Useful Links

From Help
Jump to: navigation, search

Get your IP: http://ip.web-hosting.com/

Subnet Calculator: http://www.subnet-calculator.com/subnet.php?net_class=A

SenderBase, find out where an IP is located: https://www.senderbase.org/

DIG into DNS records: https://toolbox.googleapps.com/apps/dig/

Reverse IP tracing: http://www.ip-adress.com/reverse_ip/

Ping, traceroute, whois, DNS lookups: http://ping.eu/

Cisco password type 7 reverser: http://packetlife.net/toolbox/type7/

HTML Table Generator: http://www.tablesgenerator.com/html_tables

Server 2012

Forcing Replication for AD DCs https://technet.microsoft.com/en-us/library/cc794809(v=ws.10).aspx

PKI

BNELabs guides

Installing a Two Tier PKI Part 1 – Installing Certificate Authority Role for Root CA http://bnelabs.com/installing-a-two-tier-pki-part-1/

Installing a Two Tier PKI Part 2 – Install and configure CAPolicy.inf and Certificate Authority http://bnelabs.com/installing-a-two-tier-pki-part-2/

Installing a Two Tier PKI Part 3 - Configure CRL Distribution Point (CDP) and Authority Information Access (AIA) https://www.bnelabs.com/installing-a-two-tier-pki-part-3/

Installing a Two Tier PKI Part 4 – Installing Certificate Authority, Web Enrollment and IIS Roles for Subordinate CA http://bnelabs.com/installing-a-two-tier-pki-part-4/

Installing a Two Tier PKI Part 5 – Install and configure CAPolicy.inf, Certificate Authority and request Subordinate certificate http://bnelabs.com/installing-two-tier-pki-part-5/

Installing a Two Tier PKI Part 6 – Configure CRL Distribution Point (CDP) and Authority Information Access (AIA) http://bnelabs.com/installing-two-tier-pki-part-6/

Installing a Two Tier PKI Part 7 – Configure DNS, IIS and Shares for CRL Distribution http://bnelabs.com/installing-two-tier-pki-part-7/

Installing a Two Tier PKI Part 8 – Submit, install Subordinate Certificate request and start Subordinate CA http://bnelabs.com/installing-two-tier-pki-part-8/

RDP

Removing Self-Signed RDP Certificates https://argonsys.com/learn-microsoft-cloud/library/removing-self-signed-rdp-certificates/

Remove Self Signed RDP Certificates (PowerShell script) https://gallery.technet.microsoft.com/Remove-Self-Signed-RDP-00413912?redir=0

Script to manually import RDP certificates: (Powershell script) https://gallery.technet.microsoft.com/Script-to-manually-load-31a1e76d

Code Signing

Using Code Signing Certificates to sign downloaded MSIs and build reputation with IE9 SmartScreen https://www.hanselman.com/blog/UsingCodeSigningCertificatesToSignDownloadedMSIsAndBuildReputationWithIE9SmartScreen.aspx

How to create an app package signing certificate: https://msdn.microsoft.com/en-us/library/windows/desktop/jj835832(v=vs.85).aspx

How to sign an app package using SignTool https://msdn.microsoft.com/en-us/library/windows/desktop/jj835835(v=vs.85).aspx

SQL

Enabling Certificate for SSL on a SQL Server 2005 Clustered Installation https://blogs.msdn.microsoft.com/jorgepc/2008/02/19/enabling-certificate-for-ssl-on-a-sql-server-2005-clustered-installation/

Enable Encrypted Connections to the Database Engine (Server 2017) https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/enable-encrypted-connections-to-the-database-engine?view=sql-server-2017

Enabling Encryption on Clustered SQL 2008 R2: https://www.sqlservercentral.com/Forums/Topic1029040-1526-1.aspx

How to enable SSL encryption for an instance of SQL Server by using Microsoft Management Console https://support.microsoft.com/en-us/help/316898/how-to-enable-ssl-encryption-for-an-instance-of-sql-server-by-using-mi

