Additional Network Resources

• Need to optimize your network – Silly Window Syndrome could be happening
• Optimizing your server with more than one network card
• NTLM Settings in Windows 7, 8 or 10
• Internet or network application slow? You may need to temporarily disable Nagle’s Algorithm
• Link aggregation – Use Multiple NIC Cards
• Need to optimize your network? Look at adjusting LocalPriority, HostPriority, DNSPriority or NetBTPriority

Advertisements

Windows won’t update? Download the Servicing Stack Update (SSU)

There are several things you can do when Windows won’t update.

With Windows 10, you can open an elevated command prompt and type –
DISM.exe /Online /Cleanup-image /Restorehealth

You can also Download the Windows Update Troubleshooter

Ultimately, you can use the SSU from Microsoft’s Catalog to get updates.

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4090914

With Windows 7 and Server 2008 R2, you can download the System Update Readiness Tool –

Operating system	Download link
x86-based (32-bit) versions of Windows 7 SP1 and Windows 7	Download the package now.
x64-based (64-bit) versions of Windows 7 SP1 and Windows 7	Download the package now.
x64-based (64-bit) versions of Windows Server 2008 R2 SP1	Download the package now.
x64-based (64-bit) versions of Windows Server 2008 SP2	Download the package now.

vEthernet adapters left after uninstalling Hyper-V

If you have ever installed Hyper-V, you may have noticed left over vEthernet adapters.   You may also noticed that you have issues with TCP/IP.  Here’s what to do.

Open a command prompt or PowerShell as an Administrator

Type netcfg -d

Reboot

This will uninstall all of your adapters (including hidden) and reinstall just the physical adapters. Make sure you have drivers available – just in case.

You may want to also reset TCP/IP settings.

netsh winsock reset
netsh int ip reset
netsh interface ipv4 reset
netsh interface ipv6 reset
netsh interface tcp reset
netsh int reset all 
ipconfig /flushdns
nbtstat -R
nbtstat -RR
netsh interface tcp set global autotuninglevel=disabled
netsh advfirewall reset

2018 Middle TN Cyber Security Conference

This slideshow requires JavaScript.

Registration and conference information:

https://www.2018cyberconf.com/ThruHackersEyes

 

Android Paid Apps Going Free

via Android | Paid Apps Going Free

Thanks to Rick over at What’s On My PC

Truly reset the TCP/IP stack – Fix network/internet problems

Having connection issues and no viruses or malware?  Hardware ok?

Try typing the following at a command prompt to fully reset the TCP/IP Stack-

---

netsh winsock reset 

netsh int ip reset 

netsh interface ipv4 reset

netsh interface ipv6 reset 

netsh interface tcp reset

netsh int reset all
 
ipconfig /flushdns

nbtstat -R

nbtstat -RR

netsh interface tcp set global autotuninglevel=disabled

netsh advfirewall reset

---

What will you see?

C:\WINDOWS\system32>netsh winsock reset

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

C:\WINDOWS\system32>netsh int ip reset
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.

C:\WINDOWS\system32>netsh interface ipv4 reset
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.

 

C:\WINDOWS\system32>netsh interface ipv6 reset
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.

C:\WINDOWS\system32>netsh interface tcp reset

Reset of all TCP parameters OK!
Ok.

C:\WINDOWS\system32> ipconfig /flushdns

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\WINDOWS\system32>nbtstat -R
Successful purge and preload of the NBT Remote Cache Name Table.

C:\WINDOWS\system32>nbtstat -RR
The NetBIOS names registered by this computer have been refreshed.

C:\WINDOWS\system32>

 

 

Cannot reset winsock, isatap yellow exclamation, no wireless or internet

Have a wireless card that doesn’t see the wireless?  Does checking the Device Manager show a yellow exclamation mark on the isatap or Teredo Tunneling Pseudo Interface?

Always backup your computer before performing advanced commands.

