SharePoint 3-tier On Premises installation

This post is a complete solution for setting up SharePoint 2016 on-premise. Most of the documents available online do not provide a complete solution/steps to install SharePoint 2016 with all of the prerequisites to be installed manually. Also, troubleshooting steps are provided for some of the most common mistakes done while installing.

The Three-Tier Architecture

https://i-technet.sec.s-msft.com/dynimg/IC378512.gif

This post is based on the setup on to a virtual machine based environment and will guide you how to set up the SharePoint server 2016 in your VM environment. If you are looking for the similar setup into your physical machines then please do consider checking hardware and software requirements required, supported system, storage system and finally networking.

This document is a simplified guide written to cover all aspects and scenarios encountered while setting up the prerequisites for SharePoint 2016, system requirements, errors and problems faced during set up.

In this guide we will use Windows 2k12 R2 server as an example and explain the detailed procedure.

Prerequisites:

1. A Windows 2k12 server file (Windows_server_2012_r2_with_update_x64_dvd.iso)

According to your requirement and the installation scenario use the below configurations:

Installation scenario Deployment type and scale RAM Processor Hard disk space
Single server role that uses SQL Server Development or evaluation installation of SharePoint Server 2016 with the minimum recommended services for development environments. Use the Single-Server farm role that will let you choose which service applications to provision. For additional information on Single-Server farm role, see Overview of MinRole Server Roles in SharePoint Server 2016 16 GB 64-bit, 4 cores 80 GB for system drive100 GB for second drive
Single server role that uses SQL Server Pilot or user acceptance test installation of SharePoint Server 2016 running all available services for development environments. 24 GB 64-bit, 4 cores 80 GB for system drive100 GB for second drive and additional drives
Web server or application server in a three-tier farm Development or evaluation installation of SharePoint Server 2016 with a minimum number of services. 12 GB 64-bit, 4 cores 80 GB for system drive80 GB for second drive
Web server or application server in a three-tier farm Pilot, user acceptance test, or production deployment of SharePoint Server 2016 running all available services. 16 GB 64-bit, 4 cores 80 GB for system drive80 GB for second drive and additional drives
https://technet.microsoft.com/en-us/library/cc262485(v=office.16).aspx#Anchor_1

2. Active Directory Server in the same Domain where you will be installing SharePoint 2016 Server

3. SQL Server 2014 (SQLServer2014SP2-Full-x64-ENU.iso)

4. SharePoint server 2016 with license (SharePoint_server_2016_x64_dvd_8419458.iso)

Note: Here in this lab I have used SharePoint 2016 180 days trial licenses and into windows servers I have used my MSDN licenses but in your environment you may have different types of licenses so take a brief look at its limitations as well before using them.

Install Windows 10, and Windows Server 2012 R2 update: April 2016.

All the steps are explained in detail with pictures below:

Step 1:

As we are using Windows Server 2012 R2 in our example, let’s update the server with all the latest available updates, the updates can vary depending upon the win2k12 r2 iso file you have.

It’s recommended to install all the latest available updates from Microsoft.

updates_windows2k12

Once the system is updated restart the server.

Step 2:

Install the Active Directory server on Win2k12 R2 server. The step by step procedure to set it up is given here: https://support.rackspace.com/how-to/installing-active-directory-on-windows-server-2012/.

AD server is one of the prerequisites which needs to be installed on the same domain where the SharePoint server will be installed.

Once AD is installed properly the System is ready for step 3.

Step 3

In order to install and configure SQL server 2014 you need to install .NET framework 3.5 first, which can be installed as shown below.

* Click on Server Manager–>Manage–>Add Roles and Features–>Select Features tab as shown below.

DOTNET3.5 install * Select .NET Framework 3.5 Features and include the (.NET 2.0 and 3.0) by clicking on the check boxes and click –>Next–>Install

* The installation will take around 1 – 3 minutes.

Step 4

After installing the .NET Framework 3.5, which is a requirement for SQL2014, begin installing the SQL 2014 server on the Win2k12 Server.

  • Mount the SQLServer2014SP2-Full-x64-ENU.iso and click on “Setup” application.

Install SQL2014

  • Now a popup screen appears in which you have to select the option “Installation –>New SQL server stand alone installation or add features to an existing installation”.

Click on New

  • The next popup will ask for entering product key or Evaluation i.e. free period of 180 days, select which ever is suitable for you and click Next.

product key

  • Read and accept the License terms then Click Next.
  • Once you click on Next it will check for the prerequisites of SQL 2014, verify if all the prerequisites are met and continue by clicking Next.
  • Click on Next for all the screens till Feature selection, leaving the settings to default, ignore few warnings.
  • In Feature selection, you need to select “Database Engine Services” and “Management Tools complete” then click Next as shown below.

management tools and database engine

  • The next screen is for the configurations, leave it to default which is the Feature Rules, Click on Next.
  • In the Server Configuration section, provide the Account name as your Windows login name and set to automatic. If the credentials are correct you can go to the next screen, or it will throw an error after clicking on Next.

Server config

  • Once you move on to next screen you need to do the database configurations. We need to specify authentication mode for the Database engine which is Windows authentication mode. Select on “Add current User” to add a user under specify SQL server admin section. Click Next.

DB config

  • We are almost done for the installation, now check the summary in Ready to install Window and Click on Install.
  • The installation of SQL Server 2014 will begin, check the progress which will take 10-15 minutes.

SQL 2014installation

  • Check for the success status after installation and Click on the close button to finish the installation.
  • Now let’s do a few changes to the SQL server instance installed on the server. Go to –>SQL server management studio–>Connect using Windows Authentication, which connects to the SQL Server 2014 installed on the server.

connect to SQL studio

  • Right click on the Server Name –>Properties from the Object Explorer, as shown below.
  • Click on Security–>Logins–>Right Click on the Windows login and select server roles. Assign roles “dbcreator” and “securityadmin” check boxes and click OK.

Set server roles

  • Assign the roles “dbcreator, securityadmin, and sysadmin” for “NT Authority\SYSTEM” i.e system account and the same for SQL server “NT SERVICE\MSSQLSERVER”.
  • This completes the SQL Server 2014 installation.

Step 5

Once the SQL 2104 Server is installed we are ready to start with the SharePoint Server 2014 installation.

There are some prerequisites for the SharePoint 2016 which need to be installed before directly installing SharePoint 2016. Follow the steps below which will make it easy for installing all the required components.

  • First mount the file. (SharePoint_server_2016_x64_dvd.iso)
  • There are different methods to install the prerequisites for SharePoint 2016 which may be running the ready prerequisites installer or the offline method. Normally I would prefer using the offline method because using the ready prerequisites installer will not always work fine and also not reliable. So, let’s follow the Offline method of installing the prerequisites.
  • Before proceeding with the Offline SharePoint 2016 installer, let’s try running the installer that is available with the SharePoint_server_2016_x64_dvd.iso mounted file. The prerequisiteinstaller looks like as shown in the image below.

mounted files sharepointserver2016

  • Run the installer prerequisiteinstaller application which will try to install all of the necessary components required for SharePoint 2016. The prerequisite components include the components below:

• Application Server Role, Web Server (IIS) Role
• Microsoft SQL Server 2012 Native Client
• Microsoft ODBC Driver 11 for SQL Server
• Microsoft Sync Framework Runtime v1.0 SP1 (x64)
• Windows Server AppFabric
• Microsoft Identity Extensions
• Microsoft Information Protection and Control Client 2.1
• Microsoft WCF Data Services 5.6
• Microsoft .NET Framework 4.6
• Cumulative Update Package 7 for Microsoft AppFabric 1.1 for Windows Server (KB3092423)
• Visual C++ Redistributable Package for Visual Studio 2012
• Visual C++ Redistributable Package for Visual Studio 2015

  • Click on Next in the installer and accept the License terms then proceed. Normally this fails to get installed and the error which appears as given below:

prereq error

  • Now, do not worry if this prerequisiteinstaller throws an error. Let’s start with the Offline method for installing SharePoint 2016 prerequisites.
  • There is a slight difference in the prerequisites in SharePoint 2016 when compared to SharePoint 2013.
  • let’s first download all of the prerequisites which are listed above in Step 5 and as shown in the above diagram.
  • First, let’s run the setup file from the mounted location of SharePoint 2016.iso.
  • This step will help us understand the prerequisites required to continue the installation of SharePoint 2016. The image below will give us a clear picture of what prerequisites are still required by the installer.

Setup_Run_for_prereq

  • There are 6 components which need to be installed as a prerequisite before triggering the actual SharePoint 2016 installation process. Now, let’s download the required components using a PowerShell script, which will directly download from the Microsoft trusted site.
  • The Script can be downloaded from the link below. Save the file as .ps1 file. (powershell executable file)

Download-SP2016PreReqFiles

Open PowerShell as administrator and run the command as shown in the figure below:

Run the PoweerShell script from the location where the file is saved. Ex: ” Desktop>.\Download-SP2016PreReqFiles.ps1 ”

runscript

 

Note: Before running the script, create a folder inside C:\ or any desired folder where you want to download the prerequisites file, once the download is completed you will see all of the files in the folder you have given. (here C:\Pre is the folder name)

download complete_prereq

The above picture shows successful completion of the prerequisites and all components downloaded into the given folder.

Note: The script does not include 2 components, they are: Microsoft WCF Data Services 5.6 and Cumulative Update Package 7 for Microsoft AppFabric1.1 Windows Server (KB3092423), which can be downloaded from the trusted Microsoft locations https://www.microsoft.com/en-in/download/details.aspx?id=39373 and https://www.microsoft.com/en-us/download/details.aspx?id=49171 respectively.

  • Download and keep all of the components in a single folder and let’s begin with the installation of the components individually.
  • Except for Windows AppFabric and its patch, all the components can be manually installed by double tapping on those applications. To install Windows AppFabric and patch, we need to run a command which will be covered below.
  • Let’s begin first by installing the MicrosoftIdentityExtensions-64 as shown below.

Microsoft identity applications

  • After Microsoft Identity Extensions installation, install the Microsoft Sync framework Runtime.

Sync framework runtime install

  • Now install the third component i.e MSIPC (Active Directory Rights Management Services)

MSIPC install

  • Reboot the Win2k12 R2 server after all of the components are installed.
  • Let’s install the forth component i.e Windows Server AppFabric using the PowerShell script as given below.
.\WindowsServerAppFabricSetup_x64.exe /i CacheClient","CachingService","CachingAdmin /gac

windowsserverAppfabricAfter installation, restart the Win2k12 R2 server.

  • After restarting the server, install the AppFabric update7 patch by double clicking on the application as shown below. Before installing the AppFabric application –>Right click–>Unblock the file. This is a mandatory step which needs to be done before installing a file which is downloaded from outside.

Appfabric patch update7

  • Now again restart the Win2k12 R2 server.
  • After reboot now install WCF data services by double clicking on the application directly. Before installing the WCF application –>Right click–>Unblock the file. This is a mandatory step which needs to be done before installing a file which is downloaded from outside.

WCF data services

  • After installing the components, restart the Windows2k12 R2 server and again run the Setup to confirm if all the prerequisites are met. If the screen appears as below then all the prerequisites are met.

Valid Produck Key

Note: Most of the prerequisites like sqlncli and .NET framework 4.6 will be installed when Windows update is performed, hence update is a necessary step which takes care of most of the prerequisites.

  • Enter a valid Product key and then accept the license terms. Accept and click on Continue–>Install.
  • Installation of Microsoft SharePoint Server 2016 will take 10 -15 minutes.

SharePoint2016 installation progress

  • After the installation is successful, click on Finish and a configuration wizard appears as below.

Welcome to sp config

  • Read the information and click on Next, then select Create new server farm from the next window, Click Next.
  • Specify the configuration Database settings as shown below by providing the server ip address (Database server), Database name of your choice and then username and password for database login. Then click Next.

Sharepoint config wizard

  • Once the port is configured, specify a server role, here we use Single-Server Farm, then click Next.

Sharepoint config

  • Specify the port for the web application and configure security settings as NTLM or Kerberos for authentication and then Next.

ConfigureSP central admin web app

  • Verify the configuration and click Next.

Completing the Configuration settings

    • Click on Next after verifying and the configuration will begin which will take around 10-15 minutes to finish.

Configuring

Note: Troubleshooting: If the configuration fails with the following failure message as shown below, then while installing WCF data services and AppFabric you have not unblocked the files. Now unblock both the files and reinstall them. Restart the Win2k12 R2 server and begin the configuration again.

Config failed-troubleshooting

  • Once the configuration is successful, Click on Finish as shown below. After which a window appears in the browser which asks for authentication. Enter the username and password provided as authentication for database and Click OK.

authentication

  • After successful authentication, a Welcome screen appears as shown below.

Sharepoint site welcome screen

  • Start the Wizard and select “use existing managed account” and click Next. After clicking on next this will take a while to set it up. (10-15 mins)

Use existing account

  • Finally a Create Site Collection screen appears in which you can create your desired site. Then click OK.

Sitecreation window

  • This step successfully completes the Farm configuration. SharePoint 2016 installation and configuration is completed click Finish.

Finish

This is the final step for the SharePoint 2016 server setup. These steps are tested on a virtual machine environment with 100% success rate more than 10 times. So there is a maximum chance for the above provided steps to work on your environment. Also some of the troubleshooting steps are mentioned in the article which will help you to handle the problem.

Feel free to post any comments on this or if you get stuck between any steps.

You can take the following MVA courses if you are stocked at any time.

https://mva.microsoft.com/en-US/training-courses/initial-implementation-of-sharepoint-server-10342?l=zofRht16_505095253

https://mva.microsoft.com/en-US/training-courses/developing-sharepoint-server-core-solutions-jump-start-8262?l=bSwfjnKy_8204984382

https://mva.microsoft.com/en-US/training-courses/developing-sharepoint-server-advanced-solutions-jump-start-8238?l=D2NU8mJy_9804984382

https://mva.microsoft.com/en-US/training-courses/plan-and-configure-user-access-for-sharepoint-2013-11323?l=7XG3wN5CB_9105095253

https://mva.microsoft.com/en-US/training-courses/deep-dive-building-blocks-and-services-of-sharepoint-8933?l=H1H3ZFC3_2704984382

Reference links:

https://technet.microsoft.com/en-us/library/cc262485%28v=office.16%29.aspx#section4

https://technet.microsoft.com/en-IN/library/cc262957.aspx

For High Availability you may consider looking at the below picture for system reference

https://www.sharepointeurope.com/media/387321/a_high_availability_architecture_550x343.jpg

This poster describes the SharePoint Online, Microsoft Azure, and SharePoint on-premises configurations that business decision makers and solutions architects need to know about.

Item Description
SharePoint Online, Azure, and SharePoint on-prem configurations

PDF file PDF  |  Visio file Visio

This poster describes four architectural models:

  • SharePoint Online (SaaS) – Consume SharePoint through a Software as a Service (SaaS) subscription model.
  • SharePoint Hybrid – Move your SharePoint sites and apps to the cloud at your own pace.
  • SharePoint in Azure (IaaS) – You extend your on-premises environment into Microsoft Azure and deploy SharePoint 2016 Servers there. (This is recommended for High Availability/Disaster Recovery and dev/test environments.)
  • SharePoint On-premises – You plan, deploy, maintain and customize your SharePoint environment in a datacenter that you maintain.

This poster shows the recommended MinRole topologies in a SharePoint on-premises environment.

Item Description
Click to view and download this poster about SharePoint Server MinRole topologies.

PDF file PDF  |  Visio file Visio

This poster shows the different recommended MinRole topologies that can be deployed in a SharePoint Server 2016 environment. It also shows the associated services that are provisioned with each role type.

This poster shows the databases that support SharePoint Server 2016.

Item Description
This is a thumbnail fo the SharePoint Server 2016 databases poster.

PDF file PDF  |  Visio file Visio

This poster is a quick reference guide to the databases that support SharePoint Server 2016. Each database has the following details:

  • Size
  • Scaling guidance
  • I/O patterns
  • Requirements

The first page contains the SharePoint system databases and the service applications that have multiple databases.

The second page shows all of the service applications that have single databases.

For more information about the SharePoint Server 2016 databases, see Database types and descriptions in SharePoint Server 2016

These posters describe search architectures in SharePoint Server 2016.

Item Description
Search Architectures for SharePoint Server 2016

Poster with an overview of the search components and search databases, how they interact, and an example of a search architecture built of these components and databases.

PDF file PDF  |  Visio file Visio

This poster gives an overview of the search architecture in SharePoint Server 2016. It describes the search components and databases in the search architecture and how these interact. It also shows an example of a medium-sized search farm.
Enterprise Search Architectures for SharePoint Server 2016

Poster describing the search components and databases, three model architectures for enterprise search, hardware requirements and scaling considerations.

PDF file PDF  |  Visio file Visio

This poster gives an overview of enterprise search architecture in SharePoint Server 2016. It shows sample search architectures for small, medium, and large-sized enterprise search farms. It also gives scaling considerations and hardware requirements.
Internet Sites Search Architectures for SharePoint Server 2016

Poster describing the search components and databases, a model architecture for Internet sites search, hardware requirements, scaling considerations, and performance considerations.

