OS Security

21K

Solutions

23K

Contributors

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

Share tech news, updates, or what's on your mind.

Sign up to Post

Dear Experts, I want to ask about Folder Permissions in Windows Server 2012.

Is there any way that i can copy all the permissions/rights assign to folders ? Suppose when i will change the location of a folder (Copy/Move to a different location) I want the same user rights to be assigned back instead of doing this activity manually.
Thanks

Also can i create a Backup of Folder Rights (User rights / Folder Permissions)
0
10 Tips to Protect Your Business from Ransomware
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

i am looking into account lockout best practice configurations for failed login attempts/brute force. for one of our web applications the administrator has configured locking an account after 10 failed login attempts in a 60 second window. This seems a rather unusual setting based on other recommendations I have read on account lockout. Does anyone have a view if this setting poses a risk in anyway, or if any password attack tools can be configured to work around this setting e.g. a slower approach on how many it attempts each minute, and if so a more suitable suggestion of values?
0
What is the easiest and most effective way to get rid of the Trojan.JS.Dropper.E?
1
What realistically is the risk if somebody found out an internal server name from the outside, e.g. what may it allow them to do in terms of a security attack. I am talking about from the outside. I noticed in some documents available on our website there is some mention of internal servernames and need to quantify the risk, they are not accessible to anyone outside the organisation, only those internal to the company, but it still doesn't sit easy.
2
We currently run MxcAfee VSE in a closed loop enviroment, so I've got to manaully update it on our systems.  I've downloaded & installed the latest patch (Patch 11) and applied all the latest DAT files but still get alert from McAfee stating definitions are outdated & must be updated manually.
0
Dear Team, our server 2008R2 has many AVP.exe processes (Kaspersky Endpoint Security) that we could not stop. It showed errors when we tried to end task:

avp.PNG
avp1.PNG
We also tried some commands on CMD/PowerShell but it did not help. Administrator has FuLL-control right but it keep showing "Access is denied"
taskkill /PID "number" /F
Get-Process -Name "avp" | Stop-Process -Force


Could you please suggest? Many thanks!
0
In AD Users and Computer we enabled the option 'Smart Card is required for interactive login'.  This forces Smart Card login via that AD user account... That way no matter what computer that user logs in on they are forced to use a Smart Card, however, this causes a problem.  We have a few mobile apps that use AD authentication.  When we try to log into these apps from our iOS / iPhone we are unable to do so.. This is because it's wanting a Smart Card...  What is the work around?  The only GPO that force Smart Card is computer based.. We don't want to force all users on all computers to use Smart Cards.. So... I don't see a work around unless the mobile apps support some type of cert based SSO?  Even then I don't think it will work for AD is looking for a Smart Card.
0
Suppose an attacker has the password hash of a user. If NTLM is disabled on Server-A would the pass the hash attack still work on SERVER-A over the SMB protocol?
0
Hi I am looking to do Pester test around my powershell code...but not sure about it ...can some help.

Bascially I need to pull Azurekeyvaultkey information using powershell and then do a pester test to do it, I managed to do poweshell bit but not sure how to do pester part....please I need help urgently.
0
Hi,

I'm running CentOS Linux release 7.4.1708 (Core), issue is i'm able to login using local users but not using ldap users, please help me on this.

I've tried restarting services using authconfig-tui command, but still i'm getting authentication failure error for ldap user.

please see the attached doc (ldap issue.docx), and below output commands and let me know if any other details are required.


