OS Security





Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have the same problem as the previous poster, only my meterpreter session dies when I try the proposed solution. After gaining a remote shell, I attempt "run post/windows/gather/hashdump". It starts obtaining a boot key and then dies. Any thoughts or suggestions?
Independent Software Vendors: We Want Your Opinion
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

ive been hit with a ransomware attack
I can still use the computer but all word docs have been encrypted
I can open docs but they are blank
is my only option paying or can I get these back?
they are requesting over £800
The server is pingable from my PC.

this server is  getting hang frequently because of its OS.So, could not do a RDP session.

I  have admin rights on server, Please advice how to reboot server from command Line remotely from my PC.
I about 10 yrs back, there are CIS tools that we could download for free
that will flag out the date of the last OS patches.

Are these tools still available for free download & what's the URL?

Without these tools, how can we check in an OS (Windows 2008 R2, Win 2012,
Solaris 10 & 11,  AIX 6.1 & 7.1) , the date of the latest patches applied in the
And if not how do I reset it
We are a small shop.  In the past, domain admins have setup new user accounts, home folder, email etc.

We now wish to allow helpdesk admins to perform these tasks.  Using the Account Operator role works for creating new user accounts.

The problem is how do we allow the helpdesk admins to create the home folder but NOT allow them access to view contents of those folders?
Hi Guys,

We have a domain-joined PC (Win8.1) pops out the message "Your system administrator has blocked this program. For more information, contact your system administrator." whenever i try to install any program or launch any program as administrator.

This is the only pc having the issue, the pc and user is in the same AD object containers as others, there is no such rules set on domain level.

When i logged in as another standard user, it had the same problem, but if i login as any admin account, it acts normal.
i suspected UAC setting as the UAC was set to the lowest level, but nothing happened after i changed UAC back to default.

Can anyone shed light on this problem pls?
The formerly known as Sentinel & now named as EPT is a forensics &
anti-malicious activities (process & memory scans) product.

Anyone (esp those who have used / assessed it) care to share reviews on it:
a) how easy to use & accurate/thorough is its forensics
b) does it have predictive capabilities of malicious behaviors
c) how does it compare with competing products?
d) does it deal with apps vulnerabilties like injections & XSS ?
e) it was supposed to deal with APT (Advanced Persistent Threats):
    does it deal with 0-day (signatureless?) malwares ?
As we are now using RHEL 7.x (not the more than decade ago Red Hat Linux 7)
& Solaris 10, are the following still applicable to us:

Exploit             OS                                       Vulnerability

CATFLAP               Solaris 7/8/9                           Remote code execution

COTTONAXE   LiteSpeed Web Server    Remote code execution

dtspcdx_sparc SunOS 5.0-5.8 DTSPCD  Remote code execution

EARLYSHOVEL RedHat 7.0-7.1                Unspecified
                         & Sendmail 8.11.x

EMBERSNOUT  Red Hat 9.0                   Unspecified ==> I suppose this is the decade ago RH Linux 9, right?

sneer                Sun SNMP daemon        Remote code execution

statdx                Redhat Linux                  Remote root access  ==>  is this the decade ago Linux?
We are concerned with using the latest Chrome due to data loss/leakage
via whatsapp sidebar : does this feature enable files upload/downloading?

is there any way to remove/disable it & how to go about doing this?

If it's a data loss risk & not possible to disable, which previous latest
version of Chrome doesn't have this sidebar?  I'm thinking of using
the older version & hopefully Google still release patches for it

I just thought that since Whatsapp on my Android allows us to attach
files, this feature in Chrome may allow the same
Automating Your MSP Business
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

I need some pictures and videos that illustrate the disadvantages of an insecure network to put in different tabs of this page https://tedpenner.com/security

Assistance is greatly appreciated.
On a slave KDC server running MIT Kerberos, I get the below error message when trying to access kadmin.local.  The master server works fine.  

I think this is because I created the Kerberos DB on the slave KDC with a different password, but when I updated the stashed password, it still doesn't work.

# kadmin.local
Authenticating as principal root/admin@KERBEROS.REALM.NET with password.
kadmin.local: Unable to decrypt latest master key with the provided master key
 while initializing kadmin.local interface

The servers are RHEL 6.5.

The vendor who does our security audit express concern about SSL certificate we are using on our websites.  They mention version 3 and TLS v1 are not secured.  

I check the version of the cert we purchase is SHA-2.  

I usually purchase the latest version cert and apply it to my IIS website.  Are there additional things I need to do?

Please advise.  

Can you please suggest best IT security vulnerability reporting software like hackerone which will be also cost effective.

I've got the existing Exchange Server 2013 Standard SP1 that is running as MBX&CAS role in one AD site called Default-First-Site-Name.
I want to decommission it so that I can run the both MBX & CAS on new Win2012 R2 VM so I can configure DAG on the other AD site called Head-Office1.

AD Site Default-First-Site-Name
PRODMAIL14-VM [Mailbox & Client Access Server] - Windows Server 2008 R2 existing legacy.
PRODMAIL15-VM [Mailbox server only] - Windows Server 2012 R2 newly built for DAG.

AD Site Head-Office1
PRODMAIL20-VM [Mailbox & Client Access Server] - Windows Server 2012 R2 existing newly built for DAG.

AD Site Default-First-Site-Name
PRODMAIL14-VM [Decommissioned]
PRODMAIL15-VM [Mailbox & Client Access Server] - Windows Server 2012 R2 setup for DAG with Head Office.

