[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x

OS Security

21K

Solutions

23K

Contributors

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

Share tech news, updates, or what's on your mind.

Sign up to Post

Each time I open a folder, this indicator (blue time indicator by the cursor) like get on off on off several times before the folder is opened. Very quick on off on off but it's a time lag so it's disturbing (the folder doesn't open as fast as it should, that is, immediately).

Is it a virus? I've never had this until the last week or so.

I have Windows 7 Home Premium.
0
Threat Trends for MSPs to Watch
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Hello. The question I am asking is for educational purposes only. I'm using a computer that has blocked permissions by the Administrator to not allow anyone from using Command Prompt or PowerShell.

Even though its blocked, is there still a way to access the Command Prompt or PowerShell? A 3rd party command prompt will work? This is not for malicious purposes, educational purposes only.
0
I am an administrator on the 2008R2 server.  I was browsing the certificate store with mmc certificates snap in via a remote desktop session.  At one point the session froze and I x'd out the window.  After that, I couldn't log in as indicated by the above message. Another administrator logged in and was able to kill all processes which were hung from the rdp session.  I still could not log in. My smart card still works fine on my workstation and other servers.

To attempt to resolve this, I deleted my profile on the server and also deleted the following registry key:
Computer\HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ProfileList\ my SID
After the deletes, the server was rebooted.  
When I attempt to login from the console, the message is "No valid certificates found."  The error message remains the same as above via RDP.

Since I can access all of my usual machines with the same credentials, I am presuming that some corruption occurred on the server certificate store due to the hung rdp session.  Also, the status of my credentials were validated in AD by the help desk.

Any advice on other things to try to resolve this would be appreciated.
0
Hi,

I need to bitlocker my W10 but have a VHDX on it to which I boot (mounted VHDX, added it to start menu) sometimes (different W10).
How can I bitocker the W10 AND still boot my VHDX which is on this bitlockered disk WITHOUT creating a different partition?

J.
0
CIS has hardening guides for various Windows, UNIXes and Cisco switches/routers.
There are hardening guides for Juniper as well.

Now our Audit wants a hardening guide for WAF : we use F5.

Q1:
Can anyone point me to such a hardening guide for F5 WAF?

Q2:
if there's none, any link/authoritative guide indicating it's been
sufficiently hardened (as it's an appliance customized from RHEL 5?)
will be appreciated.

Need a good justification why we don't have hardening guide in place
for F5 WAF
1
Hi experts
I have an application that won’t to run as well without admin privilege even it’s run as admin with script so
I wanna know how to prevent domain admin user in active directory 2008 R2 environment from installing apps via GPO or VB script
0
We have a request to put the highest possible security on a folder.  We've been asked to put 2 FA on access, but only to those who need to access that folder and preferably only when they have to access that folder.

We can't see how this is directly possible using Duo or RSA, but if there is we'd love to know how.  If it is not, what kind of "out of the box" ways can we have a very high security folder within an environment?

We considered moving it to the cloud to secure it with 2FA, but this also then exposes a cloud/Internet component and they are looking for the tightest security possible.

Thanks to everyone who contributes!
0
How to disable cortana searching in certain directories.  I am trying to keep users out of the windows dir and running certain files.  right now I have hidden the c: but if they search using contra for ie..."shutdown -" and open file location they have access to the windows dir.  

Is there a way to remove windows dir from the search or
disable the open file location for contra.
Completely disable Cortana
disabling allowcortana in the GPO does no longer work with build 1703

I have found ways to do this with file explorer but they do not translate to contra.
0
I was told by our VMWare admin that ESXi root & vC vcadm_svc  passwords can't be changed
& can't set with an expiry from the time it was first installed & set.

Q1:
is the above true?  Or is there a way at command prompt, just like UNIXes to change the
passwd  (eg: passwd root new_password) or usermod ...  (to set it to expire every 60 days) ?

Q2:
What's the impact of changing passwords & attributes (eg: to enforce complexity, expiry,
etc etc) : something will break?

Q3:
Can we make these IDs to use say OTP kind of password or lodge in a passwordvault tool
like Cyberark or PUM that will auto-generate a new password each time they're being
requested?
0
I heard NTP server sync using a protocol to its NTP clients / endpoints so
no credentials (or authenticators) is involved.

What about MS SCCM & MS Dsktop Central?  Do they contain authenticators
of the endpoints they manage?  Can point me to some authoritative/MS
links that state this?  

If they contain them, when the authenticators are being sent to the endpoints,
are they encrypted?

It's a query raised by our Audit.  By authenticators, I assume it refers to
login id & password?
0
Put Machine Learning to Work--Protect Your Clients
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

We have had several of our clients experience a similar problem over the past 2 weeks.

