastened to upgrade as well, possibly just to Exchange 2010. Regardless the reason in choosing to upgrade their messaging infrastructure, there are critical design decisions which need to be made in how clients access this infrastructure both internally and externally. This article focuses solely on the external access aspect of the infrastructure.

Linux: Headless Ubuntu Torrent Home Server

Sun, 11 Sep 2011 21:45:15 +0000

So it got to that time of the year where I feel the itch to upgrade my aging home server. I assessed the situation and realized that, for what it does, my current server does not need any kind of hardware upgrade. So I just decided to rebuild it with Ubuntu 11.04 64 bit and change up the server software a bit to be more accessible to my wife as well as to be a bit more modern (torrentflux and derivatives have been dead for a while now).

Exchange 2010: Network Communication Table

Sat, 30 Jul 2011 17:06:36 +0000

I figured I’d post the massive table of firewall rules I compiled for my Exchange 2010 firewall generation script. It has both the source and destination roles for many aspects of an Exchange environment. Where there are ???’s is where I’m simply not certain (mainly around encryption between certain roles). If anyone spots any mistakes or omissions please let me know and I’ll update the accordingly.

Exchange 2010 Network Communication Table By Role

Exchange 2010: Automated Firewall Rule Generation 1.2

Wed, 20 Jul 2011 16:35:08 +0000

I made a few changes to this script to make it more modular and to allow for more exceptions in regards to DAGs and sites. Enjoy!

Exchange 2010 Firewall Rule Generation Script

Exchange 2010: Certificate Install Script

Thu, 30 Jun 2011 15:39:27 +0000

Many of the cert providers require that you install both an intermediary and a root trusted cert on the servers which you are configuring your newly requested Unified Communications certificate on. If you are doing an Exchange migration including several ISA/TMG/Exchange (2003 and 2010) servers this can be a tedious process. Here is the quick way to install all three certificates once they are on the server

Exchange 2010: Automated Firewall Rule Generation

Fri, 24 Jun 2011 16:40:50 +0000

A single, or even a dual site Exchange 2010 deployment does not usually require too much internal firewall manipulation. But if you have to setup a Exchange 2010 environment where there are many global sites or a heavily segmented network, the number of firewall requests required to get a fully functioning configuration working can be daunting. Wouldn’t it be nice to have some of those firewall rules automatically generated for you?

Exchange 2010: Protect VIP Mailboxes with Exclusive Scopes

Wed, 04 May 2011 21:26:37 +0000

Prior to starting my new job I wanted to ensure that my previous employer was able to protect VIP mailboxes in their Exchange 2010 SP1 organization. I had to do this with exclusive scopes and these are the steps I had to follow. A general knowledge of role based security is assumed in this post.

OCS 2007 R2: CRL Issue Causing Address Book Download Error

Thu, 31 Mar 2011 15:21:09 +0000

I ran into this issue recently. End users experienced a red splat in communicator exhibiting that there was an issue syncing the corporate address book. I found this excellent article explaining how an invalid Certificate Revocation List error may be causing this issue. My issue was slightly similar in nature but with some caveats.

Windows: 2003 to 2008 R2 RADIUS Migration

Thu, 17 Mar 2011 12:58:12 +0000

I found myself doing yet another Windows 2003 IAS Radius server migration to 2008 R2 NPS. I found that I had my prior notes and was able to do this quickly but, hell, if I’m looking this up in my own notes I may as well just post this succinct little procedure.

Windows: 2003 to 2008 R2 RADIUS Migration

Thu, 17 Mar 2011 12:58:12 +0000

Active Directory: Role Based Access Modeling

Tue, 22 Feb 2011 04:22:28 +0000

Much of my time is spend delving into the minutia of a particular technology to resolve issues or improve department processes. But sometimes understanding and implementing a technology is not the best “fix” for an issue. Sometimes it is a mindset or a model that needs to change. I came up with this security grouping model to address some of the pains of managing permissions across large groups of systems in our environment. Ok, I modified a long standing Microsoft recommendation of AGDLP (an abbreviation of “account, global, domain local, permission”) to meet our needs. Regardless here is a quick rundown of this security group model I devised if anyone is interested.