SSL Poodle Heartbleed FREAK

NTLM settings and other fun labs searching for missing IP adresses in eventid 4625 or trying to get RemoteAPP to work well with RD Client on iPad, Android and even Windows!

konsult inom backup It säkerhet molntjänster återsartsplaner för IT

Using SSL causes mssing IP adresses in eventid 4625 and to get them back .. disable NTLM ? Nope. Not really an option

Today I took me a lab day to actually sit down and spend time with the NTLM settings and the RDWEB and try it out on various platforms and do some more or less scientific testing.
In short, I’äm not impressed by how Micropsoft has actually implemented parts of ther stuff..

I used Windows 10, RD Client for IOS and RD Client for Android. The server infrastructure was a Windows Server 2008 R2 with valid SSL certficates for all services.

The underlying problem is basiaclly that if you use an SSL certificate for your RDP connections , failed logins aren’t correctly dispalyd , i.e. your missing IP adresses in eventid 4625. (When not using an SSL certficate , it is recorded but then your users and customers get a lot of warnings when connecting to your servers and some things just donät work very well sucha as the Webfeed for RD Web)

Syspeace is a Host Intrusion Prevention Software that uses this inormation about the source IP address to block brute force attacks against Windows Servers.

One way around this is to disable incoming NTLM traffic and sure enought , all IP addresses are recorded.

The downside is .. only “full” RDP connections will work meaning that for instance connections to a server desktop works fine but if you’re really into RemoteAPP (and that’s the way I want to go and a lot of tekkies with me) you’ll be running into problems.
And, by th way.. frankly, full desktop session don’t work either from IOS (at least remote Desktop Client 8.1.13 and my iPad, they do from Android though, same server, same username and so on)

Not even Windows really working correctly when disabling NTLM ?

I also did some testing for fun by creating a .wcx file and oddly enough. In order to get that to actually work with Windows 10 (and I’m guessing it’s the same for Windows 7 and so on ) , It just refuses to connect to the RemoteApp service if incoming NTLM is disabled.
I can howerver start a normal Desktop Session against the server so, what I would claim is that the fault is actually within RD Web and the way it handles authentication, requiring some parts to be using NTLM.
The usual RD Web login interface works so far that I can login and see the resources but I can’t start any applications from it. No errors, nothing.
If enabling NTLM, I can start the applications just fine. Once again. NTLM has to be enabled in order for full functionality 🙁

So, basically, if I change the policy settings for the RD Server not to allow incoming NTLM traffic in order to be able to actually handle a bruteforce attack and also keep track of failed logins with informaion that’s actually useful for me as a sysadmin and CSO

These are by the way the settings I’m referring to

Computer Configuration\Windows Settings\Security Settings\Security Options

– Network security: LAN Manager authentication level — Send NTLMv2 response only. Refuse LM & NTLM
– Network security: Restrict NTLM: Audit Incoming NTLM Traffic — Enable auditing for all accounts
– Network security: Restrict NTLM: Incoming NTLM traffic — Deny all accounts

Regardless of how I try, I can’t get it to work to actually add remoteapp resources (or Remote Resource Feed) neither Windows 10, nor IOS, nor Android.

So, what are the implications of this ? Does it matter ? Do we need the source IP address in 4625?

First of all, the way this is handled within Windows Server is an absolut nightmare and frankly, just usesless and I can’t see any reason for Microsoft developers to leave the IP address out when using SSL certificates or at least have another entry in the eventlog for it containg useful information.
It’s not possible to handle brute force attacks natievly within Windows Server as I’ve written about many times earlier.

The biggest problem is of course that if someone tries to bruteforce your server, then how will you stop the attack ? How do you gather evidence ?
If your’e running a larger server environment and hosting customers and so on , you’ll have no way of knowing what attempts are legitimate customers and user and which ones aren’t really.
You can hardly shut down your services can you ?

At the moment , I don’t have a good solution to this problem. Syspeace catches lots and lots of bruteforce attacks for me but these ones it can’t since it doesn’t have any IP address to block.
I’m just hoping for Microsft to actually solve this on the server side since that would be the easiest fix for them I’d say.
Of course they also neeed to get the RDP clients working for all platforms but basically it should be working with NTLM2 at least and also to log the failed logon request correctly if using an SSL certficate. Anthing else is just pure madness and stupidity to be honest and someone should get fired for not thinking ahead.