PDF file PDF  |  Visio file Visio

This poster gives an overview of the search architecture for Internet sites in SharePoint Server 2016. It shows a sample search architecture for a medium-sized search farm. It also gives performance considerations and hardware requirements.

Install Windows 10 IoT Core for the Raspberry Pi

Disclaimer: This is not my original work, just a collective effort for all IoT learners support. The credit for the original writer has been included at the end of the post.

In this tutorial, I will be going through the process of installing and setting up Windows 10 IoT Core for the Raspberry Pi.

For those who don’t know Windows 10 IoT Core is a version of the Windows 10 operating system built just for IoT devices such as the Raspberry Pi. This is very useful if you plan on utilizing something like UWP to write your application, it also gives you access to Windows 10’s core, and its wide variety of features.

I very briefly go into coding and pushing applications to the device. If you need to learn more about how to do things, then I highly recommend looking at some of Microsoft’s documentation as it is very thorough.

Please note to complete this tutorial you will need either a Raspberry Pi 2 or a Raspberry Pi 3. This is unsupported on other versions of the Raspberry Pi.

Take a look at this Video Tutorial. https://www.youtube.com/watch?v=YSVofU4Hu5o

Equipment

To be able to install Windows 10 IoT on the Raspberry Pi correctly you will need the following pieces of equipment.

Recommended:

Raspberry Pi 2 or 3

Micro SD Card

Ethernet Cord

Optional:

Raspberry Pi Case

USB Keyboard

USB Mouse
You will also need a computer running Windows 10 to be able to complete the following process.

Installing Windows 10 IoT on your Raspberry Pi

1. To begin, we will first need to download and install the Windows 10 IoT Core Dashboard. To download this, we just need to go to the Windows 10 IoT website here.
This piece of software is what will download the correct system for our Raspberry Pi and format it.

2. Insert your SD card into the computer or laptop’s SD card reader and check the drive letter allocated to it, e.g. G:/. You will need to know this to ensure that you are formatting the correct drive, as you don’t want to be doing this to any important data.

3. Now that you have inserted your SD Card into your computer/laptop, we will need to run the “Windows 10 IoT Core Dashboard” software. If you can’t find this easily after installing it then try running a search.

With the software loaded up we need to go into the “Set up a new device” (1.) screen as shown below.

On here you will want to set your “Device name” and set the “New Administration password“. Make sure that you set the password to something you can remember easily, but is secure, as this password is what you will use to remotely connect to your Raspberry Pi (2.).

Before we continue, make sure that “Drive” is set to the correct drive, make sure that the drive letter is the same as the SD Card that your inserted in step 2.

When you have filled in your information tick the “I accept the software licence terms” and then press the “Download and install” button (3.).

Windows 10 IoT Dashboard Setup a new device

4. Once the software has finished downloading and installing Windows 10 IoT Core for the Raspberry Pi we can proceed on with this tutorial. Now safely to out your Micro SD card from your computer so you can put it into your Raspberry Pi.

Booting and setting up your Win 10 IoT device

1. Now that we have successfully downloaded and written the image to our Raspberry Pi’s Micro SD card we can insert the SD Card back into the Raspberry Pi.

2. Before we power back on the device, make sure that you plug in a HDMI cable and a mouse and keyboard, we will need all 3 of these if you intend on utilizing Wi-Fi on your Raspberry Pi Windows 10 IoT device.

Once done you can plug your Raspberry Pi back into power and allow it to start booting up.

3. Now is the long wait for your Raspberry Pi to start up, when I did this it took a fair while for the Raspberry Pi to start up on boot, don’t be afraid if you think it may have frozen it just takes some serious time to do the initial setup and startup.

4. Once it has finished starting up, you should be greeted with a screen like below. Now to setup a WiFi connection, we need to click the cog in the top right-hand corner.

Windows 10 IoT on the Raspberry Pi

5. Now in the next menu we need to go to “WiFi and Network” and select the WiFi access point you want to connect to, you will receive a prompt asking you to enter your network password.

Once you have connected to your WiFi network you can return to the main screen to grab your Raspberry Pi’s IP Address, as we will need this further along in the tutorial.

Raspberry Pi Windows 10 IoT Set WiFi

Connecting to Your Device

Now there are 3 ways you’re able to connect to your Raspberry Pi Windows 10 IoT device. I will quickly mention each method now.

Web Browser

First off is utilizing your web browser to talk with the Raspberry Pi, it is probably the easiest out of the 3 main ways to deal with. Basically, all you simply need to do is point your Web Browser to your Raspberry Pi’s IP Address on port 8080.

For example, my Raspberry Pi’s local IP address is 192.168.0.143, so in my favorite web browser i would type in http://192.168.0.43:8080

You can also use the “Windows 10 IoT Core Dashboard” tool to be able to click to get to the devices web page as well. Simply load up the application, go to the “My Devices” (1.) tab in the left sidebar, right click (2.) on the device you want to connect to and click “Open in Device Portal” (3.).

Windows 10 IoT My Devices Screen

Upon either going to your Raspberry Pi’s IP Address or using the Windows 10 IoT Core Dashboard tool you will be first asked to login. Make sure you use administrator as the username, and the password you set at the beginning of this tutorial as the password.

Upon successfully logging in you should be greeted with the screen below. We recommend exploring around as the web tool does offer a fair bit of access and incite to your device. You can debug and see real time performance through this interface which is incredibly helpful to see what you Raspberry Pi is doing.

Raspberry Pi Windows 10 IoT Website

PowerShell

PowerShell is not a tool that many will be too familiar with, but it is Microsoft’s more advanced version of command prompt giving you access to a wealth of tools including the ability to administer remote systems, a feature we will be making use of shortly.

PowerShell makes it rather simple to interact with your Raspberry Pi Windows 10 IoT device as we will show shortly. There is two ways of connecting to your device through PowerShell. The easier way relies on the “Windows 10 IoT Core Dashboard” tool (Steps 1a+), the other way is utilizing PowerShell to do everything (Steps 1b+).

1a. First off, we will explain the simple way, first load up the “Windows 10 IoT Core Dashboard” tool. With the application open, go to the “My Devices” (1.) tab in the sidebar, right click (2.) on the device you want to connect to and click “Launch PowerShell” (3.).

Raspberry Pi Windows 10 IoT Dashboard Launch Powershell

2a. This will launch a PowerShell session that will automatically begin to connect to your Raspberry Pi. When prompted enter the password we set at the start of this tutorial. You should be greeted with a PowerShell window like shown below when you have been successfully connected.

1b. The second way of connecting to your Raspberry Pi is slightly more complicated and utilizes PowerShell completely. To open PowerShell on Windows 10, right click the windows Icon and select “Windows Powershell (Admin)“.

2b. In here we want to type in the following command, this adds our Raspberry Pi as a trusted device for PowerShell to connect to. Make sure you replace [YOUR _PI_IP_ADDRESS] with your Raspberry Pi’s local IP address.

Set-Item WSMan:\localhost\Client\TrustedHosts -Value [YOUR _PI_IP_ADDRESS]

3b. With that done, we can now start a PowerShell session with our Raspberry Pi Windows 10 IoT device. To do this enter the command below into PowerShell, making sure you replace [YOUR _PI_IP_ADDRESS] with your Raspberry Pi’s local IP address.

Enter-PSSession -ComputerName [YOUR _PI_IP_ADDRESS] -Credential [YOUR _PI_IP_ADDRESS]\Administrator

4b. You will be asked to enter the password you set earlier in this tutorial. Enter that to continue.

5b. After about 30 seconds, PowerShell should have now successfully made the connection and you should see a screen like below.

Raspberry Pi Windows 10 IoT Core Powershell connection

SSH

The third main way of interacting with your Raspberry Pi Windows 10 IoT device is to utilize SSH. The main advantage of this is that it is a widely available protocol and is something most users of the Raspberry Pi will be thoroughly familiar with.

You can also follow the SSH instructions below in order to use SSH to connect to your device.

1. To start off make sure you have a SSH client installed, on Windows I highly recommend using either Putty or MobaXterm.

2. Now in your SSH Client connect to your Raspberry Pi’s IP Address on port 22 (The default SSH port).

3. When asked to enter the username you want to login with, make sure you use administrator, as this is the default login username for Windows 10 IoT Core.

4. You will now be asked to enter the password associated with the account, the password you want to use is the one you would of set within the Windows 10 IoT Core Dashboard at the start of this tutorial.

5. You should now be successfully logged into your Raspberry Pi Windows 10 IoT Core device and should be greeted with a screen like what is shown below.

Raspberry Pi Windows 10 IoT SSH

If you want to learn more about utilizing SSH and some of the commands you can use within the session then make sure you take a look at Micrsoft’s own IoT documentation here.

Setting up Visual Studio for Windows 10 IOT Core

Lastly you are most likely going to want to setup Visual Studio Community. The reason for this is so that you are able to start developing your own applications for Windows 10 IoT Core.

Installation

1. First, we must download and install Visual Studio Community, luckily this is easily available on Microsoft’s website, you can find Visual Studio Community by going to the visual studio community.

Be warned that the download and installation of Visual Studio Community can take some time especially on slow internet connections.

2. Once the installation process has completed you can continue this with tutorial. Start by launching up Visual Studio Community. It will ask you to do some configuration, it should be fine to just use the default settings.

3. You will notice that there isn’t any IoT templates in the default installation. Click on the here link next to install Windows 10 IOT core project templates back on the page linked back.

4. Now one of the things you will find that is currently missing is any project templates for Windows 10 IoT Core. We can grab and install these by going to the Visual Studio marketplace.

5. Once you have downloaded and installed the templates, close and re-open Visual Studio, you need to do this for Visual Studio to load them in.

6. Upon creating the new project, you will be prompted to activate developer mode on your Windows 10 device. Simply follow the prompts provided to activate it.

7. Everything should now be ready for you to code your new application. You can find documentation on certain features of Windows 10 IoT Core by going to their documentation page. You can also find a document that explains how to utilize the GPIO pins from within Windows 10 IoT by going to their GPIO documentation.

Pushing code to the device

1. Once you have your new application in a state in which you want to deploy it to your Raspberry Pi Windows 10 IoT device, go up to the tab that has a green arrow in it.

2. Click the black drop down arrow, and select remote machine.

3. Now in here you should be able to select your Raspberry Pi underneath automatic configuration, however in some cases this will not function correctly and you will have to manually enter the IP of your Raspberry Pi.

4. You should now be able to push code / applications to your Windows 10 IoT Raspberry Pi.

I hope you now have learn how to install Windows 10 IoT core for the Raspberry Pi. If I have missed anything, or if you are having troubles or anything else you would like to share then be sure to drop a comment below.

All credit goes to PyMyLifeUp

Windows 10 IoTCore

Introduction

This project’s goal is to demonstrate guidelines for creating a Windows 10 IoTCore based product and walk through the creation of an IoT device, from implementation to final deployment.

The project has two applications:

  • One background application to receive sensor data and send it to the Azure cloud. Receiving sensor data and analyzing it are important tasks in IoT and a device will often operate in “headless” mode for monitoring; thus, we separate these tasks in an independent app. It also receives application keys securely and saves user settings to Azure.
  • One foreground application for user interaction. This application shows local weather (read by the background app), information from the internet (news and regional weather) and interacts with the user (playing media or showing a slideshow). A settings page is also available to change settings.

App communication

The applications are written using Universal Windows Platform (UWP); thus, the same foreground app can be run on both IoT and Desktop.

Guides

Steps from implementation of apps to deployment are documented with an end-to-end solution. Each tutorial shows small code snippets and then links to the code running in the walkthrough project.

Sections

  1. About the project
  2. Background application
  3. Foreground application
  4. Inter-application communication
  5. Connecting to the Azure cloud
  6. Integration with third-party services
  7. Preparing for deployment
  8. Deployment
    • Creating a retail OEM image

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

SharePoint video tutorials for all

What is SharePoint?

So now comes the videos and tutorials for how-to with SharePoint 2013.  I am only going to post the Microsoft one’s here, and will review and look at other videos via YouTube, MVPs, and other later.

Free SharePoint Training for IT Pros

In addition to the courses for Developers, there’s also some great videos aimed at IT Professionals on Technet as follows :

Technet please go here:

  1. SharePoint 2013 IT pro introduction and overview
  2. SharePoint 2013 system requirements
  3. SharePoint 2013 architectural changes
  4. SharePoint 2013 server farms and site architecture planning
  5. Office Web Apps 2013 architecture and deployment
  6. SharePoint 2013 service application architecture and individual service applications
  7. SharePoint 2013 enterprise search overview
  8. SharePoint 2013 social features
  9. SharePoint 2013 enterprise content management and web content management considerations
  10. SharePoint 2013 customization options and management
  11. SharePoint 2013 authentication and authorization overview
  12. Overview of SharePoint 2013 business continuity management
  13. Upgrading to SharePoint 2013
  14. What’s new in Project 2013 for IT Professionals

Free SharePoint Training for Developers

Developer-focused how to training and walkthrough videos about Office 2013 and SharePoint 2013 including changes and new features for search, social, ECM, WCM, and REST. Learn about apps for Office and SharePoint. The following list provides an overview of the new modules.

Full content on MSDN can be found here

  1. Introduction to Office 2013 and SharePoint 2013 development.
  2. SharePoint 2013 app model for developers.
  3. SharePoint 2013 Developer Tools
  4. Hosted apps in SharePoint 2013
  5. Create Cloud-Hosted apps for SharePoint 2013
  6. SharePoint 2013 client object model (CSOM) and REST APIs
  7. OAuth and application identity in SharePoint 2013
  8. Develop SharePoint 2013 remote event receivers
  9. Workflow changes and features in SharePoint 2013
  10. Business connectivity services changes in SharePoint 2013
  11. Search features and changes in SharePoint 2013
  12. Enterprise content management changes in SharePoint 2013
  13. Web content management changes and features in SharePoint 2013
  14. Social features in SharePoint 2013
  15. Office services in SharePoint 2013
  16. Create mobile apps for SharePoint 2013
  17. Develop apps for Office 2013
  18. Project Server 2013 training for developers

SharePoint general development

Use SharePoint to engage with people, share ideas, and reinvent the way you work together. Find in-depth developer resources, how-to documentation, training, videos, code samples, and SDKs for SharePoint and SharePoint Add-ins.

Applies to: Office 365 | SharePoint 2013 | SharePoint Add-ins | SharePoint Online

Find out how to customize SharePoint Online and SharePoint on-premises by extending the out of the box capabilities.

SharePoint development
SharePoint developer home
SharePoint 2013
SharePoint 2010

SharePoint Framework
Overview of the SharePoint Framework
Tools and libraries for SharePoint Framework
Get started with web parts
SharePoint Framework API reference

SharePoint Add-ins
Get started creating SharePoint-hosted SharePoint Add-ins
Get started creating provider-hosted SharePoint Add-ins
Tools and environments for developing SharePoint Add-ins
SharePoint Patterns and Practices (PnP) solution guidance

References
JavaScript API reference for SharePoint
REST API reference for SharePoint
.NET server API reference for SharePoint
.NET client API reference for SharePoint
Schema reference for SharePoint
SharePoint webhooks REST API

Code samples
SharePoint Patterns and Practices (PnP) samples at dev.office.com

Support
SharePoint forum on stack overflow
SharePoint development forums on MSDN
SharePoint UserVoice

Social media
Office Dev Center blogs
Office Developer on Twitter
Office Developer on Facebook

If you are a developer and looking for where to start with then this is the best place for you. https://dev.office.com/videos

SharePoint 2013 Lab with Azure Cloud

What about a SharePoint 2013 Lab in the Cloud?

Now that SharePoint Server 2013 has been released, I frequently get asked about ways in which a SharePoint 2013 lab environment can be easily built for studying, testing and/or performing a proof-of-concept.  You could certainly build this lab environment on your own hardware, but due to the level of SharePoint 2013 hardware requirements, a lot of us may not have sufficient spare hardware to implement an on-premise lab environment.

This makes a great scenario for leveraging our Windows Azure FREE 90-day Trial Offer to build a free lab environment for SharePoint 2013 in the cloud.  Using the process outlined in this article, you’ll be able to build a basic functional farm environment for SharePoint 2013 that will be accessible for approximately 105 hours of compute usage each month at no cost to you under the 90-day Trial Offer.

After the 90-day trial period is up, you can choose if you’d like to convert to a full paid subscription.  If you choose to convert to a paid subscription, this lab environment will cost approximately $0.56 USD per hour of compute usage ( that’s right – just 56 cents per hour ) plus associated storage and networking costs ( which can typically be less than $10 USD per month for a lab of this nature ). These estimated costs are based on published Pay-As-You-Go pricing for Windows Azure that is current as of this article’s date.

Note: If you are testing advanced SharePoint 2013 scenarios and need more resources than available in the lab configuration below, you can certainly scale-up or scale-out elastically by provisioning larger VMs or additional SharePoint web and application server VMs.  To determine the specific costs associated with higher resource levels, please visit the Windows Azure Pricing Calculator for Virtual Machines.

