Wednesday, June 24, 2015

How to use Remote Desktop to access Windows Server 2012 from Windows 7 with TLS 1.0 Disabled

After securing a Windows Server 2012 box with TLS 1.0 disabled per PCI-DSS 3.1 requirements, I found that I could only connect to it through Remote Desktop (RDP) from a Windows 8.1 or Windows 10 client.

The problem was this: all attempts to connect through the LAN via Remote Desktop from Windows 7 were met with "This computer can't connect to the remote computer. Try connecting again...etc."

The Server 2012 Standard (not R2) computer is running the most simple Remote Desktop mode accessed through Computer/Remote Settings as shown below.


I went through rabbit trails with firewall settings, Remote Desktop Services (which I did not install) turning on and off the 'Allow connections only from computers running Remote Desktop with Network Level Authentication', using Select Users - none of them worked.

During extensive searching I ran across a some discussions of TLS and RDP on Windows 7. I found that we had RDP 7.1 on the Windows 7 sp1 computer and RDP 8.0 was an optional download through Windows update. RDP 8 apparently has support for later TLS versions beyond the disabled  TLS 1.0. RDP 8 for Windows 7 is discussed here: https://support.microsoft.com/en-us/kb/2592687.

Solution: After installing the KB2592687 update (an optional update in Windows update), rebooting and installing even more updates triggered by that update, RDP 8.0 client was installed and connected normally to the Windows 2012 server.

There is also an RDP 8.1 client only update KB2830477 that I may install later but for now I can Remote Desktop in to the Server 2012 box from Windows 7 without any apparent problems.

More info on RDP 8.1 for Windows 7 including prerequisites: http://blogs.msdn.com/b/rds/archive/2013/11/12/remote-desktop-protocol-8-1-update-for-windows-7-sp1-released-to-web.aspx

Monday, June 15, 2015

NetScanTools Pro v11.70 released on Friday, June 12, 2015

Version 11.70 was long overdue but we made many changes and added a new tool called the DNS Traffic Monitor. This new tool shows you the percentage of query allocations or loading experienced by each default DNS assigned to your system. It also shows you any outgoing DNS queries to DNS that are not in your default list.



This release completes the transition of moving all the code to VC2012. The next move will be to VC2015 when it is finally released. All development has now been transitioned to Windows 8.1. It may be one of the last releases to support Windows XP.

Additionally, each separately launched tool has been changed to conform to a new look and feel. The DNS Traffic Monitor is one example of the look - here are a couple others:

Passive Discovery

SNMP Scanner
 
The demo version will be updated to 11.70 soon. If you have an active maintenance plan you can get 11.70 by clicking on Help/Check for New Version.

Wednesday, June 10, 2015

Win10Pcap - a WinPcap fork

Today Gerald Combs graciously forwarded me an announcement about a new fork to WinPcap called Win10Pcap based on NDIS 6. I immediately tested it with Wireshark and NetScanTools Pro.

Since this fork uses a different kernel mode driver name - ie, NOT npf.sys, Wireshark shows the popup message "The NPF driver isn't running. You may have trouble capturing or listing interfaces.". However, even though this message shows Wireshark will run because Wireshark loads packet.dll and wpcap.dll - these two DLL interfaces are unchanged (the WinPcap SDK interface is supposedly unchanged) so no matter what the driver is called, it starts. So, yes, Wireshark 1.12.5 appears to run with this fork of WinPcap.

That brings me to NetScanTools Pro. Not only does NetScanTools Pro capture packets (like Wireshark), it also sends packets. I tested the ARP, Ping and Traceroute tools that depend on WinPcap for sending packets. They appeared to work OK.

I was just about to release NetScanTools Pro 11.70, so I was able to make my test for active running npf.sys also test for the new service name - so that means NetScanTools Pro will be able to detect either the official WinPcap 4.1.3 and successors or this new fork.

Note that old WinPcap 4.1.3 DOES WORK FINE on later releases of Windows 10 builds based on NDIS 5. So it's your choice as to whether you need to use this new fork.

You may download this new WinPcap fork from http://www.Win10Pcap.org/ however, since they use GPLv2 instead of BSD license as WinPcap has historically done, we will not be including the installer with NetScanTools Pro.

Congrats to the author of Win10Pcap! (but what happens to the name when Win 11 is released?)