Category: Windows 10

What are Cipher Suites Explained

What are Cipher Suites Explained

Cipher Suites

Cipher SuitesSo when I mention Cipher suites, most people will find the nearest hole to hide in or think its an encryption protocol. But do you really need to know what Cipher Suites are and how they work. Well yes and no. You should have an overall understanding as these ciphers protect your communication channels between servers, websites or applications. Cipher suites are not indestructible and ciphers have been exposed to vulnerabilities.

What it is?

Cipher suites are used in TLS and SSL protocols. They are fundamentally based upon the HMAC (Keyed hash Message Authentication Code which used a cryptographic hash function and a secret cryptographic key)

How it works?

There are many ciphers available and it is the responsibility of the server to select a cipher to communicate upon. This is accomplished by  the client sending a list of available cipher it supports in order of preference to the server in a process called handshaking where the client says “hello” to the server and the server replying with “hello” and replies with the cipher suite it has selected.

What does it look like?

A cipher suite at first glance may look like a jumble of words, but lets break an example down:

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

The first section is stating what protocol the cipher is, so in our case TLS.

The second section states the key exchange algorithm ECDHE_RSA determines how the client/server will authenticate.

The third section states the bulk encryption algorithm in our case AES_128_GCM. This determines how to encrypt the message including key size.

The last section states the hash algorithm that is used to create the cryptographic hash of each block and in our case it is SHA256.

What about Null Cipher suites?

Well you may have come across Null Cipher Suites especially working with DirectAccess. When the word Null; is mentioned it is quickly seen as a secuirty risk. So lets discuss a Null Cipher suite. Null Cipher suites are encrypted however it is seen as an ancient form of encryption which always gets flagged up on audits. The message stream is encrypted with plain text and not random gibberish that you would expect for example:

KamHussain if encrypted using Null Cipher’s could look like:

Kangaroo Ant Mammoth Hyena Unicorn Seagal Seagal Alien Neptune

As you can see from above the message is encrypted, the first letter of each word if taken away makes up KamHussain.

So is this secure, well lets say you wouldn’t want to use this unless you have a specific requirement.

 

Creating a Certificate Signing Request using Windows 10

Creating a Certificate Signing Request using Windows 10

Creating a Certificate Signing Request using Windows 10

certificateCreating Certificate Signing Requests or CSR’s can be a daunting task, you don’t want to get it wrong as it can costs you, literally. Usually many administrators head over to IIS and create a request using the IIS management console. This will of course work but you may end up creating a SHA1 request, with no option for SHA2

I have however noticed Windows 10 being able to create CSR’s with all the latest cryptography and key lengths, as well as it being a breeze to process.

To get started you need to open the Certificate management console. Hit “Windows Key” + “R” and type “MMC” into the run window, now hit enter. Alternatively if you click “Start” and search for “Certificates” and click on “Manage Computer Certificates

 

Once the certificate console has opened, expand the personal store and right click on Certificates. Click All Tasks > Advanced Operations > Create Custom Request.

 

In the window click Next

Now click Next

 

Choose Proceed without enrollment policy and click Next

 

Click Properties

 

Now enter a Friendly Name (this can be anything, but something that you can use t easily identify the certificate) and enter a description.

Click the Subject tab

Important!!!

If you fail to enter the basic information like the image on the left, your certificate request will be invalid. You must enter:

Common Name – (this is the URL)

Organisational Unit – Department

Locality – Area e.g. Westminster

State – Area e.g. London

Country – this must be the two letter abbreviation for the United Kingdom use GB

To find your 2 letter country code click here

Finally enter the Alternative name DNS. This should be exactly the same as your URL.

 

Under the Extensions tab, select Server Authentication and Client Authentication for Extended Key Usage.

 

Under Key Usage select Digital signature and Key enciphement

 

Click the Private Key tab, select 2048 for Key Options and check Make private key exportable

Under Hash Algorithm select SHA256

Click OK and Next

Save your file as a .req

Validate your CSR

That’s pretty much it. You can verify that your request file is valid by opening it, copying the data and pasting it into the Symantec Crypto Report validation site click here .

