OS Security

21K

Solutions

23K

Contributors

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

Share tech news, updates, or what's on your mind.

Sign up to Post

I need to draft sort of guideline to govern Remote Access by external vendors/parties.
Anyone has any documents or links to share?

Off hand, I can think of:

a) for access to UAT/development servers, remote access with encryption (eg: ssh
    or RDP) needs to be video-recorded / screen logged for long-term vendors who has
    signed Non-Disclosure Agreement with us.  UAT/Developmt may contain actual data

b) for access to Production, an authorized staff needs to initiate/trigger the connection
     (eg: WebEx or Remote Assistance) & watch what's being done with screen logging/
     video recording of the session

c) do we need access through a jump host (I've heard of RDP jump host)

d) the external parties/vendors PCs need to be updated with latest patches & AV
    signatures

e) every single staff of the vendor needs to have indiv account (ie no account sharing)

f) under what circumstances do we need 2FA ?
0
Ransomware Attacks Keeping You Up at Night?
Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

Our audit requested to do the above but from what our mobile applications team's
understanding, we usually scan the mobile applications website, not the device.

Is it essential & what are the ways / tools people use to scan mobile apps running
on mobile phones & iPad (IOS specifically) or usually people just do secure coding
on the apps, do static codes analyses (using Fortify etc) on the codes only?
0
In our environment, secure zone refers to internal zone which hosts the critical backend systems
while DMZ hosts the more 'exposed' systems.

We got an audit finding that supporting infra systems (like SCCM, WSUS, NTP, our internal Vulnerability
Assessment scanner) should not store authenticators (I assume this refers to credentials) of the
critical systems (critical financial systems that transacts huge amount of $) that are hosted in the
non-DMZ (ie secure) zone.

Q1:
Well, SCCM (which we use to deploy PCs patches & collect info from them & these PCs include PCs
used to make/process large payments) & WSUS (which deploys patches to all servers include the
critical/sensitive servers)  will need to have access to those critical systems to be able to deploy
patches.  Any idea if SCCM/WSUS store authenticators ?    We place these systems in our DMZ;
should we place them in an isolated/more secure zone?

Q2:
I presume when SCCM/WSUS is compromised, hackers could access the critical PCs & serrvers
via these tools?  If so, what are the mitigations?

Q3:
We also have Cyberark tt we lodge admin IDs of critical servers in them?  if this Cyberark server
is hosted in DMZ, what's the risk?  What are the mitigations?  The vendor who help us set it up
suggested to place it in DMZ (so that we could access via Internet to approve access requests):
is this risky & what are the best practices to mitigate?  I'm inclined to think these vendors are
seasoned in selling …
0
What is the best way to whitelist/blacklist devices so they cannot run when plugged into a usb, serial port?  We may want some devices to run but others we may not want to run.  Note, this machine would be windows and would typically not be connected to the network.
0
I have a folder named "Credentials" on our Windows 2012 R2 file server that I disabled inheritance on.  

screen2
This removed all security permissions from that folder and now I cannot get access to that same folder.

screen1
I ended up doing a restore from backup and I put that restored folder in the same location with a different name.  The restored folder works fine; but, I still cannot remove the original folder from that location because I have no security permissions.

I even tried to push a restore to overwrite the existing folder; but since the security rights were removed the backup software could not replace that folder.  I tried to access the same folder with DOS and I could not.  Any suggestions regarding how I can remove that 'credentials' folder?
0
Hi all, i'm looking to deliver a cyber security presentation to customers to raise their awareness of the threat.

Does anyone know of some sites or links with up to date / relevant content which i can use

Thanks in advance
0
We previously set up SCCM using a domain admin account SCCMAdm :
we have since removed it's domain admin privilege but with its domain
password dont expire.

is this a security concern (need assessment) & how we can mitigate?
0
i'll need a Shell script that scans thru creation dates of all patches (ideally only the security ones but
if this is not possible, then all patches) installed in an RHEL 7 server, get the latest one, compute
the difference from today's date & give the difference in number of days & if the difference is
more than 90 days, echo out a message, "It has been more than 90 days since last patch)

Purpose is to check the last patch date & remind Linux admins.  Believe RHEL releases patches
at least every 3 monthly?
0
I can't seem to find any documentation as to what the Mac OSX equivalent might be for 'AUDITCTL' 'AUDITCTLD' - any help appreciated thanks.
0
New install of server 2012 64bit,  not a OS upgrade, but old server data such as program files still on the 'c' drive.
no problems during the install, no yellow flag warnings except for "AD Rights Management" needs post configuration.
Rolls installed are AD, DNS, DHCP, as a full secondary domain controller,  application server, and file server.   I did not ask for IIS,  but got it anyway.   A pop up window keeps asking to install .NET 3.5.   NO changes to group policy.  
A funny thing about the folder share security;   the double head icon does not show up on C drive but does on the 'D' drive.
Configuring share security on 'D' is normal,  I get the groups I want.   On 'C' it configures the way I want,  but is erased by the next logon.  
WHAT IS GOING ON HERE??
0
Comprehensive Backup Solutions for Microsoft
LVL 4
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Hi,

Does anyone know a definitive way to disable the "Security and Maintenance" popups temporarily?

Popup
I have tried Group policy settings in various ways and combinations, after reading a few dozen articles, but none seem to work.

Policy
I have read a number of articles, a couple saying that MS removed similar ability to this due to a vulnerability. Not sure if that applies here.

If someone could please give me some direction or even if you know the answer, that would be great.

Systems are Windows 10 Creative/Anniversary edition.