By Juha Jurvanen @ JufCorp

The anatomy of hacking attacks and a few countermeasures

konsult inom backup It säkerhet molntjänster hacking attacks

Various hacking attacks against servers and users

First of all, there are multiple types of hacker attacks and they all have different purposes.
There are also many different types of hackers and they all have cool names like “White hat” hackers and “Black hat” hacker.
The White Hat ones are usually the security experts hired at a company to check and verify the IT security measures at other companies.
The Black Hat hackers are not. They’re the ones to be afraid of.
I’m neither of them. I’m simply a consultant and the best of these guys know far more about theses things than I do but still, I thought I’d run through a few common attacks targeted to accomplish various things.

There are many reasons why an attacker wants to hack you.

It could be hacktivism and political reasons or an attempt to gain access to your server to be able to use it for hacking others (basically they want access to your CPU, RAM and disk to hide stolen data and tools, mine for Bitcoins or whatever and to have an IP address to use, not leading back to their own).
There’s a few very cool and easy ways to hide files on servers that ar more or less impossible to find such as hiding a file “behind” another file and so on.

Of course in some cases it can also be about trying to steal company secrets (industrial espionage), possibly a former (or current for that matter, internal data theft and hacking is far more common than you’d expect) discontent employee looking to sabotage or looking for revenge or in some cases, just for the fun of it to see if it can be done.

The pre-run. Checking out your site, server with portscans and bruteforce atttacks

First of all, any hacker will need to know what you’re running and what it looks like. “Know thy enemy” so to speak.
Usually a portscan of your servers will reveal quite a lot of information and there are loads of tools to do this, quietly, undetected and efficiently such as nmap or even Google actually.

In order to make it a bit more difficult for them I’d suggest you have your firewall correctly configured for blocking portscans, your servers on a DMZ and also to hide any banner revealing what software you’re running and what version. This can’t be done with all software I’m afraid but the ones that you can, please consider doing so.
For a hacker to know exactly what you’re running will only make his/her life much easier since all they do is to start
looking for any known vulnerabilities and so called exploits to that software and version.
Usually software developers have released a patch but unfortunately, a lot of software never gets updated in time due to the old “if it works, don’t fix it” attitude among a lot of server tekkies and hosting providers.

Another thing is to move all default pages and scripts (or delete them if you’re not using them) to make a bit more difficult to figure out what you’re actually running and how it is setup. Have for instance 404 error messages redirected to the start page or Google or your worst competitor and also 403 errors ..

DoS attacks and DDoS attacks and also hiding behind them.

A DoS attack is a “Denial of Service” attack which means that your server is in some way attacked and made to stop servicing your clients / users or customers the way it’s supposed to, for instance your webmail / OWA or a webshop or RDP services.

This can be accomplished in many ways. A DDoS attack is a DoS attacked but with the difference that it is a Distributed DOS attack meaning there are a lot of more computers involved in doing the attack.
These attacks often have the main purpose of taking a website down by overloading it really.

If you’ve got a web server servicing for instance a webshop and a hackergroup for some reason don’t like you, they’ll get a few hundred thousand computers around the world to ask for a specific document or picture on your website, thus overloading it so it can’t really service your customers since the server is busy handling the bogus requests.

It is not uncommon also for a hacker to hide behind these attacks to try and find out what kind of countermeasures you have in place such as Syspeace. The idea behind it is basically to became invisible in all the log noise a DDoS attack generates.

Worst case, hacking attacks such as this can actually go on for weeks and it has happened often. That is also simply an extortion. “If you pay us this and this much , your webshop will be back online again, otherwise not”. For some companies this of course could be an absolute disaster, imagine for instance around the Christmas sales.

Now, it might sound impossible to find a few hundred thousand computers to get such an attack underway. It’s not. They’re out there in botnets spread over VPS and physical machines and they’re for hire even. Including a trial run and with support.
Brave new world ..

There are ways to handle these attacks. For instance increasing the service capacity on the server, increasing you bandwidth and also have a talk with your ISP on how to mitigate the attacks if they have solutions in place for it. You could also have for instance a powerful SNORT server in front of the firewall to get rid of some of the traffic. You should also have Syspeace in place for handling the bruteforce atatcks

Poorly updated applications or neglected updates and 0day exploits

If a server is poorly updated and the application/website is sensitive for instance that the hacker simply adds some code against the webaddress trying to browse the file system on the server then this can also render in a DOS attack or even worse, the attacker gets hold of the users and administrator/ root passwords. Once they’ve got that, your pretty much ..well. you won’t be having a good day. Basically you need to make sure your webserver is always correctly updated, and you also need to make sure that the underlying file system can’t be reached from the outside more than absolutely necessary.
Make sure you checked every directory and path on the website and what actually is reachable, writeable and browsable. If you’ve got pages you don’t want indexed then hadndle that in the robots.txt or have them secured behind a user login page.If you’re running a Wordporess site, make sure you hav alarma set up for outdated plugins, changes to files and so on and and make sure to deal with it asap.

