OS Security




Articles & Videos



Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

Share tech news, updates, or what's on your mind.

Sign up to Post

Can you please suggest best IT security vulnerability reporting software like hackerone which will be also cost effective.
Independent Software Vendors: We Want Your Opinion
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Only 10 days left to sign up for our ransomware prevention and preparation Course of the Month for June. With a 300% increase in ransomware attacks from 2015 to 2016, it is vital to decrease your vulnerability to the next attack and enhance your security by enrolling today.


Expert Comment

by:Josh Petraglia
Signed up. What a perfect topic to cover!!!
Is there any update windows (such as windows 7) update patch for dealing with wanna cry threat?

Expert Comment

Old news and was already posted less than a day ago

Expert Comment

by:Mahima Gupta
why to pay 1 Million, if you can do the same thing in a very less bucks..  http://bit.ly/2rJTnVj
Drew Frey writes articles on cyber security and ransomware protection.  Follow him if you're interested in seeing new articles in those topics.


Expert Comment

by:Michael Bodine
SP INFOTECH was also part of a scam...they had people calling up with foreign voices and the company name would change..as they answered the phone.. certaintly unpredictable crap.
LVL 16

Author Comment

by:Kyle Santos
UpGuard's cyber risk analyst, Chris Vickery, discovers 198 million US voting records in an Amazon S3 bucket freely available online. One particular spreadsheet also calculates the voters probabilities for situations such as "how likely you are to have voted for a certain presidential candidate".  This breach is another reminder of how important personal data security is.

Expert Comment

Having this data in a public cloud provider is wrong to start with no?
After a quick glance through the article the data wasn't even encrypted.
LVL 17

Expert Comment

by:Lucas Bishop
Millions of dollars worth of data analysis, available for anyone to download for free. Brilliant!

for any SQL server install SSL security , under what situation your customer will do it ? usually company I work with install SSL only in web server login page.

to protect DB backup from getting restore to other DB ? so using TDE ?  but TDE must use SSL cerification from a known provider like symantec ?

I've got the existing Exchange Server 2013 Standard SP1 that is running as MBX&CAS role in one AD site called Default-First-Site-Name.
I want to decommission it so that I can run the both MBX & CAS on new Win2012 R2 VM so I can configure DAG on the other AD site called Head-Office1.

AD Site Default-First-Site-Name
PRODMAIL14-VM [Mailbox & Client Access Server] - Windows Server 2008 R2 existing legacy.
PRODMAIL15-VM [Mailbox server only] - Windows Server 2012 R2 newly built for DAG.

AD Site Head-Office1
PRODMAIL20-VM [Mailbox & Client Access Server] - Windows Server 2012 R2 existing newly built for DAG.

AD Site Default-First-Site-Name
PRODMAIL14-VM [Decommissioned]
PRODMAIL15-VM [Mailbox & Client Access Server] - Windows Server 2012 R2 setup for DAG with Head Office.

AD Site Head-Office1
PRODMAIL20-VM [Mailbox & Client Access Server] - Windows Server 2012 R2 existing newly built for DAG with PRODMAIL15-VM.

How to do that safely without causing email flow issue during the production business hours ?
What're the steps in installing CAS so that it does not cause any email flow during the business hours on PRODMAIL15-VM ?
If I install the windows update now during the business hours on PRODMAIL15-VM is there any impact or problem when I reboot it ?

Thanks, in advance.
I'm writing a doc to list out the circumstances / criteria when we need to engage a
professional forensic IT service or when engaging our HQ's forensic team (which
we don't have locally).

Blocking a malicious IP or source of a spam & phishing sites (that resemble ours),
recovering from a malware using our AV & backup is something we have
competencies to do.

We don't know how to use Windows sysinternals tool & possibly most forensic tools

What are the criteria people out there resort to when engaging professional IT
forensics ?
I need to know if there is a way to track how many files users download/copies from our file server. I know I can turn on Auditing using group policies but is there a better way to do this. also, will the auditing tell me who and how much was downloaded/copied?
Threat Trends for MSPs to Watch
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

I've seen the questions and answers about using /etc/pam.d/system-auth and "auth required pam_lastlog.so inactive=30" ( I also added to /etc/pam.d/gdm), but that seems to depend on lastlog and users logging into the gdm are not tracked in lastlog.

Making the password alone lock isn't enough since I want to lock for smart card login as well.

Do I need to implement a script/cron to track inactivity? Or can pam really take care of this for gdm logins?

Thanks in advance!
A recent post by Brian Matis motivated me to make this alternate post to see what sort of reaction others might have about these recent revelations.

A recent article on The Verge claims that "The older operating system was less vulnerable that anyone expected"

Windows XP computers were mostly immune to WannaCry

Another article from the same source claims "Windows XP was ‘insignificant,’ researchers say" with regards to helping the WannaCry outbreak spread.

