OS Security





Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

Share tech news, updates, or what's on your mind.

Sign up to Post

Weblogic / apps support colleagues face challenges in implementing all
hardening recommendations of Weblogic 12.1.3 adapted from Oracle.

Need assistance here to assess if there are alternative mitigations &
how risky if we don't implement some of it: refer to attached.

Appreciated comments on the risks of not implementing & any
mitigating factors
Learn Ruby Fundamentals
LVL 13
Learn Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

After running the CIS hardening script on our RHEL 7,
Mesosphere can't install at all : I don't have the error
message as app team & vendor working on it.

General questions:

Besides logging a case with reseller/vendor (which often
disappoints, what's the fastest way to isolate/narrow
down which hardening item caused an issue?
Binary (ie harden half & then kept halving down) isolation
or google for the error?  

Or are there free tools out there (in Tripwire we can quickly
tick/untick for remediation/auto-remediation) to ease this
isolation (esp for Linux & Windows)?
I accidentally locked myself out of my computer. I set Lockout Policy for Admin (0) after 5 bad attempts, which wouldn't be a problem normally, cause I'd login as Admin and clear the user account, however, I setup a configuration that allows a User to elevate permissions without an Admin password but when the session is not active it disables the Admin account. :(

It has been working great for 2 years and then while I was on a call I didn't focus that much effort into my logins and boom the hammer dropped...lockout.

How can I login again...I don't want to reformat.

-Windows 10 Pro (fully updated)

Was told by one of the vendor selling Ivanti (LanDesk related)
patch mgmt product that RedHat had since controlled it such
that any products that do patching for RHEL must have a
Satellite server with valid subscriptions for each RHEL endpoints
to be patched.

We don't want to do 'yum' (ie permit backend servers' connecting
to RHEL).

So without Satellite, is there any products our there that could
do patching of RHEL endpoints?  

Is this requirement to have Satellite something that Bigfix also
require?  Seems like the vendor selling Satellite is not aware.

Is there any scripts or tools out there that could pull all the
patches down with a single RHEL subscription, build a patch
repository which can be propagated down to our RHEL
endpoints?   I recall an ex-colleague who has built an RHEL
VM that could do something like this but I've lost touch with

Some years ago, a member in SunManagers list shared with
me that Satellite could patch Solaris as well (possibly that's
in the days of RHEL Ver 4.x): is this still the case today that
Satellite could patch Solaris?   What about Ubuntu, Debian,
& CentOS Linuxes?
I urgently require an Android OS Security Model expert(s) for lucrative short term contract within mergers and acquisitions deal.
hi any document or link where explain which security policies apply or create documentation of security policies
I'm curious and would like to settle an argument in our office. If we are running desktops with Windows 10 Pro v1903 with all updates, and all drives are Bitlocker encrypted (including the free space), is it possible for our data on these drives to be attacked by Ransomware?
Within the same major version of Weblogic ie  12.1.x vs 12.2.x,
are the hardenings the same?   Have seen hardening docs from
Oracle for 11.x.y & 12.1.x  but I can't locate a doc that's for 12.2.x
so can I assume the hardening options for 12.1.x (specifically we
are on 12.1.3 & going to move to 12.2.x) are the same as for
How long does a bitlocker recovery password work? When does bitlocker change the recovery password?
Are there specific MS patches that are applicable to  Schneider SCADA Windows 10 workstations?
Vendor refers us to above link & understand only a subset of the patches but where can we
obtain this subset of Windows 10 patches for Schneider workstations?
Announcing the Winners!
LVL 13
Announcing the Winners!

The results are in for the 15th Annual Expert Awards! Congratulations to the winners, and thank you to everyone who participated in the nominations. We are so grateful for the valuable contributions experts make on a daily basis. Click to read more about this year’s recipients!

Can anyone point me to a checklist for hardening
of Moxa switches?
I have Microsoft Surface GO devices at my retail location and we would like the ability to lock that down to a particular App.  There is a website that I would like to make available by locking down a browser of my choice and that is all the devices have access to.
I have just run a new vulnerabilty scan and one of the clients has come back with an Xserver warning that it accepts connections  from any client.  I know what xserver is and the risk it poses.  My question is, how do I configure it/restrict connections?
we have been looking at some get-hotfix reports to determine that last MS security updates applied to a multitude of servers serving different purposes. In some cases the process seems to be working an critical updates are applied in a timely manner, but we found a few exceptions. For my own knowledge/benefit - if a server was acting as a web server and only had standard web ports open, could any of the vulnerabilities that the MS updates 'address', still be exploitable from the outside through those ports? I'm not entirely sure what range of products/services the updates cover in their 'monthly roll ups', so I would be interested to learn a little more.
I would like to scan 600 PCs & 30 servers that join our AD for
files with a certain hash (given by our threat intel).  Sometimes
we can get hundreds of IOC hashes (last one was 700+) in 1 day.

However, using Trendmicro EDR, it's getting very inefficient as
we have to use Mandiant IOC converter to convert one hash at
a time to be appended to a  .ioc file that looks like below.

So I'm looking for free solutions that either can scan all the AD
endpoints for the presence of hash (I currently have batch scripts
that could scan each time a user logon to a PC for registry key
IOCs) but MS fciv tool can't possibly rescan all that millions of
files (as this could slow down the login by users) & store their
hashes   or   I'll need something better than Mandiant IOC
converter that could read in the entire batch of hashes.

That xxx.ioc file contains the following :

<?xml version="1.0" encoding="US-ASCII"?>
-<ioc xmlns="http://schemas.mandiant.com/2010/ioc" last-modified="2019-07-25T03:02:52" id="2146113a-1513-4be6-b07e-f43969847a6a" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">


-<Indicator id="a1c825b0-ae7f-4461-85dd-25a20720acac" operator="OR">          <== this value is given by the converter
-<IndicatorItem id="333cd85e-637e-4889-b68a-a5f54e1e8d40" condition="is">   <== this value…

Anyone know the specific 13 measures for Singapore public services on "Information Sensitivity Framework"?
Above URL only mention a few briefly;  will need all the 13 & their details.