Unfortunately, from time to time there are also so called 0day exploits out in the wild and those are very hard to defend yourself against. If get alerted that there is one in the wild for your environment, please keep alert and stay on your toes until a patch is released and follow any best practices released by the vendor! This can also fall under the category viruses and trojans further down.

SQL Injections and badly formatted requests

If the website uses a SQL Server / MySQL or has any input form to validate or gather something, please make sure that the application strips away any characters that could make your server vulnerable to SQL Injections since the SQL Server is usually run with administrative rights making the SQL Server injections being run with high privileges and accessing the operating system.

If you don’t know how the application is written, please contact the developers of it and ask them and have them verify this.

For any part of the website where there are input forms, makes sure that all input is validated in terms of what characters are used and how long the input is.
If a website is poorly written and poorly validated, a memory buffer overflow can occur which basically means that the input is so large or strangely formatted that the server will stop working or even give the attacker access to the servers operating system by overwriting stuff in the RAM in a way that it’s not supposed to.

Viruses, rootkits and trojans.

If an attacker has been able to lure your users to a site that contains infected code (sometimes also called drive by hacking) and the web browser or plugins to it (Java, Adobe, Flash and so on) are sensitive to that particular infections you user might come down with an infected computer.
Depending on what actually has been infected and why the consequences vary of course.

This is often done by sending emails with links to websites or trying to get user to plug in an infected USB stick into their PC.

I’ve heard of companies that have been affected with a virus rendering them unable to work since nobody was allowed to even plug in their computers to the work networks until they could be sure they’d got rid of it. In this case it was a lot of computers so I think it took them 3 week until people actually could start working again, 3 weeks without any work. That’s a costly thing for any company.The same standstill could also come from a ransom virus, basically encrypting all your files and you’ll have to pay money to get the right decryption password.

The way to minimize such a horrible standstill is to make sure that ALL of your devices connecting to the network are properly updated with antivirus products (please do not use the free ones ..ever!) but also you need to make sure that any other software is properly updated . Java, Flash, and the operating system itself .
This also goes for workstations connecting from home and so on or otherwise you might be in for a bad day. You should also be very restrictive when it comes to letting users use USB drives and stuff. They might be infected with something.

MITM – Man in the Middle, proxies and easedropping

If you’ve got a corporate network, you want to know what devices actually are on it and why. If someone for instance sets up a computer and has all of the corporate traffic routed through (by acting a proxy) , all of your communicating is being copied and this can be done in various ways. The same goes actually for you if you’re using public WiFi hot spots which I would never recommend anyone really using. To intercept data isn’t very difficult unfortunately, especially if it isn’t protected by valid certificates.
You need to use valid SSL certificates and there’s no reason to use anything lower that 2048 encryption and you must also disable weak cipher and other stuff before your SSL is correctly set up. Check your configuartion against for instance on Qualsys SSL Labs.
Also make sure that all communications are secured within your network.

Brute force and dictionary attacks.

I’ve written loads and loads on this earlier so I won’t linger on it. A brute force or dictionary attack is basically someone trying to get access to your server by guessing the username and correct password using a large list of common passwords or a dictionary and simply trying them one by one (well, thousands at a time really since its’s automated).

To protect your servers and user you need to have a intrusion prevention system in place. For Windows Servers I recommend using Syspeace (and you can also use Sysepace for protecting web applications you’ve protected through the Syspeace API) and on Linux servers I’d have a look at fail2ban. You should also use and enforce complex passwords.

Anything that comes with a default password for logins (routers, switches, printers and so on) should have the password changed from default!
These are always sensitive to brute force attacks and there are sites on web listing thousandfs of default passwords out there

You should also have a very strict policy to immediately block an employees account as soon as they’re no longer with the company and you should be very careful with what user rights you grant your users since they can easily be misused.
You should also have software in place for managing mobile phones and other devices that your employees have and the ability to wipe them clean if they get stolen or if you suspect internal mischief from an employee.

On site data theft and social engineering.