[root@server01 log]# cat /etc/openldap/ldap.conf
#
SASL_NOCANON    on
URI ldap://<ldap servrer ip>:389/
BASE dc=prod,dc=hclpnp,dc=com
#
[root@server01 log]# getent passwd testuser
testuser:*:123456:7001:testuser:/home/testuser:/bin/bash
[root@server01 log]#


[hubba@servder01 ~]$ su - testuser
Password:
su: Authentication failure



[root@server01 log]# cat /etc/nsswitch.conf
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
#       nisplus                 Use NIS+ (NIS version 3)
#       nis                     Use NIS (NIS version 2), also called YP
#       dns                     Use DNS (Domain Name Service)
#       files              …
0
Exploring SharePoint 2016
LVL 12
Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

Hello,
      We have installed a new Exchange server on our single domain network. Since configuring another public IP to accomodate it we are getting many "High-Risk Intrusion Detected" alerts from the Symantec Endpoint we have running on this server. It is mostly:

Attack Signature
Web Attack: Remote OS Command Injection

with some:
Attack Signature
Attack: D-Link DSL 2750B Arbitrary Command Execution


The attacking IP's change so I can't blacklist them on the firewall. We are using Sonicwall NSA 2650 as a firewall. Is there anyway to stop these attacks? I realize that the Endpoint protection is doing what it should but I am concerned that eventually the bad guys will get through.
0
I have a Cisco nexus switch (48-port) and wanted to setup for the first 24 ports on a vlan and the next 24 ports on a separate VLAN.  How do I do this on a Nexus switch?
0
I am trying to deploy local windows firewall rules to several separate Windows 7 laptops.  We have Novell NetWare in our environment; hence, using Group Policy from a WIndows Domain to propagation to the devices, is not a n option (unfortunately).

I have discovered that if one executes a batch file, with the command:

netsh advfirewall firewall add rule name="NetScaler Gateway Plug-in" dir=in action=allow profile=public program="C:\Program Files\Citrix\Secure Access Client\nsload.exe" protocol=TCP enable=yes

Open in new window


that works really well ( https://support.microsoft.com/en-us/help/947709/how-to-use-the-netsh-advfirewall-firewall-context-instead-of-the-netsh ); but, the problem is that when executing the above command you need to run the command prompt as an administrator.

DOS_1
As you can see if the user does not have admin privileges or does not know the administrator password, then the only other thing I can think is to create 2 batch files and manually copy the files to the user's laptop.  1 file will have the  'runas' command to use the local administrator user account and then to trigger another batch file with the changes:

runas /user:administrator C:\data\mybatchfile.bat

Open in new window


https://www.windows-commandline.com/windows-runas-command-prompt/

So the batch file: mybatchfile.bat will actually have the code that adds the firewall rule(s):

netsh advfirewall firewall add rule name="NetScaler Gateway Plug-in" dir=in action=allow profile=public program="C:\Program Files\Citrix\Secure Access Client\nsload.exe" protocol=TCP enable=yes

Open in new window


Question1:  Is there a way to streamline the deployment approach because our users will require these local windows firewall rules and these users are not administrators on their company laptops.  

Question2:  Is there a way to elevate permissions for a batch file as the script begins executing?  So you will not be prompted for a password?
0
I took over for an IT manager who was let go.

Somehow or maybe not, windows updates seem to have disabled all the NICs.  Cant enable, need admin rights, dont have them.

I have never login to the server before so no admin cache credentials that I have access to.

Local Admin I dont know either.  The server I do need up, wiping not an option a this point.

I have tried removing from the domain, still need admins rights, which I have none.

Any ideas?  Or am I hosed?
0
I have an old Cisco 4506 and need to dispose of the device.  I wanted to know if there's a card or anything I should keep in order to make sure that our information is kept securely.  If there is a card or something I'm planning on destroying the card or supervisor or module.  

I also would like to backup the config, just in case.
0
I have an Active Directory Group (Group1), for now it is able to add users to other groups.
I want to Prevent Group1 from adding or removing users from the following groups:
GroupA
GroupB
GroupC

They still can add/remove users from other groups.

I looked at the Group1 membership, I could not tell which group has given them  power to add / remove users... The groups they are memebr of are not nested in other groups and I do not see them memebrs of known groups such as Domain Admins group

Any idea on how to figure out how they are able to add usersto groups and how to limit Group1 from add/remove of users to just to those 3 groups.

Thank you
1
Hello,

I am being asked to track access to log archives or audit trail files in our Windows system environment.  

Would someone advise what that means?  Do I enable this tracking in a group policy or the default domain policy?  