Steps

1. Load the latest driver for the wireless or Ethernet card.
2. Reboot if necessary
3. Go to the properties of the nic card with a problem.  Uncheck IPv6 protocol.   You can check this later after the repair. Close the properties Windows
4. Go to the Device Manager
5. Double click on the isatap with a yellow exclamation, click update driver, browse my computer, select next (the driver will be highlighted) and follow through to the finish.
6. Right Click and remove the Teredo Tunneling Pseudo Interface if it is there.
7. Open a command prompt as an administrator
8. Type netsh int ipv4 reset c:\resetlog.txt – hit the enter key    – Do not reboot  –
   Did you have an error that looks like this?  If so, you must modify your registry (see error list below)
   If not, continue to step 9
   
9. Type netsh reset winsock catalog  – reboot

 

Error list  – Resetting the winsock and TCP/IP stack

If you type the following and receive an error –

netsh int ipv4 reset
netsh reset winsock catalog

Remove any antivirus solution you may have.  Often these will prevent the winsock from being modified.  Use removal tools as necessary.

Next find the following key by opening the registry editor (regedit at the run line)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a00-9b1a-11d4-9123-0050047759bc}\26

You may see more than one “26” key – if so, look for all of the 26 values under the keys and perform the following action on each

Right click on the “26” key, choose “Permissions”, add a checkmark on “Full control” for the everyone group.

Close the registry editor.

Now for a full reset – Open a command prompt as an admistrator –
netsh int ip reset 

 

• ipconfig /flushdns
• 
• nbtstat -R
• nbtstat -RR
  
• netsh int ipv4 reset
• netsh winsock reset catalog

This will rebuild the tcp/ip protocol stack (fully)

Reboot.

Hopefully you have a connection.   Make sure you reload your antivirus software.

 

Privacy – Use WebRTC Network Limiter for Chrome

Other than using a VPN, you can use WebRTC Network Limiter for Chrome to help protect information that may leak on the internet.

Go to IPLeak.net – Analyze your computer and follow the tips listed at the end of the session

From IPLeak.net – You can protect other browsers by following their tips.
 What is a “WebRTC leaks”?
WebRTC implement STUN (Session Traversal Utilities for Nat), a protocol that allows to  discover the public IP address. To disable it:

• Mozilla Firefox: Type “about:config” in the address bar. Scroll down to “media.peerconnection.enabled”, double click to set it to false.
• Google Chrome: Install Google official extension WebRTC Network Limiter.
• Opera: Type “about:config” in the address bar or go to “Settings”. Select “Show advanced settings” and click on “Privacy & security”. At “WebRTC” mark select “Disable non-proxied UDP”.

What should you do?  Use a VPN and use tips on the above page to help protect your privacy.

Example from internal lab  without a VPN.

After WebRTC Network Limiter installed and set to public only

 

Updating Drivers? Don’t forget the chipset!

While I’d like to guess that over 98% of the computers that I have worked on that are privately owned; the drivers were out of date or missing critical drivers that other drivers rely on.

Here’s what I mean.  If you decide to update your wireless drivers,  don’t go to the manufacturer of the computer, look for drivers from the hardware website. Don’t download any program that offers to update your drivers.  Update your drivers manually.   Open the device manager, look for the device you want to update, navigate to the hardware manufacturer’s website, download the zip file,  unzip the file, click update driver, select let me choose and point to the location of the driver.

       

Now which drivers should you update?  Video, sound, network (wired and wireless), camera, mouse (synaptics if a laptop), and most importantly, the chipset.  Why the chipset?  It controls the peripheral equipment (e.g. video, sound, network).  Updates usually correct problems or latency issues.

Remember, the chipset and BIOS (UEFI) control these devices.  It’s important to get BIOS/UEFI updates along with what controls your computer…the chipset.

Reset Windows Services to default

Have you ever wanted to reset Windows’ Services?  If you want to reset Windows services, you can consult the website BlackViper.   Having researched Microsoft’s Operating Systems, the author of BlackViper.com gives different configurations including the default services in Microsoft’s operating systems.

There is also a GitHub repository of a PowerShell script to reset the services in Windows 10 (Based on BlackViper).  Link

BatCMD.com has small batch files to help you reset services one by one.  Link

Optimizing your server with more than one network card

New IT professionals may think that adding a second network card will improve throughput.  While this can be true, IT personnel need to be aware of several rules behind configuring multiple network cards.