Microsoft Core Services - PKI

Configure the CDP and AIA Extensions on CA1 https://docs.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/configure-the-cdp-and-aia-extensions-on-ca1

Configure the Server Certificate Template https://docs.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/configure-the-server-certificate-template

Configure certificate auto-enrollment https://docs.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/configure-server-certificate-autoenrollment

Verify Server Enrollment of a Server Certificate https://docs.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/verify-server-enrollment-of-a-server-certificate

CNG Features https://docs.microsoft.com/en-us/windows/desktop/seccng/cng-features

CryptoAPI Cryptographic Service Providers https://docs.microsoft.com/en-us/windows/desktop/SecCertEnroll/cryptoapi-cryptographic-service-providers

Creating a certificate template that includes the Microsoft Platform Crypto Provider on a CA with no TPM https://social.technet.microsoft.com/wiki/contents/articles/13964.creating-a-certificate-template-that-includes-the-microsoft-platform-crypto-provider-on-a-ca-with-no-tpm.aspx

CNG Algorithm Identifiers https://docs.microsoft.com/en-us/windows/desktop/seccng/cng-algorithm-identifiers

Do we need Directory Email Replication certificates? https://social.technet.microsoft.com/Forums/exchange/en-US/33ad4755-e27e-40aa-bd64-e471da6c0956/do-we-need-directory-email-replication-certificates?forum=winserversecurity

Validate and Configure Public Key Infrastructure - Windows Hello https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki

How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll https://support.microsoft.com/en-us/help/245030/how-to-restrict-the-use-of-certain-cryptographic-algorithms-and-protoc

TLS/SSL Settings https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn786418(v=ws.11)

Enable TLS 1.2 and 1.3 on Certificate authority aka PKI (Windows 2012 R2) https://social.technet.microsoft.com/Forums/en-US/affc8f35-1def-4565-bb0f-b52eecb46ad4/enable-tls-12-and-13-on-certificate-authority-akka-pki-windows-2012-r2?forum=winserver8setup

Troubleshooting

CRL and AIA - unable to download from LDAP locations - Enterprise Sub CA https://social.technet.microsoft.com/Forums/en-US/efb35dbd-166a-42f7-a872-3deaf4e09880/crl-and-aia-unable-to-download-from-ldap-locations-enterprise-sub-ca?forum=winserversecurity

Hyper-V on Win10 - virtual TPM not available (host guardian config issue) https://social.technet.microsoft.com/Forums/windows/en-US/7f8b69ba-470a-4b23-bdb1-9837745aa066/hyperv-on-win10-virtual-tpm-not-available-host-guardian-config-issue?forum=win10itprovirt

Wireless

Deploy Password-Based 802.1X Authenticated Wireless Access https://docs.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/wireless/a-deploy-8021x-wireless-access

Network Policy Server https://msdn.microsoft.com/en-us/library/bb892034(v=vs.85).aspx

Increasing your Network Security by Configuring RADIUS on an NPS Server https://medium.com/tech-jobs-academy/increasing-your-network-security-by-configuring-radius-on-an-nps-server-fd0cc9c46218

Aruba Instant authentication using Certificates and LDAP https://community.arubanetworks.com/t5/Controllerless-Networks/Aruba-Instant-authentication-using-Certificates-and-LDAP/td-p/292212

Other

Configure the ‘SSL Cipher Suite Order’ Group Policy Setting https://www.verifyit.nl/wp/?p=176261

Wikipedia – TLS Cipher https://en.wikipedia.org/wiki/Transport_Layer_Security#Cipher

How to Update Your Windows Server Cipher Suite for Better Security https://www.howtogeek.com/221080/how-to-update-your-windows-server-cipher-suite-for-better-security/

IIS Crypto - Tool for fixing / removing Cryptographic protocols https://www.nartac.com/Products/IISCrypto/

Strong HTTPS SSL/TLS Security for Web Servers https://mattchatterton.com/posts/strong-https-security-for-web-servers