Link below only lists 5:
Hello everyone,
I need help to make sure that all laptops at my work are configured for use at home and hotel networks.  I am looking for a list to follow to secure our work laptops as much as possible to prevent intrusions, malware, spyware, viruses, etc...
Looking forward to your responses.

So far, I've heard that clicking attachments (PDF, MSOffice, png, executables/scripts,
active contents) & links in malicious/phishing/spam emails may risk compromising
the user.

Has anyone come across any email, that just by opening the email content (but
without clicking any attachments, links or 'downloading contents like images')
will compromise the user??  If so, how does such compromise work & how do
we educate users to take precaution against such emails?  Certainly we need
to open to see email contents as just viewing subject heading/sender may not
be good enough.

I'm using Outlook client & webmail (ie browser to access corporate email).

A friend told me that just by opening a gmail in the past (without clicking the
links/attachments in it), things went wrong with her mailbox in gmail.
Are there any useful documents/articles that are routinely issued/upgraded which show specific trends in cyber attacks for say the past 2-3 years, and for any major cyber attacks that hit the news – what the root cause of the vulnerability that was exploited was? i.e. what the cyber criminals are targeting nowadays, and what the relevant controls are to protect against those, assuming they could be protected against, e.g. a relevant patch applied?

I was also interested in identifying the primary/priority security defences, or at least coming up with some form of priority checklist of what to assess in what order when it comes to security. I appreciate on larger networks/infrastructure security must be an absolutely mammoth effort, and any single vulnerability on any device could be your downfall, but there must be some form of precedence in terms of priority of cyber controls when self-assessing your cyber/security defences, so my question to you is - where exactly would you start, and do any of the guidelines out there put cyber controls/defences in order of importance/priority, I assume they must do, but quite which articles/guidelines is an unknown to me.  

If you were doing an independent review of your security/cyber defences, what order would you start in, e.g. the absolutely bare minimums, and then onto the second tier of
defences, 3rd etc. If there are no such guidelines, your own view on this would be equally as interesting.
OWASP: Avoiding Hacker Tricks
LVL 13
OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

For interactive AD accounts, we can find out the "Last logon" date/time
by issuing  "net user /domain  AD_Id  | find "Last logon" " : a non-admin
user can do this.

For non-interactive/service AD accounts, how can a non-admin user
find out when it's last used?   We are doing a review of the hundred
over non-interactive accounts to see if they're truly needed.

Can't ask the owner as the documentation/record of who requested or
own these non-interactive/service account is lacking.
What is the common technique/configuration to prevent execution of desktop tools like powershell / command prompt in an enterprise environment (mixture of windows 7 and windows 10 devices)? i.e. if you wanted to enforce such a control across your users/devices - how would you go about this. I notice as an employee when I try and run either program you get the prompt to enter an admin password before the tools will properly run. I was just intrigued into how an admin would enforce this across an enterprise, as we need to double check for a risk assessment piece of work that it has been appropriately deployed to all devices, and there are no exemptions.

They also 'hide' the security tab of folder properties, through some technique. So understanding how that has been done and then again checking its been applied consistently for all devices with no exemptions is something we need to get an assurance report on.

The background to this is some root folders on a file server share have full control to standard user groups, at both share and directory level - which to me seems excessive. However, the admins do not seem overly concerned and claim its not so much of an issue as the main 3 methods used to manipulate access control settings (the properties > security tab, powershell, e.g. set-acl, command prompt, icacls etc) - are essentially blocked from the end user. There may be other ways to manipulate an ACL above and beyond the 3 I mentioned that we may also need to explore.…
CIS benchmarks for Ubuntu & Debian list a number of settings that must
be found in grub.conf/.cfg  &  audit.conf/.rules  for them to be deemed
compliant to CIS/hardened settings.

What if these files are not found in the Ubuntu/Debian servers?  Does
this mean they're compliant (as good as hardened) or we have to
specifically create these files & insert the lines (eg:  grub.cfg should
have a line 'set superusers="<username>" '    while  audit.rules
should have "-e 2"  at the end of the file) ?
What tools or procedures do you have in operation to monitor & report on windows defender status/levels (assuming that is what you use for an AV on end user devices). We need to get some assurance reports on AV status for all end user kit to ensure defender is running (these are all Windows 10 devices btw) and definitions last updated by statistics for all devices. Most AV apps I have seen in the past have some really useful compliance reports that can be used for audits and/or internal monitoring of compliance by the security teams who have responsibility for AV.

Out of interest, what kind of issues can occur in a corporate environment to cause defender not to be running on a device, and/or out of date in terms of signatures. I am trying to get a realistic opinion on how easy it is to get things wrong when it comes to managing defender, or whether it is a fairly painless process and likely that all devices will have the software running and be current.
i think this windows update crashed my computers KB4494440

i have mostly Lenovo laptops and dell computers, when i checked after pushing this update , the update failed but the laptops still keep crashing

errors coming from FLTMGR.SYS, restore computers are also failing


Refer to attached where we have created an SRP rule/policy:
however, we are still able to launch the Epson projector software
(could see its screen).

What was missed?

The attached is a rule doing blacklisting;  if we want to do whitelisting,
how shall we go about it: create the "Unrestricted" rules first (to whitelist
the apps allowed) & at the bottom, create a rule to "Disallow" *.*  ?
How does the last rule that blocks everything else looks like?

Any sample rules will be much appreciated.

OS Security





Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.