RE: SSL and the new no internal names ruling
I thought the way to do it for Exchange was to use split brain DNS so you use the same external domain name but pointing to internal IP's when internal? From: Rick Berry [mailto:rbe...@elevativenetworks.com] Sent: 10 December 2012 15:13 To: NT System Admin Issues Subject: SSL and the new no internal names ruling Presuming this has been discussed a bit ... but ran into it personally for the first time today, when a customer asked me to renew an Exchange certificate and sent me their CSR with a NetBIOS name in it ... it tripped the November 2015 rule on me for the first time as I was trying to renew something with an internal name past that implementation date of 11.1.2015 ... Via Digicert, although we all have the issue on any given SSL provider including Simon's @ (shameless plug) www.certificatesforexchange.comhttp://www.certificatesforexchange.com ... What concerned me was Digicert's page about 'what to do', which basically takes one down the path of 'rendom' or directory migration just to do a name change in the event you made your forest '.local' or similar ... http://www.digicert.com/ssl-support/reconfigure-internal-dns-names-iis-7.htm Curious how people are approaching this. I'm loathe to rename domains, and not looking forward to hearing back from all the people I've told over the years to make sure that they name their internal domains '.local'. Rick ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin This message has been scanned by MimeCast on behalf of Freebridge Community Housing and found to be free of viruses and not SPAM. If you have any concerns about the message contents please contact the ICT ServiceDesk. http://www.freebridge.org.uk http://twitter.com/Freebridge http://www.facebook.com/pages/Kings-Lynn-United-Kingdom/Freebridge-Community-Housing/192690183387?v=box_3 This e-mail (including any attachments), is confidential and intended only for the use of the addressee(s). It may contain information covered by legal, professional or other privilege. If you are not an addressee, please inform the sender immediately and destroy this e-mail. Do not copy, use or disclose this e-mail. E-mail transmission cannot be guaranteed to be secure or error free. The sender does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard copy version. Freebridge Community Housing Ltd is a Charitable Industrial and Provident Society - Reg No IP29744R Registered with the Housing Corporation - No L4463. VAT Registration Number 860762121 Freebridge Community Housing, Juniper House, Austin Street, Kings Lynn, Norfolk PE30 1DZ This email message has been scanned for viruses by Mimecast. Mimecast delivers a complete managed email solution from a single web based platform. For more information please visit http://www.mimecast.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmininline: 112121016041201602.gifinline: 112121016041201802.gifinline: 112121016041202002.gif
Re: Detecting standard desktops
LOL *ASB **http://XeeMe.com/AndrewBaker* http://xeeme.com/AndrewBaker* **Providing Virtual CIO Services (IT Operations Information Security) for the SMB market…*** On Wed, Dec 5, 2012 at 2:14 PM, Webster webs...@carlwebster.com wrote: A C is the highest grade I can give you for your joking around. :) You deserve an F#. Thanks Webster -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Subject: RE: Detecting standard desktops What is a C? ( joking) Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Subject: RE: Detecting standard desktops From an old C programmer, I love to dish out *pointers; :) *groan* Sm:)e. --Matt Ross Ephrata School District - Original Message - From: Webster [mailto:webs...@carlwebster.com] Sent: Wed, 05 Dec 2012 10:36:33 -0800 Subject: RE: Detecting standard desktops From an old C programmer, I love to dish out *pointers; :) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Detecting standard desktops
Ypu would have a SNOBOL of a chance. But Ada would be glad to help. ;) Daniel Rodriguez drod...@gmail.com On Dec 5, 2012 3:03 PM, Kim Longenbaugh k...@colonialsavings.com wrote: Just think how hard that sentence would have been to say if you had a lisp -Original Message- From: Webster [mailto:webs...@carlwebster.com] Sent: Wednesday, December 05, 2012 1:45 PM To: NT System Admin Issues Subject: RE: Detecting standard desktops With a little BASIC effort I might have been ABLE to put forth the effort to give you a C++. But don't go and bash me about this decision. Just go drink a cola, cool off and have some curry with your lunch. Of course, you could consult with the Delphi and C what she says. Thanks Webster -Original Message- From: Ziots, Edward [mailto:ezi...@lifespan.org] Subject: RE: Detecting standard desktops Yep can't I get a C++ for extra effort? Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org -Original Message- From: Webster [mailto:webs...@carlwebster.com] Subject: RE: Detecting standard desktops A C is the highest grade I can give you for your joking around. :) You deserve an F#. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: SSL and the new no internal names ruling
