Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x

OS Security

21K

Solutions

23K

Contributors

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

Share tech news, updates, or what's on your mind.

Sign up to Post

How do i get into the bios? It's running Win 10 Home and the fingerprint reader WAS active in Windows but now isn't. I'm wondering if the fingerprint reader has been enabled FOR entering the bios as well, so needs to be used in conjunction with key presses? There's also the issue of the toggling of function keys as well to add to the complexity. I suspect that F1-F12 are not defaulted but what's above IS.
0
Evaluating UTMs? Here's what you need to know!
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

One of the Experts here on EE suggested GFI Languard.  So, we bought it and have  had it running for a few months.  As I get further into it and want to take advantage of its capabilities, I naturally have questions.

Being a "good customer" I figured to start on the community forum.  But I can't log in and I can't set up a new account.  I have LOTS of email addresses available and can set up new ones.  Yet, no matter which one I enter for a new Registration, it says "already used".  Can't be true of course.

Telephone customer support takes one to a menu that has nothing to do with customer support and, if you politely wait after not responding, it says "Goodbye".

I may be in the market for 3rd party Q&A at least.  Or, what might you suggest?
0
Hi,

I have a connection issue to my openvpn (Synology) on Windows, but same config works fine on Android.
On server itself I don't find any log indicating what is going on.

Can you advise?

Openvpn config (tcp to be able to connect from behind firewall) works fine on Android, not on Windows:
allow-recursive-routing
ifconfig-nowarn
client
verb 4
connect-retry 2 300
resolv-retry 60
dev tun
remote mysite:myport tcp-client
auth-user-pass
<ca>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

</ca>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----

</key>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

</cert>
comp-lzo
route-ipv6 ::/0
route 0.0.0.0 0.0.0.0 vpn_gateway
dhcp-option DNS 8.8.8.8
dhcp-option DNS 8.8.4.4
dhcp-option DOMAIN blinkt.de
nobind
persist-tun
# persist-tun also enables pre resolving to avoid DNS resolve problem
preresolve
# Use system proxy setting
#management-query-proxy
# Custom configuration options
# You are on your on own here :)
# These options found in the config file do not map to config settings:
mute-replay-warnings 
ifconfig-nowarn 
resolv-retry infinite 

Open in new window

Connection log
Thu Jan 11 18:23:09 2018   pkcs11_cert_private = DISABLED
Thu Jan 11 18:23:09 2018   pkcs11_cert_private = DISABLED
Thu Jan 11 18:23:09 2018   pkcs11_cert_private = DISABLED
Thu Jan 11 18:23:09 2018   pkcs11_cert_private = DISABLED
Thu Jan 11 18:23:09 2018   pkcs11_pin_cache_period = -1
Thu Jan 11 18:23:09 2018   pkcs11_id =

Open in new window

0
Hello,

After reading through McNkife's article https://www.experts-exchange.com/articles/24599/Free-yourself-of-your-administrative-account.html I have some questions on how it relates to YubiKey.

I'm using Windows 10 Pro in a workgroup setting where I have only two accounts in Windows: a user account and an admin account (the default administrator account renamed per Microsoft recommended Best Practices). The user account has YubiKey assigned to it and I was about to do so for the admin account but I'm not sure about a couple of items I have included below:
  • Can the YubiKey work in a no password scenario?
  • If I assign the YubiKey to the admin account will that require the YubiKey for every elevation prompt?
  • Is having the YubiKey assigned to the admin account even bettering my security if I apply the article above to my machine - Are there any viable benefits?
  • If the settings annotated in the article above go wrong (get corrupted) is there a potential to be locked out of the admin account forever - what are the downsides (if any) to this idea expressed in the article
0
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-updates-to-fix-meltdown-and-spectre-cpu-flaws/