AD Site Head-Office1
PRODMAIL20-VM [Mailbox & Client Access Server] - Windows Server 2012 R2 existing newly built for DAG with PRODMAIL15-VM.

How to do that safely without causing email flow issue during the production business hours ?
What're the steps in installing CAS so that it does not cause any email flow during the business hours on PRODMAIL15-VM ?
If I install the windows update now during the business hours on PRODMAIL15-VM is there any impact or problem when I reboot it ?

Thanks, in advance.
I need to know if there is a way to track how many files users download/copies from our file server. I know I can turn on Auditing using group policies but is there a better way to do this. also, will the auditing tell me who and how much was downloaded/copied?
this is what i have.
user teacher1
teacher shared folder
              teacher1 folder

teachers group share folder    
                sharing shared
                       with advanced permissions of
                                      authenticated users full control
                                      domain admin full control
                                      local file server admin full control
                 security permissions
                                        domain admin owner
                                       creator owner full control subfolders and files only
                                        authenticated users read/execute this folder only
                                        system full control this folder, subfolders and files
                                        local admin full control this folder, subfolders and files
                                        domain admin full control this folder, subfolders and files
                                        domain group teachers read/execute this folder, subfolders and files
                   teacher1 folder
                                                administrator owner
                                                admiistrator read/write
                                                teachers read
                                   advanced sharing none
Hi Experts
I need a batch file to change folder permissions and sub folders to the following
remove every users permissions except the administrator and the administrator only have the read only option
There's concerns that trojanized USB sticks are shipped with the following 2 servers below.
What are the best practices if the USB ports can't be disabled?    Physically block the ports,
use specific encrypted USB thumbdrives that doesn't require drivers (saw one such EE link)
or ??  Kindly provide risk assessments & any other mitigations.

Below is the response from the vendor:

For HMC Servers :
For HMC server (7042-CR6), it's likely that the HMC server's BIOS does not have the option to disable the USB ports.

For P750 Servers :
With reference to the P750 model server (8408-E8D), there are a total of 4 x USB ports, which are integrated with the different hardware components (cards & control panel) of the server.   Below are the details:

1. Control Panel                        
-- 1 x USB port integrated. No option to disable as it's build in together with the control panel.

2. Service Processor Card        
-- 1 x USB port integrated. This USB port is used for server firmware upgrade purpose for server that are not managed by any HMC. Thus it's build in together with service processor and no option to disable.

3. Integrated Multifunction Card (an integrated card that is install in the System CEC that provides two USB ports, one serial port, and four ethernet connectors)
-- 2 x USB ports integrated. This card is not assigned to any of the partition's profile, thus it's not recognized as part of the partition's hardware config. As such, it is not …
Free Tool: Path Explorer
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Hello All,

I stuck with very odd issue .

One server running with 2k8r2 last patched on Aug 2015 not due to wannacry client asking to patch the server.
If i am checking the old patches in WSUS ,its showing declined & expire .
This server doesn't have internet , I try to installed monthly rollup for march but it got failed.

Is there any way to patch the server ???????
Please help
Hello All,

WSUS client running with win2k8 R2 unable to sync with WSUS server running windows 2k8r2.

Performed many steps as mentioned below but no luck, please help

1. Stop the Automatic Updates service and BITS service.
net stop wuauserv
net stop bits
2. Delete “%windir%\softwaredistribution” directory.
3. Start the Automatic Updates service and BITS service. When these two services
have been started, they will auto-create “softwaredistribution” and its subfolder
at system directory.
net start wuauserv
net start bits
4. Stop the Cryptographic Services
5. Rename the C:\windows\System32\catroot2 folder
6. After the “%windir%\softwaredistribution” directory has been generated, please
let the client contact the WSUS server immediately.
wuauclt.exe /resetauthorization /detectnow
7 checked the WSUS client dll version found updated.
8. run sfc scannow
9, WSUS cleanup wizad executed
10. Windows Update troubleshooter excuted but still same issue
11. windows update log didn't help.
 12. Checked registery path & found client poiting to correct wsus server.
13. able to browse the http:// wsus server IP
14. server patch level updated.
I am trying to deploy the latest security patch through Ninjarmm for several clients. I think it has to be applied through the command line. Is there a way to deploy it to multiple clients at one time remotely using Ninja?
I wish to change my password!
Hi All,

We are using Sophos EndPoint antivirus, but now we have decided to change the product means we have started to evaluate different Antivirus products, reason we are changing Sophos because we got hit by Miner C virus few times, and Sophos EndPoint or there support was not able to resolve it
Anyways we are going to meet a tech and see live demonstration of Kaspersky, is that a good product? what others should we try? What questions should we ask them?

Our main need for Antivirus product is to provide secure environment to staff, generate reports, lock USB drives and also manage company mobile phones (Wipe/Lock if device gets lost), and exclude or include whitelisting's for applications, anything else we should look or explore in antivirus products?

I need to find a way to patch my servers by function.  I want to patch the dev/test server, wait a week, patch the QA /staging servers, wait a week then patch the production servers.  This will allow the application support teams to verify  the patching didnt break their applications before being rolled out to the next level.   Same for the workstations.  Patch the Beta group of users, wait a week and then patch the rest.

Waiting to approve the patches doesnt fix my issue and the GPO only allows for a specific date.  Any ideas?  Btw:  Servers are 2012 R2 and desktops are Windows 10 pro.



OS Security





Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.