SharePoint 2013 Lab Scenario

To deliver a functional and expandable lab environment, I’ll be walking through the approach of provisioning SharePoint Server 2013 on Windows Azure VMs as depicted in the following configuration diagram that will require three (3) VMs on a common Windows Azure Virtual Network.

SP2013onAzureScenario

Lab Scenario: SharePoint 2013 on Windows Azure VM

In this lab, we’ll be using a naming convention of XXXlabYYY01, where XXX will be replaced with your unique initials and YYY will be replaced with an abbreviation representing the function of a virtual machine or Windows Azure configuration component (ie., ad, db or app).

Note: This study lab configuration is suitable for study, functional testing and basic proof-of-concept usage.  This configuration is not currently supported for pilot or production SharePoint 2013 farm environments.

Prerequisites

The following is required to complete this step-by-step guide:

  • A Windows Azure subscription with the Virtual Machines Preview enabled.

    DO IT: Sign up for a FREE Trial of Windows Azure

    NOTE: When activating your FREE Trial for Windows Azure, you will be prompted for credit card information.  This information is used only to validate your identity and your credit card will not be charged, unless you explicitly convert your FREE Trial account to a paid subscription at a later point in time.

  • Completion of the Getting Started tasks in the following article:

    DO IT: Getting Started with Servers in the Cloud

  • This step-by-step guide assumes that the reader is already familiar with configuring Windows Server Active Directory, SQL Server and SharePoint Server 2013 in an on-premise installation. This guide focuses on the unique aspects associated with configuring these components on the Windows Azure cloud platform.

Let’s Get Started!

In this step-by-step guide, you will learn how to:

  • Register a DNS Server in Windows Azure
  • Define a Virtual Network in Windows Azure
  • Configure Windows Server Active Directory in a Windows Azure VM
  • Configure SQL Server 2012 in a Windows Azure VM
  • Configure SharePoint Server 2013 in a Windows Azure VM
  • Export / Import Lab Environment via PowerShell

Exercise 1: Register a DNS Server in Windows Azure

Register the internal IP address that our domain controller VM will be using for Active Directory-integrated Dynamic DNS services by performing the following steps:

  1. Sign in at the Windows Azure Management Portal with the logon credentials used when you signed up for your Free 90-Day Windows Azure Trial.
  2. Select Networks located on the side navigation panel on the Windows Azure Management Portal page.
  3. Click the +NEW button located on the bottom navigation bar and select Networks | Virtual Network | Register DNS Server.
  4. Complete the DNS Server fields as follows:

    NAME: XXXlabdns01
    DNS Server IP Address: 10.0.0.4

  5. Click the REGISTER DNS SERVER button.

Exercise 2: Define a Virtual Network in Windows Azure

Define a common virtual network in Windows Azure for running Active Directory, Database and SharePoint virtual machines by performing the following steps:

  1. Sign in at the Windows Azure Management Portal with the logon credentials used when you signed up for your Free 90-Day Windows Azure Trial.
  2. Select Networks located on the side navigation panel on the Windows Azure Management Portal page.
  3. Click the +NEW button located on the bottom navigation bar and select Networks | Virtual Network | Quick Create.
  4. Complete the Virtual Network fields as follows:

    NAME: XXXlabnet01
    Address Space: 10.—.—.—
    Maximum VM Count: 4096 [CIDR: /20]
    Affinity Group: Select the Affinity Group defined in the Getting Started steps from the Prerequisites section above.
    Connect to Existing DNS: Select XXXlabdns01 – the DNS Server registered in Exercise 1 above.

  5. Click the CREATE A VIRTUAL NETWORK button.

Exercise 3: Configure Windows Server Active Directory in a Windows Azure VM

Provision a new Windows Azure VM to run a Windows Server Active Directory domain controller in a new Active Directory forest by performing the following steps:

  1. Sign in at the Windows Azure Management Portal with the logon credentials used when you signed up for your Free 90-Day Windows Azure Trial.
  2. Select Virtual Machines located on the side navigation panel on the Windows Azure Management Portal page.
  3. Click the +NEW button located on the bottom navigation bar and select Compute | Virtual Machines | From Gallery.
  4. In the Virtual Machine Operating System Selection list, select Windows Server 2012, December 2012 and click the Next button.
  5. On the Virtual Machine Configuration page, complete the fields as follows:

    Virtual Machine Name: XXXlabad01
    New Password and Confirm Password fields: Choose and confirm a new local Administrator password.
    Size: Small (1 core, 1.75GB Memory)

    Click the Next button to continue.

    Note: It is suggested to use secure passwords for Administrator users and service accounts, as Windows Azure virtual machines could be accessible from the Internet knowing just their DNS.  You can also read this document on the Microsoft Security website that will help you select a secure password: http://www.microsoft.com/security/online-privacy/passwords-create.aspx.

  6. On the Virtual Machine Mode page, complete the fields as follows:

    Standalone Virtual Machine: Selected
    DNS Name: XXXlabad01.cloudapp.net
    Storage Account: Select the Storage Account defined in the Getting Started steps from the Prerequisites section above.
    Region/Affinity Group/Virtual Network: Select XXXlabnet01 – the Virtual Network defined in Exercise 2 above.
    Virtual Network Subnets: Select Subnet-1 (10.0.0.0/23)

    Click the Next button to continue.

  7. On the Virtual Machine Options page, click the Checkmark button to begin provisioning the new virtual machine.

    As the new virtual machine is being provisioned, you will see the Status column on the Virtual Machines page of the Windows Azure Management Portal cycle through several values including Stopped, Stopped (Provisioning), and Running (Provisioning).  When provisioning for this new Virtual Machine is completed, the Status column will display a value of Running and you may continue with the next step in this guide.

  8. After the new virtual machine has finished provisioning, click on the name ( XXXlabad01 ) of the new Virtual Machine displayed on the Virtual Machines page of the Windows Azure Management Portal.
  9. On the virtual machine details page for XXXlabad01, make note of the Internal IP Address displayed on this page.  This IP address should be listed as 10.0.0.4.

    If a different internal IP address is displayed, the virtual network and/or virtual machine configuration was not completed correctly.  In this case, click the DELETE button located on the bottom toolbar of the virtual machine details page for XXXlabad01, and go back to Exercise 2 and Exercise 3 to confirm that all steps were completed correctly.

  10. On the virtual machine details page for XXXlabad01, click the Attach button located on the bottom navigation toolbar and select Attach Empty Disk.  Complete the following fields on the Attach an empty disk to the virtual machine form:

    Name: XXXlabad01-data01
    Size: 10 GB
    Host Cache Preference: None

    Click the Checkmark button to create and attach the a new virtual hard disk to virtual machine XXXlabad01.

  11. On the virtual machine details page for XXXlabad01, click the Connect button located on the bottom navigation toolbar and click the Open button to launch a Remote Desktop Connection to the console of this virtual machine.  Logon at the console of your virtual machine with the local Administrator credentials defined in Step 5 above.
  12. From the Remote Desktop console of XXXlabad01, create a new partition on the additional data disk attached above in Step 10 and format this partition as a new F: NTFS volume.  This volume will be used for NTDS DIT database, log and SYSVOL folder locations.

    If you need additional guidance to complete this step, feel free to leverage the following study guide for assistance: Windows Server 2012 “Early Experts” Challenge – Configure Local Storage

  13. Using the Server Manager tool, install Active Directory Domain Services and promote this server to a domain controller in a new forest with the following parameters:

    Active Directory Forest name: contoso.com
    Volume Location for NTDS database, log and SYSVOL folders: F:

    If you need additional guidance to complete this step, feel free to leverage the following study guide for assistance: Windows Server 2012 “Early Experts” Challenge – Install and Administer Active Directory

  14. After Active Directory has been installed, create the following user accounts that will be used when installing and configuring SharePoint Server 2013 later in this step-by-step guide:

    CONTOSO\sp_farm – SharePoint Farm Data Access Account
    CONTOSO\sp_serviceapps – SharePoint Farm Service Applications Account

    If you need additional guidance to complete this step, feel free to leverage the following study guide for assistance: Windows Server 2012 “Early Experts” Challenge – Install and Administer Active Directory

The configuration for this virtual machine is now complete, and you may continue with the next exercise in this step-by-step guide.

Exercise 4: Configure SQL Server 2012 in a Windows Azure VM

Provision a new Windows Azure VM to run SQL Server 2012 by performing the following steps:

  1. Sign in at the Windows Azure Management Portal with the logon credentials used when you signed up for your Free 90-Day Windows Azure Trial.
  2. Select Virtual Machines located on the side navigation panel on the Windows Azure Management Portal page.
  3. Click the +NEW button located on the bottom navigation bar and select Compute | Virtual Machines | From Gallery.
  4. In the Virtual Machine Operating System Selection list, select SQL Server 2012 Evaluation Edition and click the Next button.
  5. On the Virtual Machine Configuration page, complete the fields as follows:

    Virtual Machine Name: XXXlabdb01
    New Password and Confirm Password fields: Choose and confirm a new local Administrator password.
    Size: Medium (2 cores, 3.5GB Memory)

    Click the Next button to continue.

  6. On the Virtual Machine Mode page, complete the fields as follows:

    Standalone Virtual Machine: Selected
    DNS Name: XXXlabdb01.cloudapp.net
    Storage Account: Select the Storage Account defined in the Getting Started steps from the Prerequisites section above.
    Region/Affinity Group/Virtual Network: Select XXXlabnet01 – the Virtual Network defined in Exercise 2 above.
    Virtual Network Subnets: Select Subnet-1 (10.0.0.0/23)

    Click the Next button to continue.

  7. On the Virtual Machine Options page, click the Checkmark button to begin provisioning the new virtual machine.

    As the new virtual machine is being provisioned, you will see the Status column on the Virtual Machines page of the Windows Azure Management Portal cycle through several values including Stopped, Stopped (Provisioning), and Running (Provisioning).  When provisioning for this new Virtual Machine is completed, the Status column will display a value of Running and you may continue with the next step in this guide.

  8. After the new virtual machine has finished provisioning, click on the name ( XXXlabdb01 ) of the new Virtual Machine displayed on the Virtual Machines page of the Windows Azure Management Portal.
  9. On the virtual machine details page for XXXlabdb01, make note of the Internal IP Address displayed on this page.  This IP address should be listed as 10.0.0.5.

    If a different internal IP address is displayed, the virtual network and/or virtual machine configuration was not completed correctly.  In this case, click the DELETE button located on the bottom toolbar of the virtual machine details page for XXXlabdb01, and go back to Exercise 2 and Exercise 3 to confirm that all steps were completed correctly.

  10. On the virtual machine details page for XXXlabdb01, click the Attach button located on the bottom navigation toolbar and select Attach Empty Disk.  Complete the following fields on the Attach an empty disk to the virtual machine form:

    Name: XXXlabdb01-data01
    Size: 50 GB
    Host Cache Preference: None

    Click the Checkmark button to create and attach the a new virtual hard disk to virtual machine XXXlabdb01.

  11. On the virtual machine details page for XXXlabdb01, click the Connect button located on the bottom navigation toolbar and click the Open button to launch a Remote Desktop Connection to the console of this virtual machine.  Logon at the console of your virtual machine with the local Administrator credentials defined in Step 5 above.
  12. From the Remote Desktop console of XXXlabdb01, create a new partition on the additional data disk attached above in Step 10 and format this partition as a new F: NTFS volume.
  13. Open SQL Server Management Studio from Start | All Programs | Microsoft SQL Server 2012 | SQL Server Management Studio and update default folder locations to the F: volume.
    1. Connect to the SQL Server 2012 default instance using your Windows Account.
    2. Now, you will update the database’s default locations for DATA, LOGS and BACKUP folders. To do this, right click on your SQL Server instance and select Properties.
    3. Select Database Settings from the left side pane.
    4. Locate the Database default locations section and update the default values for each path to point to the F: volume you previously formatted.
    5. Close SQL Server Management Studio.
  14. In order to allow SharePoint to connect to the SQL Server, you will need to add an Inbound Rule for the SQL Server requests in the Windows Firewall. To do this, open Windows Firewall with Advanced Security from Start | All Programs | Administrative Tools.
    1. Select Inbound Rules node, right-click it and select New Rule to open the New Inbound Rule Wizard.
    2. In the Rule Type page, select Port and click Next.
    3. In Protocols and Ports page, leave TCP selected, select Specific local ports, and set its value to 1433. Click Next to continue.
    4. In the Action page, make sure that Allow the connection is selected and click Next.
    5. In the Profile page, leave the default values and click Next.
    6. In the Name page, set the Inbound Rule’s Name to SQLServerRule and click Finish
    7. Close Windows Firewall with Advanced Security window.
  15. Using the Server Manager tool, join this server to the contoso.com domain and restart the server to complete the domain join operation.
  16. After the server restarts, connect again via Remote Desktop to the server’s console and login with the local Administrator credentials defined above in Step 5.
  17. Open SQL Server Management Studio from Start | All Programs | Microsoft SQL Server 2012 | SQL Server Management Studio and add the CONTOSO\Administrator user to SQL Server with the Sysadmin server role selected.
    1. Expand Security folder within the SQL Server instance. Right-click Logins folder and select New Login.
    2. In the General section, set the Login name to CONTOSO\Administrator, and select the Windows Authentication option.
    3. Click Server Roles on the left pane.  Select the checkbox for the Sysadmin server role.
    4. Click the OK button and close SQL Server Management Studio.

The configuration for this virtual machine is now complete, and you may continue with the next exercise in this step-by-step guide.

Exercise 5: Configure SharePoint Server 2013 in a Windows Azure VM

Provision a new Windows Azure VM to run SharePoint Server 2013 by performing the following steps:

  1. Sign in at the Windows Azure Management Portal with the logon credentials used when you signed up for your Free 90-Day Windows Azure Trial.
  2. Select Virtual Machines located on the side navigation panel on the Windows Azure Management Portal page.
  3. Click the +NEW button located on the bottom navigation bar and select Compute | Virtual Machines | From Gallery.
  4. In the Virtual Machine Operating System Selection list, select Windows Server 2012, December 2012 and click the Next button.
  5. On the Virtual Machine Configuration page, complete the fields as follows:

    Virtual Machine Name: XXXlabapp01
    New Password and Confirm Password fields: Choose and confirm a new local Administrator password.
    Size: Large (4 cores, 7GB Memory)

    Click the Next button to continue.

  6. On the Virtual Machine Mode page, complete the fields as follows:

    Standalone Virtual Machine: Selected
    DNS Name: XXXlabapp01.cloudapp.net
    Storage Account: Select the Storage Account defined in the Getting Started steps from the Prerequisites section above.
    Region/Affinity Group/Virtual Network: Select XXXlabnet01 – the Virtual Network defined in Exercise 2 above.
    Virtual Network Subnets: Select Subnet-1 (10.0.0.0/23)

    Click the Next button to continue.

  7. On the Virtual Machine Options page, click the Checkmark button to begin provisioning the new virtual machine.

    As the new virtual machine is being provisioned, you will see the Status column on the Virtual Machines page of the Windows Azure Management Portal cycle through several values including Stopped, Stopped (Provisioning), and Running (Provisioning).  When provisioning for this new Virtual Machine is completed, the Status column will display a value of Running and you may continue with the next step in this guide.

  8. After the new virtual machine has finished provisioning, click on the name ( XXXlabapp01 ) of the new Virtual Machine displayed on the Virtual Machines page of the Windows Azure Management Portal.
  9. On the virtual machine details page for XXXlabapp01, make note of the Internal IP Address displayed on this page.  This IP address should be listed as 10.0.0.6.

    If a different internal IP address is displayed, the virtual network and/or virtual machine configuration was not completed correctly.  In this case, click the DELETE button located on the bottom toolbar of the virtual machine details page for XXXlabapp01, and go back to Exercise 2,  Exercise 3 and Exercise 4 to confirm that all steps were completed correctly.

  10. On the virtual machine details page for XXXlabapp01, click the Attach button located on the bottom navigation toolbar and select Attach Empty Disk.  Complete the following fields on the Attach an empty disk to the virtual machine form:

    Name: XXXlabapp01-data01
    Size: 50 GB
    Host Cache Preference: None

    Click the Checkmark button to create and attach the a new virtual hard disk to virtual machine XXXlabapp01.

  11. On the virtual machine details page for XXXlabapp01, click the Connect button located on the bottom navigation toolbar and click the Open button to launch a Remote Desktop Connection to the console of this virtual machine.  Logon at the console of your virtual machine with the local Administrator credentials defined in Step 5 above.
  12. From the Remote Desktop console of XXXlabapp01, create a new partition on the additional data disk attached above in Step 10 and format this partition as a new F: NTFS volume.
  13. In the Server Manager tool, click on Local Server in the left navigation pane and click on the Workgroup option.  Join this server to the contoso.com domain and restart the server to complete the domain join operation.
  14. After the server restarts, re-establish a Remote Desktop connection to the server and logon with the CONTOSO\Administrator domain user credentials defined earlier in Exercise 3.
  15. In the Server Manager tool, click on Local Server in the left navigation pane and select IE Enhanced Security Configuration.  Turn off enhanced security for Administrators and click the OK button.

