OS Security





Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

Share tech news, updates, or what's on your mind.

Sign up to Post

I'm following the instructions on setting up Direct Access on a Server 2016 server using the steps found here.

What steps do I need to follow to "Obtain a server certificate for IP-HTTPS connections, with a subject name that matches the FQDN of the server" (step 3)?

I would like to do this with an internal certification authority.

Please provide me with the exact steps on how to do this.
Cloud Class® Course: Microsoft Windows 7 Basic
LVL 12
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

I use the Microsoft Sysinternals Autologon program within my test network.

Lately, the Autologon program hasn't been automatically logging onto the Hyper-V virtual Server 2016 and Windows 10 computers (with the domain administrator (administrator) account like it used to.

I have uninstalled the Autologn program, rebooted, and then reinstalled it and retyped in the Administrator username and password but this hasn't fixed the problem.

This Autologon program is only being used within my test environment (which is behind several locked doors and is completely isolated from any production networks.

What can I do to fix this issue so that I can continue to use the Autologon program to automatically logon to these Server 2016 and Windows 10 computers? I need to be able to automatically login to these computers since they are older and take longer to do things and so that my testing can be done properly.

The homepage for Autologon is here.
Are 32 bit computers at a higher risk of Anti-Virus, Malware or Ransomware infections?

We have a few left and I need to know if I should trash them ASAP.
I need to know how to create a GPO group policy to Deny Users the ability to save files to their computers C drive and Desktop, when they login to the Domain.
The GPO should be applied to the " Computer " not the users account to deny access.

They are logging into a Windows 2008r2 environment, and their computers are Windows 7.
Hi Experts - we currently manage Microsoft Updates for about 100 Windows Servers from Server 2008r2 -2016.   We use 2 methods to install updates,

1. Via LogMeIn Central's "Updates" console, which allows you to granular selection of servers and updates to install, schedule the reboot after the updates install, see progress, etc  
2. Log directly into the Server and install them via Updates GUI

LogMeIn's console works for MAYBE 1/2 of the machines, the rest we have to login manually and install updates.  

Servers are all on different WAN connections.  

I'm looking to cut down the time we have to spend on this as the updates need to be installed and machines rebooted after hours.

I'm open to something moderate to low cost, or free.  Currently we pay for the LogMeIn Central subscription exclusively for that functionality.   Looking for something fairly easy to setup and maintain.

My company have some VM which running IIS web server on Windows OS. Based on BitSight - Web Server Vulnerabilities.

My tasks are assigned as follow.

Services require to reverted back
2. Where to disable SSLv2 and SSLv3 protocol, the Diffie-Hellman encryption length also require to use 2048bit
3. How to update those outdated IIS server

Ps advice me accordingly as i've never done this before as require by our Cyber team.

If there is any best practice to perform hardening, ps advice and share for my knowledge.


I received advice on another question I posted here that I could do without antivirus in Android:

What is the best anti-virus for Android (paid or unpaid)?

But I don't understand that advice because from what I've read Android is the OS for smartmobiles that is most targeted by hackers.

For example, would I be safe if I download apps from other places than Google Play?

And for using apps like for Uber, map apps other than Google Maps etc., would I be safe without anti-virus?
We have a large number of programmers adding service accounts with UN and PW inside of their code for purposes of moving files ad other AD integration points.    Recently we found a service account that was a Domain Admin.   The question posed was , short of changing password and seeing what happens, can we get a clean Query from AD looking back 120 days for the source computer and desired service-elevation being requested by this service account such that we might re-task this in a controlled manner ?
I work for a small company with roughly 50 users and have been asked to have an outside vendor perform security/vulnerability testing.  We have several servers, ranging from SQL, to Exchange, to Remote Desktop with a hosted firewall through Windstream.  I thought I would appeal to the Experts in the Experts-Exchange community for advice and/or recommendations for a good vendor that specializes in such things.
I need a Linux boot CD image that will let me reset a local Windows account password. Long ago I used EBCD but I don't think that's a good option these days. I know there are others out there. What's the best one out there? It doesn't have to be free.
Cloud Class® Course: Microsoft Azure 2017
LVL 12
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

Based on a lot of research I did I found that Windows Defender is doing pretty good job in the latest testing on protection. and have benefits over third party antivirus that it uses less resources. and even more the browser developers claim that third party extensions in the browser make it less safe their some who will argue that it's is much less effective from third party software, but if you look on the ones who back their conclusions based on test like AV-Test Institute London-based SE Labs  AV-Comparatives and more will say is doing pretty good).
For example
Former Firefox developer Robert O'Callahan, says that antivirus software is terrible you should uninstall your antivirus software immediately, unless you use Microsoft's Windows Defender, which is apparently okay.