Assuming the server will be in the same subnet, once the network cards are installed, several decisions have to be made.  Will the cards be independent and have separate IP addresses or will the cards be bridged and have the same IP address?

Two IP addresses

If you plan on installing two nic cards in your server and you want to use two ip addresses-

• Make sure that licensing of software is not based on the MAC address of one of the NIC cards
• Do NOT enable NetBIOS over TCP/IP – This can cause the name of the server to appear on the network more than once and an error will occur (multiple NetBT Event ID 4319 Errors stating “A duplicate name has been detected on the TCP network)
• Use an internal DNS server – Client computers will use a DNS round-robin and routing tables will be built

One IP Address, multiple NIC cards

If you plan on using aggregation or the bridging of your network cards-

• USE HP, Intel, Broadcom or other NICs that support teaming (drivers) – this is important so that the cards will be used together

Note- (Our recommendations)

• Connect each NIC to a separate switch to ensure switchport flooding does not occur.”  Use switches that support IEEE 802.3ad
• USE RSS and modify the registry appropriately to use multiple CPUs
  In Windows Server 2008, administrators can set the maximum number of RSS CPUs with the MaxNumRssCpus registry keyword in HKEY_LOCAL_MACHINE\\SYSTEM\CurrentControlSet\Services\Ndis\Parameters. TheMaxNumRssCpus value is a DWORD type and, if it is not present, NDIS uses the default value of 4.
  More information: http://msdn.microsoft.com/en-us/library/windows/hardware/ff570795(v=vs.85).aspx
• To enable RSS:
  1. Open a command prompt as an administrator
  2. Type the following command, and then press ENTER:
     netsh int tcp set global rss=enabled
• You may want to also enable TCP Chimney if your NIC card supports it. http://support.microsoft.com/kb/951037

Is TCP Chimney working? Type netstat -t if you see Offloaded during a connection, this feature is working

An excellent article on the use of multiple NIC cards http://blogs.technet.com/b/josebda/archive/2010/09/03/using-the-multiple-nics-of-your-file-server-running-windows-server-2008-and-2008-r2.aspx

NTLM Settings in Windows 7, 8 or 10

You may have devices (NASs) on your network that you can no longer can connect to or you may not be able to network to an older OS.  Actually this changes settings to accept NTLMv1 and NTLMv2 so that you can connect to Samba Servers, Snap Servers, Older Windows Computers or whatever….

1. Go to Run, Type Regedit and open this key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

2. If it doesn’t exist, create a DWORD value named
LmCompatibilityLevel

3. Set the value to 1

4. Reboot

An attempt was made to reference a token that does not exist

When opening manage or the  “Microsoft Management Console (MMC)”  you recieve
“An attempt was made to reference a token that does not exist”.

Solution:

Open a Command Prompt ( Search for CMD) (right click and run as administrator) and navigate to

c:\windows\System32

Re-register the required DLL files by using the following command:

For /F %s in (‘dir /b *.dll’) do regsvr32 /s %s

Note:  Copy and paste may not work for the above command. You may have to change the ‘ to an apostrophe due to web page formatting

Also run SFC /SCANNOW from the command prompt (Elevate permission) if the above does not work.

This fix may also help fix other issues after a software installation.

SC Awards Finalist-Best Cybersecurity Higher Education Program

The Tennessee College of Applied Technology today announced that the Information Technology and Infrastructure Management Program has been named a finalist in the SC Awards 2018 for exemplary professional leadership in cybersecurity. The Information Technology and Infrastructure Management Program was acknowledged as Best Cybersecurity Higher Education Program in the Professional Award category of the SC Awards. Winners will be announced at the SC Awards ceremony on April 17, 2018 in San Francisco.

 “In an age where threats are ever-evolving, it is reassuring to know that one true constant is the commitment of dedicated information security professionals, as best exemplified by our SC Media Awards finalists,” said Illena Armstrong, VP, editorial, SC Media. “These inspiring innovators have set a high bar for their industry peers, as they continue to protect the world from attacks and vulnerabilities that imperil our security, privacy, and digital infrastructure. The year 2017 brought us WannaCry ransomware infections, the rise of cryptominers, and bugs like Broadpwn and BlueBorne that affected billions of devices. Whatever threats rear their ugly heads in 2018 and beyond, our finalists will be ready to act.”