    Note: Modifying Internet Explorer Enhanced Security configurations is not good practice and is only for the purpose of this particular step-by-step guide. The correct approach should be to download files locally and then copy them to a shared folder or directly to the VM.

  16. Press the Windows key to switch to the Start Screen and launch Internet Explorer.  Download the following files to the F:\INSTALL folder:

    SharePoint Server 2013 Evaluation Edition

    Make a note of the SharePoint Product Key listed on this page, as you’ll need it for the installation of SharePoint Server 2013.

    ASP.NET 4.5 hotfix for Windows Server 2012 ( KB2765317 )

  17. Navigate to the F:\INSTALL folder and double-click on the downloaded .IMG file to mount it.  Copy all files and folders from the mounted .IMG file to F:\INSTALL.
  18. Install the SharePoint Server 2013 software prerequisites by running F:\INSTALL\prerequisiteinstaller.exe.  Note that this process may require multiple server restarts to complete.  After all required software is successfully installed, continue with the next step in this step-by-step guide.
  19. Install the ASP.NET 4.5 hotfix downloaded to the F:\INSTALL folder in Step 14 above.
  20. Run F:\INSTALL\setup.exe to launch the SharePoint Server 2013 installation process.
  21. When prompted, on the Server Type tab of the setup program, select the Complete installation option.
  22. On the File Location tab of the setup program, change the data path to use the F: volume formatted in Step 12 above.
  23. At the end of the installation process, ensure the checkbox is selected to Run the SharePoint Products Configuration Wizard Now and click the Close button.
  24. In the SharePoint Products Configuration Wizard, when prompted on the Connect to server farm dialog, select the option to Create a new server farm.
  25. On the Specify Configuration Database Settings, specify the following values for each field:

    Database Server: XXXlabdb01
    Username: CONTOSO\sp_farm
    Password: Type the password specified when the sp_farm domain user account was created earlier in Exercise 3, Step 14.

  26. Click the Next > button and accept all other default values in the SharePoint Products Configuration Wizard.  Click the Finish button when prompted to complete the wizard.
  27. The SharePoint 2013 Central Administration web page should launch automatically.  When prompted, click the Start the Wizard button to begin the Initial Farm Configuration Wizard.
  28. When prompted for Service Account, type the CONTOSO\sp_serviceapps domain username and password specified when this account was created earlier in Exercise 3, Step 14.
  29. Accept all other default values and click the Next > button to continue.
  30. On the Create a Site Collection page, create a new top-level Intranet site collection using the following field values:

    Title and Description: Enter your preferred Title and Description for the new site collection
    URL: Select the root URL path – http://XXXlabapp01/
    – Select experience version:
    2013
    Select a template: Publishing | Publishing Portal

    Click the OK button to provision a new top-level Intranet site collection.

    After the new top-level Intranet site collection is provisioned, test navigating to the URL for this site collection from within the Remote Desktop session to the server.

  31. On the SharePoint 2013 Central Administration site, configure a Public URL alternate access mapping for accessing the new top-level Intranet site collection from the Internet.
    1. On the Central Administration site home page, click the Configure alternate access mappings link.
    2. On the Alternate Access Mappings page, click the Edit Public URLs link.
    3. On the Edit Public Zone URLs page, select and specify the following values:

      Alternate Access Mapping Collection: SharePoint – 80
      Internet: http://XXXlabapp01.cloudapp.net

      Click the Save button to complete the Alternate Access Mapping configuration.

  32. Close the Remote Desktop session to the server.
  33. Sign in at the Windows Azure Management Portal with the logon credentials used when you signed up for your Free 90-Day Windows Azure Trial.
  34. Select Virtual Machines located on the side navigation panel on the Windows Azure Management Portal page.
  35. On the Virtual Machines page, click on the name of the SharePoint virtual machine – XXXlabapp01.
  36. On the XXXlabapp01 virtual machine details page, click on Endpoints in the top navigation area of the page.
  37. Click the +Add Endpoint button in the bottom navigation bar of the page to define a new virtual machine endpoint that will permit HTTP web traffic inbound to the SharePoint virtual machine.
  38. On the Add an endpoint to a virtual machine form, select the Add Endpoint option and click the Next button to continue.
  39. On the Specify the details of the endpoint form, specify the following field values:

    Name: Web HTTP
    Protocol: TCP
    Public Port: 80
    Private Port: 80

    Click the Checkmark button to create a new endpoint definition that will permit inbound web traffic to the SharePoint virtual machine.

  40. After the endpoint configuration has been successfully applied, test browsing to the following public URL to confirm that you are able to access the Intranet site collection that is configured on SharePoint:

    URL: http://XXXlabapp01.cloudapp.net

The configuration for this virtual machine is now complete, and you may continue with the next exercise in this step-by-step guide.

Exercise 6: Export / Import Lab Environment via PowerShell

Our functional SharePoint lab environment is now complete, but if you’re like me, you won’t be using this lab environment 24×7 around-the-clock.  As long as the virtual machines are provisioned, they will continue to accumulate compute hours against your Free 90-Day Windows Azure Trial account regardless of virtual machine state – even in a shutdown state!

To preserve as many of your free compute hours for productive lab work, we can leverage the Windows Azure PowerShell module to de-provision our lab virtual machines when not in use and re-provision our lab virtual machines when we need them again.  Once you’ve configured the PowerShell scripts below, you’ll be able to spin up your SharePoint lab environment when needed in as little as 5-10 minutes!

Note: Prior to beginning this exercise, please ensure that you’ve downloaded, installed and configured the Windows Azure PowerShell module as outlined in the Getting Started article listed in the Prerequisite section of this step-by-step guide.

  1. De-provisioning your lab. Use the PowerShell snippet below to shutdown, export and de-provision your SharePoint lab environment when you’re not using it.  Prior to running this script, be sure to edit the first line to reflect the names of each of your VMs and confirm that the $ExportPath location exists.

    $myVMs = @(“XXXlabapp01″,”XXXlabdb01″,”XXXlabad01”)
    Foreach ( $myVM in $myVMs ) {
    Stop-AzureVM -ServiceName $myVM -Name $myVM
    $ExportPath = “C:\ExportVMs\ExportAzureVM-$myVM.xml
    Export-AzureVM -ServiceName $myVM -name $myVM -Path $ExportPath
    Remove-AzureVM -ServiceName $myVM -name $myVM
    }

  2. Re-provisioning your lab. Use the PowerShell snippet below to import and re-provision your SharePoint lab environment when you’re ready to use it again.  Prior to running this script, be sure to edit the first two lines to reflect the names of your Virtual Network and VMs.

    $myVNet = “XXXlabnet01”
    $myVMs = @(“XXXlabad01″,”XXXlabdb01″,”XXXlabapp01”)
    Foreach ( $myVM in $myVMs ) {
    $ExportPath = “C:\ExportVMs\ExportAzureVM-$myVM.xml
    Import-AzureVM -Path $ExportPath | New-AzureVM -ServiceName $myVM -VNetName $myVNet
    Start-AzureVM -ServiceName $myVM -name $myVM
    }

To ensure safe de-provisioning and re-provisioning of your SharePoint lab environment, note that it is important to preserve the specific order of the VM names listed in both code snippets above to ensure that the dependency order across VMs is properly handled.

What’s Next? Keep Learning!

Now that your SharePoint Server 2013 lab environment is running in the cloud, be sure to explore the resources below to continue your learning:

I’ve organized the following SharePoint 2013 training and resources into one convenient list.

Download the Bits!

  • Download SharePoint Server 2013 Preview release
  • Download the Windows Server 2012 Release Candidate installation bits (SharePoint Server 2013 runs on Windows Server 2012, so you may as well test both at the same time!)
  • Download SharePoint Foundation 2013 Preview release
  • Download Office Web Apps for SharePoint 2013 Preview
  • Download SharePoint Designer 2013 installation files

Get Trained!

Complete this FREE online technical training for IT Pros consisting of the following 14 training modules:

  1. SharePoint 2013 IT Pro Introduction and Overview
  2. SharePoint 2013 System Requirements
  3. SharePoint 2013 Architectural Changes
  4. SharePoint 2013 Server Farms and Site Architecture Planning
  5. Office Web Apps 2013 Architecture and Deployment
  6. SharePoint 2013 Service Application Architecture and Individual Service Applications
  7. SharePoint 2013 Enterprise Search Overview
  8. SharePoint 2013 Social Features
  9. SharePoint 2013 Enterprise Content Management and Web Content Management Considerations
  10. SharePoint 2013 Customization Options and Management
  11. SharePoint 2013 Authentication and Authorization Overview
  12. Overview of SharePoint 2013 Business Continuity Management
  13. Upgrading to SharePoint 2013
  14. What’s new in Project 2013 for IT Professionals

Build a Lab!

Plan your Deployment!

Ready for More?

Attend the SharePoint Conference 2012 on Nov 12-15, 2012 in Las Vegas to learn more details about the new SharePoint Server 2013 features and speak directly with the product team engineers!

Looking for Developer Training on SharePoint 2013?

  • Check out this online training course.
  • Sign up for an Office 365 Developer site and leverage the new “Napa” development tools

SharePoint 2013 Farm Setup Guide

This setup guide walks you through the steps to install and configure a SharePoint 2013 farm and an Office Web Apps 2013 farm.

I have included a range of topics from preparing for the farm deployment through the deployment itself, including the following topics:

  • A checklist I use to help organize and prepare for the farm build
  • All the implementation details I like to decide on before the build
  • The prerequisites to prepare for a SharePoint farm build
  • The install and configuration steps for SharePoint
  • The Windows Firewall rules to enable intra-farm communication
  • The install and configuration for Office Web Apps
  • A checklist I use to guide next steps once the farm is deployed

I usually use the contents of this guide to produce documentation for my clients when I am engaged to build a SharePoint farm, starting with giving them the preflight checklist to get everything ready for me before I arrive, and ending with the next steps checklist to give them direction on what to do next. I like leaving this information with my clients because it provides them with answers and direction. You’re welcome to do the same.

Preparation/Preflight Checklist

  • Order SSL certificate for URL domain(s)
  • Procure and configure hardware load balancing (if load balancing)
  • Provision virtual servers – Windows 2012 (preferred) or Windows 2008 R2 SP1+
  • Install and configure Forefront UAG
  • Install SSL certificate on servers
  • Create DNS entries for domains to resolve to Forefront/load balancer
  • Copy setup media to servers
    • Copy SharePoint 2013 setup files to SharePoint servers
    • Copy SharePoint 2013 Language Packs to SharePoint servers
    • Copy KB2554876, KB2708075, KB2759112, KB2765317 to SharePoint servers
    • Copy Office Web Apps 2013 setup files to Office Web Apps servers
    • Copy Office Web Apps Language Packs to Office Web Apps servers
  • Provision SQL Server 2012 (preferred) or SQL Server 2008 R2
  • Provision service accounts in Active Directory and grant permissions
    • Grant SP Farm service account local Administrator on SharePoint servers
    • Grant SP Farm “Replicate Directory Changes” AD permissions (see note)
    • Grant SP Farm SQL Server permissions – DB Creator and Security Admin
  • Identify SharePoint 2013 and Office Web Apps 2013 product keys
  • Identify outbound e-mail server details
    • An SMTP address for SharePoint outbound email (for alerts, etc.)
    • An e-mail address for the “From” or “Reply To” address in system e-mails

Note: Please see this TechNet article for the steps on how to grant AD permissions: http://technet.microsoft.com/hh296982

Farm Implementation Details and Prerequisites

Install and Configure

Next Steps Checklist

  • SQL DBA to configure database backup schedule
  • Networking/Infrastructure resource configure routing and load-balancing rules
  • System Center administrator to configure system monitoring
  • Operations team to plan for regular patching and maintenance
  • Build an FAQ community support SharePoint site to log common end-user questions
  • Document SharePoint support information and resources

From the coat factory to the computer store

Designing a winter coat that converts into a sleeping bag for people living on the streets would have been enough for most folks to sit back and revel in a kind deed done well.

Others would call it good if they managed to take the endeavor a step further by creating jobs for homeless people in Detroit to sew the garments.

“The crazy coat lady”: Veronika Scott designed a coat that doubles as a sleeping bag. (Photo by Brad Ziegler Photography)

But Veronika Scott wants those achievements to be just two of many stepping stones on the path to dreams fulfilled for single parents struggling to provide homes for their kids. Her vision has grown far beyond the design-school project conceived five years ago, when she was a 21-year-old student and people on the streets started calling her “the crazy coat lady.” Now The Empowerment Plan is a full-fledged business that has provided convertible coats to more than 20,000 globally, given jobs and education to more than 40 parents, and helped move more than 80 children out of shelters. The organization aims to expand in Detroit and around the country.

Scott said she’s proud of the sleeping-bag coat she designed, but her main goal is getting people to the point where they and their families would never need one. That means looking past merely giving homeless parents jobs, but also helping them gain the education and skills needed to leave The Empowerment Plan after a couple years and pursue their dreams.

“We wanted to give people the opportunity to learn as much as possible while they’re with us so they can be competitive out in the workplace,” Scott said. “What we really try to do is to be a stepping-stone employer, and part of that is strong computer literacy skills. That is just a requirement now. So that’s very important as we continue to grow.”

At 3 p.m. every day, employees stop sewing coats and start taking classes on everything from leadership to financial management. The classes are free, but best of all, they’re on the clock – an important benefit for parents whose kids need them at home in the evenings.

Just outside Detroit, home to one of the country’s poorest inner cities, the Microsoft Store hosted a 10-week workshop series to give The Empowerment Plan employees hands-on training in digital literacy.

“When we learned about everything they were doing for these women who were once homeless, who are now trying to rebuild their lives, immediately I thought of a million things that we could potentially do to help them,” said Shy Averett, the community development specialist at the store. “I don’t know of any job where there’s not a computer involved in some kind of way, shape or form. “

Shy Averett smiles as she looks over a row of The Empowerment Plans working on laptops at the Microsoft Store near Detroit.
Shy Averett, left, the community development specialist at the Microsoft Store near Detroit, helped develop a 12-week workshop on digital skills for The Empowerment Plan employees. (Photo by Brad Ziegler Photography)

Averett worked with store colleagues and Scott to design custom classes that covered everything from computer basics to fraud protection. Although the students were hands-off at the beginning and didn’t want to touch the computers, their fears were quickly abated, she said.

“I’ve enjoyed all of it and have been utilizing all the skills I’ve been taught,” including how to send emails and set events on her calendar, said Jessica West, a floor manager at The Empowerment Plan.

Being asked to visualize her five-year plan with a PowerPoint presentation turned on the proverbial lightbulb for West. “I thought, ‘Oh my gosh, I’ve got goals I need to work toward,’” she said. “My next step is to finish my bachelor’s degree for leadership and organizational studies so I can move on to the next level.”

Ebonie Sharper’s next aim – after four years as a seamstress with The Empowerment Plan, during which she got her GED diploma and learned everything from how to cook healthy meals to how to write professional emails – is getting a bachelor’s degree in finance.

“I really do want to obtain that and show my son and my daughters that mom can do it,” Sharper said. “Breaking that cycle, not just being the first, but getting it accomplished, is my main goal. Here at The Empowerment Plan, they give us drive and motivate us.“

Scott’s drive stems from her own upbringing as the scared child of parents who both struggled with unemployment and addiction. “The Empowerment Plan was a way of creating something that I wish my own family had had growing up: an employment opportunity that would allow them to stabilize and get the financial stability they never had.”

Jessica West, a floor manager for The Empowerment Plan, not only learned to sew coats that convert into sleeping bags but also how to send emails and set events on a digital calendar. Now she’s working toward a bachelor’s degree for leadership and organizational studies. (Photo by Brad Ziegler Photography)

Scott wanted to show parents and their kids “that living in a homeless shelter isn’t a defining characteristic, nor a life sentence.” Her employees all have been able to move into permanent housing with their children within the first four to six weeks of working for The Empowerment Plan, she said.

With guidance from social workers and the education provided, The Empowerment Plan helps them cross the bridge within two or three years toward new jobs or even starting their own companies.

“I want to grow to the top and blossom,” said West, the floor manager. “And now I’m able to plant my own seeds.”

Hard Coded Credentials in DSL Home Routers

Wi-Fi routers vulnerable to remote hacking due to hard-coded admin credentials

A group of researchers have discovered that they could remotely log into some Wi-Fi routers using the hard-coded default administrator login. This yet unpatched security vulnerability can give attackers access to a few DSL, SOHO (small office / home office) WiFi routers using such default login scheme.

The group of researchers from the European University of Madrid had disclosed this vulnerability in May 2015 along with a few more other security vulnerabilities include privilege escalation, CSRF, XSS, DOS, authentication bypasses in other devices. According to an alert issued Tuesday by the CERT Coordination Center (CERT/CC) at Carnegie Mellon University, the affected device models are:

  • ASUS DSL-N12E,
  • DIGICOM DG-5524T,
  • Observa Telecom RTA01N,
  • Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN and
  • ZTE ZXV10 W300.