Google spreadheat doesnt have Clam or Immunet listed.. Hate to have machines Bluescreen.  Anyone know yet?
0
My server load averages are going way high and too many processes are being consumed. Is it a DDoS attack or something wrong with the server?
Screen-Shot-2018-01-02-at-14.54.13.png
0
Hello. I am the unfortunate victim of a very clever APT that has led to me having to close down my charity law firm for the poor, and as no one would help me, I then spent all my equity and savings and even debt and borrowed so much it is impossible to recover, in my alone effort to learn about networks and use toolbox Kali and Tails and lots of microsoft and any secureity tools I could find, and always with compromised devices, instantly, and so it has been a horrible education where I fight and discover with broken tools, and I have discovered and learned a lot these 13 months, but also have gone from wealthy to closing 3 of my 4 businesses, including all charity projects, and the last of my businesses is dying, and I cannot produce economically in this compromised state, and am victim of much financial fraud and it is too much to even try to catch up and audit and notice, and I have been hospitalized multiple times this year and probably because I have been sleeping only every other day and in constant stress over this and the fact I cannot get even one device to be exclusively mine and secure and I have root control. None. Even if I go and buy one. And I did that many times, many ways, every tactic I could think of, and exhausted my cleverness, and my ideas, and have copies and lots of digital evidence, and even probably most of the malicious code---none was easy to obtain or find, but I have, and I have I am sure plenty of logs, code, and so on, that someone who knew …
0
I use Trend Micro officescan ver 11 . I set up a scheduled job for log maintenance which deletes an old firewall record. The job is finished. the log size remains unchanged. I don't ideal how to check this job status.
0
Hi
Wanted to open this discussion - to prevent a ransomware attack or malware from spreading across a network

Seems most SMB networks have domain admins (most of which have separate accounts, so the domain admins don't log into a computer with the domain admin account unless performing some sort of work that requires domain admin access), but I've seen a lot of networks where the domain user that logs onto a particular machine is given local admin rights on that machine.  

Also have heard it's not a good idea for a domain admin account to ever log onto a user's workstation

Compromising of credentials stored in memory via LSASS seems pretty easy

As far as how many users have domain admin rights, this seems pretty straightforward; that the fewer domain admins the better, and instead of automatically creating a domain admin account any time a service account is required, it would be better for a service account to use a regular domain user account, but one that's local admin on the server it needs (rather than a full out domain admin account)

What are your thoughts on this?
0
I am running a Apple MacBook (Retina, 12-inch, Early 2016) and OSX 10.13.1 (17B48) as a company note book. Today it is the 3rd time i discovered item in my trash which do not belong to me. I can not say if this has happened before nor how long this is already happening. I found this more or less by accident. The files must belong to one of my colleagues. I have colleagues running PC's and Mac's. We are working in a co-working-space where we use our own router but use the network from the landlord. All trash items so fare where just colleague stuff wich i know from the content of course. the first time i discovered this i turned of all kind of file-sharing etc... but it keeps on happening.
0
Concerto Cloud for Software Providers & ISVs
LVL 5
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

I'm dealing with some 50 workstations of Windows 10 Pro in a peer-to-peer network.  The practice has been for the machines to be inspected manually on a weekly basis for update status.  It doesn't take too long really but it would be better no doubt to automate the process.

I've not found anything that really does the job.
Nessus doesn't seem to offer a template that does this particular scan.
PRTG may do it but I'm going to have to get the target machines to respond using the right security protocol.
MBSA seems to "work" but not very well for scanning Windows 10 machines - lots of loose ends.

Other than changing our ways, which isn't even part of this question, what might you suggest?
Our ambitions are quite limited - so you might keep that in mind.
0
How do ireset my qth81admin account??
0
How to disable cortana searching in certain directories.  I am trying to keep users out of the windows dir and running certain files.  right now I have hidden the c: but if they search using contra for ie..."shutdown -" and open file location they have access to the windows dir.  

Is there a way to remove windows dir from the search or
disable the open file location for contra.
Completely disable Cortana
disabling allowcortana in the GPO does no longer work with build 1703

I have found ways to do this with file explorer but they do not translate to contra.
0
Looking for Patch Management Cloud service. I have found a few on the Internet but not sure who is good. Looking to patch OS and 3rd party Apps
0
We are still using Tomcat 6.0 and plan to move to latest version by next year. Problem with current version is to set the access deny to our web-application.

I tried adding valve with webapps/META-INF/context.xml file as below but nothing works. Can you please provide a fix.

