OS Security





Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

Share tech news, updates, or what's on your mind.

Sign up to Post

regarding Cisco AMP and PowerBI:

I've received a report from PowerBI that states that we do not have an anti-virus solution that is centrally managed.  We do have both Cisco AMP and SCEP to manage workstations and servers and is centrally managed.  I don't understand why we're receiving this message and how to modify the settings to get this to work properly and stop the alerts showing up on the report.  Below is the recommendation from PowerBI:

Implement an enterprise antivirus solution that can be managed centrally.
Get a highly available system for cyber protection
Get a highly available system for cyber protection

The Acronis SDI Appliance is a new plug-n-play solution with pre-configured Acronis Software-Defined Infrastructure software that gives service providers and enterprises ready access to a fault-tolerant system, which combines universal storage and high-performance virtualization.

I need a tool for PII and DLP to which the software will scan a FILE and verify if there is PII info?  Back in the day, we used a tool that would scan do this, but don't recall the name.  The software would scan a document and someone would need to allow/deny the request to send the email.  Also, there would also be a shortcut to send this encrypted email to the receiver.  

On the same note, we also need to enable DLP on our OFFICE365 environment, but presently we only have it set for the patriot act and only for the US.  We need to enable PII for every country in the world.  We understand we'll need to treak it a bit, but for now just need to enable it globally.
I have a 2012 R2 based Domain. We now are using 2012R2 server as clients. All functions are maintained through GPO. Everything is working up to recently. If a domain user with RDP access attempts needs his password reset then either the administrator or a domain admin resets him and provides the temporary password. That domain user then logs in and as soon as he makes the change to his password the GUI goes away. He then attempts to log in again with the NEW password and it rejects it. This is repeatable. Some initial troubleshooting pointed towards some Windows patches could cause this. I took some steps in removing these patches and nothing changed. I re-installed the patches.

We have 2400 local site personnel that use these devices locally. We have 100 "super" ETs that log in to these 2012 R2 clients and help the local site personnel or remotely fix something. So again everything works except if someone forgets their password.

If I (as admin) log in from my desktop (Windows 7) I reset the password for one of these accounts. I then login to the client 2012 R2 and make a new password it then switches over to the normal login and the new password works. SO this problem only occurs if originated from the 2012 R2 client. Help!?

I am looking at this article about SHA2 support are now required to patch Windows 7 onward.


Our company has a few Windows server 2008 Standard SP2 (32bit).  Is upgrading those entire servers to higher OS the only option?
" Media shared Files and Printing is the message from Anti-Virus "

where mac (machine access control) as ID serial number thing to be shared out ?  Accessing is at vm , host, router or modem ?
Can stop the share ?

I am reading this Qualys vulnerability report which says a server has this IE vulnerability - Please see the attached.  The server already has latest Windows Updates.  

I have apply latest Windows updates to the server.  There are three links under the Expolitability session in the report which the download link to fix the vulnerability is supposed to be available.  But it happens that the download link only downloads a txt file.  

Someone who has an idea please advise.  

Many thanks.
Hi I get this error:

Bios update error - phoenix technologies SCT flash ERROR 216 status = 1501

Can’t find what is the Status description

  I have Windows Server 2016 computer with two NIC. One NIC is connected to internal network (192.168.1.x)  and 2nd NIC is directly connected to public internet and has public static IP address assigned.
  In other words, i can connect to it using public static IP address using Remote Desktop connection program from outside of the network.
  When I check event viewer/Security logs, I see a ton of unauthorized login attempts using "guest" login (which is disabled by default), Owner, Spare, Administrator and popular first names like "Paul", "Michelle" ... etc and that is expected. Fyi, I have secure passwords for local administrator and domain administrator accounts.
  Is there a way that I  can block these hacker's login attempts unless they are coming from certain IP address or device with MAC ID?