According to the researchers’ findings, all of these devices give administrative control over the router by using a hard-coded login scheme. Using the “admin” username for the Asus, DIGICOM, Observa Telecom, and ZTE devices, and the “adminpldt” for the Philippine Long Distance Telephone (PLDT) router, a hacker could easily authenticate himself on the WiFi stations using a common password.

The password scheme is “XXXXairocon” where XXXX represents the last four digits in the router’s MAC physical address, which usually is presented in consoles like six groups of two hexadecimal characters in the form of: “XX-XX-XX-XX-XX-XX

Since getting hold of a router’s MAC is a trivial task for any technically skilled person, this would allow anyone to guess the admin passwords for those devices. Since the hard-coded password has the same format for all the mentioned devices, the firmware for all the above routers seems to manufactured by the same company.

Overview

DSL routers by ASUS, DIGICOM, Observa Telecom, Philippine Long Distance Telephone (PLDT), and ZTE contain hard-coded “XXXXairocon” credentials

Description

CWE-798: Use of Hard-coded Credentials

DSL routers, including the ASUS DSL-N12E, DIGICOM DG-5524T, Observa Telecom RTA01N, Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN and Kasda KW58293, and ZTE ZXV10 W300 contain hard-coded credentials that are useable in the telnet service on the device. In the ASUS, DIGICOM, Observa Telecom, and ZTE devices, the username is “admin,” in the PLDT devices, the user name is “adminpldt,” and in all affected devices, the password is “XXXXairocon” where “XXXX” is the last four characters of the device’s MAC address. The MAC address may be obtainable over SNMP with community string public.

The vulnerability was previously disclosed in VU#228886 and assigned CVE-2014-0329 for ZTE ZXV10 W300, but it was not known at the time that the same vulnerability affected products published by other vendors. The Observa Telecom RTA01N was previously disclosed on the Full Disclosure mailing list.

Impact

A remote attacker may utilize these credentials to gain administrator access to the device.

Solution

The CERT/CC is currently unaware of a practical solution to this problem and recommends the following workaround:
Restrict access

Enable firewall rules so the telnet service of the device is not accessible to untrusted sources. Enable firewall rules that block SNMP on the device.

Vendor Information (Learn More)

Vendor Status Date Notified Date Updated
AsusTek Computer Inc. Affected 04 May 2015 25 Aug 2015
DIGICOM (HK) Affected 25 Aug 2015
Observa Telecom Affected 25 Aug 2015
Philippine Long Distance Telephone Affected 02 Jun 2015 27 Aug 2015
ZTE Corporation Affected 03 Dec 2013 25 Aug 2015

If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C
Temporal 8.0 E:POC/RL:U/RC:UR
Environmental 6.0 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

If you care about the security of your router, and you should, it is best to avoid consumer grade routers. On the whole, the software in these routers is buggy as heck. Below is what I base this opinion on. This list is far from complete.

You may be thinking that all software is buggy, but router software is probably worse. One reason for this is your ISP, which may have configured the router/gateway in an insecure way, either on purpose, to allow spying, or out of laziness or incompetence. Another reason is cost: router software is developed as cheaply as possible. Security is not the prime directive. Look the box a router ships in – none brag about security.

BIG BUGS. A number of flaws stand out. The port 32764 issue from January 2014 and April 2014 for example. A router backdoor was exposed, then instead of being removed, was just better hidden. Another flaw not to be missed is the Misfortune Cookie from December 2014. Some huge flaws do not yet get their full due here. WPS, for one. WPS is like having a “hack me” sign on your back and yet its required for a router to be certified by the Wi-Fi Alliance. Other huge flaws were the one with UPnP and the one involving USB file sharing.

Go to 2016 bugs or bugs from 2015 and earlier

2017

JULY 2017

Netgear Router Analytics means Netgear spies on your router

Netgear Enables User Data Collection Feature on Popular Router Model
by Catalin Cimpanu of Bleeping Computer   May 22, 2017
News about this broke in May 2017, I’m late in writing it up. And, although this is not a software bug, it is a flaw nonetheless – one of corporate personality. Simply put, Netgear now spies on some of their routers. This rolled out in April 2017 with firmware 1.0.7.12 for the R7000. Also in April, spying/analytics was added to the Orbi RBK40, RBR40 and RBS40 (Firmware Version 1.9.1.6). In each case “data collection” is on by default, you have to login to the router to disable it. If you have a Netgear router, consider installing DD-WRT on it from the Netgear supported www.myopenrouter.com site.

JUNE 2017

Two bugs in an old TP-Link router

CVE-2017-9466: Why Is My Router Blinking Morse Code?
by Senrio   June 19, 2017
Senrio has discovered two flaws in the TP-Link WR841N Version 8 router. The flaws, which can only be exploited on the LAN side, allowed them to not only gain administrative access to the device but also to run malicious code on it. The flaws were reported to TP-Link in Sept. 2016 and they were initially reluctant to fix an older product that was no longer supported. However, the fix was released in Feb. 2017. There was no update to the firmware for versions 9 and 11 of the router. It is not known if other TP-Link routers suffer from similar flaws. The first flaw was in a configuration service that allows attackers to send it commands without first logging in. The second flaw was a stack overflow issue and this is what let them install and run malicious software on the router.

This is not news: the CIA targets many routers

CIA has been hacking into Wi-Fi routers for years, leaked documents show
by Zack Whittaker of ZDNet   June 15, 2017
Secret documents, dated 2012 and leaked by WikiLeaks, reveal that the CIA has been targeting and compromising routers for years in an effort to carry out clandestine surveillance. One tool, known as CherryBlossom, allows the agency to monitor a target’s internet activity, redirect their browser and scan for information. The documents, which have not been verified, suggest this has been going on for years. CherryBlossom runs on 25 router models from 10 different manufacturers, and it’s likely that modifications would allow the implant to run on at least 100 more routers. Among the brands are Asus, Belkin, Buffalo, Dell, Dlink, Linksys, Motorola, Netgear, Senao and US Robotics.

Multiple WiMAX routers are easily hacked

Ghosts from the past: Authentication bypass and OEM backdoors in WiMAX routers
by Stefan Viehbock of SEC Consult Vulnerability Lab   June 7, 2017
WiMAX routers that make use of a custom httpd plugin for libmtk (the MediaTek SDK library) are vulnerable to an authentication bypass that allows a remote, unauthenticated attacker to change the administrator userid and password. The vulnerable software is commit2.cgi. It accepts a variable called ADMIN_PASSWD which is the new password. The full list of vulnerable routers is not known. Vendors making vulnerable routers include GreenPacket, Huawei, MADA, ZTE and ZyXEL. In addition, Viehbock believes the routers also contain backdoor accounts. The Huawei devices will not be fixed, the company said they are too old. The firmware was developed by ZyXEL which did not respond to inquiries made by CERT. After this got publicity, they responded to Chris Brook of Kaspersky’s Threatpost they are “working on a solution”. Time will tell.

7 bugs in web interface of Peplink routers

Multiple Vulnerabilities in peplink balance routers
by Eric Sesterhenn of X41 D-Sec GmbH   June 5, 2017
Bugs have been reported in the web interface of Peplink Balance routers models 305, 380, 580, 710, 1350, 2500 running firmware 7.0.0. Initially it was not clear if other Balance routers were also vulnerable. They are. It was also not clear if other Peplink routers, such as the model, I recommend, the Surf SOHO are vulnerable. They are. And, it was not initially clear if the flaws are only in firmware 7.0.0 or if they also exist in the previous 6.3.3 firmware. They exist in both.
As to flaw details: (1) The worst is said to be a SQL injection attack via the bauth cookie parameter. This allows access to the SQLite session database containing user and session variables. (2) With specialized SQL queries, it is possible to retrieve usernames from the database. This doesn’t strike me as a big deal because Peplink lets you change the username. So, lots of guessing needed to exploit this. (3) The CGI scripts in the admin interface are not protected against cross site request forgery attacks. This allows an attacker to execute commands, if a logged in user visits a malicious website. (4) Passwords are stored in cleartext (5) If the web interface is accessible, it is possible to abuse the syncid parameter to trigger a cross-site-scripting issue. (6) If the web interface is accessible, it is possible to abuse the the orig_url parameter to trigger a cross-site-scripting issue in preview.cgi. (7) A logged in user can delete arbitrary files (8) If the web interface is accessible, it is possible to retrieve the router serial number without a valid login.
The report said that Peplink released updated firmware, version 7.0.1 to fix these bugs on June 5, 2017. However, on the 6th there was no mention of this firmware on the Peplink download page. In fact, there was no mention of these bugs anywhere on the Peplink site or in their forum. On the other hand, the reported timeline shows that Peplink responded quickly and fixed the bugs quickly. Running the admin interface on a non-standard port would likely have prevented abuse of these flaws. Also, devices in an isolated VLAN can be prevented from even seeing the router admin interface.
Peplink responded on June 7th in a forum posting on their website: 7.0.1 RC4 and 6.3.4 RC Addresses Security Advisory CVE-2017-8835 ~ 8840 This has links to updated firmware for all affected models. The new firmware is currently in Release Candidate status. It is expected to be upgraded to GA (Generally Available) status in a week. There are also a couple suggested work-arounds in case updating the firmware is not an immediate option.
3Gstore, a Peplink retailer that I have used a few times, sent an email to their customers about this which raised an excellent point that no one else had. There is a hidden danger to the fact that bad guys can learn the router serial number – they can register the router with Peplinks remote control service, InControl2 – if the router has not already been registered. So, 3Gstore suggests, that even if you are not using InControl 2, you should create an account and register your Peplink router for the sole purpose of preventing a bad guy from registering it. Routers registered with the InControl 2 service can be remotely controlled.

MAY 2017

Multiple bugs in an old Cisco VPN router

Cisco drops critical security warning on VPN router, 3 high priority caveats
by Michael Cooney of Network World  MAY 3, 2017
The Cisco CVR100W VPN router is old. It only does Wi-Fi N and it does not support Gigabit Ethernet. It has a critical bug in its Universal Plug-and-Play (UPnP) software which fails to do good range checking of UPnP input data. The bug could let an unauthenticated, Layer 2-adjacent attacker execute arbitrary code as root or cause a denial of service. Cisco has released new firmware with a fix. The same router also has vulnerability in the remote management access control list feature that could allow an unauthenticated, remote attacker to bypass the remote management ACL. No fix for this second flaw seems to be available.

Bug in Cisco IOS XR routers

Cisco IOS XR Software Denial of Service Vulnerability
by Cisco   May 3, 2017
The Event Management Service daemon of Cisco IOS XR routers improperly handles gRPC requests. This could allow an unauthenticated, remote attacker to crash the router in such a manner that manual intervention is required to recover. The gRPC service is not enabled by default. Cisco has released a bug fix.

Privacy issues with Trend Micro software in Asus routers

Review: ASUSWRT router firmware
by Daniel Aleksandersen of Ctrl.blog   May 2, 2017
The stock firmware that runs Asus routers is called ASUSRWRT and it has a somewhat hidden privacy issue. If you use any of the following features, it will collect and transmit data about which websites you visit to Trend Micro: Apps/traffic Analysis, Bandwidth Monitor, Network Analyzer, Network Protection (AiProtection), Parental Controls (including time scheduling), Quality-of-Service, Web History and Network Map. This is spelled out in a EULA from Trend Micro. If the software thinks a website URL is potentially fraudulent, it sends the URL to Trend. In addition, executable files or content that is identified as potential malware is also send to Trend. Finally, email messages identified as spam or malware are sent to Trend, despite the fact that they may contain sensitive data. Quoting: “The EULA also contains language holding the router’s owner responsible for notifying their friends, family, and house guests who connect to the internet through the ASUS router that any network activity may be recorded and shared with Trend Micro.”

  • The Asus RT-AC68U router – it’s fast but it also secure? by John E Dunn July 20, 2015. Quoting: “Owners might want to have a close look at the End User License Agreement (EULA) for this system, which is where privacy concerns rear their head …. Trend micro will have access to all websites and services visited while the software is enabled … This isn’t to criticise the router for offering this form of security simply to underline that it comes with a level of passive intrusion some might baulk at in other contexts. Equally, ISPs can collect exactly the same data if they choose so it’s important not to over-react.”
  • Trend Micro End User License Agreement Undated
  • How does AiProtection protect my home network? from Asus. Undated.

APRIL 2017

Flaw in modems using Intel’s Puma 6 chipset

You can blow Intel-powered broadband modems off the ‘net with a ‘trivial’ packet stream
by Shaun Nichols of The Register   April 27, 2017
OK, its about modems, not routers. Close enough. A modem using Intel’s Puma 6 chipset can be overloaded and virtually knocked offline by a small amount of incoming data. There is no mitigation, but it does require a constant attack. When the attack stops, things return to normal. The bug has to do with exhausting an internal lookup table. Known vulnerable devices are the Arris SB6190 and the Netgear CM700. The Puma 6 chipset is also used in some ISP-branded cable modems, including some Xfinity boxes supplied by Comcast in the US and the latest Virgin Media hubs in the UK. Earlier articles mentioned a possible modem firmware update. However, even if a fix is issued you are at the mercy of your ISP to install it. Good luck with that.

Ten flaws in 25 Linksys routers

Linksys Smart Wi-Fi Vulnerabilities
by Tao Sauvage of IOActive   April 20, 2017
Researchers discovered ten bugs, six of which can be exploited remotely by unauthenticated attackers. The bugs exist in four models of the WRT series and 21 models of the EAxxxx Series. Two of the bugs allow remote unauthenticated attackers to crash the router. Others leak sensitive information such as the WPS pin code, the firmware version, information about devices connected to the router and other configuration settings. The most serious bug requires authentication – it lets attackers execute shell commands with root privileges. In the worst case, this lets a bad guy setup a backdoor account on the router that would not appear in the web interface and could not be removed. If remote administration is enabled, the routers are vulnerable remotely. Either way, the routers are vulnerable from the LAN side. A big problem is that these routers have a default userid/password. Just that fact alone should steer you away from these routers. On the other hand, Linksys has co-operated well with IOActive in both acknowledging the problem and fixing it. Some of the buggy routers can self-update but that feature needs to be enabled.

More abuse of TR-069

Thousands of Hacked Home Routers are Attacking WordPress Sites
by Mark Maunder of Wordfence   April 11, 2017
We have seen this story before. ISPs leave the TR-069 port, number 7547, open to the world at large rather than restricting access to themselves. Just more support for my recommendation to avoid using a router from an ISP. Wordfence reports that Shodan found over 41 million devices are listening on port 7547.

Travel routers from TP-LINK, StarTech, TripMate and TrendNet vulnerable

Travel Routers, NAS Devices Among Easily Hacked IoT Devices
by Chris Brook of Kaspersky ThreatPost   April 10, 2017
Bugs in four travel routers were disclosed by Jan Hoersch of Securai GmbH in Munich. The TP-LINK M5250 will cough up administrator credentials in response to an SMS message. A StarTech router has telnet open with a hard coded password of root that can not be changed. On the Hootoo TripMate travel router an unathenticated user can do a firmware update. The TrendNet TEW714TRU used to let an unauthenticated LAN side user inject arbitrary commands. After the flaw was reported, TrendNet revised the firmware, but the underlying bug remained. Now, however, you have to be an authenticated user to exploit it.

MARCH 2017

Ubiquiti drags their heels fixing a bug

Unpatched vulnerability puts Ubiquiti networking products at risk
by Lucian Constantin of IDG News Service March 16, 2017
As bugs go, this is chump change; only authenticated users can exploit the flaw. The bug, discovered by SEC Consult, allows authenticated users to inject arbitrary commands into the web interface. The bug has been confirmed in 4 Ubiquiti Networks devices but is believed to exist in another 38. The worst part seems to the way Ubiquiti handled the issue. They acknowledged the flaw at the end of Nov. 2016, then gave SEC Consult a hard time and eventually just went silent. After a while, SEC Consult gave up and went public. Nerds everywhere love Ubiquiti, hopefully they read about this.

  • SEC Consult Vulnerability Lab Security Advisory 20170316-0 Quoting: “SEC Consult recommends not to use this product in a production environment until a thorough security review has been performed by security professionals and all identified issues have been resolved.” Be sure to read the Vendor contact timeline.

Two bugs in GLi routers have been patched

LAN surfing. How to use JavaScript to Execute Arbitrary Code on Routers
by T Shiomitsu of Pentest partners Mar 13, 2017
The GLi range of routers are small and very customizable routers, predominantly for those who fancy an extra level of control over their Wi-Fi-connected devices. Two flaws were found in the GL Innovations firmware v2.24. One was an authentication bypass, the other authenticated code execution. The article has sample code for using WebRTC and JavaScript scanning to find the LAN side IP address of the router. Code is also provided to fingerprint the router. GLi has fixed the flaws in their latest firmware and they responded to the two bug reports, which were made separately, fairly quickly.

