Improve company productivity with a Business Account.Sign Up

x

OS Security

21K

Solutions

23K

Contributors

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

Share tech news, updates, or what's on your mind.

Sign up to Post

I got a bunch of machines trying to access this IP(208.91.197.27) that looks very suspicious when doing a WHOIS. OpenDNS Umbrella blocks the traffic as malware but no other details are given.  I've ran extensive tests with different anti-spyware/antivirus solutions(safe mode and such) and was not able to find anything. In the last month or so there were at least 10 machines that tried to get to that IP address over port 443. Machines are either inside the network or just working in the field. Any suggestions on how else to tackle this problem would be appreciated.

Thanks!
0
Get your problem seen by more experts
LVL 12
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

https://blog.trendmicro.com/trendlabs-security-intelligence/autoit-used-to-spread-malware-and-toolsets/

Users are requesting for AutoIT to automate their tasks (mouse clicks, repetitive keystrokes etc)
but I have concerns like what's listed in link above.

What are the mitigations we can put in place to balance between work productivity & IT security risks?

Are the following valid mitigations?

1. air-gap those PC running AutoIT, namely remove Internet access & email access as these two are
    top vectors of malwares.  Users told me they don't need these 2 functions on the PCs running
    AutoIT but the AutoIT programmer wants it on his PC as he doesn't want to switch around
    between PCs when developing AutoIT scripts & using email/Internet

2. I heard we can compile the scripts & then uninstall AutoIT : so if a hacker got into the PC, he
    can't develop keyloggers/malicious scripts (that capture credentials).  The programmer felt
    this is restrictive but to work around, I heard we can create config file for scripts to read in
    parameters/variables to give more flexibilities or options for the scripts to operate: is this
    so?  Is this a good mitigation?

Pls add on any further mitigations.

I've heard of VB & Java scripts being risks : are they of similar nature as the risks of AutoIT?
0
When accessing our servers it states "my" account is locked out.  I ran Netwrix Account lockout examiner and it shows me locked out.    How do I find out exactly "why" or "what" is locking me out?

I have other accounts I can log on as to run the tests
0
What are the steps or processes I can follow to run a Windows 10 program under the system context?
0
I am preparing to patch multiple 2012R2 servers in mulitple offline networks that haven't been patched in over 2 years, so trying to get an understanding of the expected behavior during the installation process. If I use the settings I have defined below, will the servers just keep downloading and installing updates until they are fully patched or is there an interval that starts when you schedule the maintenance and stops after a certain period of time? Let's say there are 200 patches needed on Server A, they have all been approved in WSUS, and I schedule the installation as defined below... will Server A keep downloading and installing even if it takes until Sunday?

Use option #4 – Auto download and schedule the install
Deselect “Install during automatic maintenance”
Set “6 – Every Friday” for the scheduled install day
Set “17:00” for the scheduled install time
0
Hi,

I'm trying to get rid of local admin privileges for users. All users have a scheduled task that runs a Syncback backup of local files.
Works fine when user is admin, but when I remove local admin privileges, users are not able to schedule tasks.

Windows 10 client.1709. Domain member.
Group policy:  Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment.
Allow members of domain group Staff to Log on as a bath job.

Suggestions?

BR,

Nils
0
Audit wanted me to simulate a High severity event which we have only a few such as
successful Brute Force, true DDoS (not sure what's the bandwidth) & compromised
network/firewall devices that lead to operations outage.

This is to see if the SoC responds within SLA (from Splunk alert which currently
covers Prod servers/devices) & how fast we mitigate it.

I think the easiest is to
a) install a brute force password cracker
b) create a local account not subject to GPO (eg: password doesnt get locked
    despite number of failed attempts with a simple password) on a non-
    critical Prod server

Any freeware tool on Windows that do brute force for Windows that anyone
can recommend?  SIP Vicious or is there a free l0phtcrack ?
0
Unable to login to windows 8.1 pro using Microsoft connected account.
User has somehow set up login to try and use email account as user name.
IE joe @xyz.com which is an Exchange service hosted on office 365.

I can login through the portal with user name and pass ,but the users computer says incorrect password when I try to login locally.

