Thursday, December 10, 2015

Restore a Encrypted MSSQL Backup to Another Server

1.If you want to restore a encrypted backup to another server as usual you encounter the following error
 Cannot find server certificate with thumbprint …...
2.Find the cert name : in this example vestacert
   SELECT  * FROM   sys.certificates
3.backup the cert from source server (Source encryptedserver) :
BACKUP CERTIFICATE vestacert
TO FILE = 'c:\Backup\certificate_TDE_Test_Certificate.cer'
WITH PRIVATE KEY
(FILE = 'c:\Backup\certificate_TDE_Test_Key.pvk',
ENCRYPTION BY PASSWORD = 'Password12#')
4.Create new Master Cert on UAT server if not already exist
USE master GO
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'D1ffPa$$w0rd'
5.Restore backup certs in UAT server (UATserver)
CREATE CERTIFICATE vestacert2
FROM FILE = 'C:\tmp\certificate_TDE_Test_Certificate.cer'     
WITH PRIVATE KEY (FILE = 'C:\tmp\LCMS\certificate_TDE_Test_Key.pvk', 
DECRYPTION BY PASSWORD = 'Passsword12#')
6.After this step restoring backup does not have any error and all data was readable.
7.But the funny thing is that removing encryption simply and taking new backup and restoring it on final server (Final Server) does not work and gives the following error The file "mydb_log" failed to initialize correctly. Examine the error logs for more details.
8.The correct way of removing encryption from UAT is to remove all signs like below step by step and from bottom to top
    USE master
    ALTER DATABASE mydb SET ENCRYPTION OFF
    USE mydb
    DROP DATABASE ENCRYPTION KEY 
    USE master
    DROP CERTIFICATE vestacert2 
    DROP MASTER KEY
9.Now create a new backup from UAT server and restore it to final server.
Posted by at No comments:

Thursday, July 2, 2015

8 Reasons Why Companies Like Google And Apple Buy More Domains

When the iCloud.com domain sold recently to Apple for $4.5 million, I saw a lot of shocked reactions. Many people were blown away at the price for such a domain, especially given their iCloud service was months away from starting (they launch it next week). There were similar reactions when Google made their recent purchase of G.co for $1 million. What possesses these companies to get more domains when they already have Apple.com and Google.com?
  1. Brand Reinforcement
    2. If there’s one thing most large businesses do, it’s constantly building and marketing their company brand. It’s rare to go a full day without seeing a large business commercial, print ad, sponsorship or other marketing effort. So it’s no surprise when massive money was spent by Salesforce on Force.com, by Bank of America on Loans.com, and by VistaPrint for Vista.com, all of which are merely redirected to those brands.
  2. Trademark Protection
    3. For every domain, there are dozens if not hundreds of typos, misspellings and other variations that may get some of the type-in traffic meant for it. Over time, companies have begun to understand how much traffic they potentially lose by not having these domains, so many larger companies buy them up either before launching or soon thereafter. In some cases, their typos get squatted on, causing them to go through a dispute or lawsuit to gain possession of them. Facebook recently filed a lawsuit targeting hundreds of such domains.
  3. Rebranding
    4. As unbelievable as it may sound, multi-billion dollar corporations do sometimes change their company name, even after millions of dollars spent on building their existing brand. The most famous recent example is O.co, formerly known as Overstock.com who shocked the world when they announced their new domain was in fact to be their new name. Another example was the security company Xe, formerly known as Blackwater who purchased XeCompany.com from us to rebrand. Xe was ultimately sold to another company, which their rebranding may have helped them accomplish.
  4. New Product or Service Brands
    5. Large companies always have new products and services in the works, and sometimes they like to give those new brands an added kick. Additionally, exact match domains for prominent products receive traffic those companies could miss out on without securing those domains first. Apple’s iCloud.com purchase, while massive, was a smart avoidance of a previous mistake they made when not securing iPhone.com before they released it. Salesforce in particular is a company that is constantly buying domains for future brands, with Data.comSocial.com andDo.com purchased just in the past few months.
  5. Special Promotions
    6. Most people might miss these domains, but as a domainer, I notice promotional domains everywhere I look. In the last Super Bowl, Groupon ran a “Save the Money” promotion and usedSaveTheMoney.org. Sobe has used Thrillicious for their “Thriller” themed commercials during past Super Bowls. Taco Bell uses FourthMeal.com in its commercials prompting viewers to go there late to have their “fourth meal”. These domains can stick in people’s minds even if they forget which company actually ran the ad, which is why they’re used.
  6. Smaller Offshoot Websites and Projects
    7. Some companies large and small diversify to extremes, not only releasing new primary products and services but quietly releasing or backing smaller websites or projects. In these cases usually a smaller purchase happens. Two recent examples are Prizes.org (a crowdsourcing site) andWDYL.com (an experimental search engine project), both backed by Google.
  7. Search Engine Optimization
    8. Larger companies usually don’t need domains for this purpose as they typically get enough natural SEO from their huge web presence and natural incoming links. However, many smaller and midsize businesses buy domains for the purposes of ranking higher for some of their targeted terms. Usually these purchases are of exact keyword matching domains, likeCarInsuranceRates.com to target the term Car Insurance Rates. Domains that are well-aged, have high Google page rank, have SEO-boosting directory listings like DMOZ or have many strong backlinks are other targets for companies looking for domains that can help their search rankings.
  8. Miscellaneous Uses
    9. Twitter’s popularity has singlehandedly spawned the trend of companies having their own URL shortener domain, one of a number of different miscellaneous uses for a domain. Google’s G.co, Twitter’s T.co and WordPress’s WP.me are examples of this. Some other uses are nameservers (GoDaddy’s DomainControl.com for customer nameservers), email (Apple’s Me.com, Yahoo’sYmail.com) and customer interface (Rackspace’s MyRackspace.com).
Posted by at No comments:

Wednesday, February 4, 2015

Quick Tips: Securing Your WordPress Site

WordPress is the most used open-source platform nowadays for any type of websites: whether it is blog, CMS or any other custom solution. WordPress is naturally based on PHP (among other languages), so, as a PHP developer I always make sure to cover/apply some tips for WordPress to make secure and speedup the site which I develop. In this WordPress tutorial you will find tips and tricks for securing WordPress and otimizing your WordPress blog.
This section will going to cover the tips related to securing your WordPress site. Tips includes protecting files, login restriction, WordPress admin restriction, database protection, etc.

Security Tip 1: Stay Updated

The most important tip for securing the self hosted WordPress websites is also the most obvious; WordPress provides updates with security fixes all of the time. When you get the notification in admin panel, don't ignore it! It's the single most effective way to secure your site from attacks, and yet so many people leave their site (and their client sites) un-updated for fear of breaking their themes and/or plugins.
Here's the real tip though: If you themes and plugins don't work with the latest version of WordPress, they're probably not all that secure to begin with ;)

Security Tip 2: Create Custom Secret Keys for Your wp-config.php File

All of the confidential details for your WordPress site are stored in the wp-config.php in your WordPress root directory. Secret keys are one of the bits of information stored in that file... so make sure you change the default secret keys to something else.

Security Tip 3: Change the Database Prefix
A lot of the basic setup stuff for WordPress is the same across lots of sites... especially if you use a one-step install wizard through your webhost. This is super convenient, but lots of common setup values like, your database prefix(es), are known to hackers as a result. If you don't change the database prefix, the table names of your site's database are easily known to the person who trying to hack your site.

Security Tip 4: Protect Your wp-config.php File

As mentioned earlier, the wp-config.php file contains all the confidential details of your site. So it's pretty important that you protect it at all costs. An easy way to protect this file is to simply place the following code in your .htaccess file on your server.

Security Tip 5: Protect Your .htaccess File

We can protect our wp-config.php file as mentioned above, but what about protecting the .htaccess file itself? Don't worry, we can use the same .htaccess file to protect itself from being preyed upon. You just need to place below code in your .htaccess file.

Security Tip 6: Hide Your WordPress Version

Another good idea is to remove the generator meta for the WordPress. This meta shows the version of your WordPress site. If you have enabled the WordPress version, then hackers will know the security lacking of your website. If you absolutely can not update your WordPress version (tip #1), this is a good failsafe to at least hide the fact that you're not on the most current version.
To do this you need to place below code in function.php of your active theme.
You can go one step further and additionally remove it from RSS feeds using this:

Security Tip 7: Install WordPress Security Scan Plugin

This is a good plugin which scans your WordPress installation and give the suggestion accordingly. This plugin will check for below things:
  • Passwords
  • File Permissions
  • Database Security
  • WordPress Admin protection

Security Tip 8: Limit The Number of Failed Login Attempts

This nice plugin can limit the number failed login attempts; Useful in case of someone is trying to guess your password manually or using a robot.

Security Tip 9: Ask Apache Password Protect

Here is one more good plugin provided by the Ask Apache. which gives you more control over your blog in terms of security.
You can protect your site with 401 authorization in easy steps. All these you can manage from the WordPress admin panel.

Security Tip 10: Don't Use "admin" As Your Username (and Pick Strong Passwords)

This one's perhaps the easiest of them all - WordPress normally will setup your main admin account name as "admin", so it's usually the first username that hackers will try using. As of version 3.0 you can change this during the initial setup, but it's easy to forget that you can go back and change it even if you setup your site before version 3.0. So, pick a new name other than admin ;)
Additionally, picking strong passwords for all of the users on your blog (and your MySQL database) are fundamental ways to boost your security. Use the Strong Password Generator if you can't come up with one on your own.

Security Tip 11: Last but not Least, Backup!

I have placed the backup as the last item here. but don't consider it as a less important. Regular backup of your site will make you fill safer than any other above. There are several plugins available for WordPress which manage the backup for you.
Here are some free plugins for WordPress backup.
But if you are more serious about the backup for your blog then you should go with the paid solution. The two biggest premium solutions out there right now are Backup Buddy and VaultPress.

Conclusion

There are many more tips and tricks to go with this, but I've tried my best to present the best "bang for your buck" tips for anyone out there just looking to get started with WordPress security. Be sure to check out our other WordPress security articles for more information! Share your thoughts on this below!
Posted by at No comments:
Subscribe to: Posts (Atom)