Well. In a sense , it’s not hacking but it’s more fooling people. Not the initial part anyway.
Basically someone turns up, claiming to be from the phone company, a cleaning company, your IT support company or anything that makes sense and they want access to the data center, server room to “fix” something. This is also referred to as social engineering. First the hacker finds out as much as possible about the company they’re attacking and then use that information to gain access to workstations or servers within the company,

Once they’ve actually gained access, they’ve got USB sticks to insert into workstations or servers , either loading a software into them such as trojans or keyloggers or just something that elevates rights or maybe they’re simply after just copying the data.
It all depends on how much time they have and if they’re alone. In some scenarios it might even just be a trick for them to gain access to backup tapes since all the companys data is on them .
They could also bribe janitors, cleaning staff and so on to steal backup tapes for them since they far too often will have access to the datcenters and they’re
not that highly paid.

There are a lot of tools that can simply put on a USB stick, boot up the server and you can reset administrator passwords, overwrite systemfiles (or plant a trojan or destroy them to render the server unbootable) , steal data and so on and a lot of them are surprisingly user friendly like for instance Hiren’s BootCD

A variation of this is of course people phoning someone up, claiming to be from the IT departement or Microsoft or somewhere, wanting to “help you” with a problem and asking for remote access to your computer. Once they gain access, they’ll do same things. Plant a trojan or a virus or a keylogger and the basically own the computer.

To protect your company data please always make sure you know who and why people are on site, never have anyone come near servers without supervision or the users workstations and if possible, disable any USB ports and always use password protected screen savers.

Every device on your network must also have a good antivirus running in case someone still manages to put an infected USB stick into the workstation.
Also make sure you talk the users about the hazards of giving anyone access to their computer.

If you suspect you’ve been hacked. What to do. Contingency planning

First of all, try to verify that you have been hacked and also try to find out when. In some cases you’ll have to revert to backups taken BEFORE you we’re hacked to be sure that you don’t restore a root kit or something.
This also means your backup plans and DRP plans need to take these scenarios into account so don’t be cheap with the number of generations you actually save.
You might need something from 6 months ago.

Try to find out what happened, when it happened, how it happened and have it fixed before you allow access to the server again. There’s no sense in setting the same flawed server up again. It will only be hacked again,

Don’t be afraid to make it a matter for the police. They need to know about it and they want log files and any documentation you may have.

When you get the server up and running again (or preferably before you’ve been hacked) make sure to have monitoring set up for the server. If it’s a website for instance, you want to be alerted if anything changes on in the html code for website for instance, or if the site is responding slowly (this doesn’t have to mean you’ve been attacked but could point to other problems also such as disk problems, misconfigured server settings or ..well..anything really. In any case you want to look into it.)

So , these were only a few methods and there a loads and loads more of them .

I’ve written a few other blog articles on securing servers, data centers and on brute force prevention and here’s a few links to previous articles. Most of are copied from older blogs and I do admit I haven’t nor proofread them nor formatted them for this site yet. I will. Eventually.

Articles by Juha Jurvanen on securing your server environments

Securing server environments – Part I – Physical aspects

Securing server environments – part II – Networking

Securing your Windows servers and MSExchange with an acceptable baseline security | Syspeace – Brute force and dictionary attack prevention for Windows servers

Windows Server intrusion prevention for Cloud providers and hosting providers

Should you need consulting or ideas on these questions or on backup/restore or on building cloud services / migrating to cloud services ,
I’m reachable by clicking the link below.

Juha Jurvanen – Senior IT consultant at JufCorp”>By Juha Jurvanen – Senior IT consultant at JufCorp

TLS 1.1, TLS 1.2 och SSL certifikat på Microsoft IIS Server och Exchange Server

Vad är ett SSL certifikat ?

konsult inom backup It säkerhet molntjänster SSL

Ett SSL certifikat används för att kryptera trafiken mellan en klientenhet (PC, MAC, Android , iPhone o.s.v. ) och en server. Det här är en väldigt viktig funktion både ur säkerhetsaspekter men även ur funktionalitet då många system idag kräver krypterad kommunikation för att fungera fullt ut som t.ex. Microsoft Exchange och Microsoft RDS Servers (Remote Desktop servers) .
TLS är egentligen en vidareutveckling av just SSL även om man i dagligt tal pratar om just SSL certifikat.

SSL / TLS används också för att validera att servern är den som den utger sig för att vara genom att din enhet kontrollerar med en tredje part att det här certifikatet är giltigt och att det är den serven som faktiskt har det installerat.
Enklast ser du att allt står rätt till om det står https i adressfältet i din webbläsare och att du inte har felmeddelanden kring certifikatet.