  • The full exploit code can be found here

Two bugs in old D-Link routers

D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass and do not protect credentials
by Garret Wasserman of US-CERT   March 15, 2017
Despite the article title, other D-Link models may be affected by these issues too. One bug allows a remote attacker that can access the remote management login page to manipulate the POST request to access some administrator-only pages without credentials. In addition, the tools_admin.asp page discloses the administrator password in base64 encoding. D-Link has confirmed the flaws, there is no information about if or when a patch will be issued. The devices are old. The DIR-330 is a Wi-Fi G VPN Firewall with Fast Ethernet. The DIR-130 is similar but without Wi-Fi. As usual, disable remote administration if not really needed. If it is needed, restrict the allowed source IP addresses. The bugs were discovered by James Edge.

D-Link again. HNAP again.

D-Link DIR-850L web admin interface contains a stack-based buffer overflow vulnerability
by Joel Land of US-CERT   March 8, 2017
As bad as it gets: a remote, unauthenticated attacker can run arbitrary code as root. Yet another reason to disable remote administration. It is disabled by default on the DIR-850L device but, even then, the device can still be attacked from the LAN side. Other D-Link models may also be affected. The vulnerability is in the HNAP service. A bad guy can send a specially crafted POST request to http://routerIPaddress/HNAP1/ that causes a buffer overflow and execute arbitrary code. Beta firmware was released Feb. 17, 2017. The DIR-850L is a dual band Wi-Fi AC router. It is also affected by the November 2016 HNAP flaw in D-Link devices (see below). The bug was reported by Sergi Martinez of NCC Group.

FEBRUARY 2017

Dealing with a hacked Netgear router

Router assimilated into the Borg, sends 3TB in 24 hours
by Chris Lee of Ars Technica   February 26, 2017
Interesting story by someone who is not a networking expert. His Netgear R6400 router was hacked. The article goes into the symptoms of the problem and the debugging steps that he took to figure out the problem. After realizing the router had been hacked, a factory reset did not fix the problem which tells me that the router was running malicious firmware. DD-WRT was not much help. In the end, the router was a paperweight.

Bugs in two TP-Link routers

Updated Firmware Due for Serious TP-Link Router Vulnerabilities
by Michael Mimoso of Kaspersky Threatpost   Feb. 13, 2017
One flaw allows for remote code execution but only after logging in to the router. Another flaw allows a bad guy to crash the TP-Link C2 and C20i routers. There are weak default credentials for the FTP server in the router. The default firewall rules are too permissive on the WAN interface. The final insult is artistic, Pierre Kim, who found the flaws, claims that three of the modules in the router firmware “are overall badly designed programs, executing tons of system() and running as root.” TP-Link plans to release a new firmware in February 2017, patching all the vulnerabilities. Perhaps the worst aspect was that when Kim first contacted TP-Link by livechat he was told “there is no process to handle security problems in TP-Link routers” and the company refused to offer a point of contact for security issues. Ouch.

JANUARY 2017

Netgear routers buggy, yet again

CVE-2017-5521: Bypassing Authentication on NETGEAR Routers
By Simon Kenin of Trustwave   January 30, 2017
There are two bugs in Netgear routers that leak the administrator userid and password. These are not to be confused with the two sets of bugs in Netgear routers last month. Each of these bugs can be exploited from the LAN side and, if remote administration is enabled, also from the WAN/Internet side of the router. Remote Administration should be disabled by default. Still, there are at least ten thousand vulnerable devices that are remotely accessible.The bugs were first reported to Netgear in April 2016 and, to date, all the affected routers have still not been patched. There is a work-around however, enable password recovery. This is an option in the router that requires a secret question before divulging the router password. With password recovery enabled, all is well. On some routers, you can test if it is vulnerable with
http://router/passwordrecovered.cgi?id=anythinghereworks
Getting patches issued was a long slog, obviously since it has taken 9 months. The first Netgear advisory listed 18 vulnerable devices. A second advisory listed an additional 25 models. As things stand now, there are 31 vulnerable models, 18 of which are patched. However, Trustwave warns that one of the models listed as not vulnerable (DGN2200v4) is, in fact, vulnerable. Ugh. Netgear now has a new procedure for handling reports about flaws in their software.

Thailand ISP ignores router flaws

Router vulnerabilities disclosed in July remain unpatched
by Michael Mimoso of Kaspersky Threatpost   January 17, 2017
The first sentence of this article is all you need to read: “Details on serious vulnerabilities in a number of routers freely distributed by a major Thai ISP were published on Monday after private disclosures made to the vendors in July went unanswered.” As I say elsewhere on this site, don’t use a router provided by your ISP. TrueOnline, the largest broadband company in Thailand, gives their customers three buggy routers: ZyXel P660HN-T v1, ZyXel P660HN-T v2 and Billion 5200 W-T. Multiple bugs (default admin accounts and command injection vulnerabilities) were found and disclosed by Pedro Ribeiro of Agile Information Security. Most of the vulnerabilities can be exploited remotely, some without authentication. It is likely that the same flaws exist in other ISP customized routers in other countries. A ZyXel representative told Threatpost the router models are no longer supported. Billion ignored a request for comment from Threatpost.

FTC accuses D-Link of poor security

Feds Accuse D-Link of Failing to Properly Secure Routers and Webcams
by Chris Morran of consumerist.org   January 5, 2017
Federal regulators have accused D-Link of leaving its routers and webcam devices vulnerable to hackers. A lawsuit alleges that D-Link “failed to take reasonable steps to protect their routers and IP cameras from widely known and reasonably foreseeable risks of unauthorized access.” D-Link is also accused of misleading the public about the security of their devices. This is the second time the FTC has gone after insecure routers. In February 2016, they went after Asus for their insecure routers. At least Asus took their medicine, D-Link, in contrast, cried foul.

2016

DECEMBER 2016

Scam Android apps attack routers with default passwords

Switcher: Android joins the attack-the-router club
by Nikita Buchka of Kaspersky Labs   December 28, 2016
As router attacks go, this is small potatoes. Victims have to install the scam Android apps manually, they are not in the Play store. And, it only impacts TP-Link routers with default passwords. The malware, dubbed Trojan.AndroidOS.Switcher changes the DNS servers in the router, something that can be detected, even though the author of this report fails to point this out (see the Tests page). Its only newsworthy as the first Android apps to attack routers. Still, it has infected 1,280 Wi-Fi networks in China.

Flaws in three ZyXEL routers are not being fixed

ZyXEL and Netgear Fail to Patch Seven Security Flaws Affecting Their Routers
by Catalin Cimpanu of BleepingComputer.com   December 26, 2016
SecuriTeam documented four security flaws affecting three routers manufactured by ZyXEL. Don’t think you have a ZyXEL router? Look again, many companies put their own label on ZyXEL hardware. TrueOnline, a major ISP in Thailand providies ZyXEL routers to customers as do other ISPs. The known bad models are the P660HN-T v1, P660HN-T v2, and Billion 5200W-T. The routers are vulnerable to command injection on their web interface, which can be exploited by an unauthenticated attackers. Bad guys can thus take control of a router by issuing maliciously-crafted HTTP requests. It’s not clear if the vulnerability is on the LAN side, WAN side or both. In addition, the routers come with hard coded backdoor credentials. Ugh. ZyXEL was notified of the problems in July 2016 and chose to stonewall. Thus, there is no workaround or fix.

Bug in the NETGEAR WNR2000

Stack buffer overflow vulnerability in NETGEAR WNR2000 router
by Pedro Ribeiro of Agile Information Security   December 20, 2016
The Netgear WNR2000 router dates back to 2008. It does Wi-Fi “N” on the 2.4GHz band, period. It now sells for about $30. It has a remote code execution flaw that is exploitable over the LAN by default or over the WAN if remote administration is enabled. According to Shodan, about 10.000 of these routers have remote admin turned on. Ribeiro reverse engineered the internal uhttpd web server and found that function apply_noauth.cgi allows an unauthenticated user to perform admin functions. Some of the functions, such as rebooting the router, can be exploited straight away by an unauthenticated attacker. Other functions, such as changing Internet, WLAN settings or retrieving the administrative password, require the attacker to send a “timestamp” variable. But Ribeiro reverse engineered the timestamp generating function due to a flaw in its random number generation. Combining this flaw with some other information leakage, it is possible to recover the administrator password. A stack buffer overflow was also discovered. Bottom line: an unauthenticated attacker can take full control of the device. Ribeiro tried to contact Netgear three times (Sept 26th, Oct 28th and Nov. 29th) and never got a response. However, now that this got some coverage in the press, Netgear has responded and will fix the problems.

DNS changing attack against MANY routers

Home Routers Under Attack via Malvertising on Windows, Android Devices
by Kafeine of Proofpoint   December 13, 2016
Wow, this is bad. And made worse by being hard to detect and defend. Viewing a web page is all it takes to have a router attacked. The main goal of the malware is to change the DNS servers in the router. These server assignments normally propagate to all devices on a network. In some cases the malware also opens ports on the WAN side of the router leaving it vulnerable to other attacks. This malware was first seen 2015 when it exploited 55 known router flaws. This new improved version can exploit 166 known flaws, some of which work against several router models. If the malware can’t find a known bug for a router, it tries to logon to the router with default credentials. You do not have to visit a “bad” website, “the attack chain ensnares victim networks though legitimate web sites hosting malicious advertisements unknowingly distributed via legitimate ad agencies.” Which routers are vulnerable? The article says “It is not possible to provide a definitive list of affected routers.” That said, some routers were pointed out for being newly vulnerable: D-Link DSL-2740R, COMTREND ADSL Router CT-5367 C01_R12, NetGear WNDR3400v3 (and likely other models in this series), Pirelli ADSL2/2+ Wireless Router P.DGA4001N and Netgear R6200. Reading through the article, it’s obvious that the malware is very sophisticated. What to do? “Unfortunately, there is no simple way to protect against these attacks.” In a Dec. 19th update, Proofpoint wrote “At this time, a minimum of 56,000 routers have been compromised, but we expect that number is considerably higher.”

Netgear router flaw affects 11 models

CERT Warns Users to Stop Using Two Netgear Router Models Due to Security Flaw
by Catalin Cimpanu of Bleeping Computer   December 10, 2016
At least two Netgear routers, the R6400 and R7000 are vulnerable to a command injection flaw that is easy to exploit and could lead to total takeover of the routers. There has, as yet, been no response from Netgear. CERT has gone so far as to say “Users who have the option of doing so should strongly consider discontinuing use of affected devices until a fix is made available.” The documentation released so far does not make it clear if the devices are vulnerable on the LAN side only, WAN side only or both.

NOVEMBER 2016

TR-064 protocol abused in new attack

Port 7547 SOAP Remote Code Execution Attack Against DSL Modems
by Johannes Ullrich of Sans   November 28, 2016
Port 7547 is used by a remote management protocol known as either TR-069 or CWMP. It has been trouble before and I already suggest testing for it on the Tester Page. A ton of mistakes involved here. There was a TR-064 server available to the Internet at large on port 7547 which is two mistakes right there. TR-064 suffers from information disclosure issues. On some routers at least, its also buggy letting attackers run commands and totally take over the router. Finally, some routers hang when dealing with too many incoming connections which is what the malware did to spread. So even routers that were not infected, were knocked off-line. Oh, and the malare is a new variant of Mirai. According to Shodan, about 41 Million devices have port 7547 open. This attack is confirmation of my position to not use a router provided by your ISP.

Yet another HNAP bug in D-Link routers

Turn off remote admin, SOHOpeless D-Link owners
by Richard Chirgwin of The Register   November 8, 2016
Carnegie-Mellon Computer Emergency Response Team (CERT) reports a buffer overflow flaw in the HNAP service running on at least 8 D-Link routers. There is no fix from D-Link. The flaw can be exploited on the LAN side over port 80. The documentation is inconsistent as to whether it can also be exploited remotely. Known vulnerable models are the: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L and DIR-868L. However, D-Link markets these routers using alternate names such as the AC5300 Ultra Wi-Fi Router so you may need to map the external name to the internal model number. The flaw was discovered by Pedro Ribeiro of Agile Information Security back in July 2016. It’s not clear why it got no publicity until Nov. 7, 2016. D-link has a long history of vulnerabilities in their implementation of the HNAP protocol. CERT initially had no practical solution to this problem. On Nov. 10th, just days after this got publicity, D-Link issued the first round of patched firmware.

OCTOBER 2016

Still more attacks are changing DNS servers in routers

Cybercriminals target Brazilian routers with default credentials
by ESET   October 21, 2016
Quoting: “Households and small businesses that use consumer-grade internet routers may fall victim to attacks that are currently targeting mainly Brazilian users, but may be easily localized to any other country. These attacks have been around since 2012, but the risks they carry are rising sharply … we are closely monitoring these attacks in order to keep pace with recent developments in the attackers’ techniques. It seems likely that there are different groups conducting these attacks … The main objectives of these attacks are to change the DNS configuration, allow remote management of the router by accessing it with its public IP, and to set a predefined password – often the router’s default password – for potential easy access for the perpetrators at a later time.”
These attacks can be defended against by not using the default router password and not using the default router IP address. Also, check your current DNS servers using dnsleaktest.com and/or whoer.net.

TheMoon malware version 2 adds attacks on more routers

TheMoon Botnet Still Alive and Well After Two Years
by Catalin Cimpanu   October 20, 2016
TheMoon worm was discovered in early 2014 attacking vulnerable Linksys routers. In response, Linksys issued a firmware update. In response, the bad guy added an attack on vulnerable Asus routers. Sending malicious UDP data lets a bad guy execute malware on vulnerable Asus routers. And, the malware adds firewall rules to protect an infected router from other malware. One of these rules protects D-Link routers from an HNAP SOAP flaw so it is assumed the malware also targets D-Link routers.

Two stories about routers with default passwords

At least 15% of home routers are unsecured
by Peter Stancik of ESET   October 19, 2016
ESET tested more than 12,000 home routers and found that 15% used weak passwords. It’s a matter of opinion as to whether this is good or bad news. They also found, not surprisingly, that “admin” was the userid in most cases. As for bugs, they found that 7% had “vulnerabilities of high or medium severity” and that 20% had Telnet open on the LAN side.
The very same day that ESET released its report, Brian Krebs wrote about a July 2015 conversation with someone who scanned the Internet for routers using default passwords, found over 250,000 of them and uploaded “some kind software to each vulnerable system.”

Bad guys frequently scan for router flaws

Home Routers – New Favorite of Cybercriminals in 2016
by Bing Liu of Fortinet   October 12, 2016
Fortinet has been monitoring the outbreak of attacks targeting home routers. More and more scans are looking for known bugs in routers from D-Link, Asus and Netis. Back in August 2014, it was revealed that Netis routers have a hard coded password backdoor. Fortinet started looking for hacking attempts against this backdoor in July and there are many of them. A vulnerability that allowed Unauthenticated Remote Command Execution was discovered in D-Link routers back in 2013. Fortinet initially found very few bad guys trying to abuse this flaw, until this past summer when the hacking attempts went way up (two million in the last 30 days). The Asus flaw is puzzling. It was disclosed in Jan. 2015 and has to do with the infosvr service listening on UDP port 9999. The bug lets an unauthenticated LAN side device execute commands in the router as the root user. What’s puzzling is that the flaw was not supposed to be exploitable from the Internet. Yet, starting this past June, they saw a “surge in activity” trying to exploit it.

SEPTEMBER 2016

A D-Link router has miserable security and D-Link is slow to respond

D-Link DWR-932 B owner? Trash it, says security bug-hunter
by Richard Chirgwin of The Register   September 29, 2016
The router has more than 20 vulnerabilities. Yikes. “Following the consumer broadband industry’s consistently lackadaisical attitude to security, the device suffers from everything from backdoor accounts to default credentials, leaky credentials, firmware upgrade vulns and insecure UPnP.” The bugs were found by Pierre Kim, who has found other router bugs previously. The D-Link box is based on a Quanta LTE device which is the true source for some of the bugs. Five bugs are in the qmiweb webserver from Quanta. Examples: SSH and telnet are enabled by default, with two backdoor accounts (admin:admin, and root:1234). Most important points: it would be trivial to hack this router and add it to a botnet, and, D-Link blew Kim off when he tried to tell them about these problems.

  • Multiple vulnerabilities found in the Dlink DWR-932B (backdoor, backdoor accounts, weak WPS, RCE … by Pierre Kim. Sept. 28, 2016. Full details of the bugs and also the timeline, below is an excerpt:
    Jun 15, 2016: Dlink is contacted about vulnerabilities in the DWR-932 router
    Jun 16, 2016: Dlink Security Incident Response Team acknowledges the receipt of the report
    Jul 9, 2016: Dlink says they will have correction by July 15
    Jul 19, 2016: Pierre asks for updates.
    Aug 19, 2016: Pierre asks for updates.
    Sep 12, 2016: Pierre asks for updates
    Sep 13, 2016: Dlinks says they don’t have a schedule for a firmware release

IoT insecurities – stick them in an isolated network

Hackers found 47 new vulnerabilities in 23 IoT devices at DEF CON
by Lucian Constantin of IDG News Service   September 13, 2016
That IoT devices have poor security is not news. Only one of the 23 devices was a router. My take-away from this story is that IoT devices should be isolated as much as possible. We don’t want a compromised device to be able to do anything to any other device. For more on this see the Guest Network topic in my description of the Pepwave Surf SOHO router.