Thanks.
0
I attached exports of both the Default Domain Policy - Local Policies - User Right Assignment and Security Options from our DC.  I believe most all policy settings are set "Not Defined" with the exception of a few policy settings within Security Options.

I believe this particular policy (Default Domain Policy) should apply to all non DC servers and workstations joined  to the same domain.  We have member servers that are Exchange 2010, SQL 2014, .NET/Image Storage, etc.  All workstations are Windows 10 Pro.

So, I am trying to figure out if the defined local policies, which appear to be the defaults, needs to be updated to properly secure all joined machines to the AD domain.  Maybe the existing settings are fine as is, but I am not sure so that is why I ask.  I am more concerned the Windows 10 Workstations are properly locked down than anything.
Prometheus-SecurityOptions-Export.txt
Prometheus-UserRightsAssignmnets-Exp.txt
0
https://www.straitstimes.com/singapore/method-of-attack-showed-high-level-of-sophistication

Refer to above Singhealth data breach incident.

Q1:
What mitigations could have been put in place to prevent / mitigate it in the 1st place?

Q2:
Will Database Activity Monitoring (eg: Imperva with its granular ACL) help or Privilege
Access Management besides dedicating/isolating PCs for general purpose/servers access?

Assume they're running MS SQL on Windows servers
0
Challenges in Government Cyber Security
Challenges in Government Cyber Security

Has cyber security been a challenge in your government organization? Are you looking to improve your government's network security? Learn more about how to improve your government organization's security by viewing our on-demand webinar!

Q1:
I recalled Cyberark ever presented a product that  could alert when sysadmins run or access a privileged (or one that we can programme to be alerted) tool or activity : what's the name of this product?

Q2:
Does this product make use of PSM video recording of the sysadmin's session access & perform OCR on the video (to get the text)?

Q3:
Can latest version of Cyberark DNA scan for Cisco network devices privileged accounts?
0
if you initiate an RDP connection to a terminal server from a windows 10 PC, would there be any event logs on the windows 10 machine to show when the RDP access was attempted, and which username they specified in the connection itself? the event logs on the server itself don't go back to far, but event logs on the PC's cover a couple of months worth, so it would be useful check those out also.
0
I have a Synology NAS that when I look at the property details on a file and view the user it shows some random numbers as the user.  I am using my domain users on the NAS and users are in the format of first name initial and last name, like asmith.
User details
0
Hi Everyone, our small SMB\company recently switched to hosted Office 365 Exchange based email. Before the switch, we had an "in-house" Exchange mail server.
We have about 10 or so domains registered for email delivery.

So here's the problem. Since switching to Office 365 our users are being bombarded with "Somewhat Legitimate" Phishing Emails that try and trick them into providing their logon credentials.
IE> Your account in box is full, click here to fix. Your account will be terminated if you don't click here and login .. and on and on and on.

I've mostly stemmed these by created rules in Mail Flow that block certain words and phrases contained in Subject\Body.

Thats said, any suggestions to better keep these emails out? This issue not nearly as bad when didn't host with Office 365.
0
Crypto protection. Best solutions? Tape, disk based backup, on site, off site, vendor specific, and reasoning behind your answer.
0
folder on computer C to access the database.

With computer A I have no issue. However, computer B has I issue connecting to computer C.

The status of not connecting changes sometimes I get windows cannot access\\computerC check the spelling of the name otherwise there might be a problem with... Error code 0x80004005. Sometimes I can access computer c but the connection to the database is not stable, and sometimes it asks for credentials and does not accept it.

I check in the sharing options on both computers everything is set to on.
In the adopter settings, file and printer sharing are checked.
I updated the driver for the network adapter.
All computers are in the same Workgroup.
Checked the firewall setting the allow public and private file and printer.
Uninstalled third-party anti-virus.
Disabled windows firewall.
Enabled guest user and cleared the password.
Turned off password protected setting.
The folder has everyone in the share and security permissions

Window 10
0

OS Security

21K

Solutions

23K

Contributors

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.