Well, this is certainly a terrible article from Digicert. Rename or migrate your domain in order to get certs that match your AD FQDN? Links to ADMT?? Utter madness. Just use an internal CA for an intranet site, as nobody else will be able to resolve those names anyhow. Buy certs from a public CA for external-facing boxes and don't even worry about the internal name, it doesn't matter. As for the advice of using the AD domain name foo.com for your business that receives mail as u...@foo.com and has a website at foo.com, this is awful advice too and causes tons of DNS headaches. Do not do this. --Steve On Mon, Dec 10, 2012 at 10:12 AM, Rick Berry rbe...@elevativenetworks.com wrote: Presuming this has been discussed a bit … but ran into it personally for the first time today, when a customer asked me to renew an Exchange certificate and sent me their CSR with a NetBIOS name in it … it tripped the “November 2015” rule on me for the first time as I was trying to renew something with an internal name past that implementation date of 11.1.2015 … Via Digicert, although we all have the issue on any given SSL provider including Simon’s @ (shameless plug) www.certificatesforexchange.com … What concerned me was Digicert’s page about ‘what to do’, which basically takes one down the path of ‘rendom’ or directory migration just to do a name change in the event you made your forest ‘.local’ or similar … http://www.digicert.com/ssl-support/reconfigure-internal-dns-names-iis-7.htm Curious how people are approaching this. I’m loathe to rename domains, and not looking forward to hearing back from all the people I’ve told over the years to make sure that they name their internal domains ‘.local’. Rick ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Mobile app for password management
Not sure if anyone pointed it out. I do love LastPass, but their Android App is not free. But you can still use the mobile web interface for free. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: SSL and the new no internal names ruling
I reached out to DigiCert about this. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 -Original Message- From: Steve Kradel [mailto:skra...@zetetic.net] Sent: Monday, December 10, 2012 11:48 AM To: NT System Admin Issues Subject: Re: SSL and the new no internal names ruling Well, this is certainly a terrible article from Digicert. Rename or migrate your domain in order to get certs that match your AD FQDN? Links to ADMT?? Utter madness. Just use an internal CA for an intranet site, as nobody else will be able to resolve those names anyhow. Buy certs from a public CA for external-facing boxes and don't even worry about the internal name, it doesn't matter. As for the advice of using the AD domain name foo.com for your business that receives mail as u...@foo.com and has a website at foo.com, this is awful advice too and causes tons of DNS headaches. Do not do this. --Steve On Mon, Dec 10, 2012 at 10:12 AM, Rick Berry rbe...@elevativenetworks.com wrote: Presuming this has been discussed a bit ... but ran into it personally for the first time today, when a customer asked me to renew an Exchange certificate and sent me their CSR with a NetBIOS name in it ... it tripped the November 2015 rule on me for the first time as I was trying to renew something with an internal name past that implementation date of 11.1.2015 ... Via Digicert, although we all have the issue on any given SSL provider including Simon's @ (shameless plug) www.certificatesforexchange.com ... What concerned me was Digicert's page about 'what to do', which basically takes one down the path of 'rendom' or directory migration just to do a name change in the event you made your forest '.local' or similar ... http://www.digicert.com/ssl-support/reconfigure-internal-dns-names-iis -7.htm Curious how people are approaching this. I'm loathe to rename domains, and not looking forward to hearing back from all the people I've told over the years to make sure that they name their internal domains '.local'. Rick ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: SSL and the new no internal names ruling
HAHAHAHAHAHA. So did I. :) -Original Message- From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Monday, December 10, 2012 1:00 PM To: NT System Admin Issues Subject: RE: SSL and the new no internal names ruling I reached out to DigiCert about this. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 -Original Message- From: Steve Kradel [mailto:skra...@zetetic.net] Sent: Monday, December 10, 2012 11:48 AM To: NT System Admin Issues Subject: Re: SSL and the new no internal names ruling Well, this is certainly a terrible article from Digicert. Rename or migrate your domain in order to get certs that match your AD FQDN? Links to ADMT?? Utter madness. Just use an internal CA for an intranet site, as nobody else will be able to resolve those names anyhow. Buy certs from a public CA for external-facing boxes and don't even worry about the internal name, it doesn't matter. As for the advice of using the AD domain name foo.com for your business that receives mail as u...