[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

OS Security

21K

Solutions

23K

Contributors

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

Share tech news, updates, or what's on your mind.

Sign up to Post

Was told Exabeam UEBA  charges based on # of staff & no agent needs
to be installed in endpoints as it correlates/uses Splunk's data.

Since this is "user behavior", should we pipe users PCs/laptops events
to the SIEM (hv Splunk in mind) or in general, people only pipe servers
& network devices events to Splunk (ie PCs events are not piped)?

Splunk gave me a spreadsheet for sizing which did not have a column
to input # of PCs/laptops while in the bank I worked for previously,
PCs/laptops events are not piped to SIEM.   As Exabeam correlates/
analyses users' activities, shouldn't the PCs events get piped as well?
0
JavaScript Best Practices
LVL 12
JavaScript Best Practices

Save hours in development time and avoid common mistakes by learning the best practices to use for JavaScript.

I'm looking for ways (most likely auditctl or audit) to monitor Solaris files
(/etc/group, sudoers,  root's  cron.*) & if possible email out a notification
once content of the file(s) is modified.

Will need exact/detailed steps.

I'm on Solaris 10 x86.

File integrity monitoring (like those used by Tripwire) tools is not an
option as we just want to use built-in Solaris tools
0
I'll need to monitor several "privilege escalation related" Solaris 10 & RHEL6 files using
ACLs (Access Ctrl Lists) :

a) /etc/group, /etc/sudoers, /etc/cron.daily (or .weekly or any crons owned by root):
    ACL to send to syslog (so that we can pipe to SIEM) when permissions, ownership
    or contents of the above files are changed

b)visudo, sudo, usermod, useradd    command binary files :
   when these are being executed/run, ACL to send to syslog (who & when it's being
   executed)

Appreciate an exact  setacl (or the actual commands/settings in RHEL6 & Solaris 10
x86  samples
0
I have a shared folder where permissions for a user are not behaving as displayed in Folder properties. This user exists under a group called "Managers". Managers has been added to the "Share" folder's Permission Entries with full control, applying to "This folder, subfolders, and files".

This issue started with this user not being able to save files, delete files, create new folders, or move files to new folder locations with full control. In order to try to fix this issue I dragged and dropped the "Share" folder into a FAT32 drive, then copying back the folder to the C:\ (NTFS). This was to clear any permissions. Here were the exact steps performed.

1. Closed all files/apps using anything in the Share folder.
2. Verified all files were closed.
3. Created a copy of Share folder inside C:\
4. Copied original Share folder to FAT32 drive.
5. Deleted original Share folder from C:\
6. Copied FAT32 drive Share folder back to C:\
7. Set share settings on Share Folder
- Full Control
- Security Tab > Add Managers group > Assign full control
- Share Name > Share

After completing these steps, the user is able to save files and create new folders inside the drive, but cannot delete or move locations of a file/folder. The only file the user was able to move was one where the user was the owner.

The goal here is to have this user actually have full control of any folder/files inside the "Share" folder. Images attached of share folder properties and permissions.
SHAREAdvancedSecuritySettings.PNG
SHAREFolderProperties.PNG
1
We are looking at some interesting connections that appear to be inbound from the below snippet:
Incoming connection from ( [source ip here] Port 46525 ) to svchost.exe

The source of the incoming traffic is connected to an external suspicious ip address and not part of our infrastructure.  We would like to see if there is a way to determine whether incoming traffic with svchost.exe as the communicating file can be reasonably white listed?

Is there a set of expected source ip's that we could reference that would allow us to sift out possible known external ip's that are valid incoming connections to an svchost.exe process running on an end point?
0
In general, does Non Disclosure Agreement covers
a)  information should not be disclosed even verbally?
b) accidental divulging of sensitive information?
c) that a vendor is working for this specific customer on a specific project?
d) the size of the data or database of the customer?
e) the value of the project?
0
How can I track files  that were moved to another location, for instance, from the local SSD to OneDrive?
0
The user is required by work to have BitLocker Drive Encryption turned on.  They have a desktop computer.
Dell Inspiron 3670
Windows 10 Pro   10.0.17134  Build 17134    12 GB RAM   Windows 10 is up to date
BIOS Mode  UEFI

Every time we try and turn on BitLocker, we are unable to start BitLocker and get message  "An internal error was detected"

How can we get BitLocker installed?