We have the same implementation of windows 2016 server in each instance, where we have a single hyperv host running 2 virtual severs. A windows 2016 domain controller (file server) and a windows 2016 server running Exchange 2016.

We find that the hyperv host (only) has its password hacked, so we cannot gain access to it, and we also notice that a program called Minergate is installed on the Hyperv sever too. The virtual servers seem to be unaffected.

When we recover the administrator password and remove Minergate, scanning with Malwarbytes identifies and removes remaining traces of Minergate, and till today, that seem to resolve it.

Today, however, we had exactly the same situation, but when we recovered the administrator password and removed Minergate, 1/2 an hour or so later, the password was changed again. this happened several times.

We noticed several tools appearing on the Hyperv host, which we deleted. We observed a command prompt opening up on the server and w kept getting kicked out of the console, eventually we were unable to login again.

We also noticed a service running on the server ie sync host_b652b. I have seen some postings on the web which indicate its an infected service, and as it was a delayed start, I managed to stop it, since when we seem to have stopped the changing of the password.

I have looked at changing the properties of the service …
0
We hv external consultants who will be stationed at our office to do
Data warehse statistical analysis using R & Python :
what are the risks to watch out for ?  We provide hardened PCs

Don't allow Internet access?
Any patches needed?
Secure Coding to adhere to?
0
A user is using corporate MDM-managed iPad & reading his corporate emails
from this device (that is in encrypted partition) using MobileIron's Email+, a
more secure form of email client compared to Apple's native email client.

Now this user requests for 2 common mailboxes to be configured on his iPad
so that he could read emails sent to his group.  Our MDM admin told us Email+
can't support the additional mailboxes (I'm not sure if this is true but I heard
the admin chap has logged a case with MobileIron).

What are the risks?  Can we create Exchange rules (as the emails had to
go to Exchange first before going to Email+ (or any other email clients) to
auto-forward one copy of emails sent to common mailbox to this user.

We had previously migrated users from Apple's email client to Email+ for
security reason, so don't want to go back to the old way of using Apple
email client
0
Looking for Patch Management Cloud service. I have found a few on the Internet but not sure who is good. Looking to patch OS and 3rd party Apps
0
Experts - I’d like to create a Linux/Unix read-only-root role for Auditors, InfoSec and Tech Ops, so they can examine a system without risk of breaking anything.
-      Using sudo or Centrify, we can grant the privileges to run some commands as root, e.g.  ls, cat, cksum and tail –f
-      I don’t want to allow root privileges for e.g. find, view or more/less, as they can be used to modify a system

Creating the role is easy; Making it easy to use is harder
-      `sudo cat filename |less` would work fine – the `cat` is run as root, the `less` as the unprivileged user. I can create a little script utility called something like “Auditors_less” to remove the need to remember the syntax.
-      `dzdo cat filename > ~/my_copy_of_filename` would work for the same reason, and give them a local copy to work with. Call it “Auditors_cp” or just “Acp”
(`dzdo` is the Centrify equivalent to sudo)

Replacing the functionality of `find` is the part I can’t figure out. The output of `find` gives the full path to a file. `find` also allows you to select on ownership, permissions etc., but that part could be replaced by
`dzdo ls -l |grep {pattern}`

So a scriptlet that takes a starting directory as input and produces output in the form
/path/to/file      : ls –l output of file
would be great, as grep can filter the output, e.g. for globally writeable files/directories

I’ve found similar questions on formatting `ls -lR` output on stackoverflow.com, but no usable answers – general opinion seems to be…
0
Attached are outputs from some of the commands (obtained from vSphere hardening gde 6.0):
I have some questions which I've highlighted in green text in the attached: appreciate
clarifications on the green text question in the attached
ProdESXi_extractn-modified.docx
0
My colleague has managed to configure one of the PC as Super-Agent ie
other PCs could get the McaFee AV signature updates from it or

Q1:
is this a 'push' update ie from Super Agent, it pushes to the slave PCs
or it's a pull ie Slave PCs pull signature updates from it?

Q2:
How do we configure the slave PC portion (screen by screen will be good)?
0
All system in domain:
Windows 7 Professional
Service Pack 1
64-bit OS

Our Nessus scans are indicating a vulnerability with the Product :
Microsoft Office 2016
  - C:\Windows\SysWOW64\mscomctl.ocx has not been patched.
    Remote version : 6.1.97.82
    Should be      : 6.1.98.46

There are two MSCOMCTL.OCX on the systems… one in the C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\SYSTEM folder which is the current version 7.0.52.6282 and the offending MSCOMCTL.OCX version 6.1.97.82 found in C:\WINDOWS\SYSWOW64

My question is, is it safe to replace the offending MSCOMCTL.OCX with the newer OCX and if so what it the best way to do so?  I assumed I would need to unregister the OCX file, replace the old one with the new and run Regsvr32 on the newer OCX file.