If I try to change pass in admin tools users ,it says The system is not authoritative for the specified account.
Any ideas?
0
Playing the Triage Game
The intent of this article is not to tell you what solution to use (you know it better) or make a big bang change to your current regime (you are well aware of), but to share how the regime can be better and effective in streamlining the multiple patch implementation.
0
does norton go after viruses
malware bytes goes after malware

do I need both

windows10
0
Building an Effective Phishing Protection Program
LVL 1
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

I would like to take an image backup (sort of bare metal  which is built into Win2008 R2 & Win 2012)

Q1:
For a laptop / PC with encrypted HDD (we use McAfee to encrypt), can we  "Create a Windows System Image"& still restore it?

Q2:
 if it's booted from a CD, we can't take a backup of an encrypted HDD but what if it's in a fully booted up state?

Q3:
if the backup can't be used to do a good restore, what's the alternative?  

Q4:
if we can take a backup of an encrypted HDD (when Win is fully booted up), doesn't this defeat the purpose of encrypting the HDD?
Or encryption is only meant to protect the data in the HDD when Win is locked or prior to PreBoot Authentication?
0
Sorry, I guess I could answer this myself with a little effort, but haven't had the time to boot off a thumb drive or similar...

I enabled Bitlocker on win 10 pro.  My first dealings with bitlocker.  in settings-manage bitlocker- it says that bitlocker is on.

Booting up is the same as before - windows splash screen, then the normal windows login screen.

uh, I thought there'd be something before that to unlock the drive?  Years ago with some 3rd party thing, you'd get a  screen asking for a password before windows would start.

Beause this is a MS software, that's not the case?

Windows boots enough to ask for a password.  If that fails, you won't get anywhere?  If  i  boot from a thumb drive / linux / etc. I'll see gibberish? (other than maybe windows directory?

And I've done that hack of renaming utilman.exe with cmd.exe to be able to get to a dos prompt to get into a computer we're locked out of.   Same thing -  if I did that, most all of the C drive will be gibberish / not readable?  But yeah, I guess you want to rename utilman.exe back to normal again, otherwise someone could make an admin account and be able to log in?  And then by extension.... say I lost this laptop.  Someone boots from usb, does the utilman / cmd change.  creates a user... then they get to all the hard drive data?  Or at least my c:\user folder is still locked? Even with linux ignoring NTFS permissions?

Thanks!
0
Going through the daily logs on 12 servers is becoming too cumbersome. I working with a small domain including remote offices of about 50 users and less than 100 devices, mostly Windows clients. I looking for a way to aggregate the logs and filter for items that I need to monitor, not the entries that I know I can ignore. Small business = small budget, so my options are somewhat limited and I really don't have the time or energy to implement an enterprise class solution that requires 6 months of training just to understand. So with that said, what are your suggestions?
1
Hello,

I am looking at a Windows 2012 IIS server and I see a certificate WMSvc-myiisserver that has an expiration date of 1/20/2015 and it is using SHA1.

I do not recall I ever deploy that certificate on the server.

Would someone advise if that cert is always there by default?  Where do I go to see the vendor of that certificate?

Please see the attached.  

Thanks.
WMSvc.png
0
Running an encrypted laptop which can't handle some Windows Updates.  How can I disable the nag screens until I unencrypt drive to install updates?

Or even better, is there a way to apply major Windows 10 updates without unencrypting?  Using Veracrypt.

Thanks,

Nathan
0
Hello I’m looking to putting in my first firewall. I’m looking for a good option for a municipality. If someone could help me out with this it would be great like I said this is my first and I don’t have any experience in it at all! Thanks.
0

[Free Webinar] Ten Security Controls for effective Cybersecurity


cyber-webinar-1200x627.jpgWith cyberattacks evolving everyday organizations are forced to build a strong security layer to keep their data safe and maintain user privacy. With so much touch points to improve organization security, ManageEngine is here to facilitate things for you, by hand picking 10 primary security controls which you need to practice to keep the attackers at bay.

Attend our webinar about cybersecurity on April 24th, 11 am BST and make sure you have the best security measures in place for 2018.