"Almost all WannaCry victims were running Windows 7"

Lots of folks (from their perspective) with a genuine need to keep running on Windows XP suffered a lot of grief in Tech forums as being one of the root causes of giving WannaCry a platform to spread and thrive from, yet now it appears all the criticism may have been a little premature and unjustified.

For the record, I personally don't condone anyone using unsupported operating systems and actively encourage everyone I deal with to get themselves up to date, but I am also sympathetic to those who feel they have a genuine need to do that, so also think they shouldn't be …
LVL 28

Expert Comment

by:Thomas Zucker-Scharff
We have too many XP computers at my institution (some with only SP2) - mostly due to budgets and instrumentation.
LVL 10

Author Comment

by:Andrew Leniart
Hi Thomas,
Have you considered purchasing an XP Updates agreement with Microsoft? Might be an easier solution if budget restraints prevent you from upgrading? I wouldn't feel comfortable with a lot of XP machines in an environment as it would be a case of when, not if, it will come back to bite you.  Patches are available, just at a cost.

Incidentally, SP3 for XP is still provided by Microsoft - why not install it?

Steps to take before you install Windows XP Service Pack 3

How to obtain Windows XP Service Pack 3 (SP3)

I view the blocking of USB for 2 reasons:

a) data leakage/loss prevention (so that sensitive data is not copied out):
     but copying data from thumb drives into the laptop is Ok, right?
     No data loss/leakage concern right?  
     So does anyone know if there are tools out there that allows the
     USB port to permit data to be copied into laptops but not out?
     Our McAfee tool doesn't appear to have this feature

b) the concern of malwares (including scripts) being executed from
     thumb drives : well for this, we'll have on-access AV in place so in
     a way this is mitigated.  Win 10 with is AV Defender also prevents
     execution of Java, VB scripts etc

Now, between item a & b, my much bigger concern is item a because
for item b, a good AV will mitigate quite well while I've not heard of
any tools that permit one-way data copying into laptop via USB.

Or does anyone know of any tools such as wireless HDD that has
such feature such that users can't reconfigure the "firewall rules"
so that data can only be copied into laptops & not out ?

To provide another intermediate laptop with sftp etc is out of the
question as this solution is too unwieldy
Hello Experts,

Is the following Local Policies/Security Options group policy as listed below need to be only set/must be set at the "Default Domain Policy" GPO and not in any other GPO? I am curious because we have this in our Default Domain Policy gpo as 'disabled' and 'enabled' in a GPO that is linked to our Domain Controllers OU. When I run secpol.msc on the domain controller itself, it is showing this option as 'disabled' (same setting as the default domain policy) AND 'not configured' when I run an RSOP on the domain controller.

Computer Configuration -> Window Settings -> Security Settings -> Local Policies - Security Options -> Network security: Force logoff when logon hours expire

Can someone please shed some light?

Thank you!
I'm looking for zipping tools that could create zips with password
for OS/400 R7  platform so that sensitive data in files are encrypted
& when we sftp over to Windows/Unix, the encrypted zipfiles are
sent over : for PCI-DSS compliance, we want data at rest to be
encrypted both at AS400 & the Windows/Unix ends.

Ideally the zipping tool can be called by RPG & Cobol

In Unix, we can 'pipe' data stream directly into a zip; would be good
to have this feature for the AS400 tool.  

Also, we have tons of logs (eg: audit trails) taking up valuable space
in AS400 so this zipping can hopefully reduce the size of these
Pretty regularly - 1 or 2x a day, I get a popup on 1 computer (win 7 SP1, fully patched) about 'your computer is infected', we're from microsoft call us, etc.

I realize it's a scam.  But curious how it's getting on there.  I've run malwarebytes, superantispyware, hitmanpro and they don't find anything.

I am streaming a radio station based in NY.

Am I mistaken that the people running the malware buy ad space on legit websites and thats how they get on the machine?

these have been easy to get rid of - just close the browser by clikcing on the x in the top right corner (it takes over the tab the radio station was on, another indication that's where the malware is getting in from?).  I've seen other versions where you have to kill browsers through task manager or reboot the computer.
We have quite a number of special Win 7 workstation PCs that have local
administrator accounts : the password never expire as each time changing
the password will involve quite some efforts of application changes.

What's the best practices to manage such accounts & any special mitigations?

a) make the passwords of such accounts dual control : ie different teams
     hold the passwords?
b) I'm not sure if we can make it "cant logon interactively" : I'll do it if it wont
     break the app.  Besides this what else can we harden?  No Local Logon?
c) noLMhash needs to be enabled so that the password cant be cracked
    easily;  what other hardenings?
d) any other mitigations such as enabling Windows Firewall?
e) pls add on any other best practices ...

when we try to create an ODBC connection to SQL server 2000 we see this:

ODBC error
any idea on why is it ?

I read this one:


but it don't say what registry user fixed, any idea?

the box connect to that SQL server 2000 also windows 2003 standard edition.

there are more than one server box has this problem and some serve connect to the SQL 2000 box is upgrade from Windows 2000 to Windows 2003 by in-place upgrade, VM clone.
The Chubb contact person I liaise with told me all their customers are recommended
not to install AV on Chubb's custom Windows CCTV recording server as it will cause
severe perf issue & will conflict with some sort of built-in security feature.

