[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More


OS Security





Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

Share tech news, updates, or what's on your mind.

Sign up to Post

What free options are available to scan/search unstructured data (file shares and exchange mailstores) for sensitive data like PHI or PCI data?
Discover the Answer to Productive IT
Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

Hello, we have some service techs who need to have admin rights on their machines to run/test specific software. I am just scared they may download/install some malicious.

What is the best controls method to contain this?
I need to alert both Sysadmin’s and applications Admins by reports SEPARATELY by using Nessus Pro, how can I do scan for OSs exclusively, and applications exclusively?
And how do scan Windows exclusively? And Linux
I was hoping to scope out some useful tests to include as part of an audit / health check of some traditional file servers, which act as team repositories for shared documents/files, and another acts as a home drive server where each employee has a home drive area locked down just to them. I was thinking of basics such as:

access control lists (ACL) - ensure permissions on directories are appropriately restricted and restrict access based upon need to known principles
teams consuming masses of space (poor internal practices)
documents with no recent last access attribute - compare to data retention requirements etc
non-administrators who have full control over shares/directories (should not be the case)
general OS security (e.g patches, local administrators, backups)
general monitoring (e.g. capacity/free space)

can you think of any more areas that would be of benefit in such a review?
I'm implementing a new ADFS version -- testing is done by editing the local hosts file.  Users run Windows 10.  Some users can run as Administration using Notepad and edit c:\windows/system32/drivers/etc/hosts and save it.  Some absolutely cannot.  It looks like they should have permissions - based on effective permissions --but they get a permissions error.  We've tried 4 desktops running Windows 10 -- 2 worked easily -- 2 will not work.  What's the difference?  The user is an Administrator on the computer.  We stumped.
There's a request for "Change runbook" that documents/records changes from Day 1
so that in the event of bad changes (malicious or inadvertent ones) being introduced
over along the line of changes, we can rebuild a server/system back selectively,
dropping the "bad" change so that we can bring up the system to a "clean" slate.

Was told it's not "Change Control" nor CRs that we are looking at here.

I've suggested that a 'bare metal' backup be done with incremental backups (think
EMC has one such product) but this is not what the team requires.

Any document, tools or method are much appreciated.
Was told by CyberArk  vendor that the Windows server/VM hosting Cyberark's Vault
should not be hardened ie leave it as vanilla: during installation, Cyberark will auto-
harden it?  Is this the recommended practice?

Can share what are the hardenings that Cyberark do on the Vault (ie the Cyberark
DB) server?

For the server running Cybark's PVWA & CPM, was told a few hardened off services
must be unhardened for PVWA/CPM to work: can share what are these?
I had this question after viewing Locating ClientCertificate to use in WinHTTP.

Similar question, when using the SetClientCertificate property on a WinHttpRequest, I receive a "Certifcate is required to complete client authentication". The certificate has been created successfully, and appears in the Certifcate Store under Console Root -> Certificates (Local Machine) -> Personal -> Certificates.

The Issued to is ABC Certificate, the Friendly name is ABC

The parameters I am using are as follows:

myMSXML.SetClientCertificate "LOCAL_MACHINE\\Personal\\ABC"

I've tried ABC Certificate etc... tried putting the certificate in different stores, tried a number of other things, but still getting same message returned.

How did you go with your problem referencing a certificate in the Cert Store?
I am getting the following error message in the event log each time it's restarted.
This is a Windows 2016 Hyper-V Host.  There's no virtual machines on it yet, this is a brand new install:

Log Name:      System
Source:        Microsoft-Windows-Kernel-Boot
Date:          9/7/2018 7:48:33 AM
Event ID:      124
Task Category: None
Level:         Error
Keywords:      (70368744177664)
User:          SYSTEM
Computer:      HostName.Domain.com
The Virtualization Based Security enablement policy check at phase 0 failed with status: The object was not found.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15CA44FF-4D7A-4BAA-BBA5-0998955E531E}" />
    <TimeCreated SystemTime="2018-09-07T12:48:33.163793600Z" />
    <Correlation />
    <Execution ProcessID="4" ThreadID="8" />
    <Security UserID="S-1-5-18" />
    <Data Name="Phase">0</Data>
    <Data Name="Status">3221226021</Data>

I'm running CentOS Linux release 7.4.1708 (Core), issue is i'm able to login using local users but not using ldap users, please help me on this.