 Now in its 21^st year, SC Awards is recognized as the industry gold standard of accomplishment for cybersecurity professionals, products and services. Winners in the Professional Award category are selected by an expert panel of judges and recognize the most talented cybersecurity professionals from end-user companies. Judges conducted in-depth analysis and considered many factors – such as applicable research, analyst reports and/or product reviews – to narrow down the field of hundreds of submissions to just the top finalists.

 “It’s an honor to be named as a finalist with SC Media.  With cyber security careers growing at over 18% and cyber crimes growing at an unprecedented rate, it is important to train IT professionals to be ready for tomorrow’s challenges today.”, Steve Mallard, lead ITIM instructor at TCAT Shelbyville.

 “Training the next generation of IT professionals with excellence and professionalism is the foundation of our Information Technology and Infrastructure Management program.  Being recognized as leaders in innovation in the information technology arena is a testament to the program’s quality.  We are honored to be nominated as a finalist.”,  Laura Monks, president TCAT SHelbyville

 “The SC Award’s Professional Award category represents the highest caliber of leadership in the cybersecurity industry,” added Illena Armstrong of SC Media. “As a finalist, the Information Technology and Infrastructure Management Program has shown unique creativity and passion in their approach to addressing and combating even the most challenging cybersecurity issues.”

 The SC Awards gala honoring the winners attracts top professionals in the cybersecurity community and provides an invaluable opportunity for networking. To register for the 2018 SC Awards gala, please visit http://www.scmagazine.com/awards/
.About SC Media

SC Media is cybersecurity. For over 25 years, they have armed information security professionals with in-depth and unbiased information through timely news, comprehensive analysis, cutting-edge features, contributions from thought leaders, and independent product reviews in partnership with and for top-level information security executives and their technical teams.

In addition to their comprehensive website, SC Media offers magazines, eBooks, and newsletters. They also host digital and live events such as SC Awards and RiskSec NY to provide cybersecurity professionals all the information needed to safeguard their organizations and contribute to their longevity and success.

Save the date for the 2018 Middle TN Cyber Security Conference.

Save the date for the Middle TN Cyber Security Conference.
Website and registration details will be posted soon.

 

 

 

Need to check your PC for Meltdown or Spectre?

Need to check your PC for Meltdown or Spectre?  Use  Steve Gibson’s free tool to check if you are vulnerable.

https://www.grc.com/inspectre.htm

Is Your Windows PC Affected by Meltdown and Spectre? Use PowerShell to see if it is

Open PowerShell as an administrator

Copy each of these commands and enter each into PowerShell –

If you are prompted to continue, select Y

Install-Module SpeculationControl
Set-ExecutionPolicy Unrestricted
Import-Module SpeculationControl
Get-SpeculationControlSettings

If you receive a False, you are vulnerable.  Look for Bios and Windows Updates–

Example of a System that is vulnerable
Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is enabled: False

Speculation control settings for CVE-2017-5754 [rogue data cache load]

Hardware requires kernel VA shadowing: False

Suggested actions

* Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation.
* Install the latest available updates for Windows with support for speculation control mitigations.

 

BTIHardwarePresent : False
BTIWindowsSupportPresent : False
BTIWindowsSupportEnabled : False
BTIDisabledBySystemPolicy : False
BTIDisabledByNoHardwareSupport : False
KVAShadowRequired : False
KVAShadowWindowsSupportPresent : False
KVAShadowWindowsSupportEnabled : False
KVAShadowPcidEnabled : False

Wi-Fi networks will emerge in 2018 as part of Wi-Fi CERTIFIED WPA3™

New Wi-Fi® security features available in 2018

Las Vegas, NV – January 8, 2018 – Wi-Fi Alliance® …Read more

Tweak your wireless router

Many people who set up their wireless routers never optimize the channel to keep from ‘bumping’ into their neighbors.  Regardless if you are a Apple, Linux or Windows user, you should select a channel as far away from your neighbors devices as you can.   Use WiFi Analyzer for Android, (Apple), or InSSIDer for a PC to see what channels are being used around your home or business.