Anyone know what is this feature?  is it apps whitelisting, AV or ??   The person I
liaise appears uncertain
When ransomware hits your clients, what do you do?
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

A consultant has recommended to disable the 2 attached settings on our PCs/laptops:
considering we have about 2% of our PCs that are offsite & can't join our AD, which
approach shd we adopt?

harden registry via GPO (ie enforce by GPO which I think won't help with that 2% &
when new laptops are cloned, there is a few days they won't be used which I'm not
sure if someone will brg the laptop somewhere to try to crack the password) or
clone image/local security policy or both?

Can't attach screen shots now: somethings wrong with my IE; will attach later
this is what i have.
user teacher1
teacher shared folder
              teacher1 folder

teachers group share folder    
                sharing shared
                       with advanced permissions of
                                      authenticated users full control
                                      domain admin full control
                                      local file server admin full control
                 security permissions
                                        domain admin owner
                                       creator owner full control subfolders and files only
                                        authenticated users read/execute this folder only
                                        system full control this folder, subfolders and files
                                        local admin full control this folder, subfolders and files
                                        domain admin full control this folder, subfolders and files
                                        domain group teachers read/execute this folder, subfolders and files
                   teacher1 folder
                                                administrator owner
                                                admiistrator read/write
                                                teachers read
                                   advanced sharing none
NYS 20th Annual Cyber Security Conference

I will be attending this conference in Albany, N.Y. this Wednesday and Thursday.   If you are going to be there, ley me know (maybe we can meet).  

Over the years I have become more involved in security related areas of information technology. I hope to learn more/ keep up to date by attending this conference.

Expert Comment

by:Brian Matis
That sounds great, Thomas! I'm a huge fan of the Socratic method (to the point where I get worried some people may try to poison me one day... j/k ;-) And thinking strategically about anything can be quite a challenge, but an increasingly important one as more and more of the tactical type work is moving entirely into automation.

Not familiar with Bloom's Taxonomy; I'll have to go look that one up...

Looking forward to the summary!
LVL 28

Author Comment

by:Thomas Zucker-Scharff
My summary of the 20th Annual New York State Cyber Security Conference & 12th Annual ASIA conference

The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compliance issues with which they have to deal.  If those do not apply to you, this conference may have limited application as well.

I did enjoy putting some faces to people I had only corresponded with.  I also wanted to hear as much as possible about ransomware (these presentations turned out to be only okay), and cryptography (not a gripping presentation – it was a presentation of thesis work and ongoing research – but nonetheless very interesting).  They did a good job of setting  you up for the days events with a decent Keynote speaker.  The lunch speakers were not as polished, but did have good things to say.

I enjoyed going around to the vendors , even if their swag was not class A stuff. (some had excellent stuff while others had none – the full gamut)  

I have to say again that the highlight of the conference, for me, was the very non-technical, and only slightly security related talk by Christie Struckman of the Gartner Group, session 4 on the first day.  I would encourage anyone in a leadership position to check it out.  I have asked for her slides and will try to make a pdf of them available if she is amenable to that.  My takeaway on that talk was: There are leaders and there are Bosses.  The leaders help their teams think about solutions and then make decisions, the bosses make decisions and tell their teams to carry them out.  I think the quote she used at the beginning was excellent:

Hi Experts
I need a batch file to change folder permissions and sub folders to the following
remove every users permissions except the administrator and the administrator only have the read only option
There's concerns that trojanized USB sticks are shipped with the following 2 servers below.
What are the best practices if the USB ports can't be disabled?    Physically block the ports,
use specific encrypted USB thumbdrives that doesn't require drivers (saw one such EE link)
or ??  Kindly provide risk assessments & any other mitigations.

Below is the response from the vendor:

For HMC Servers :
For HMC server (7042-CR6), it's likely that the HMC server's BIOS does not have the option to disable the USB ports.

For P750 Servers :
With reference to the P750 model server (8408-E8D), there are a total of 4 x USB ports, which are integrated with the different hardware components (cards & control panel) of the server.   Below are the details:

1. Control Panel                        
-- 1 x USB port integrated. No option to disable as it's build in together with the control panel.

2. Service Processor Card        
-- 1 x USB port integrated. This USB port is used for server firmware upgrade purpose for server that are not managed by any HMC. Thus it's build in together with service processor and no option to disable.

3. Integrated Multifunction Card (an integrated card that is install in the System CEC that provides two USB ports, one serial port, and four ethernet connectors)
-- 2 x USB ports integrated. This card is not assigned to any of the partition's profile, thus it's not recognized as part of the partition's hardware config. As such, it is not …
What are the gaps / items in my outsourcing vendor (for hosting & Datacentre) that I ought to
look out for?  I'm sort of auditing them

OS Security




Articles & Videos



Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.