I've tried restarting services using authconfig-tui command, but still i'm getting authentication failure error for ldap user.

please see the attached doc (ldap issue.docx), and below output commands and let me know if any other details are required.

[root@server01 log]# cat /etc/openldap/ldap.conf
URI ldap://<ldap servrer ip>:389/
BASE dc=prod,dc=hclpnp,dc=com
[root@server01 log]# getent passwd testuser
[root@server01 log]#

[hubba@servder01 ~]$ su - testuser
su: Authentication failure

[root@server01 log]# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
# Valid entries include:
#       nisplus                 Use NIS+ (NIS version 3)
#       nis                     Use NIS (NIS version 2), also called YP
#       dns                     Use DNS (Domain Name Service)
#       files              …
Challenges in Government Cyber Security
Challenges in Government Cyber Security

Has cyber security been a challenge in your government organization? Are you looking to improve your government's network security? Learn more about how to improve your government organization's security by viewing our on-demand webinar!

      We have installed a new Exchange server on our single domain network. Since configuring another public IP to accomodate it we are getting many "High-Risk Intrusion Detected" alerts from the Symantec Endpoint we have running on this server. It is mostly:

Attack Signature
Web Attack: Remote OS Command Injection

with some:
Attack Signature
Attack: D-Link DSL 2750B Arbitrary Command Execution

The attacking IP's change so I can't blacklist them on the firewall. We are using Sonicwall NSA 2650 as a firewall. Is there anyway to stop these attacks? I realize that the Endpoint protection is doing what it should but I am concerned that eventually the bad guys will get through.
I have a Cisco nexus switch (48-port) and wanted to setup for the first 24 ports on a vlan and the next 24 ports on a separate VLAN.  How do I do this on a Nexus switch?
I have an Active Directory Group (Group1), for now it is able to add users to other groups.
I want to Prevent Group1 from adding or removing users from the following groups:

They still can add/remove users from other groups.

I looked at the Group1 membership, I could not tell which group has given them  power to add / remove users... The groups they are memebr of are not nested in other groups and I do not see them memebrs of known groups such as Domain Admins group

Any idea on how to figure out how they are able to add usersto groups and how to limit Group1 from add/remove of users to just to those 3 groups.

Thank you

I am being asked to track access to log archives or audit trail files in our Windows system environment.  

Would someone advise what that means?  Do I enable this tracking in a group policy or the default domain policy?  

I attached exports of both the Default Domain Policy - Local Policies - User Right Assignment and Security Options from our DC.  I believe most all policy settings are set "Not Defined" with the exception of a few policy settings within Security Options.

I believe this particular policy (Default Domain Policy) should apply to all non DC servers and workstations joined  to the same domain.  We have member servers that are Exchange 2010, SQL 2014, .NET/Image Storage, etc.  All workstations are Windows 10 Pro.

So, I am trying to figure out if the defined local policies, which appear to be the defaults, needs to be updated to properly secure all joined machines to the AD domain.  Maybe the existing settings are fine as is, but I am not sure so that is why I ask.  I am more concerned the Windows 10 Workstations are properly locked down than anything.
Hello Experts,

i need an User Account Auditing tool, i mean we need to check how many users Accounts are logged in with different credentials on Each Machine \ Laptop.Please advise

Having a content security policy on one's website is a good way to provide an extra layer of security on one's site.  