Register Now: https://goo.gl/R16u4f
0
In a Cyber Security training, the trainer/consultant from UK has recommended to my colleague (I did not attend the training) to use MS sysinternals.

Our role is to capture the evidences/artefacts using Sysinternals.

a) an End User IT support told me that sysinternals is not supported by MS, it's given as it is for use.
    Concern is : has MS been updating the version of sysinternals for use on Win 7, 8, 10 and Win2008 R2, Win 2012 R2, Win 2016
    so that it can be run / used on these versions of Windows (both 32bit Win7 as well as 64 bits Windows)?   I felt if sysinternals
    could run & capture evidences/artefacts on these platforms/versions of Windows, it's good enough  or is there any concern
    since MS is not supporting it?    We do have MS Premier support contract including MS Security escalation, so I guess MS
    will still analyse dumps captured using sysinternal or won't MS do it?

b) our role is to capture the evidences/artefacts in the event of compromises/attacks & we'll engage external forensics
     experts to analyse.  Which of the tools/components in sysinternals offer these capturing?  Will need to elaborate a
     bit for this one.  Example for "Process Explorer", we can select the specific process & "Create Full Dump" or take its
    hash & submit to Virustotal if any of the 60+ security products in Virustotal reported the hash as malicious
0
Hello,

Our team is being told to investigate whether our Windows infrastructure contains misconfig encryption.  

I sample a few WIN2012 web servers, open up the registry and look at the secured channel settings.  I see TLS 1.1 client and TLS 1.1 server are enabled.  Some servers have SSL 2.0 client presents but not enabled.  No SSL 3 or TLS present.

Would somone educate me how the secured channel protocols being added into the registry?  

I understand that SSL 2 and 3 are old and they should be disabled.  What is the best way to ensure the disable process will not affect our current applications?

I usually deal with adding secured certificates to the web servers but do not pay attention of what schannel protcol is used.  

Thank you very much.
0
Free Tool: SSL Checker
LVL 12
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

We are using Kaspersky Endpoint Security 10 for Windows on all our Domain computers, Just wanted to know is there a way that in Kaspersky we can define that whenever a computer  connects to our network if it has no AV, it detects and installs the AV by itself?
0
Hello:  I am new to Linux and don't have a Linux system to work on.  I have a database background (user, planner, DBA, etc.) but no hand-on Linux experience or training in Linux administration.

I am working with a customer who regularly lets their OS-level passwords on their Linux servers expire.  They don't log in very often, so when they do, they find that the password has expired and they can't remember the old password to reset it.  

They then have to engage my company's customer service staff, who are getting a bit vexed by having to do custom work for which they previously didn't charge any money.  (For this frequent offender, they are changing that policy.)  

This also happens when our customer service staff is preparing to do service work at the Linux level and ask the customer for the password, only to find that the customer hasn't a clue.

My question is:  Will the solution given in this string of postings work for the OS level password, or only for user passwords?

If not, is there a similar solution that will?

Thank you for any assistance you might be able to give me on this question.
0
would a nessus scan include details of which devices/IP were scanned? We need to provide assurances that all servers joined to our domain are scanned at least every 14 days, and the only evidence we would have is the actual report. I am unsure having not used the product how the initial scan/scope is configured, but it would be interesting if you have to manually enter a list of IP's/server names, or if it integrated with AD etc, any feedback on what evidence could be used from within nesses for validating what scans they have run would be most useful. Would the scan results also include a time/date when it was run, and can the results be exported/provided by the admin and viewed on a machine without nessus installed?
0
karbores target resolution error
0
Hello,

We have created new domain admin accounts
We add all the admin permission under this accounts
Added the new domain accounts to the local machine but we can't use the backup sofware,  we can access the local C drive and we can move files from the C drive to another machine with this account.
Attached are screeenshots of the settings we have put under the new account and the error message we are getting

 Domain-Admin-Permission.docx

thank you.
0
In computing, Vulnerability assessment and penetration testing are used to assess systems in light of the organization's security posture, but they have different purposes.
0

OS Security

21K

Solutions

23K

Contributors

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.