A couple of months back, Justin Schuh, Google Chrome's security chief, said that antivirus software is "my single biggest impediment to shipping a secure browser, except for Windows Defender.

Back in December, Google-employed security researcher Tavis Ormandy discovered that the extension adds a large number of new JavaScript APIs to Chrome when it’s installed and that “many of the APIs are broken.” Aside from exposing your entire browsing history to any website you visit, the extension offered many security holes for websites to easily execute arbitrary code on any computer with the extension installed.

“My concern is that your security software is disabling web security for

We have been attacked by the "rapid' ransomware virus - most of our key information assets have been locked, all with the extension of ".rapid" on each file.
> The worst part is that they locked all of our backup files as well - we are stuck.

I am looking for some suggestions on how to deal with this... Yep, first time for me and my company.

Should we pay or should we fight...

I am trying to confirm whether Sentinel One EndPoint Protection is a viable replacement for existing Webroot EndPoint Protection and MalwareBytes EndPoint protection.  We have been using Webroot/Malwarebytes endpoint clients on our workstations and servers for about four or five years now.  We have not encountered any compromises/issues using these products.   I also need to mention we also use Cisco's Umbrella Roaming Client as well.

We also have a SonicWall TZ500W with the Comprehensive  Gateway protection.  We never enabled the DPI module because it caused many connection issues accessing creditable Court websites, etc.  

So now SonicWall is promoting/offering their Capture Client solution that I am interested in.  I wanted to purchase the Sentinel One client software a couple of years back, but they said I could not make a purchase since the minimum count they could sell is 100.  We only need 25 licenses.  So now that Sonicwall offers Capture Client, I want to know if its feasible to say it would actually replace both Webroot and MalwareBytes EndPoint products and not just work along side and complement them.  So, I contacted Sentinel One Sales and they indicate their product serves as direct replacement.  They also mentioned their clients actually use Capture Client exclusively.

I have concern about a complete replacement solution.  I just want to ensure if we decide to deploy Sentinel One Capture Client as the sole Anti-Virus and Anti-Malware solution it …
why does nfsv4 client open an extra port ? how to close it if it is actually useless ?

hello, all

i'm working with an ubuntu ( xenial ) bunch of servers and need to understand why mounting an nfs v4 share opens a random port on the client side. the port has no associated process and seems to be directly open by the nfs kernel module. the port is closed if i unmount and a different one is opened if i remount the share. no traffic ever hits that port neither when mounting nor afterwards ( possibly because the share is read-only ).

nmap reports the port ( the number ????? changes from time to time using an apparently random high range port ) as :

?????/tcp open  fmproduct 1-4 (RPC #1073741824)

as far as i remember, nfsv4 does not need a port mapper to work so i don't really get the point of whatever RPC service is open on the client side. is that correct ?

if the above is correct, anybody knows how to instruct ubuntu not to open that port ?
( please don't tell me to use the firewall or hosts.deny : i do not want the port to be open in the first place )

thanks all
I have an issue where I'm sure someone is hacking our network, specifically four machines.  I have witnessed them going into my home folder and deleting my trash on these machines.  They are also able to change the camera settings.  For example, they're zooming in to locations.  They are doing playback.  This all happens between the hours of 12am-2am.

I'm using:
Windows 10
Palo Alto Networks
Security Camera Milestone software.  https://www.milestonesys.com
The cameras are made by Mobitics.

What I've narrowed it down to is this happens when the security camera milestone software is up and running on the four machines.  When I turn that software off there's no connectivity or suspicious things going on.

What I need to know is how do I find out who is doing this?  How can I get an IP address?  Are they inside my network or outside my network?

I would even appreciate a recommendation of a security company that knows how to track intruders down.

I've checked the parking lot and areas of the campus to see if someone is psychically here, but I don't see anyone.  I've also contacted Milestone software and they've recommended I change my password and the camera's password, but we are still having an issue.
I have a requirements to block only 3  Tcp ports on 50 PCs (in 25 branch offices) :
these PCs run a stripped-down DB2 services & I only want PCs in the same subnet
to connect to it.  The Tcp ports are  523, 8000, 50000.

We would like to use McAfee endpoint security (ver 10.5) to do this blocking.
Can someone give me step by step (screen by screen) instructions to do this?

These 25 branches are in the subnets (with their default gateway 10.2.X.1) /24  ==> so permit only  10.2.2.X to connect to its 3 ports above (incoming Tcp) /24  ==> so permit only  10.2.3.X to connect to its 3 ports above (incoming Tcp)
. .  . /24  ==> so permit only  10.2.27.X to connect to its 3 ports above (incoming Tcp)

Using Windows 7 Firewall is not an option for us (for some reason).
In one apps project, they requested to use NFS (Netw File Share)  on Solaris:
My concern is
a) unlike Windows which can have Windows firewall to restrict who can access the NFS share
    (ie endpoint firewall), Solaris are not known to have its own endpoint firewall
b) NFS traffic are not encrypted, correct?
c) NFS authentication is weak?  : Pls elaborate in what way?