SSL är dock inget skydd mot t.ex. lösenordsattacker mot Windows Server. För den typen av skydd behövs Syspeace

Räcker det att ha SSL installerat på servern ?

Många företag tror tyvärr att det räcker men det gör det inte. I den här korta artikeln ska jag fokusera på Microsoft IIS Server d.v.s deras webbserver som finns inbyggd i Microsoft Windows Server.I en del fall nöjer man sig även med att ha bara egenutfärdade certifikat dvs dessa valideras inte av en tredje part.
Det här är absiolut inte att rekommendera i en driftsmiljö. Knappt ens i testmiljö eftersom det är en del manuell hantering och det är ofta svårt att helt efterlikna driftsmiljön.

Kontrollera er SSL installation gratis

Det finns gratis verktyg på nätet för att kontrollera status och hur ni satt upp SSL på just er IIS server.
Sök på t.ex. SSL Check på Google och ni kommer hitta många bra verktyg för detta. Personligen gillade jag eftersom den hade ett enkelt gränssnitt och bra förklaringar till de olika delarna och även som även undersöker för sårbarheter mot t.ex. POODLE.

SSL och IIS server i standardinstallation

En standardinstallerad Windows server ger vanligen betyg F dvs underkänt, även om man installerat ett godkänt SSL certifikat.

Många av standardvärdena i Microsoft IIS tillåter svaga krypteringar och SSLv2 och SSLv3, och dessa borde inte tillåtas p..g.a. risken att de kan utnyttjas till olika saker (t.ex. datastöld, s.k. Man in the Middle attacker dvs någon annan utger sig för att vara den servern som du tror att du kommunicerar med men man avlyssnar egentligen all trafik) .
Det saknas även en del viktiga inställningar i registret för Forward Secrecy o.s.v

Det behövs alltså fler ingrepp i servern och här gäller det att göra rätt och tänka på t.ex. kompabilitet mot Activesync om det t.ex. är en Microsoft Exchange server men även för Remote Desktop Server.
Det krävs helt enkelt en del ingrepp i serverns registry vilket i värsta fall kan leda till att servern slutar fungera.

Kontakta mig för hjälp och frågor

SSL och kryptering på IIS Server räcker inte

Standardinställningarna för SSL och kryptering på IIS Server räcker inte

backup disaster recovey kontinuitetsplaner SSL IT säkerhet molntjänster syspeace

IIS dvs Microosft Internet Information Server är en gratis webserver som följer med alla Microsoft Windows Server installationer om man väljer använda den. Som standard finns inga SSL certifikat men de går att lägga till och det rekommenderas starkt att man gör det .
Oavsett vad man ska ha servern till.

En vanlig metod för en hacker är att använda en MITM (Man In The Middle) attack , i praktiken går den till så att hackaren utger sig för att vara den servern som en användare tror sig för prata med (t.ex. Bliocket eller sin bank eller Facebook ) men egentligen är trafiken lurad att gå genom hackarens dator och på det sättet kan hackaren få fram all trafik som lösenord och användarnamn o.s.v.

Det här kan åstadkommas på ett antal sätt och ett av dem är just att standardinställningarna i en webserver tillåter gamla och utdatwerade krypteringar och det bör man inte tillåta från servern.

Den här artikeln på IDG väckte frågan till liv igen och ett antal nya brister s användsa av FREAK, POODLE och HEARTBLEED

Kryptering på IIS Server

Jag har sammanställt nedanstående script efter letat och läst på nätet som slår av dålia krypteringar , aktiverar TLS som det ska och helt enkelt rättar till de värsta bristerna i vart fall.
Det här gäller IIS 7 och uppåt.

Testa först hur er server är uppsatt med SSL

Enklast är att göra det via den här länken.
Skriv in ert domännamn och klicka ok .
Betyget kommer efter ett tag. Allt med en bokstav högre än B bör fixas. A är bra medans att upp nå A+ kräver en del andra ingrepp också som kan vara svårt att få till.

Säkra upp sin kryptering på IIS

Kopiera all text mellan == JufCopr Börja här == till == JufCorp Klart == , spara ner i en fil med ändelsen .reg och dubbeklicka på den . Svara ja på frågan och starta om servern.
Testa sedan en scan igen av er server igen på SSL Labs.
Glöm inte klicka i lilla texten “Clear cache” så ni inte tittar på en gammal scan av serven.

== JufCorp Börja här ==

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 56/128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 64/128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 128/128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Server]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server

== JufCorp Klart ==

Kontakta mig