Month: March 2015

Corrupted roaming profile Windows 7

Posted on by Andy

Hello,

we encountered several users getting temporary profiles when logging in to the domain controller (Windows Server 2008). The fix was quite simple, at least it work for our accounts. No garantee this will work for you.

  1. Delete the user account from your windows desktop machine.
    Computer -> System Properties -> Advanced System Properties -> User Profiles
  2. Delete user folder from disk
    Computer -> C: -> Users
  3. Access roaming profile on server and delete NTUSER.DAT, NTUSER.INI and NTUSER.POL
  4. Restart desktop client

Next login worked like a charm and the temporary profile was gone.

Securing Apache against SSL attacks

Posted on by Andy

Apache is one of the most secure software out there but the SSL module is not very restrictively configured by default. Many of you know that SSLv3 in now considered insecure and so are RC4 and other algos. Here are two lines which graded the server from "F" to "A" in the SSL testing and helped preventing several SSL attacks as Heartbleed, Poodle and recently Freak.

These lines need to be put into your ssl.conf AND any other vhost directive if apache supports SNI:

Here is an older list: (before 2018): 

SSLProtocol TLSv1.2 +TLSv1.1 +TLSv1
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256

Here is a simpler and more up to date list with config options (2018): 

SSLProtocol TLSv1.2
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!aNULL:!MD5:!DSS
SSLHonorCipherOrder On
​SSLCompression Off