Go Premium for a chance to win a PS4. Enter to Win


OS Security





Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

Share tech news, updates, or what's on your mind.

Sign up to Post

Wanted to open this discussion - to prevent a ransomware attack or malware from spreading across a network

Seems most SMB networks have domain admins (most of which have separate accounts, so the domain admins don't log into a computer with the domain admin account unless performing some sort of work that requires domain admin access), but I've seen a lot of networks where the domain user that logs onto a particular machine is given local admin rights on that machine.  

Also have heard it's not a good idea for a domain admin account to ever log onto a user's workstation

Compromising of credentials stored in memory via LSASS seems pretty easy

As far as how many users have domain admin rights, this seems pretty straightforward; that the fewer domain admins the better, and instead of automatically creating a domain admin account any time a service account is required, it would be better for a service account to use a regular domain user account, but one that's local admin on the server it needs (rather than a full out domain admin account)

What are your thoughts on this?
Concerto's Cloud Advisory Services
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

I am running a Apple MacBook (Retina, 12-inch, Early 2016) and OSX 10.13.1 (17B48) as a company note book. Today it is the 3rd time i discovered item in my trash which do not belong to me. I can not say if this has happened before nor how long this is already happening. I found this more or less by accident. The files must belong to one of my colleagues. I have colleagues running PC's and Mac's. We are working in a co-working-space where we use our own router but use the network from the landlord. All trash items so fare where just colleague stuff wich i know from the content of course. the first time i discovered this i turned of all kind of file-sharing etc... but it keeps on happening.
Does some sort of it security baseline / hardening / security best practice document/check list for Jetty already exist?

If so where can it be found?
Hello Experts,

We are working on remediating some security vulnerabilities.  One of the low hanging fruit that I thought I would remediate is the requirement to allow RDP connections from computers running Remote Desktop with Network Level Authentication.  Below is a screenshot from one of our workstations showing the current setting:

Current settings on workstations
As you can see, we currently allow connections from any version of Remote Desktop.

The setting to require Network Level Authentication had been configured in our default domain policy.  It was set to “disabled”.  I have changed the setting to “enabled” and applied the change.  

NLA required set to enabled
I have saved the GPO and let domain replication take place.  When I do a gpupate /force /sync and restart the RDP settings are the same as they were in the first screenshot.  What am I missing here?

Thanks in advanced.
When the domain network portion of the Exchange server's firewall is on none of the Outlook clients can connect to the server. It will ask to rety, work offline, or cancel. After choosing to retry a few times it will go through.

We are using Exchange 2010. Server is 2008 R2 Standard.  I have searched through the event logs and can find nothing that would help identify the culprit. I have also searched through the firewall rules and everything looks correct.
Hello we have an IIS hosted website, binded to Citrix XenApp Store Front.  We have an AD server, Web Server, Citrix Server.
Currently in order to access site users need a CAC/PKI once this have authenticated they must enter a username & password to get into store front to see their application(s).  What we would like to do is get rid of the username & password, have just CAC/PKI authentication.
I'm dealing with some 50 workstations of Windows 10 Pro in a peer-to-peer network.  The practice has been for the machines to be inspected manually on a weekly basis for update status.  It doesn't take too long really but it would be better no doubt to automate the process.

I've not found anything that really does the job.
Nessus doesn't seem to offer a template that does this particular scan.
PRTG may do it but I'm going to have to get the target machines to respond using the right security protocol.
MBSA seems to "work" but not very well for scanning Windows 10 machines - lots of loose ends.

Other than changing our ways, which isn't even part of this question, what might you suggest?
Our ambitions are quite limited - so you might keep that in mind.

I'll need to revisit the above EE post : I've just implemented the simplest solution by Lee W ie  
ID: 42292327  by removing "Domain Users"  from the local "Users" group on 2 of the PCs, rebooted them but using one of the 'unauthorized' AD Id, could still logon to the 2 critical PCs, so this solution did not work.  Why is it not working as Lee W   suggested?

Under the local  "Users" group, there are 2 more members (after removing "Domain Users"):  could these 2 groups be the reason why the unauthorized AD Ids could still login?
  1. NT AUTHORITY\Authenticated Users (S-1-5-11)
I guess it's not safe to remove the above 2 from local "Users" group, right?

I'm looking for the next simplest solution, so which among them are easiest
considering there are 30 PCs with 40 authorized staff?

Currently if we issue  "Net user /domain   any_AD_Id" , output will show
a line "Could logon to any workstations" : guess this is (one of) the problem
After setting up AD authentication on Centos 7 x64, when the user first logs in having never logged in before a password is asked for rickybobby@racecar.net  Ricky is able to login and perform his tasks.

If Ricky logs in at a different day from the same of different console via ssh or whatever he types in his username then is able to login without a password.

I'm guessing its something to do with passwd or shadow settings but am not sure where to look?
I have a Veracrypt volume that was mounted on my PC. My PC rebooted while the volume was still mounted and now the volume won't mount. I get this message when attempting to mount the volume. I've tried mounting with the backup header option with no luck. Is there anything that I can do to get the volume mounted/
2017 Webroot Threat Report
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Are there any specific best practices you follow when documenting security groups in AD, e.g. what membership of such a group actually permits? Without having to dig through file servers etc a group name on its own is not of much use. So I wondered what type of information you record about each security group, and where you store that information.
hi all,

Can DB2 has built in Brute-force protection ? what tools /configuration needs for this.
How do ireset my qth81admin account??
Hi guys,

I own a computer consultant business & I go into homes & small business & do services on all kinds of things.  Google is a great tool for answers & of course EE.

My questions are, what do you do for continuing education?  