Once you receive your certificate file it MUST be imported onto the computer where the CSR file was created as the private key exists on this machine and is never transmitted within the CSR. You can then export the certificate to any machine as it’s private key was marked as exportable.

Printing Errors

Printing Errors

If you ever face issues with printing, in most cases the print driver is the culprit. It’s always best to restart the computer which in turn restarts the print spooler service that controls printing. If this fails and you continue to receive errors ensure that the printer is turned on and power cycle the printer. Failing this you can forcefully remove all print drivers safely from your computer which does resolve most issues which are encountered. Print drivers can be temperamental and difficult to diagnose, googling can leave you chasing your tail without no avail. Before progressing ensure you have a copy of your print driver which is available from the manufactures website. Newer printers are able to download their drivers automatically. The print repository has remained the same with Windows 10.

Removing print drivers

1. Stop the Printer Service (Spool)

Click Start and type ‘services.msc’ or press the Windows  + R keys on your keyboard and in the Run box type ‘services.msc’

Find the ‘Print Spooler’ services from the services window. Right click the print spoiler service and click ‘Stop’.

2. Remove all print drivers

Click the Windows + R key on your keyboard and now in the run box type the below path and press enter

C:\Windows\System32\spool\drivers\x64\3

Within this directory, select all the files and delete them, some files may not delete but you can safely ignore this. If you receive errors abou the files still in use ensure that step one was compeleted and the print spooler service is stopped.

3. Restart the print spoiler service

As with step one, head back into the services window but now right click the ‘Print Spooler’ service and click ‘Start’

4. Install your Print Drivers again.

In most cases your printers will remain, so you can head into Control Panel > Devices and Printers. To get to Devices and Printers, again press the Windows Key + R on your keyboard and type ‘Control’ the in the Control Panel window click on ‘Devices and Printers’.

Your printer should show up again in most cases, so you can right click on your printer and click ‘Printing Properties’ in the properties window click ‘Print Test Page’, you will be promoted to install your print driver again, most newer printers will automically install the latest drivers, otherwise you will need to select your print driver you downloaded from the manufactures website or run the executable file that you download and following the wizard.

If your printers don’t show up automatically your will need to add them again.

Alternatively stopping the print spooler service and running the below command will remove all your print drivers.

Note: You will need to install print drivers for all your printers not just the printer you are having issues for as we have removed all the print drivers from the Windows repository.

Run the below command as an Admin:

printui /s /t2

 

Uninstall a Windows HotFix

Uninstall a Windows HotFix

Removing a Windows hotfix

To uninstall a Windows hotfix, locate the KB hotfix number and run the below PowerShell command:

function Uninstall-Hotfix {
[cmdletbinding()]
param(
[string] $computername,
[string] $HotfixID
)            
 
$hotfixes = Get-WmiObject -ComputerName $computername -Class Win32_QuickFixEngineering | select hotfixid            
 
if($hotfixes -match $hotfixID) {
    $hotfixID = $HotfixID.Replace("KB","")
    Write-host "Found the hotfix KB" + $HotfixID
    Write-Host "Uninstalling the hotfix"
    $UninstallString = "cmd.exe /c wusa.exe /uninstall /KB:$hotfixID /quiet /norestart"
    ([WMICLASS]"\\$computername\ROOT\CIMV2:win32_process").Create($UninstallString) | out-null            
 
    while (@(Get-Process wusa -computername $computername -ErrorAction SilentlyContinue).Count -ne 0) {
        Start-Sleep 3
        Write-Host "Waiting for update removal to finish ..."
    }
write-host "Completed Uninstall of $hotfixID"
}
else {            
 
write-host "Hotfix($hotfixID) not found"
return
}            
 
}
 
 
 
Uninstall-HotFix -ComputerName PC1 -HotfixID KB3068708