The second tip is involves fragmentation..   We don’t have one or two internet devices anymore, we have four or more.   Computers, laptops, netbooks, e-readers such as Kindles or Nooks, iPods, iPhones, Android tablets, iPads, Android, Windows Phones, Blurays, TVs and more.    So how can this be optimized?   These devices send packets of data in frames.

Imagine you talking.   Each word is a packet and the packets together are a sentence.   In a wireless environment, each device has to wait for the other to complete their sentence before it can talk.

Computer talking to router – ” I am going to WordPress to read a blog!”

Tablet waits on router and says – “I want to go to YouTube!”

Your router listens to the computer while the tablet is waiting.   The router processes the computer’s request and then listens to the tablet.   So how can this be optimized?

The default fragmentation for routers is 2346.  Many professionals recommend to set this at 800 or 1000 if there are many devices on your network.   So your router should work like this –

Computer and Tablet say – “I am going to – I want to go to – WordPress to read – YouTube! – a blog!”

See how each device gets a small piece of what it wants to say in to the router?  The router can process the information a little at a time keeping each devices wait time down.   This in  turn works with the RTS Threshold.

The RTS Threshold is  used as a trigger to engage the back and forth of RTS (Ready to Send – “I have something to say”) and CTS (Clear to Send – “I am listening”) messages between the wireless router  and  your device.  The trigger’s purpose is a type of “handshaking”.   The default value for RTS is 2347.   Try 2340 and lower as necessary. 

Note: Before changing these defaults, remember – you can reset these if you cannot connect.  Read your owner’s manual on how to reset your router in the event you have connectivity problems.  Every situation is different.  

Here’s my settings on Fragmentation and RTS Threshold.

The preamble should be set to short.   Long is for 802.11b  devices (old legacy laptops or devices).  Auto is just in case you have someone with old computers that are coming into your home.   Auto works for old and new.   Generally older devices today have 802.11g.   802.11g and 802.11n work with long.   So if you don’t anticipate someone visiting with older devices, move the preamble to short.

DTIM is a traffic indicator.  It basically says – “Yo, I got something for you” during the beacon.  Setting this 1 point higher can actually save power when devices are listening.   So the device will awaken only when DTIM tells it to.

These settings are for people who have several devices on their network and are true consumers of the internet.   They are by no means the settings for everyone.   You may have to play with the settings to get optimal throughput.  Remember, test your bandwidth with two devices side by side and simultaneously.   Have each device strain your network by testing their throughput by going to an ISP site that test download speeds or stream a video at the same time.  You’ll see a difference.   The default values very well may be what you need if you don’t have many users and devices.

Give it a try.  You can always go back to your routers default values.

Wireless Dropping? Change your Scan Valid Interval

Is your Wireless dropping?  Update your driver of course and then try changing your Scan Valid Interval.   By default, most wireless cards are set to 60.   This is the amount of time before your wireless ‘looks’ for other access points (for roaming).   Try changing the interval to 120.

Open the device manager, double click on the wireless adapter, under advanced, click on Scan Valid Interval – change this to 120.   If you have a card that has roaming under advanced, select the lowest option.

 

Note:  If you have a laptop and are moving around in an area, you may need to lower this number.

Also, you may want to lower the Beacon Interval in your router if your signal is low or if you have drops.  This sends beacons more frequently and can help with your signal.   This may slightly decrease your bandwidth (wireless) and use a little extra battery on mobile devices.

While the default is 100, did you know if you increase this time (assuming you have a great signal in your home or business) that you can increase wireless bandwidth (slightly) and even increase your battery life of devices?

Got Atheros? Follow this link to drivers.

Also, do a quick survey of your entire home.  As you can see, one side of our house has interference on channel 11.   Because the ‘user’ of the other wireless is using Channel 6 + 10 (40 mhz ) spread, Channel 6 and 11 are NOT optimal.  Therefore, channel 1 is the optimal channel (you can see two devices – my AP and printer)

Left – host computer  Right – TightVNC into another computer in my home.

Remember, router position and direction matters.  As you can see below, repositioning the router got rid of “Saw Tooth” (signal that goes up and down).