Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x

Cybersecurity

334

Solutions

692

Contributors

The Cybersecurity specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. Cybersecurity focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi

I encrypted a USB drive using BitLocker To Go in Windows 10 Pro and when I inserted it into a new machine it prompted for the password. Once I entered it in I noticed a More Options section which allowed me to check Automatically unlock on this PC. I have since realized I don't want this to occur but I don't know how to make it go back to the way it was. I looked in Credential Manager with no luck. Sorry I'm new to BitLocker.
0
What is SQL Server and how does it work?
LVL 1
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

I have reviewed a couple of documents listed below and noticed that the documents do not address all programming languages.  Most of the documents are separate and  I will have to combine into 1 standard document --might be overkill.

Can you please share and/or suggest a good Secure coding Standard.

1) https://www.securecoding.cert.org/confluence/display/seccode/SEI+CERT+Coding+Standards
2) MISRA publications[/list]

As an additional resopurce: I was going to use: the following document as an Secure Coding Practice Guideline because it seeks to encourage secure coding bets practices from the very beginning of development projects - what do you think?
1) http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-160.pdf


Thanks in advance!
0
Guys, I want to disallow users from changing the 'manual proxy' setting which comes under windows settings > network & Internet > Proxy.

Let me know if you know the Group Policy setting to achieve this centrally at domain level.

Screenshot for your reference:
1.png
Thanks
0
All system in domain:
Windows 7 Professional
Service Pack 1
64-bit OS

Our Nessus scans are indicating a vulnerability with the Product :
Microsoft Office 2016
  - C:\Windows\SysWOW64\mscomctl.ocx has not been patched.
    Remote version : 6.1.97.82
    Should be      : 6.1.98.46

There are two MSCOMCTL.OCX on the systems… one in the C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\SYSTEM folder which is the current version 7.0.52.6282 and the offending MSCOMCTL.OCX version 6.1.97.82 found in C:\WINDOWS\SYSWOW64

My question is, is it safe to replace the offending MSCOMCTL.OCX with the newer OCX and if so what it the best way to do so?  I assumed I would need to unregister the OCX file, replace the old one with the new and run Regsvr32 on the newer OCX file.

PFA screenshot of found OCX files.

Ref:
CVE-2016-0012
CVE-2015-6117
CVE-2016-0010
CVE-2016-0035

Has anyone run into this vulnerability and if so what was done to remediate the issue?  Many thanks in advance!
0
I am working on a website for a client. This website has a form for a potential customer to submit basic personal info on a form (name, cell, email) but not financial data or any other very sensitive information. Given that people online are more conscious of submitting basic personal information (which is overall a good thing), would it be a best practice to pay for an SSL certificate to use for this form?
0
Evening all, we have a self service portal, which allows customers to reset their own passwords.

The generic questions that come with the product aren't good enough in my mind.

Does anyone have a suggested top 5 list of secure, yet memorable questions which would be suitable

Thanks
0
A friend asked What is Kaspersky TeamViewer?

in a brief, semi-technical statement:   Kaspersky TeamViewer is...

Friend is concerned it is related to 'hacking' of his PC
0
I had this question after viewing Connect a wireless router to a sonicwall firewall.

Presently using Sonicwall TZ-215 with 3 TP-Link EAP 330 - (coverage decent but not perfect.)  in small business environment:
1. Would using the Linksys Velop in bridged mode give me better coverage (turning off wireless on Sonicwall TZ-215; turning off DHCP on Linksys Velop) ?
2. Since the Sonicwall TZ-215 would be the main router, will the network be secure?
0
I run a start up.
My programmer has win 10 pc .
How can i prevent unauthorized transfer of code .
My modem is binatone DT910W .  

Can i make custom rule in firewall to ping me if any upload of .cs file extension happens.
0
Hi all, i'm looking to deliver a cyber security presentation to customers to raise their awareness of the threat.

Does anyone know of some sites or links with up to date / relevant content which i can use

Thanks in advance
0
Keep up with what's happening at Experts Exchange!
LVL 10
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

hi guys

Our consultant teams have run a report for security and a good 10 people's email addresses are available on the dark web. What is the best practice from here for better securing ourselves? Change of password? 2 Factor Authentication for OWA?

Thanks for helping
Yashy
0
is there any Tool available to Decrypt  n1n1n1 Ransomware?
0
Are BIOS attacks worth defending against?
0
I have been in IT since the 80's so I am old and cranky lol.
I have a good understanding of Security, Networking, Ransom ware, phishing, DDoS attacks, Flooding, Virus, Trojan, SPAM V-Lans, VPNS and so on.....
But I am self taught and there are holes in my advanced knowledge.
Anyone have any suggestions where I can learn prevention techniques for what is coming down the pipe today and tomorrow?

I read other threads on this subject, but seems more geared to home users or beginners, not that there is anything wrong with that ;)

I may have missed something.

I appreciate everyone's input.
0
Is there a way I can add a linux box to my domain network for monitoring purposes?  I'm a complete novice on this particular topic and don't know if my question even makes sense, but I have lots of spare machines I could use and dozens of Linux software disks that have come with my subscriptions to LinuxUser  and to Admin.

