Category Archives: Network Security

Resolving TLS 1.2 related issues in Windows OS

Recently there was a move to implement TLS1.2. All of a sudden we started seeing lot of SSL related errors and here is the fix for those errors.

1. You can change the registry value manually (Recommended for experts)

or

2. Use the following patch from Microsoft.

https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in

Certificate chaining error in Microsoft Environment.

If you are using Symantec/Verisign certificate and getting errors around last quarter of 2015 then it is the result incorrect certificate chain.

This can be fixed in the following ways.
1. Obtain the intermediate certificate “VeriSign Class 3 Public Primary Certification Authority” from Symantec and import it to the “Intermediate Certification Authorities” Store.
2. Also obtain the root “Versign Class 3 Public Primary Certification – G5” certificate from Symantec and import it to the “Trusted Root Certification Authority” Store.

OR

There is also an alternate solution available, which suggests de-activating of automatic certification updates, and importing the above certificates.

There are pros and cons of each method. So please choose the solution which suits you the best.

Incomplete FCPath

If you are using Symantec/Verisign certificates and seeing the “Incomplete FCPath” error around last quarter of 2015 then it is the result incorrect certificate chain. This type of error occurs with KeyStores. The following is the recommended fix to over come the problem.

1. Obtain the intermediate “Symantec Class 3 Secure Server CA – G4” certificate from Symantec and import it to the trust KeyStore.
2. Also obtain the root “Versign Class 3 Public Primary Certification – G5” certificate from Symantec and import it to the trust KeyStore.

Make sure that the KeyStore is in correct path.

The above solution will fix the error.

Similar problem also exists for windows based servers and the solution is little different.

Basic Firewall Rules for home network

Here are some basic firewall wall rules, these rules can be used to secure your home network router. These rules are specific to a particular router model and can differ from other router model. I will be updating this post periodically and include more advance topics, so please stay tuned.

1. Create a Address-List to allow access to your router from your local LAN and accept packets in input chain.
2. Drop packets from invalid connection in the forward chain.
3. Allow connection from the local LAN in the forward chain.
4. Allow established connection in the forward chain.
5. Allow related connection in the forward chain.
6. Drop all other traffic through the router in the forward chain.
7. Allow established connection through the router in the input chain.
8. Allow related connection through the router in the input chain.
9. Drop all other traffic to the router in the input chain.