This was posted just to share an experience of tackling a problem we encountered when we needed to connect an SSRS Server 2016 to an older SQL Server database (Windows Server 2008 R2) and what steps we took to troubleshoot the issue. After all the reports were migrated to the new SSRS server, upon creating a new Data Source, I got an error message something along the line to enter the user id … [Read more...]
Basic Security Practice with Password
After one client was notified that her passwords were found in a data leak and may compromise the accounts from her iPhone: Compromised... Some of your passwords have appeared in a data leak, putting those accounts at high risk of compromise. iPhone can help... It turns out, other than the password was to easy to guess, it was also due to password reuse. Of course the immediate … [Read more...]
How to Enable Secure HttpOnly Cookies in IIS
Session cookies are often seen as one of the biggest problems for security and privacy with HTTP, yet often times, it's necessary to utilize it to maintain state in modern web applications. By default, it is insecure and vulnerable to be intercepted by an authorized party. Cookies typically store session identifiers that may offer full access to an account, therefore if a cookie is intercepted, … [Read more...]
How to Setup HTTP Strict Transport Security (HSTS) on IIS
HTTP Strict-Transport-Security (HSTS) response header is used to tell browsers that the particular website should only be accessed solely over HTTPS. This is a powerful feature that is easy to implement to mitigate the risks for the communication to be intercepted by hackers and keep your website visitors safe. Enabling HTTP Strict Transport Security on IIS See the steps below to enable HSTS on … [Read more...]
How to Enable TLS 1.2 as the Default Security Protocol on Windows Servers
Transport Layer Security (TLS) are cryptographic protocols designed to provide communications security over a computer network, typically between a website and a browser. TLS 1.0 and its deprecated predecessor, SSL are vulnerable to some well-known security issues such as POODLE and BEAST attacks. According to NIST, these vulnerabilities cannot be fixed or patched, therefore all companies, … [Read more...]