Inteno refuses to fix their buggy routers

ABBA-solutely crapulous! Swedish router-maker won’t patch gaping hole
by Iain Thomson of The Register   September 2, 2016
Harry Sintonen of F-Secure found a vulnerability in some Inteno routers that lets a bad guy install their own firmware. The routers are managed by the ISP using a protocol called both TR-069 and CWMP (CPE WAN Management Protocol). Routers using this protocol phone home to an Auto Configuration Server (ACS) operated by the ISP. While the Inteno routers do use HTTPS, they do not validate the certificate they get from the ACS server. That means a bad guy, who can man-in-the-middle the connection, can feed the router hacked firmware. Inteno could care less, they blew the whole thing off. The good news is that since the ACS server should be in the internal network of the ISP, the flaw is hard to exploit. An attacker would need a privileged position on the ISP network.

This is why Router Security matters

IoT Home Router Botnet Leveraged in Large DDoS Attack
by Daniel Cid of Sucuri   September 1, 2016
This is a blog post about a DDoS attack that Sucuri fought off for a client. The attack used three different botnets, one of them composed of routers. Sucuri detected over 11,000 compromised routers from eight different vendors. Quoting: “The largest number of routers being exploited came from Huawei-based routers. They varied between versions: HG8245H, HG658d, HG531, etc.” Other routers were from MikroTik, Ubiquiti, NuCom, Dell SonicWall, VodaFone, Netgear, and Cisco-IOS.

AUGUST 2016

Multiple D-Link routers have a buffer overflow processing cookies

Vulnerability Note VU#332115 D-Link routers contain buffer overflow vulnerability
by CERT   August 11, 2016
Quoting: “D-Link DIR routers contain a stack-based buffer overflow vulnerability, which may allow a remote attack to execute arbitrary code.” The overflow is in a function that validates the session cookie, it did not verify the length of the cookie properly. The flaw was first reported on May 31, 2016 and the first fixes were released Aug. 11, 2016. Some of the affected routers are the DIR-850L, DIR-890L, DIR-880L, DIR-868L and the DIR-818L. The bug can be exploited both locally and remotely. The worst of this, to me, is that the router exposes port 8181 on the Internet. A router should never need to leave ports open on the WAN side.

BHU Networks router is terribly insecure

MULTIPLE VULNERABILITIES IDENTIFIED IN ‘UTTERLY BROKEN’ BHU ROUTERS
by Chris Brook of Kaspersky Threatpost   August 19, 2016
Tao Sauvage, a Security Consultant with IOActive Labs, purchased BHU WiFi router on a recent trip to China that could easily be exploited to do pretty much anything. There are three different ways to gain administrative access to the router’s web interface. The router accepts any session ID cookie, which lets anyone be an authenticated user. And, he found it easy to elevate privileges from admin to root. The router is also accessible from the Internet side and it enables SSH at startup and has a hardcoded root password. What’s left? It injects suspicious looking third party JavaScript into HTTP traffic. Yikes. The manufacturer, BHU Networks Technology is based in Beijing.

Another high end vendor, Ruckus, found vulnerable

Ruckus Raucous: Finding Security Flaws in Enterprise-Class Hardware
by Craig Young of Tripwire   August 3, 2016
I started this page to highlight bugs in consumer routers, yet the big boys are buggy too. At first, Young tested a Ruckus ZoneFlex. Quoting: “Within a few minutes of setting up the device, I found a command injection, which is exploitable through a forged request due to a general lack of CSRF tokens. As with many of the consumer routers I had tested, the ZoneFlex offers … a simple ping test, with apparently no input sanitization.” Consumer routers commonly have all processes running as root. Same with Ruckus. Young also found an Authentication Bypass: “All requests containing a particular string received ‘200 OK’ responses. By creatively adding this string to other requests, I was able to get response data intended only for authenticated queries. This is a behavior I have observed in routers from NETGEAR, TrendNET and Asus.” And, two other flaws: a Denial of Service and an Information Disclosure (the serial number is exposed). To me, the worst issue was that Young could not get in touch with Ruckus. This is a disgrace. My favorite router vendor, Peplink, has an online Forum where experts respond to questions and problems.

JULY 2016

120 D-Link devices may be buggy, including routers

D-Link Wi-Fi Camera Flaw Extends to 120 Products
by Michael Mimoso of Kaspersky Threatpost July 7, 2016
“A software component that exposed D-Link Wi-Fi cameras to remote attacks is also used in more than 120 other products sold by the company. Researchers at Senrio, who found the original vulnerability, disclosed today additional details of product vulnerabilities related to the component after collaborating with D-Link. Senrio said the flaw also puts D-Link Connected Home products at risk, including other cameras, routers, models and storage devices.” There are no patches, yet. There are three flaws. The most severe is an unbounded/unchecked string copy that can be exploited to cause remote code execution.

  • Home, Secure, Home? by Senrio June 8, 2016
  • D-Link vulnerability impacts 400,000 devices by Steve Ragan of CSO July 7, 2016
  • Regarding Senr.io Vulnerability Affecting Many D-Link Products response from D-Link. No creation date. No last updated date. Seven months after the initial problem report, this says “D-Link has not yet confirmed the list of models affected by this vulnerability.” and then this: “The first products will begin to get updates by July 19th and we will continue to update devices in the priority of numbers registered though the end of 2016.” Except not. Many devices are still said to be “pending as of Nov. 1, 2016.” I am writing this in Jan. 2017. D-Link either walked away from some devices or from their documentation.

TP-LINK lets domain lapse

TP-Link routers exposed to potential security flaw after domain registration lapses
by Boyd Chan Neowin   July 4, 2016
One way that hardware vendors try to make the initial configuration of a router easier is by telling users to browse to a domain name rather than an IP address. TP-LINK uses both tplinklogin.net and tplinkwifi.net and they forgot to renew their ownership of tplinklogin.net. Its now owned by someone outside of the company and TP-LINK has, so far, refused to buy it back. This was discovered by Amitay Dan who also claims that TP-LINK is updating their documentation. I checked the TP-LINK website and found one item that says to use either an IP address or the domain they still own (tplinkwifi.net) and another item that says to use tplinklogin.net. Dan claimed that TP-LINK stopped talking to him after he brought this to their attention. If true, its a rare chance to see how much a company really cares about security. I blogged about this and did some testing. It is not a security issue for owners of TP-LINK routers. They intercept requests to tplinklogin.net and direct them to the router rather than the Internet. However, it could well be a problem for everyone else. I also found another domain that TP-LINK lost control of.

JUNE 2016

Apple routers are buggy and Apple offers no details at all

Apple fixes serious flaw in AirPort wireless routers
by Lucian Constantin in PC World   June 21, 2016
Apple has released firmware updates for its AirPort routers to fix a memory corruption bug stemming from DNS data parsing. Yet again, Apple deals with security problems by saying nothing. This tells me they can’t be trusted.
Quoting: “As is typical for Apple security announcements, the company did not release details about possible exploitation scenarios and did not assign a severity rating for the flaw … What is not clear is whether the data parsing issue is in the DNS server or DNS client functionality…. If the error is in the parsing of queries received from LAN computers, it would limit the attack to the local network. Whereas, if the flaw is in the parsing of DNS responses, it could be exploited remotely… Another unknown is the privilege with which attackers would execute malicious code if this flaw is successfully exploited. If the code is executed under the root account, it could lead to a full device compromise.”
It appears the bug was first known about back in September 2015. Pretty slow response. Apple routers do not self-update, installing the new firmware requires you to use either AirPort Utility 6.3.1 or later on OS X or AirPort Utility 1.3.1 or later on iOS. This means customers may have to update the AirPort utility before they can update the router.

Don’t hold your breath waiting for Cisco bug fixes

Cisco Won’t Patch Critical RV Wireless Router Vulnerability Until Q3
by Michael Mimoso of Kaspersky Threatpost   June 16, 2016
The Cisco RV series of wireless VPN firewalls and routers have flaws in their web interface that allow for remote code execution. Workarounds are not available, yet Cisco plans on fixing this in the third quarter of 2016. To exploit the bug, just send the device a malicious HTTP request. If remote management is enabled, this can be exploited remotely. Effected models are the RV110W Wi-Fi VPN Firewall, RV130W Wi-Fi VPN Router and the RV215W Wi-Fi VPN Router. Not buggy enough? There are also cross-site scripting and buffer overflow bugs in the same devices.

MyD-Link devices are vulnerable

D-LINK patches weak crypto in MYD-LINK devices
by Michael Mimoso of Kaspersky Threatpost   June 14, 2016
A couple flaws were found in My-DLink devices such as the DIR-810L cloud router. Other vulnerable devices include IP Cameras and home routers. One flaw is not verifying certificates after making an SSL connection, the other is using SSL v2 and SSL v3, both of which are known to haver security flaws. The flaws were found by Firmalyzer and D-Link released updated firmware. However, I looked for DIR-810L firmware on the D-Link website and could not find anything. The articles did not link to it either.
Update: a reader emailed me to point out that updated firmware is available for the B model of DIR-810L but not for the A model (see link below). The firmware is dated June 13th and marked as BETA.

Netgear issues bug fixes

Netgear router update removes hardcoded crypto keys
by Michael Mimoso of Kaspersky Threatpost   June 11, 2016
Netgear has released firmware updates for two of its router products lines, patching vulnerabilities that were reported in January. Models D6000 and D3600 are known to be vulnerable, but other models and firmware versions could also be susceptible to the same issues. One issue is an authentication bypass vulnerability, the other is a hard-coded cryptographic key. The devices are vulnerable to attack on the LAN side and remotely, if remote management is enabled. Abusing the flaws, an attacker can gain administrator access. A remote attacker able to access the /cgi-bin/passrec.asp password recovery page may be able to view the administrator password in clear text by examining the source code of the page. Two things are required to work around the problem: the password recovery feature must be enabled and remote management must be disabled. Netgear says “The potential for password exposure remains if you do not complete both steps. NETGEAR is not responsible for any consequences that could have been avoided by following the recommendations in this notification .. NETGEAR is working on a firmware fix and will email the download information to all registered users when the firmware becomes available. To register your product, visit https://my.netgear.com/register/

IPv6 Ping of Death hits Cisco and Junipter

Cisco warns IPv6 ping-of-death vuln is everyone’s problem
by Shaun Nichols of The Register   June 2, 2016
Cisco devices running IOS XR, Cisco IOS, Cisco IOS XE and Cisco NX-OS software have a flaw in their processing of IPv6 Neighbor Discovery (ND) packets. Exploitation of this bug could cause high CPU usage, the suspension of processing all IPv6 traffic or the temporary loss of services for traffic that terminates on the device, in addition to IPv6 traffic. Cisco is working on fixes, but there is no timetable. Juniper has three bugs with IPv6 Neighbor Discovery processing in Junos OS.

MAY 2016

Industrial company Moxa has buggy routers

Serious Vulnerabilities Found in Moxa Industrial Secure Routers
by Eduard Kovacs of Security Week   May 19, 2016
Frankly, I had never heard of Moxa. The article calls them an “Industrial networking, computing and automation solutions provider” and says that their EDR-G903 series is an industrial router used in the United States, Europe and South America. Multiple high severity flaws, that can be exploited remotely, were discovered in January by Maxim Rupp. Configuration files store passwords in plain text. Both configuration and log files can be accessed with a specific URL by an unauthenticated attacker. A remote attacker can also cause the device to enter a DoS condition by sending it malicious requests. Patches have been issued, but they have not yet been verified to work.

Another business class company, Ubiquiti, has bugs

Worm infects unpatched Ubiquiti wireless devices
by Lucian Constantin of IDG News   May 20, 2016
Quoting: “Routers and other wireless devices made by Ubiquiti Networks have recently been infected by a worm that exploits a year-old remote unauthorized access vulnerability. The attack highlights one of the major issues with router security: the fact that the vast majority of them do not have an auto update mechanism and that their owners hardly ever update them manually.” The bug has been fixed, but devices were not updated with patched firmware. The Resources page of this site lists routers that can self-update. Affected devices include the airMAX M Series, AirMAX AC, airOS 802.11G, ToughSwitch, airGateway and airFiber. The bug was easy to exploit. The latest worm creates a backdoor account, then adds a firewall rule that blocks legitimate administrators from accessing the Web-based management interface.

26 bugs in Aruba Networks devices

Aruba fixes networking device flaws
by Lucian Constantin of IDG News Service   May 9, 2016
The interesting part of this story is that all the bugs were found by Google. The last time I was in a Google office, I noticed that they use Aruba for their Wi-Fi. The vulnerabilities affect ArubaOS, Aruba’s AirWave Management Platform (AMP) and Aruba Instant (IAP). There 26 different issues range from privileged remote code execution to information disclosure, insecure updating mechanism and insecure storage of credentials and private keys. Under certain circumstances, attackers can compromise devices. There are also design flaws in an Aruba proprietary management and control protocol dubbed PAPI.

APRIL 2016

Malware changes router DNS settings

Mobile Devices Used to Execute DNS Malware Against Home Routers
by Chisato Rokumiya of Trend Micro   April 11,2016
Trend Micro discovered a JavaScript based router attack that originated in December 2015. For whatever reason the malicious code only runs from websites loaded by mobile devices. The malware targets routers from D-Link, TP-LINK, ZTE and perhaps others as the code is constantly changing. There are two infection vectors. The first is brute force, the malware tries 1,400 combinations of popular or default userids/passwords. It also targets “a specific vulnerability that currently exists in ZTE-based routers.” The malware has been seen world-wide with the top countries being Taiwan, Japan, China, the United States, and France. This type of brute force attack is to be expected. It is why, on the home page of this site, changing the router password is the first suggestion. And, it is why I also suggest changing the userid used to logon to the router, when possible.

Quanta routers have every bug ever made

Multiple vulnerabilities found in Quanta LTE routers
by Pierre Kim   April 4, 2016
Quoting: “Quanta Computer Incorporated is a Taiwan-based manufacturer of electronic hardware. It is the largest manufacturer of notebook computers in the world. The Quanta LTE QDH Router device is a LTE router / access point overall badly designed with a lot of vulnerabilities. It’s available in a number of countries to provide Internet with a LTE network.” Some of the bugs that Kim found: Hardcoded SSH Server key, Backdoor accounts, Router DoS, WebInterface Information Leak, two remote code execution flaws, two Backdoors, two flaws with WPS, Remote Firmware Over The Air, arbitrary file browsing and reading, etc. The buggy firmware seems to be used in many routers. My favorite part was Mr. Kims opinion: “… at best, the vulnerabilites are due to incompetence; at worst, it is a deliberate act of security sabotage from the vendor.” The company will not fix any of these bugs. As I say elsewhere on this site, avoid all consumer routers.

Arris cable modem issue

ARRIS (Motorola) SURFboard modem unauthenticated reboot flaw
by David Longenecker   April 1, 2016
In a poor design decision, the Arris SB6141 cable modem can be rebooted and reset without requiring a password. This, combined with its having a dedicated IP address means that a malicious web page can knock you off-line, for a bit. This is not a bug or a flaw, that’s the way it was designed. The same flaw existed in the older SURFboard 5100 model at least as early as 2008 and it also exists in the 6121 model. Longenecker first reported the problem to Arris in January 2016 and he was ignored, until this got widely picked up in the press. When they were shamed into it, Arris changed the design. But, anyone with an effected modem is at the mercy of their ISP to install the update. It has been two months since Arris released new firmware, as I am writing this, and Time Warner has not yet rolled out the update. In fact, I was told by a Time Warner rep on the phone that its not their job to do so.

MARCH 2016

Telnet being abused by Remaiten bot

Your Linux-based home router could succumb to a new Telnet worm, Remaiten
by Lucian Constantin of IDG News Service   March 31, 2016
Remaiten is a a new worm, discovered by ESET, that infects routers and other devices by taking advantage of weak Telnet passwords. The page on this site that lists services many/most people should turn off on their routers, includes Telnet. The software, also called KTN-Remastered, connects to random IP addresses on port 23. When a Telnet server is found, the software tries to login with assorted common passwords. The bot supports a variety of denial-of-service attacks. The Test Your Router page on this site links to assorted firewall testers that can tell you if your router has exposed a Telnet server.

Netgear router password flaw

Optus cable routers let anyone change passwords, says tech
by Darren Pauli of The Register   March 17, 2016
There is a password flaw in the web interface of Netgear CG3000v2 gateways (combo router/modem/telephone adapter) provided by Australian ISP Optus. Specifically, the SetPassword.asp page, which prompts for the old and new password, ignores the old password and changes the password to the new one all the time. The flaw was discovered by Paul Szabo of the University of Sydney. When he informed both Netgear and Optus, they ignored him. Back in April 2014, this same Netgear box was the subject of another security flaw, it had both Telnet and SSH active with the same default password on every box. See Default password leaves tens of thousands of Optus cable subscribers at risk. Yet more proof not to use hardware provided by an ISP.