I have a content security policy that works as expected on desktop, but it breaks the site on mobile (safari). The content security policy is inside meta tags. I am using nonces and hashes.  On mobile I get the error stating that it refused to execute inline script because it violates the Content Security Policy directive which includes the hashes and nonces.  The error also states that I need either a hash or nonce in the code to execute the code, but they are already present there, and that's how it works well on desktop. The problem is that on mobile it's acting as if the hashes and nonces didn't exist.  Any tips are appreciated.
I got a bunch of machines trying to access this IP( that looks very suspicious when doing a WHOIS. OpenDNS Umbrella blocks the traffic as malware but no other details are given.  I've ran extensive tests with different anti-spyware/antivirus solutions(safe mode and such) and was not able to find anything. In the last month or so there were at least 10 machines that tried to get to that IP address over port 443. Machines are either inside the network or just working in the field. Any suggestions on how else to tackle this problem would be appreciated.

I added a Content-Security-Policy that works in Firefox and Chrome but not Safari.  I am using Safari 10.1.2. In Safari I get the error:
“Refused to apply a stylesheet because its hash, its nonce, or 'unsafe-inline' does not appear in the style-src directive of the Content Security Policy.”
So, I tried adding ‘unsafe-inline' to style-src but I still get the error in Safari.  I have some hashes in style-src (that were provided by Chrome), and when I get rid of the hash, Safari gives no errors as long as I have ‘unsafe-inline’ written.  If I put the hash back in, I get the error again in Safari.  The other browsers work fine.  Does anyone know what I can do to get the Content-Security-Policy working in Safari?  Any help is greatly appreciated!
Why Diversity in Tech Matters
LVL 12
Why Diversity in Tech Matters

Kesha Williams, certified professional and software developer, explores the imbalance of diversity in the world of technology -- especially when it comes to hiring women. She showcases ways she's making a difference through the Colors of STEM program.

How do i get into the bios? It's running Win 10 Home and the fingerprint reader WAS active in Windows but now isn't. I'm wondering if the fingerprint reader has been enabled FOR entering the bios as well, so needs to be used in conjunction with key presses? There's also the issue of the toggling of function keys as well to add to the complexity. I suspect that F1-F12 are not defaulted but what's above IS.
I am running a Apple MacBook (Retina, 12-inch, Early 2016) and OSX 10.13.1 (17B48) as a company note book. Today it is the 3rd time i discovered item in my trash which do not belong to me. I can not say if this has happened before nor how long this is already happening. I found this more or less by accident. The files must belong to one of my colleagues. I have colleagues running PC's and Mac's. We are working in a co-working-space where we use our own router but use the network from the landlord. All trash items so fare where just colleague stuff wich i know from the content of course. the first time i discovered this i turned of all kind of file-sharing etc... but it keeps on happening.
How do ireset my qth81admin account??
How to disable cortana searching in certain directories.  I am trying to keep users out of the windows dir and running certain files.  right now I have hidden the c: but if they search using contra for ie..."shutdown -" and open file location they have access to the windows dir.  

Is there a way to remove windows dir from the search or
disable the open file location for contra.
Completely disable Cortana
disabling allowcortana in the GPO does no longer work with build 1703

I have found ways to do this with file explorer but they do not translate to contra.
Looking for Patch Management Cloud service. I have found a few on the Internet but not sure who is good. Looking to patch OS and 3rd party Apps
We are still using Tomcat 6.0 and plan to move to latest version by next year. Problem with current version is to set the access deny to our web-application.

I tried adding valve with webapps/META-INF/context.xml file as below but nothing works. Can you please provide a fix.

<Context antiJARLocking="true" path="/">
<Valve className="org.apache.catalina.valves.RemoteIpValve" />
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="{IP_address}" />


<Context antiResourceLocking="false" privileged="true">
    <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.0\.0\.1,8\.8\.4\..*"/>

Open in new window

Do you guys have any another solution as I want to restrict outside users from accessing Manager view and it will be accessible only from localhost?

Best Regards

OS Security





Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.