What are the mitigations we can put in place if the apps team still wants it?
We have been working with 7-zip form some time as matter fact was recommend by EE, we use it for large compression and complex-long password protected files.  Today in a meeting we were informed that 7-zip can be hacked.  We didn't believe until the person ran an apps and unzip one of our supposedly secure 7-zip files.  So our question is which compression apps is least to be hacked (WinZIp, WinRar, etc.?), which one can we trust? Is the oldies WinZip & WinRar also hacked?.
Hi All,

i have recently enable the AD  Auditing at Domain level in my org  to monitor the activity. i have enabled the following options under computer configuriton--->windows Setting> security Settings----> advance audit policy---- Audit Polices.

1- DS-- Audit Directory Service changes.
2- audit computer account management
3-audit dist Group Management
4- Audit Security Group Management.
and couple of other options, I have created the costume view and  to record the security event for this. But unfortunately I can see from last few days nothing is record for event IR 4728 4729 on so on, which  worried me if I am missing any key Steps to enable this.

Please can any one help and guide me  best practice to enable AD aduite and record in event view for Auditing, and how I can set up to recoved Security, appliaciotn event on different drive or locaiton.

What were the top attacks of Q1 2018?
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

Hello Experts,

i need an User Account Auditing tool, i mean we need to check how many users Accounts are logged in with different credentials on Each Machine \ Laptop.Please advise
We have a Windows 2008 R2 domain environment where we would like to prevent executables (.exe, .bat, .com, .scr etc) from websites from being downloaded/launched on their users local computers. The users in question do not have administrator-level accounts. Users currently have access to use various browsers including Internet Explorer, Edge, Chrome and Firefox. All users are using Windows 10.

Can this be achieved with group policy? Although not preferred, it would also be acceptable (but not preferable) if the users received a popup that at least prompted / warned them about launching the executable much like with UAC. If it's not possible at the point where a user clicks on the link to the download, then can we simply restrict the running of the program when it's launched?
SCCM and some Windows management tools make use of Windows SYSTEM account mentioned above.

Is it considered an interactive or non-interactive account since it has no user profile (unlike administrator)?

Can we set a password to SYSTEM ?  Or it has an unknown password?

When using the tools (possibly psexec & SCCM) to get to command prompt of the managed endpoint,
are the activities (ie when the command prompt is spawned, mappings of drive using 'net use ...'  or
sharing of drive using 'net share ...' being logged in Windows event viewer logs ?

Having a content security policy on one's website is a good way to provide an extra layer of security on one's site.  

I have a content security policy that works as expected on desktop, but it breaks the site on mobile (safari). The content security policy is inside meta tags. I am using nonces and hashes.  On mobile I get the error stating that it refused to execute inline script because it violates the Content Security Policy directive which includes the hashes and nonces.  The error also states that I need either a hash or nonce in the code to execute the code, but they are already present there, and that's how it works well on desktop. The problem is that on mobile it's acting as if the hashes and nonces didn't exist.  Any tips are appreciated.
We use  Horizon View  to manage  Virtual Desktops.

If we have Virtual Desktops (VDs) of different sensitivity/criticality levels, what are the measures we can
take to segregate VDs of different functionalities/sensitivities?   We can always grant a different VLan/
segment for each groups with no inter-VLAN routings among them but is there more that can be done?

I've seen cases where sysadmins assign  vNICs  (for DMZ & backend zones) to a VM, thus bypassing
firewalls.  Other than educating sysadmins, is there anything we can control in Horizon View to prevent
such rogue permissioning?    

I guess Horizon View's event logs can be forwarded to an SIEM or could it not?
We have various groups of PCs that are dedicated to access different applications/systems
& are being audited from time to time.

One common item the auditors  look for is whether their USB is blocked : we used a DLP
tool to block & just showing the policy in the DLP console that there's a policy they are
being applied is not good enough.

Instead of being physically present (as we have close to 30 different locations/offices),
we can "remote desktop" to all the PCs using a central PC management tool.  However,
is there a tool/software to simulate a thumb drive being inserted into a USB & we can
then launch Win Explorer to show there's no new drive being detected/mounted?
Not feasible to get IT staff (or even users as the users usually don't have a USB drive
on hand knowing that the USB ports have been blocked) to travel there to insert a
USB drive to test.

We also wanted to have this ability to simulate this as there has been cases where
the DLP policy is applied but it did not work.

OS Security





Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.