<Context antiJARLocking="true" path="/">
<Valve className="org.apache.catalina.valves.RemoteIpValve" />
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="{IP_address}" />
</Context>

Or

<Context antiResourceLocking="false" privileged="true">
    <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.0\.0\.1,8\.8\.4\..*"/>
</Context>

Open in new window


Do you guys have any another solution as I want to restrict outside users from accessing Manager view and it will be accessible only from localhost?

Best Regards
0
On a slave KDC server running MIT Kerberos, I get the below error message when trying to access kadmin.local.  The master server works fine.  

I think this is because I created the Kerberos DB on the slave KDC with a different password, but when I updated the stashed password, it still doesn't work.


# kadmin.local
Authenticating as principal root/admin@KERBEROS.REALM.NET with password.
kadmin.local: Unable to decrypt latest master key with the provided master key
 while initializing kadmin.local interface

The servers are RHEL 6.5.
0
I need to know if there is a way to track how many files users download/copies from our file server. I know I can turn on Auditing using group policies but is there a better way to do this. also, will the auditing tell me who and how much was downloaded/copied?
0
I am trying to deploy the latest security patch through Ninjarmm for several clients. I think it has to be applied through the command line. Is there a way to deploy it to multiple clients at one time remotely using Ninja?
0
I wish to change my password!
0
Independent Software Vendors: We Want Your Opinion
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

I am applying advanced firewall settings thru a GPO but other than actually looking at the firewall settings on the target systems I cannot view the settings by using rsop,msc, gpedit.msc, etc.  I even tried secpol and attempted to find the appropriated netsh advfirewall command to view settings with not luck.  Any tricks or workarounds?
0
Hi all,

I have installed Tectia client on two client machines installed with Windows 2008 R2. Tectia client comes with an executable scpg3.exe to copy file to a remote host securely.

I am using the public key method for authentication. I notice that on machine A the file copy to a remote host server with SFTP server installed takes around 3 seconds to complete

ON another machine B, I have tried that the file copy to the same remote host server (using the same file) takes a much longer time to complete (~10 seconds). It seems that the authentication takes around ~8 seconds from machine B.

Please advise the possible causes. Thanks.

I
0
Hi,

We applied windows updates this morning and following on from the server reboot these two servers have started recording numerous event logs as follows... other 2008R2 servers have not been affected. These servers are in a test WSUS group.

Event ID: 36870 SCHANNEL
A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030D. The internal error state is 10001

When we try and RDP to the affected servers we are greeted by the following message and can't proceed any further:

The identity of the remote computer cannot be verified. Do you want to connect anyway?

Both servers are 2008R2

I wanted to find out if anyone else had any experience of this issue either present or past and any suggestions to rectifying the problem.

Many thanks
0
I have a Fios Gateway router and Amazon Alexa.  I have it working fine as long as my gateway is set to Medium security on the Firewall.  I'd like to set it to high and when I have done so, alexa works fine except for controlling TP-Link smart home devices (plugs, light bulbs).  I suspect that the HIGH setting is blocking a port range that Alexa uses to communicate outgoing to the TP LINK devices.  It isn't the devices b/c even with the HIGH setting enables I can control them with the Kassa phone app just fine.  Only Alexa seems affected.  I can't find anything on the  internet specifying Amazon Alexa ports and the FIOS Gateway is less than specific on the differences between Medium and High firewall settings.

I attempted to look at the logs and try to get Alexa to control the lights and see if any thing written to any of the logs showed what was blocked but to no avail.  The logging capabilities of the Gateway seem limited to the home administrator.
0
I have just installed my first IPA-Server (using CentOS) and it is already set as the LDAP server hosting the centralized credentials control from many users login on to many Ubuntu servers.

My problem is that I have tried to set a new group created in the IPA Server in order to assign SUDO permissions for the users login on to the Ubuntu servers using the LDAP accounts but it is still not working.

Does any expert has experience configuring IPA-SERVER.
0
Hi,

Can anyone recommend a good password manager used in the cloud, but can also sync or download data locally?

thx
0

OS Security

21K

Solutions

23K

Contributors

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.