Is there a trade pub that would cover this, or a white paper?
0
What is a good anti virus software

Something that may combat ransomware
on windows 10
1
I would like to get opinions on the best antivirus for a small (less than 6 Windows devices) LAN. Thanks for your help.
0
Hi All,

We have just moved to Kaspersky EndPoint security 10 (10.3.0.6294) from Sophos.
Some of the users have complained that now it takes them few minutes when they start there computer in morning and when they shutdown.
Is there anyway we can monitor whats taking up resources when the computer starts and how can we minimize Kaspersky resource utilization?

thanks.
0
I've been tasked with setting up a bunch of raspberry pi 3 as honeypots around a huge network.  I would like to have these all report into one server.  I saw the Modern Honeypot Network project but it's out of date.
I'd like some suggestions here.  Thanks!
0
Q2 2017 - Latest Malware & Internet Attacks
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

www.virustotal.com
A cybersecurity trainer told his class of students (some are my colleagues)
that it's not a good idea to upload suspicious attachments (usually obtained
from suspicious/spam emails we received) as hackers would know that these
emails have successfully reached some valid email recipients or his attack
targets.  The trainer suggests that we get the hash value of the attachments
& scan those instead.

Pls assess if the above is valid as I disagree with his views

1. I've used virustotal but it only say how many scans have been done so it
  could have been scanned by many parties.  Suppose the hackers only send
  to a few targets & truly could know which targets have received the malicious
  attachments, wouldn't the hackers also know if we scan using the hashes of
  the attachments (as a hash is unique to each file) ?  

2. Secondly if virustotal truly could identify who has received the attachments
   & is scanning it at virustotal, I reckon hackers don't need to resort to this:
   various tools like mxtools.com & even if someone downloads the images
   of spam emails, these are easier ways to track right?

3. Lastly, is virustotal so vulnerable?  (by the number of previous scans that
    it reported, it will give hackers a good clue?)
0
Hello,

Trying to create a Site to Site between our TZ215 and Azure:
VNET1 - Address Space     = 10.1.0.0/16
               Subnet  range      = 10.1.0.0/24

GatewaySubnet                  = 10.1.1.0/24

Virtual Net Gateway           = VPN
                                               = Policy-based
                                               = VNET1
                                               = VNET1GWIP  (created Public IP)

Local Net Gateway             = RP_OFFICE
                                              = Public IP address of SonicWALL
                                              = 192.168.250.0/24 (LAN network on SonicWALL)

Connection                          = Site-to-Site (IPsec)
                                               = Virtual Net Gateway
                                               = RP_OFFICE
                                               = Shared key that matches what's configured in the SonicWALL

SonicWALL:
 General Tab                         = Site to Site, IKE using Preshared , IPsec Primary = Public IP of Azure, IPsec Secondary = 0.0.0.0, Local & 
                                                   Peer IKE ID = IPv4 address
Network Tab                         = LAN Subnets, Azure LAN network
Proposals Tab                       = Main Mode, Group 2, AES-256, SHA1, 28800, ESP, AES-256, SHA1, 3600
             
Seeing the following in the SonicWALL log:
  SENDING>>>> ISAKMP OAK INFO …
0
On 3 folders out of 100's When sending a attachment (from there 3 folders only) Outlook give a pop that in contains unsafe attachments and outlook user will not be able to open it (basically it drops the attachment before it reaches the recipient's inbox.
Outlook 2010
Window 7
The only thing I can think I did differently with the documents in these folders is that I saved the docs a word doc-then resaved as a pdf-then resaved in the other two folders.
0
Hi Experts!

I'm wondering about the following scenario, in terms of security:

A high traffic website (www.site.com or site.com) with some other subdomains running Apache/PHP on top of Linux, the website is using cookies to store user's data, the cookie's header states "domain=.site.com", so its a wildcard, cookies are encrypted and over https.  Twenty (20) other sites are "hosted" on the same "site.com" using their own subdomain "blog1.site.com, blog2.site.com, etc). These hosted subdomains are a basic CNAME at the DNS level pointing to a FQDN hosted somewhere else.

Given the above scenario, in specific, would one of those 20 subdomains be able to view/read/alter Cookies from the main website (www.site.com or site.com) or one of its subdomains (me.site.com, app.site.com, my.site.com, etc) ?

What are the security risks in place? Are there techniques or best practices for dealing with such scenario, wanting to exclude a list of subdomains from accessing unprivileged cookies? Anything else I should be aware?

If you can share some knowledge I would appreciate, thank you!!
0
Does anyone have a workaround for June 2017 security update that cause attachments in Outlook to be blocked due to extra (...) ?
0
refer to attached zipped slides:
any reviews / views on accuracy & thoroughness of this service is appreciated.

I think it relies on a list of questionnairres that customers feedback/input to
them, so I guess it will not be as accurate as doing actual penetration test scans
or vulnerability scans in our actual environment
cybint.zip
0

Cybersecurity

334

Solutions

692

Contributors

The Cybersecurity specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. Cybersecurity focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.