Modems can be buggy too

Cisco patches serious flaws in cable modems and home gateways
by Lucian Constantin of IDG News Service March 10, 2016
Quoting: “Cisco Systems has patched high-impact vulnerabilities in several of its cable modem and residential gateway devices … The embedded Web server in the Cisco Cable Modem with Digital Voice models DPC2203 and EPC2203 contains a buffer overflow vulnerability that can be exploited remotely without authentication … [the] Cisco DPC3941 Wireless Residential Gateway with Digital Voice and Cisco DPC3939B Wireless Residential Voice Gateway are affected by a vulnerability that could lead to information disclosure [by] an unauthenticated, remote attacker … The Cisco Model DPQ3925 8×4 DOCSIS 3.0 Wireless Residential Gateway with EDVA is affected by a separate vulnerability … that could lead to a denial-of-service condition.”

FEBRUARY 2016

A ton of new router flaws discovered

New firmware analysis framework finds serious flaws in Netgear and D-Link devices
by Lucian Constantin of IDG News Service   Feb 29, 2016
Been there done that. Once again, a group of researchers looked at many router firmwares and found a ton of bugs. The bug hunting was done with a framework called FIRMADYNE built by Daming Chen, Maverick Woo and David Brumley from Carnegie Mellon University and Manuel Egele from Boston University. They found 887 firmware images that were vulnerable to at least one of 74 known exploits. They also found 14 previously unknown vulnerabilities in 69 firmware images used by 12 products. The Web management interface of six Netgear devices (WN604, WN802Tv2, WNAP210, WNAP320, WNDAP350 and WNDAP360) contain several pages that can be accessed without authentication and could allow attackers to pass input directly to the command line. In addition, the Netgear WN604, WNAP210, WNAP320, WND930, WNDAP350 and WNDAP360 also include Web pages that can be accessed without authentication and they expose the WPS PIN code. WPS bad. As for D-Link, the web server used in the D-Link DAP-2310, DAP-2330, DAP-2360, DAP-2553, DAP-2660, DAP-2690 and DAP-2695 have a buffer overflow vulnerability that can be triggered when processing a cookie. And, more. Six other devices (the D-Link DAP-1353, DAP-2553 and DAP-3520 and the Netgear WNAP320, WNDAP350 and WNDAP360) expose wireless passwords and admin credentials over SNMP. Perhaps the most important issue here is that D-Link never responded to the researchers reporting these bugs. Netgear will have fixes out by mid March.

FTC goes after ASUS routers for bad security

ASUS Settles FTC Charges That Insecure Home Routers and “Cloud” Services Put Consumers’ Privacy At Risk
by the FTC   February 23, 2016
The security of ASUS routers was flawed in many ways. What seems to have brought the U.S. Government down on them were the flaws with the security of storage devices plugged into a USB port in the router. The two features are called AiCloud and AiDisk. The bugs are listed on the bugs page of this site. The password protection was easy to bypass, so much so, that good guys would leave messages for people warning that their router was easily hacked. All this while ASUS was bragging about how secure this was. Manuals suggested that users all use the same userid and password. The FTC claims that ASUS did not take reasonable steps to secure the software on their routers. Then too, the usual behavior from consumer router companies: ignoring reports of bad security for months on end and even when updated firmware is finally made available, the router incorrectly reports that there is no available update. ASUS agreed to pay a fine and to security audits every two years. In summary, more proof to my argument that all consumer routers should be avoided.

A warning about configuring Asus routers

Poor UX leads to poorly secured SoHo routers
by David Longenecker blogging at Security For Real People   Feb. 7, 2016
Asus routers with an RT in the model name suffer from a user interface design flaw. If the firewall is disabled, remote administration (which Asus calls “Web Access from WAN”) is enabled, even if remote administration is specifically disabled by the user. That is, the firewall setting over-rides the remote admin setting and nothing about this is externalized to the end user. Longenecker stumbled across this by accident while checking his public IP address in Shodan. He found over 135,000 Asus wireless routers that can be logged into from the Internet. I take this as yet another reason to always change the remote admin port number, even if you have disabled remote administration.

Building router hacked

Building automation systems are so bad IBM hacked one for free
by Darren Pauli of The Register   Feb 11, 2016
Quoting: “An IBM-led penetration testing team has thoroughly owned an enterprise building management network in a free assessment designed to publicise the horrid state of embedded device security … they found exposed administration ports … gaining access to a D-Link panel enabled to allow remote monitoring … by adding an extra carriage return after the page request it was possible to bypass the router’s authentication. They found command injection vulnerabilities in the router and found a list of commands in the firmware source code. They found a cleartext password in the router’s var directory that not only granted more router pwnage but, thanks to password-reuse, allowed them to compromise the building management system.” No mention of who made the router, let alone a model number.

Two issues in Cambium Networks ePMP1000 router

CARISIRT: Defaulting on our Passwords (pt.2): Attacker-Friendly Security
by Zachary Wikholm of CARI.net Feb. 5, 2016
SNMP is enabled by default and the default configuration has community strings “public” and “private” for read and write respectively. This allows a remote attacker to potentially reboot the device using the SNMP write community. There are also multiple default userids and passwords and SSH is enabled by default. Default user/pswd admin/admin is allowed unrestricted access via SSH. Three additional userid/password pairs are installer/installer (an admin), home/home (readonly) and read-only/read-only (also readonly).

Two issues in Ubiquiti AirOS and EdgeMax routers

CARISIRT: Defaulting on our Passwords (pt.2): Attacker-Friendly Security
by Zachary Wikholm of CARI.net Feb. 5, 2016
Mostly quoting: All current products have the default userid/password of ubnt/ubnt and have SSH enabled by default. The ubnt user also has sudo access via sudo -s. This gives remote attackers the ability to make changes … This is very well known to attackers, and Ubiquiti devices make for a great target as they can support SOCKS proxying, and a wide variety of malware.
Mostly quoting: When an AirOS device switches back to factory defaults, it copies the /usr/etc/system.cfg to /tmp/system.cfg; saves and then reboots. An attacker … can thus make changes to this default configuration to maintain persistence on a device … current versions of the EdgeMax EdgeOS store the factory default configuration as well as other configurations in /opt/vyatta/etc/. An attacker can modify these configs, thus maintaining persistence across factory resets. Also, it would very easy for a remote attacker to reset the device to defaults.

Mikrotik RouterOS default passwords

CARISIRT: Defaulting on our Passwords (pt.2): Attacker-Friendly Security
by Zachary Wikholm of CARI.net Feb. 5, 2016
Mostly quoting: A long standing problem in the Mikrotik RouterOS is the default username and password. All versions including the 6.34 release have default user of “admin” with no password … many devices are compromised within the first few hours of being put on line. During our tests, a device with the username “admin” and no password was compromised within 15 minutes and had 9 unique pieces of malware running within 20 minutes … also allows SSH access without a password.

JANUARY 2016

Default TP-LINK router password needs only 70 guesses

The Wi-Fi router with a password that takes just 70 guesses
by Paul Ducklin of Sophos   January 27, 2016
Some TP-LINK routers have unique default passwords. But the passwords require, at most, 70 guesses. Most of the password is based on the publicly advertised MAC address of the router. The remaining byte has, in theory, 256 possible values, but some detective work showed where this byte comes from and it has only 70 possible values. Not the first time something like has happened. Never use the default router password.

Another attack on the HNAP protocol

Threat Group Uses Dating Sites to Build a Botnet of Vulnerable Home Routers
by Catalin Cimpanu of Softpedia   Jan. 21, 2016
Some dating websites are spreading a worm to their visitors, infecting their routers and adding it to a botnet. The worm is a new variant of TheMoon, which was first discovered in February 2014. It takes advantage of weaknesses in the Home Network Administration Protocol (HNAP). An iframe checks to see if the router supports HNAP. If so, it calls home, informing its creators of the good news. Then a second URL delivers the worm, which is a Linux ELF binary. The worm prevents users from using some inbound ports, and opens outbound ports through which it spreads to other routers. If you take the advice offered here, you would be safe from this because it only looks for the usual suspects regarding the routers IP address.

Asus routers may never log you off

Administrator logout flaw in ASUS wireless routers
by David Longenecker blogging at Security for Real Peple   January 19, 2016
One item on my router security checklist is that a router should log you off after a certain period of time. Prior to April 2014, Asus did not offer this feature. Now they do, however, they do it wrong. Longennecker found that ASUS routers, up to and including firmware from Dec 29, 2015, rely on JavaScript in the browser to enforce the auto-logout function. This means if you close the browser window without logging off, the router will keep you logged in forever (really until the router reboots). The same holds if JavaScript is blocked in the browser. If you have an ASUS router be sure to always log yourself off. Furthering my argument to avoid consumer routers, is the fact that Longenecker first reported this to ASUS in December 2014 and they never bothered fixing it.

A hard coded SSH password found in Fortinet devices

Et tu, Fortinet? Hard-coded password raises new backdoor eavesdropping fears
by Dan Goodin of Ars Technica   Jan 12, 2016
The hard coded SSH password was FGTAbc11*xy+Qqz27 and it was active in 2013 and 2014. Fortinet says it is not a backdoor writing: “This issue was resolved and a patch was made available in July 2014 as part of Fortinets commitment to ensuring the quality and integrity of our codebase. This was not a ‘backdoor’ vulnerability issue but rather a management authentication issue.” In response, the top promoted comment at Ars says: “So they’re saying there was no malice, just an astounding level of incompetence in the area in which they are supposed to be experts?”. Fortinet said nothing to their customers when they disabled the password in 2014. And, it appears they never removed it. Ars was told by a researcher that the password is still in the firmware.

  • Fortinet tries to explain weird SSH ‘backdoor’ discovered in firewalls by Iain Thomson of The Register Jan. 12, 2016. Quoting: “It appears Fortinet’s engineers implemented their own method of authentication … and the mechanism ultimately uses a secret passphrase. This code was reverse-engineered by persons unknown, and a Python script to exploit the hole emerged on the Full Disclosure mailing list this week. Anyone who uses this script against vulnerable firewalls will gain administrator-level command-line access to the equipment.”
  • Multiple Products SSH Undocumented Login Vulnerability Security advisory from FortiGuard Jan. 12, 2016
  • Brief Statement Regarding Issues Found with FortiOS by Fortinet January 12, 2016
  • SSH Issue Update by Fortinet January 20, 2016. The same issue was found in more of their stuff. Quoting “… we discovered the same vulnerability issue on some versions of FortiSwitch, FortiAnalyzer and FortiCache. These versions have the same management authentication issue that was disclosed in legacy versions of FortiOS … this vulnerability is an unintentional consequence of a feature that was designed with the intent of providing seamless access from an authorized FortiManager to registered FortiGate devices.” I take “seamless” to mean “easy” and good security is never easy, so it strikes me as a design flaw.

FRITZ!Box vulnerable on the LAN side but fixes are available

FRITZ!Box home broadband routers’ security FRITZed
by Richard Chirgwin of The Register   Jan. 12, 2016
FRITZ!Box routers are popular in Germany and Australia. German security company RedTeam Pentesting found that program dsl_control listens for commands on TCP port 8080 on the LAN side. They then found that with the right SOAP request the program offers up a list of the commands that it supports, and, that it will execute these commands without authorization. Come and get it, open to all. Perhaps technically, this is not remotely exploitable, but LAN side attacks can be executed from malicious web pages loaded by a LAN side device. The flaw lets a bad guy gain root access. The bug was found in Feb. 2015 but was not made public to give the vendor time to create and distribute a fix. FRITZ!Box routers can self-update and new firmware is available. All told, well handled by everyone involved.

Credit

Thanks to Walter Mostosi for reporting the issue affecting ASUS devices, Naresh LamGarde for DIGICOM devices, and to Eskie Cirrus James Maquilang for PLDT devices. Thanks again to Cesar Neira for reporting the issue in ZTE devices, and to Jose Antonio Rodriguez Garcia for disclosing the Observa Telecom vulnerability to Full Disclosure. Thanks to all security researchers who has contributed their research regarding the hard coded credentials on DSL Consumer routers.

I am the collector of this information not the original writer.

Microsoft 365 Business: public preview now available

$0 preview SKU opens doors for future SMB customer sales

Starting today, you can make the most of the momentum generated by the July Microsoft 365 Business announcement through a $0 Microsoft 365 Business public preview. The preview SKU is available on the August price list.

Microsoft 365 Business—designed specifically for partners like you who work with small and midsize business (SMB) customers—fuses the power and familiarity of Office 365 Business Premium, with tailored Windows 10 and Enterprise Mobility + Security capabilities—all in single SKU.

Read the complete article to find out how you can take advantage of the Microsoft 365 Business public preview to deepen relationships with current customers and to attract new ones.

 

Microsoft Office 365 Guides and Trainings

There are video tutorials available from Lynda.com, Apple.com, and Microsoft.com on a variety of Office 365 topics. You will also find links to these video tutorials on pages throughout the Office 365 documentation.

Email Tutorials

Lynda.com has several video tutorials that cover how to get the most out of using various versions of the Outlook email client with your Office 365 account, including information about managing contacts and creating email filters or rules.

You will need to log into lynda.com.

Calendar Tutorials

Lynda.com has several video tutorials that cover how to use the calendar function of the Outlook Web App and various versions of the Outlook email clients.

You will need to log into lynda.com.

Outlook Web App

Sections 7 and 8 of Outlook Web App (2013) Essential Training cover the following calendar topics:

Section 7: Using the Calendar

  • Viewing the calendars
  • Creating and modifying appointments and events
  • Cancelling an appointment or event
  • Creating and modifying a repeating appointment
  • Printing the calendar
  • Opening a calendar shared with you
  • Viewing multiple calendars
  • Sharing your calendar with others

Section 8: Working with Meetings

  • Responding to a meeting invitation
  • Creating a meeting
  • Updating a meeting
  • Viewing responses
  • Creating repeating meetings
  • Using the Suggested Meetings app

Microsoft also provides a video tutorial on sharing and publishing your Office 365 calendar using the Outlook Web App and Outlook 2013:

Outlook 2016

Section 7 of Outlook 2016 Essential Training covers the following calendar topics:

  • Navigating the calendar
  • Changing the look of the calendar
  • Creating an appointment and an all-day event
  • Creating a meeting
  • Chairing a meeting
  • Responding to a meeting invitation
  • Opening other calendars
  • Printing, emailing, and sharing the calendar
  • Creating additional calendars
  • Setting calendar preferences

Outlook 2016 for Mac

Section 7 of Outlook 2016 for Mac Essential Training covers the following calendar topics:

  • Navigating the calendar
  • Changing the way the calendar looks
  • Creating an appointment and an all-day event
  • Creating a meeting
  • Chairing a meeting
  • Responding to a meeting invitation
  • Opening other calendars
  • Printing the calendar
  • Creating additional calendars
  • Setting calendar and weather preferences

OneDrive for Business Video Tutorials

Microsoft.com has an introductory video that explains how to use OneDrive for Business to store your work documents, to sync your work documents to your computer, and how OneDrive for Business differs from commercially available OneDrive accounts:

Skype for Business Video Tutorials

Skype for Business Documentation on Microsoft.com

Microsoft.com has several training courses available on Skype for Business. These training courses are a combination of video tutorials and written documentation. Below are some highlighted documentation links in these tutorials that cover the basic functionality of Skype for Business.

Discover Skype for Business
Joining Meetings with Skype for Business
Scheduling Meetings with Skype for Business
Leading Meetings with Skype for Business
Quick How-Tos for Skype for Business (Office 365)
Downloadable Quick Start Guides for Skype for Business

Lynda.com Tutorials

In order to access this video, you will need to log into lynda.com.

Up and Running with Skype for Business (1h 36m)

This video tutorial covers the following topics:

  • What is Skype for Business?
  • Communicating Using IM, Audio, and Video
  • Working with Contacts
  • Holding Scheduled Meetings Using Skype
  • Taking Meeting Notes
  • Using Meeting Presenter Tools
  • Using a Skype for Business App
  • Setting Skype for Business Options

Office 365 Guides

You can download Office 365 guides in PDF format below:

You can find tips on using OneNote here
You can find information on setting up a Class Notebook here

If you have been having issues with using Office 365 apps for iPad please use the link below to make sure you are using the correct usernames and how to ensure you don’t lose any work:
Troubleshooting OneDrive issues on iPad

Office 365 Resources and Information

I’ve compiled links to a number of Office 365 support sites below:

Information from Microsoft:

Training and Video Tutorials for Office 2013 and Office 365

You may even have Office 2013 installed on your computer.  In case you had nothing else more exciting planned this summer we would like to give you some quick links to our favorite FREE Microsoft training resources.  You can come back this Fall as Microsoft Office 365/2013 experts!

 

Training Options:

Online User Training: http://technet.microsoft.com/en-us/library/jj871004(v=office.15).aspx

Downloadable Training Courses: http://office.microsoft.com/en-us/support/training-FX101782702.aspx

 

Includes Videos and Training for:

  • Office 365 (email/ sharepoint and collaboration tools in the cloud)
  • Office 2013 (running office on your computer)
  • Access 2013
  • Excel 2013
  • Skype for Business
  • Office Online
  • OneNote 2013
  • Outlook 2013
  • Project 2013
  • Publisher 2013
  • Visio 2013
  • Word 2013