@foo.com and has a website at foo.com, this is awful advice too and causes tons of DNS headaches. Do not do this. --Steve On Mon, Dec 10, 2012 at 10:12 AM, Rick Berry rbe...@elevativenetworks.com wrote: Presuming this has been discussed a bit ... but ran into it personally for the first time today, when a customer asked me to renew an Exchange certificate and sent me their CSR with a NetBIOS name in it ... it tripped the November 2015 rule on me for the first time as I was trying to renew something with an internal name past that implementation date of 11.1.2015 ... Via Digicert, although we all have the issue on any given SSL provider including Simon's @ (shameless plug) www.certificatesforexchange.com ... What concerned me was Digicert's page about 'what to do', which basically takes one down the path of 'rendom' or directory migration just to do a name change in the event you made your forest '.local' or similar ... http://www.digicert.com/ssl-support/reconfigure-internal-dns-names-iis -7.htm Curious how people are approaching this. I'm loathe to rename domains, and not looking forward to hearing back from all the people I've told over the years to make sure that they name their internal domains '.local'. Rick ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: All your passwords are belong to us
On Mon, Dec 10, 2012 at 2:01 PM, Kennedy, Jim kennedy...@elyriaschools.org wrote: http://arstechnica.com/security/2012/12/25-gpu-cluster-cracks-every-standard-windows-password-in-6-hours/ I’ve seen bigger made out of PS3’s. I think the point of the article is that it's *small*. :-) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: I hate newegg...
On Mon, Dec 10, 2012 at 1:47 PM, David Lum david@nwea.org wrote: Seems every time I buy something they give me coupon code to suck me into buying some related and irresistible item that I seem to think I really want. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 Cry me a river, young 'un. Do you pull stuff off the endcaps and from the bins at the checkout in your grocery store, too? Seems to me your mental muscles need some work. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: I hate newegg...
I love Newegg... I can window shop _all_ _day_ _long_ if I want to. --Matt Ross Ephrata School District - Original Message - From: Kurt Buff [mailto:kurt.b...@gmail.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Mon, 10 Dec 2012 13:54:42 -0800 Subject: Re: I hate newegg... On Mon, Dec 10, 2012 at 1:47 PM, David Lum david@nwea.org wrote: Seems every time I buy something they give me coupon code to suck me into buying some related and irresistible item that I seem to think I really want. David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 Cry me a river, young 'un. Do you pull stuff off the endcaps and from the bins at the checkout in your grocery store, too? Seems to me your mental muscles need some work. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: I hate newegg...
On Mon, Dec 10, 2012 at 4:47 PM, David Lum david@nwea.org wrote: Seems every time I buy something they give me coupon code to suck me into buying some related and irresistible item that I seem to think I really want. Apparently, they're right. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
R: (SCL: -1) All your passwords are belong to us
They are talking about 8 chars pwd I use 12+ chars (Aa+numbers+special chars ) since many years Guido Elia HELPPC - HELPPC SERVICE Da: Stefan Jafs [mailto:stefan.j...@gmail.com] Inviato: lunedì 10 dicembre 2012 19.55 A: NT System Admin Issues Oggetto: (SCL: -1) All your passwords are belong to us I don't know if you have seen this: http://arstechnica.com/security/2012/12/25-gpu-cluster-cracks-every-standard-windows-password-in-6-hours/ -- Stefan Jafs ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
R: (SCL: -1) Re: (SCL: -1) All your passwords are belong to us
If I am not wrong they are referring to every combination of 8 chars Guido Elia HELPPC - HELPPC SERVICE Da: Jonathan Link [mailto:jonathan.l...@gmail.com] Inviato: martedì 11 dicembre 2012 7.40 A: NT System Admin Issues Oggetto: (SCL: -1) Re: (SCL: -1) All your passwords are belong to us 8 characters not including common names/words? On Tue, Dec 11, 2012 at 1:34 AM, HELP_PC g...@enter.itmailto:g...@enter.it wrote: They are talking about 8 chars pwd I use 12+ chars (Aa+numbers+special chars ) since many years Guido Elia HELPPC - HELPPC SERVICE Da: Stefan Jafs [mailto:stefan.j...@gmail.commailto:stefan.j...@gmail.com] Inviato: lunedì 10 dicembre 2012 19.55 A: NT System Admin Issues Oggetto: (SCL: -1) All your passwords are belong to us I don't know if you have seen this: http://arstechnica.com/security/2012/12/25-gpu-cluster-cracks-every-standard-windows-password-in-6-hours/ -- Stefan Jafs ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