While not really relevant as to the "how to do it", the reason I need this is because I am performing an AV upgrade, and during the process the old AV stops for about 2 seconds and the new one starts. I therefore would like to avoid mass panic and 1000's of end users calling into the helpdesk saying their AV has just stopped. I will obviously be re-enabling after the upgrade.
0
In auditing our server event logs we have several users generating Event 4625, which are basically bad password/user name.  We are a multi-domain environment.  Users systems are in my domain 'A', but their user accounts are in domain 'B'.  We have login scripts that map drives to our server (also in domain 'A'), but the 4625 event error shows that their system is attempting to connect to the share using the wrong domain for the user name (i.e. A\username instead of B\username).  The time stamp on the users workstation seems to confirm that the System thread (process PID 4 ntoskrnl.exe) is the process at the root of the call to the server.

e.g. B\username is logging into A\computer,   GPO set login script has B\username attempt to map several shares on A\server.  For some reason windows attempts to use A\username instead of B\username

Now, the drives do end up mapping, so its almost like Windows by default is applying the computers domain to the current logged user ID then continues to try moving to the actual domain of the user.

I've cleared the mapped drives, tried setting the map command to work with the /PERSISTENT:NO to make sure there isn't a 'stored credential', but it doesn't change the symptoms.

May not be a fix and this is just the default method for windows, but its a bit annoying to dig through all the false positives.  We will not be able to change either the computer's or user's domain so that is not an option.

Looking for potential ideas.
0
What is a good anti virus software

Something that may combat ransomware
on windows 10
1
I would like to get opinions on the best antivirus for a small (less than 6 Windows devices) LAN. Thanks for your help.
0
Hi All,

We have just moved to Kaspersky EndPoint security 10 (10.3.0.6294) from Sophos.
Some of the users have complained that now it takes them few minutes when they start there computer in morning and when they shutdown.
Is there anyway we can monitor whats taking up resources when the computer starts and how can we minimize Kaspersky resource utilization?

thanks.
0
Before we use our EPO to block access to PowerShell, we put it to
Detect mode for EPO to detect what's calling PowerShell & found
a lot of PowerShell calls made by svchost, explorer, rundll32.

As Win XP doesn't have PowerShell, are these calls by Win 7 truly
legit?   What's the purpose they call PowerShell  & how to trace
this?

What's the impact if PowerShell is blocked?
What does event ID 1095 mean?

Refer to attached on what EPO logs showed us
Monitor-Powershell-UsageTr.xlsx
0
When a user tries to access an encrypted Excel file he gets the error message "Excel cannot access [filename]. The document may be read-only or encrypted."

This is happening on a Windows 10 64-bit OS.

When we try to remove the encryption attribute from the file we get an "Error applying attributes message. An error occurred applying attributes to the file. The specified file could not be decrypted."

What can be done to fix this issue so we can either open the file or so that we can remove the encryption from the file?

CANT-ACCESS-ENCRYPTED-FILEERROR-DECRYPTING-FILE
0
Hi Experts,
could you pls advise how to install 32bit unixODBC driver on 64bit Oracle Enterprise Linux using yum. software which I'm planning to install on this 64 bit server only support 32 bit driver. Hence need to install

unixODBC-2.3.1
unixODBC-devel-2.3.1

Thanks in advance
0
I have had a disk failure on my DC, so need to recover.
However a while ago I had the brilliant idea of backing up to an iscsii volume on a netgear NAS.
Now I need to recover , I can mount the iscsii on another system, but cannot read. All I get access is denied.
When I try take ownership  with a local admin, it will not allow me.....

I don't want to be to adventurous with attacking the prob as it is the only backup . Any suggestions  .....
0
When ransomware hits your clients, what do you do?
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

We have manually disabled PowerShell on a few PCs : refer to attachment 1.

As there are close to 3000 PCs in our place, it's not feasible to do it this way.

Also I wanted to disable it batch by batch (by network subnet/segment or
by department) in case things break, impact is not so widespread.

Q1:
How can this disabling of PwrShell be done in GPO ?

Q2:
is there a way to use SCCM or MS Desktop central or sort of scripts for
me to deploy this batch by batch (or by IP segment) ?  Kindly elaborate
the method
Disable_PwrShell.jpg
0
We are still using Tomcat 6.0 and plan to move to latest version by next year. Problem with current version is to set the access deny to our web-application.

I tried adding valve with webapps/META-INF/context.xml file as below but nothing works. Can you please provide a fix.

<Context antiJARLocking="true" path="/">
<Valve className="org.apache.catalina.valves.RemoteIpValve" />
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="{IP_address}" />
</Context>

Or

<Context antiResourceLocking="false" privileged="true">
    <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.0\.0\.1,8\.8\.4\..*"/>
</Context>

Open in new window


Do you guys have any another solution as I want to restrict outside users from accessing Manager view and it will be accessible only from localhost?

Best Regards
0
I have a file I need to read from a users computer.  Bitdefender threat scanner.dmp.    I installed windows debugging tools, but the file just looks like code.

Any ideas how to read it?
0
TMG 2010 is blocking some websites, when I try to create a rule to bypass the proxy setting of the TMG again I am not able to access the sites, should we say that the status of the TMG now does not accept creating rules or why is it like that? Help me team.
0
I have the same problem as the previous poster, only my meterpreter session dies when I try the proposed solution. After gaining a remote shell, I attempt "run post/windows/gather/hashdump". It starts obtaining a boot key and then dies. Any thoughts or suggestions?
0
ive been hit with a ransomware attack
I can still use the computer but all word docs have been encrypted
I can open docs but they are blank
is my only option paying or can I get these back?
they are requesting over £800
0

OS Security

21K

Solutions

23K

Contributors

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.