Thanks.
0
I am looking for software that could monitor when a computer is turned on or off, and which user was logged in when this was done..
If it contains other features then this is fine as well. however...
Also, does the software need to be installed on the suspect computer, or perhaps monitored remotely from a computer on the same network which has admin rights..
It needs to be determined if an unauthorized person is logging into this computer, and also what activity they are doing.
2
Q1:
If I use a Solaris server as repository server to get from Internet
ClamAV updates, can it be used by other platform 'satellite'
ClamAV such as Windows, Linux?   Ie can freshclam on
Windows/Linux pull signature updates from a Solaris ?


Q2:
Are the 3 cvd files (main, daily, bytecode) inter-useable
between Solaris x86, RHEL & Windows ?
0
OWASP Proactive Controls
LVL 12
OWASP Proactive Controls

Learn the most important control and control categories that every architect and developer should include in their projects.

https://www.manageengine.com/products/eventlog/system_requirement.html

We're trying to quickly set up ManageEngine Eventlog analyzer/SIEM for our
Solaris 10 x86   and  RHEL 6  servers : all are 64bit OS.

Somehow I can't locate anything for Solaris 10 x86 : need the agents installer.
Still looking for RHEL6.  I'm not too good with navigating.

Anyone can help locate & give the exact links?
0
a) https://en.wikipedia.org/wiki/Ceedo  ==> has local distributor/partner, on-prem
b) https://www.garrison.com/                 ==> on-prem, cloud-based coming up
c) https://info.authentic8.com/               ==> cloud only

Trying to narrow down which of the above 3 solutions to adopt for safe Internet
browsing.

a) uses CDR (Content Disarm & Reconstruct) : how good is this in making the
    Pdf, MS Office files safe? O365's  SpamHaus is not sufficient (still getting
    spams) & lacks defense against malicious attachments & users clicking
    on phish links in emails, can Ceedo's solution do CDR for email/email
    attachments?  Can't seem to find anything in the wiki link above.
    It's not clear if they have proxy solution/feature in their product

b) this solution lacks in terms of proxy (for us to link to SpamHaus or add our
    Threat Intel's bad reputation IP & blocking certain categories like YTube &
    FB) & downloading of files: had to email the attachments & purchase
    proxy/CDR (eg: Deep Secure) solutions to integrate:  personally I prefer to
    cut down on integrations because when there's issues, vendors would
    point to each other.   By making users do downloads by sending email,
    it discourages users from downloading to their PC unless necessary:
    however, I foresee users will be unhappy with such requirement that
    they had to take extra steps to email files they wanted to be downloaded

c) offers cloud solution only …
0
AD non-interactive service account

1- how do these work?
2-Security concerns if any? can they get locked out?
3- do they work with non-Windows platforms? or non domain joined machines?
0
Which tools do you use for security auditing of windows servers (by which I mean checking the configuration aligns with best practice and is free from administrative/configuration based vulnerabilities). Microsoft baseline security analyser seems to of been retjred and not supported on newer OS. So gauging what tools / scripts etc are common in 2018 would be interesting. I would have thought powershell scripts could replace what MBSA used to check for but couldnt find much out there.
0
What free options are available to scan/search unstructured data (file shares and exchange mailstores) for sensitive data like PHI or PCI data?
1
I'm exploring backup policies such that if there's insiders quietly
altering them, we can skip the 'bad' changes:

Day 1: the initial good build
Day 2: legit/good updates were made
Day 3: an insidious/malicious update were made
Day 4: good legit updates/changes were made

We want to restore till Day 2, skip Day 3, restore Day 4.


https://www.acronis.com/en-us/support/documentation/AcronisBackup_12.5/#37575.html
Was told a GFS scheme as above will help but I tend to think
a mix of incremental plus differential backups is needed.
Pls comment.