Cipher suite definitions https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.3.0/com.ibm.zos.v2r3.gska100/csdcwh.htm

What is Suite B Cryptography https://knowledge.digicert.com/generalinformation/INFO2007.html

RFCs

Internet X.509 Public Key Infrastructure Certificate Management Protocols ftp://ftp.rfc-editor.org/in-notes/rfc2510.txt

RFC 2511: Internet X.509 Certificate Request Message Format https://tools.ietf.org/html/RFC2511

RFC 2459: Internet X.509 Public Key Infrastructure Certificate and CRL Profile https://tools.ietf.org/html/RFC2459

RFC 2560: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP https://tools.ietf.org/html/RFC2560

RFC 2797: Certificate Management Messages over CMS https://tools.ietf.org/html/RFC2797

RFC 3039: Internet X.509 Public Key Infrastructure Qualified Certificates Profile https://tools.ietf.org/html/RFC3039

RFC 3161: Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) https://tools.ietf.org/html/RFC3161

RFC 3281: An Internet Attribute Certificate Profile for Authorization https://tools.ietf.org/html/RFC3281

RFC 3647: Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework. Supersedes RFC 2527. https://tools.ietf.org/html/RFC3647

RFC 3749: Transport Layer Security Protocol Compression Methods https://tools.ietf.org/html/rfc3749

RFC 3820: Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile https://tools.ietf.org/html/RFC3820

RFC 5246: The Transport Layer Security (TLS) Protocol Version 1.2 https://tools.ietf.org/html/rfc5246

RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile https://tools.ietf.org/html/rfc5280

NIST Publications

SP 800-32: Introduction to Public Key Technology and the Federal PKI Infrastructure https://csrc.nist.gov/publications/detail/sp/800-32/final

SP 800-131A Rev. 1: Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths https://csrc.nist.gov/publications/detail/sp/800-131a/rev-1/final

SP 800-175a: Guideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies https://csrc.nist.gov/publications/detail/sp/800-175a/final

SP 800-152: A Profile for U.S. Federal Cryptographic Key Management Systems (CKMS) https://csrc.nist.gov/publications/detail/sp/800-152/final

SP 800-15: MISPC Minimum Interoperability Specification for PKI Components, Version 1 https://csrc.nist.gov/publications/detail/sp/800-15/final

FIPS 140-2: Security Requirements for Cryptographic Modules https://csrc.nist.gov/publications/detail/fips/140/2/final

FIPS 180-4: Secure Hash Standard (SHS) https://csrc.nist.gov/publications/detail/fips/180/4/final

FIPS 202: SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions https://csrc.nist.gov/publications/detail/fips/202/final

Framework for Improving Critical Infrastructure Cybersecurity https://www.nist.gov/sites/default/files/documents/cyberframework/cybersecurity-framework-021214.pdf

SP 800-57 Part 1 Rev 4: Recommendation for Key Management https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf

FIPS PUB 186-4: Digital Signature Standard (DSS) https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf

Projects

Public Key Infrastructure Testing https://csrc.nist.gov/Projects/PKI-Testing

Cryptographic Standards and Guidelines https://csrc.nist.gov/Projects/Cryptographic-Standards-and-Guidelines

X.509 Path Validation Test Suite https://csrc.nist.gov/Projects/PKI-Testing/X-509-Path-Validation-Test-Suite

Block Cipher Techniques https://csrc.nist.gov/Projects/Block-Cipher-Techniques

Hash Functions https://csrc.nist.gov/projects/hash-functions

Standards https://csrc.nist.gov/Projects/Cryptographic-Module-Validation-Program/Standards

Cryptographic Algorithm Validation Program https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program

Automated Cryptographic Validation Testing https://csrc.nist.gov/Projects/Automated-Cryptographic-Validation-Testing

TLS SERVER CERTIFICATE MANAGEMENT https://www.nccoe.nist.gov/sites/default/files/library/project-descriptions/tls-serv-cert-mgt-project-description-final.pdf

Main Page