What softwares & tools do you guys use for:
Virus removal?
Ransomeware protection?
Cleanup of Systems?

I really just want to compare what tools I am using to most current softwares to make sure I am not missing things on cleanup...

Thanks for any input!  I appreciate it!
We have a team of Wintel sysadmins & there has been cases where critical files / folders were
accidentally deleted & we need to trace who/what deleted it : not logins to all server are
video-recorded (by tools like Privilege Access Manager or Cyberark).

Not too conversant with setting up Tripwire to monitor as it ended up thousands of lines were
logged daily : too many irrelevant or false positives.

I know in Unix ACL, we can set ACLs on certain files/folder to log to audit trail if files got deleted.
Can provide step by step instructions on how this can be done in Windows 2008 R2 ?  Using
Tripwire is too unwieldy.

Will be good to provide the option of configuring locally (if I plan to do it only for a few servers)
as well as via GPO (if I plan to do it on a big number of servers)
We're getting more and more requests from clients for recommendations and implementation of two security related systems: vulnerability assessments and file/folder encryption software. Our clients are:

1.  Law firms.
2.  Small (10 to 75 users).
3.  Networked; servers are virtualized.
4.  Windows OS (2008/2012/2016 on servers, 7/8/10 on workstations).
5.  Have perimeter firewalls suited to the size of the firm (mostly WatchGuard).

These requests for vulnerability assessments and encryption are prompted by requirements of certain clients of these firms, such as banks and insurance companies.  We're looking for tools that we can use/recommend to our clients for assessing vulnerabilities and providing encryption for files/folders.  Generally they don't require full disk encryption, as only a portion of their work product is affected by these outside requirements.  Full disk encryption, however, may be required for laptops.

We have a product for email encryption in place in some cases, but any thoughts or specific recommendations in that area would also be welcomed.
I am trouble-shooting client VPN connectivity from PAN "Global Protect". The client logs in but instantly logs out. I want to verify that this is not being caused by the windows firewall. How can I exculpate the windows firewall as not interfering with the Global Protect VPN connection process? TY
I had this question after viewing 'Access denied' when permission applied via ICACLS; no problem when applied via GUI.

Does anyone know what the icacls command would be to do this? tick the "Only Apply these permissions button?

Cant find anything in google on how to do it.
Which is considered stronger security?
Put Machine Learning to Work--Protect Your Clients
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

I've seen a few times where an Internet page popup displays a bogus warning about the Zeus Virus being detected.  The last one had a support number to sucker you into calling (888)289-9990.

In researching this I am very unclear as to if any sort of infection actually exists or if this is just all tricky web popups.
When I've seen these popups before I just End Task them.  Every time I've run Malwarebytes or another scanner afterwards, it has come up clean.

But googling the net shows people running adware remover, malwarebytes as well disabling and removing certain unspecified browser plugins/extensions/add-ons.

When I see one of these fake zeus popups, does it ever indicate my system is infected, not with Zeus but with the Fake Zeus Detector popup?

What's the real deal here?  Should I just close the popup, or should I take more serious measures?
Win 10 - Audio Problem
It is a real story and is one of my scariest tech experiences. Most users think that IT experts like us know how to fix all computer problems. However, if there is a time constraint and you MUST not fail the task or you will lose your job, a simple task might turn out to be your scariest experience.
Hello all.

    Having a difficult time trying to get full disk encryption setup on our laptops.  Our laptops (approx. 10) are all new and running Windows 10 Pro 64-bit with LOCAL Administrator accounts.  We are a small shop with limited money and personnel so simplicity is imperative. If required, I would rather spend money than man hours.

They are all standalone workgroup systems.
Endpoint on these systems is Kaspersky Business Security Advanced.

I've tried enforcing Kaspersky encryption using Kaspersky Business Security Advanced. While testing Kaspersky encryption, I get activation/update failures between Office and Windows. Kaspersky support says there is no way the problem could lie in the encryption piece as all the encryption is done at the sector level.

I've tried enforcing BitLocker with Kaspersky Business Security Advanced. Doesn't seem to work (something about BitLocker management component not installed, even though it is) and Kaspersky Tech support tells me they recommend using Kaspersky full disk encryption anyways.

I tried using BitLocker standalone, but the local admin accounts can just turn it off (and Applocker isn't available in Windows 10 Pro).

What other options do I have to accomplish this?
I just got a new Windows 10 computer.  I don't want to have to type in a login password whenever I turn on the computer.  I tried going to User Account Settings, but can't find how to eliminate the password protection.  Please help.  Thanks, Phil
Hello Experts, to satisfy the NIST 800-171 requirement for Dual Authentication for privileged accounts we have a way to do this, but we must disable Local Policy to prevent local logons.  The solution we're toying with now is using our KVM to connect remotely.  Only concern if for what ever reason the KVM fails & we have disabled local logons, how would we get past this?

We're running Server 2008 R2 environment.
I have this issue where non-root (ie non-priv) UNIX users or even applications could
alter or create files that are world-writable & this will easily become an audit issue.

As the creator/owner, they can always change the file permission using chmod.
"umask" can set the default settings for files created but this will not stop them
from altering it subsequently.

Can provide sample ACLs or any method such that even owners of files can't alter
the UNIX file permission?

Is there any way without using paid products (OpenSource is fine) to alert us if
file permissions are being changed?  Sort of File Integrity Monitoring but we
don't want to be alerted/notified if file content or dates are changed, only if
permission is changed.

We run Solaris 10 & 11 (both have ACL features) & AIX 6.x/7.x and RHEL 7.x.

Or is there a "find ..."  command which we can run daily to identify which files'
permissions got changed the last 1 day?

OS Security





Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.