We have set up several Windows Server Essentials 2012/R2 servers for remote web access (Anywhere Access) with the free Microsoft remote web access domain name and certificate (i.e., company.remotewebaccess.com).  We are now receiving alerts on the server indicating that the remote access certificate is about to expire and needs to be "renewed with your Certification Authority."  Could you please let me know the simplest, most efficient way to renew the Microsoft remotewebaccess.com certificate we originally set up?

If that cannot be done, what is the most straightforward way to resolve this problem and keep Anywhere Access working?

Security certificates are not something I am very familiar/experienced with,unfortunately.

Thanks very much.
I have a windows 8.1 laptop using a windows account to login. I reset the password through windows live and am able to login to the site. My laptop will not accept the password. How can I force the laptop to sync with the new password I set online? Is there some way I can enable the admin account and delete or reset the password?
5 Ways Acronis Skyrockets Your Data Protection
5 Ways Acronis Skyrockets Your Data Protection

Risks to data security are risks to business continuity. Businesses need to know what these risks look like – and where they can turn for help.
Check our newest E-Book and learn how you can differentiate your data protection business with advanced cloud solutions Acronis delivers

AD non-interactive service account

1- how do these work?
2-Security concerns if any? can they get locked out?
3- do they work with non-Windows platforms? or non domain joined machines?
Hello, we have some service techs who need to have admin rights on their machines to run/test specific software. I am just scared they may download/install some malicious.

What is the best controls method to contain this?
I need to alert both Sysadmin’s and applications Admins by reports SEPARATELY by using Nessus Pro, how can I do scan for OSs exclusively, and applications exclusively?
And how do scan Windows exclusively? And Linux
I'm implementing a new ADFS version -- testing is done by editing the local hosts file.  Users run Windows 10.  Some users can run as Administration using Notepad and edit c:\windows/system32/drivers/etc/hosts and save it.  Some absolutely cannot.  It looks like they should have permissions - based on effective permissions --but they get a permissions error.  We've tried 4 desktops running Windows 10 -- 2 worked easily -- 2 will not work.  What's the difference?  The user is an Administrator on the computer.  We stumped.
There's a request for "Change runbook" that documents/records changes from Day 1
so that in the event of bad changes (malicious or inadvertent ones) being introduced
over along the line of changes, we can rebuild a server/system back selectively,
dropping the "bad" change so that we can bring up the system to a "clean" slate.

Was told it's not "Change Control" nor CRs that we are looking at here.

I've suggested that a 'bare metal' backup be done with incremental backups (think
EMC has one such product) but this is not what the team requires.

Any document, tools or method are much appreciated.
Was told by CyberArk  vendor that the Windows server/VM hosting Cyberark's Vault
should not be hardened ie leave it as vanilla: during installation, Cyberark will auto-
harden it?  Is this the recommended practice?

Can share what are the hardenings that Cyberark do on the Vault (ie the Cyberark
DB) server?

For the server running Cybark's PVWA & CPM, was told a few hardened off services
must be unhardened for PVWA/CPM to work: can share what are these?
I had this question after viewing Locating ClientCertificate to use in WinHTTP.

Similar question, when using the SetClientCertificate property on a WinHttpRequest, I receive a "Certifcate is required to complete client authentication". The certificate has been created successfully, and appears in the Certifcate Store under Console Root -> Certificates (Local Machine) -> Personal -> Certificates.

The Issued to is ABC Certificate, the Friendly name is ABC

The parameters I am using are as follows:

myMSXML.SetClientCertificate "LOCAL_MACHINE\\Personal\\ABC"

I've tried ABC Certificate etc... tried putting the certificate in different stores, tried a number of other things, but still getting same message returned.