PFA screenshot of found OCX files.

Ref:
CVE-2016-0012
CVE-2015-6117
CVE-2016-0010
CVE-2016-0035

Has anyone run into this vulnerability and if so what was done to remediate the issue?  Many thanks in advance!
0
Hi,
In Win 10, how to get into Control panel to uninstall/install program?
0
2017 Webroot Threat Report
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

we have a number of internal applications which rely on IIS for the web server. These are only internal servers but we have noticed the 3rd parties whose apps we use have within the web root  some web.config12.bak type files. These do have hard coded DB and admin credentials within them so we would not want them exposed to any internal officers.

All servers are internal and not internet facing so the risk is limited to internal employees, and it is a small workforce with limited web server skills I would presume. The web root is hosted on the servers D:\, and the actual permissions on  the web root folders themselves only grant IIS_USERS group read on read & execute permissions. I typed the full path into a browser, e.g. \\server\app\live\admin\web.config12.bak and it returns a "404 - File or directory not found" error, even though I know it exists in that path. If I try a sample of other files in that directory such as styles.css, or a log txt file I know exists, my browser loads them up fine. So I am wondering if its something to do with the extension that causes the 404 error rather than ACL permissions preventing their download. As the ACL seems to be the same for all files in that directory, so it must be an IIS additional security control, perhaps.

I just need to be sure this would be consistent for all internal employees, that nobody could download a copy of these web config backup files, or if its the behavior of the browser preventing the …
0
I'm not Wintel-trained but UNIX.

We have about 30 PCs which are used by about 35  users who perform high-value
payments processing & audit find that any of the 3000 odd  AD IDs currently could
login to these workstations (& any other workstations).

So I plan to create separate AD IDs for these 35 users for them to use to login to
only these 30 PCs & deny all the rest of the 3000+ IDs from login to these 30 PCs
(which do not have Internet access nor email clients).

I was told by Wintel support team this is an extremely enormous task involving
a lot of efforts on the AD administrator & Wintel team.  Is this true?

Can someone give me step by step instructions (with screen shots if possible)
on how this can be done so that I can assess if it's truly a "non-feasible" task.


C:\>net user /domain my_ADId
The request will be processed at a domain controller for domain mbb.com.sg.

User name                  xxx
Full Name                    xxx
Comment                      Technology Compliance
. . . . .

Workstations allowed         All  <== this is the problem
Logon script                 default_proxy.bat
 . . .

Local Group Memberships
Global Group memberships     *CGN            *INTERNET
1
I was wondering if anyone has seen any issues with setting Network security: LAN Manager authentication level : Send NTLMv2 Reponses Only with currently support Mac OS's, Linux.

We are a large environment.
0
Need more best practices & governance on mobile codes (eg: Flash player,
Pdf reader, JavaScript, Java Applets, ActiveX) as we have a few cases of
malicious codes being run when opening Pdf & 1 case of ransomware:

a) attachmt 1 is a screen of IE setting: mostly what to set in IE to stop ActiveX
    & to set to  Med-High (guess this is also to mitigate against ActiveX ?)

b) I wud say patch the various Adobe products (we use Adobe Flash &
     Shockwave) within 1 week upon release of patches ?

c) attachmt 2 has some suggestions on ActiveX & Java only: not much

d) Does AV mitigate against mobile codes vulnerabilities?  If so, keep
    AV signatures updated   is another mitigation

e) I'm sure IPS (NIDS & HIPS) have signatures for mobile codes but in
    McAfee's case, by default, they are rolled out in Detect & not Block
    mode?  Should they be in Block mode?

f) any other best practices & governances for mobile code?
IEmedhigh_ActiveXctrls.jpg
SANS_malicious-mobile-code-security-.pdf
0
In an audit finding, critical PCs (used to transfer large funds n these PCs do not hv Internet
access Nor email clients in them)  were found to be pingable n could map drives to normal
PCs ( to hv internet access n drive sharing can propagate ransomwares/malware) in same
subnet.

We were told these 2 different categories of PCs she'd be logically segregated.  As we don't want
To create separate Vlans n do major network restructuring, Can we do
1. Super sub netting n use Cisco ACLs to segregate the 2 groups of PCs?  Is this ACLs
     using MAC address?
2. Create Windows firewall rules on the critical PCs
3. What else?
0
https://www.bleepingcomputer.com/news/security/apple-releases-critical-security-updates-for-ios-macos-and-other-core-products/

Referring to above link, does it mean iOS prior to Ver 10.2.1 is not affected or versions after 10.2.1 is affected?

Last query:
does Apple releases vulnerabilities quarterly, 6-monthly or yearly & where can we find this information?
0

OS Security

21K

Solutions

23K

Contributors

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.