Q2:
For DB, is it better to backup the OS files of the DB or take dumps & backup
the text dumps?
0
I see several references for best practices on managing NTFS permissions and FIle Shares that states:

"Create a Global Deny group so that when employees leave the company, you can quickly remove all their file server access by making them members of that group."

Makes sense, but I'm curious what others think of this. It seems that if it where at the point that we needed to remove a users file server access and thus access to all of the shares that that have, it would be a simple matter of disabling the account.    What advantage would it be to put the user in this group to remove access over just disabling the account?
0
Windows Authentication in Chrome does not works as expected from AD/Domain environment.

It works perfect in Firefox after adding the http://app.domain.local to network.automatic-ntlm-auth.trusted-uris

It works also good in Edge and Internet Explorer after adding the URL in Local Intranet - Sites.

I expect it to work in Chrome too. But I am always being promted. Any ideas?

I have tried with or without Negotiate security method for Windows Authentification. I am currently using only NTLM.

Chrome version 69.0.3497.100 64 bit.
IIS 8 and MVC (Webform) (newer version) ASP.Net app
0
Hello, we have some service techs who need to have admin rights on their machines to run/test specific software. I am just scared they may download/install some malicious.

What is the best controls method to contain this?
0
Check Out How Miercom Evaluates Wi-Fi Security!
Check Out How Miercom Evaluates Wi-Fi Security!

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom on how WatchGuard's Wi-Fi security stacks up against the competition plus a LIVE demo!

I need to alert both Sysadmin’s and applications Admins by reports SEPARATELY by using Nessus Pro, how can I do scan for OSs exclusively, and applications exclusively?
And how do scan Windows exclusively? And Linux
0
http://benchmarks.cisecurity.org/downloads/show-single/?file=solaristool

Anyone have CIS scoring tool for Solaris 10 and RHEL Linux (RHEL 6 or 7 will be best):
I last got them from CIS websites for Solaris 8 & RHEL 4/5 about 11 years ago but think
CIS now requires membership to get the scoring scripts.

Looking for free tools/scripts, not something subscription-based.

The scripts should not make changes/hardening but just collection
0
Hi Experts
I am planing to study the information security, I am working in the IT field long time ago
But I do not know any courses i can start by.  some of them told me that CEH is perfect and other told me  to CEH it is useless
please advice me
0
I was hoping to scope out some useful tests to include as part of an audit / health check of some traditional file servers, which act as team repositories for shared documents/files, and another acts as a home drive server where each employee has a home drive area locked down just to them. I was thinking of basics such as:

access control lists (ACL) - ensure permissions on directories are appropriately restricted and restrict access based upon need to known principles
teams consuming masses of space (poor internal practices)
documents with no recent last access attribute - compare to data retention requirements etc
non-administrators who have full control over shares/directories (should not be the case)
general OS security (e.g patches, local administrators, backups)
general monitoring (e.g. capacity/free space)

can you think of any more areas that would be of benefit in such a review?
0
I've seen an ex-colleague blocking file extensions from being created using a feature in McAfee
(can't recall the name).

Can someone provide the steps to do this in Trendmicro Officescan's management console?
What's this feature called in Officescan?
0
I already have an Active Directory Windows Server 2016 home test server setup, but now want to change my few test Windows 10 Pro clients to use SmartCards

What URL do you recommend showing a step-by-step on how to setup SmartCards in Server 2016 only for CLIENTS, NOT for logging into the server as "user=DAadmin" since I want to still be able to login to the server without a SmartCard ?

I found https://malwaretips.com/threads/how-to-protect-your-head-less-home-server-with-smart-card-authentication-and-a-yubikey.71078/, but think there might be something better
0

OS Security

21K

Solutions

23K

Contributors

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.