How did you go with your problem referencing a certificate in the Cert Store?
I am getting the following error message in the event log each time it's restarted.
This is a Windows 2016 Hyper-V Host.  There's no virtual machines on it yet, this is a brand new install:

Log Name:      System
Source:        Microsoft-Windows-Kernel-Boot
Date:          9/7/2018 7:48:33 AM
Event ID:      124
Task Category: None
Level:         Error
Keywords:      (70368744177664)
User:          SYSTEM
Computer:      HostName.Domain.com
The Virtualization Based Security enablement policy check at phase 0 failed with status: The object was not found.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15CA44FF-4D7A-4BAA-BBA5-0998955E531E}" />
    <TimeCreated SystemTime="2018-09-07T12:48:33.163793600Z" />
    <Correlation />
    <Execution ProcessID="4" ThreadID="8" />
    <Security UserID="S-1-5-18" />
    <Data Name="Phase">0</Data>
    <Data Name="Status">3221226021</Data>

I'm running CentOS Linux release 7.4.1708 (Core), issue is i'm able to login using local users but not using ldap users, please help me on this.

I've tried restarting services using authconfig-tui command, but still i'm getting authentication failure error for ldap user.

please see the attached doc (ldap issue.docx), and below output commands and let me know if any other details are required.

[root@server01 log]# cat /etc/openldap/ldap.conf
URI ldap://<ldap servrer ip>:389/
BASE dc=prod,dc=hclpnp,dc=com
[root@server01 log]# getent passwd testuser
[root@server01 log]#

[hubba@servder01 ~]$ su - testuser
su: Authentication failure

[root@server01 log]# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
# Valid entries include:
#       nisplus                 Use NIS+ (NIS version 3)
#       nis                     Use NIS (NIS version 2), also called YP
#       dns                     Use DNS (Domain Name Service)
#       files              …
Announcing the Winners!
LVL 13
Announcing the Winners!

The results are in for the 15th Annual Expert Awards! Congratulations to the winners, and thank you to everyone who participated in the nominations. We are so grateful for the valuable contributions experts make on a daily basis. Click to read more about this year’s recipients!

      We have installed a new Exchange server on our single domain network. Since configuring another public IP to accomodate it we are getting many "High-Risk Intrusion Detected" alerts from the Symantec Endpoint we have running on this server. It is mostly:

Attack Signature
Web Attack: Remote OS Command Injection

with some:
Attack Signature
Attack: D-Link DSL 2750B Arbitrary Command Execution

The attacking IP's change so I can't blacklist them on the firewall. We are using Sonicwall NSA 2650 as a firewall. Is there anyway to stop these attacks? I realize that the Endpoint protection is doing what it should but I am concerned that eventually the bad guys will get through.
I have a Cisco nexus switch (48-port) and wanted to setup for the first 24 ports on a vlan and the next 24 ports on a separate VLAN.  How do I do this on a Nexus switch?

I am being asked to track access to log archives or audit trail files in our Windows system environment.  

Would someone advise what that means?  Do I enable this tracking in a group policy or the default domain policy?  

I attached exports of both the Default Domain Policy - Local Policies - User Right Assignment and Security Options from our DC.  I believe most all policy settings are set "Not Defined" with the exception of a few policy settings within Security Options.

I believe this particular policy (Default Domain Policy) should apply to all non DC servers and workstations joined  to the same domain.  We have member servers that are Exchange 2010, SQL 2014, .NET/Image Storage, etc.  All workstations are Windows 10 Pro.

So, I am trying to figure out if the defined local policies, which appear to be the defaults, needs to be updated to properly secure all joined machines to the AD domain.  Maybe the existing settings are fine as is, but I am not sure so that is why I ask.  I am more concerned the Windows 10 Workstations are properly locked down than anything.
Hello Experts,

i need an User Account Auditing tool, i mean we need to check how many users Accounts are logged in with different credentials on Each Machine \ Laptop.Please advise

Having a content security policy on one's website is a good way to provide an extra layer of security on one's site.  

I have a content security policy that works as expected on desktop, but it breaks the site on mobile (safari). The content security policy is inside meta tags. I am using nonces and hashes.  On mobile I get the error stating that it refused to execute inline script because it violates the Content Security Policy directive which includes the hashes and nonces.  The error also states that I need either a hash or nonce in the code to execute the code, but they are already present there, and that's how it works well on desktop. The problem is that on mobile it's acting as if the hashes and nonces didn't exist.  Any tips are appreciated.

OS Security





Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.