[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More


OS Security





Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

Share tech news, updates, or what's on your mind.

Sign up to Post

  I have Windows Server 2016 computer with two NIC. One NIC is connected to internal network (192.168.1.x)  and 2nd NIC is directly connected to public internet and has public static IP address assigned.
  In other words, i can connect to it using public static IP address using Remote Desktop connection program from outside of the network.
  When I check event viewer/Security logs, I see a ton of unauthorized login attempts using "guest" login (which is disabled by default), Owner, Spare, Administrator and popular first names like "Paul", "Michelle" ... etc and that is expected. Fyi, I have secure passwords for local administrator and domain administrator accounts.
  Is there a way that I  can block these hacker's login attempts unless they are coming from certain IP address or device with MAC ID?

SD-WAN: Making It Work for You
SD-WAN: Making It Work for You

As bandwidth requirements and Internet costs grow, businesses naturally want to manage budgets by reducing reliance on their most expensive connection types. Learn more about how to make SD-WAN work for your business in our on-demand webinar!

We have several website and application links stored on a Windows network share.  Recently when we experienced a security warning that "We can't verify who created this file.  Are you sure you want to run this file?".  I tried adding the server to the "intranet" zone and the share but it didn't change anything.  This appears to happen to all our users.   Can anyone suggest a fix that I can apply through group policy?
We have set up several Windows Server Essentials 2012/R2 servers for remote web access (Anywhere Access) with the free Microsoft remote web access domain name and certificate (i.e., company.remotewebaccess.com).  We are now receiving alerts on the server indicating that the remote access certificate is about to expire and needs to be "renewed with your Certification Authority."  Could you please let me know the simplest, most efficient way to renew the Microsoft remotewebaccess.com certificate we originally set up?

If that cannot be done, what is the most straightforward way to resolve this problem and keep Anywhere Access working?

Security certificates are not something I am very familiar/experienced with,unfortunately.

Thanks very much.
I have a windows 8.1 laptop using a windows account to login. I reset the password through windows live and am able to login to the site. My laptop will not accept the password. How can I force the laptop to sync with the new password I set online? Is there some way I can enable the admin account and delete or reset the password?
AD non-interactive service account

1- how do these work?
2-Security concerns if any? can they get locked out?
3- do they work with non-Windows platforms? or non domain joined machines?
What free options are available to scan/search unstructured data (file shares and exchange mailstores) for sensitive data like PHI or PCI data?
Hello, we have some service techs who need to have admin rights on their machines to run/test specific software. I am just scared they may download/install some malicious.

What is the best controls method to contain this?
I need to alert both Sysadmin’s and applications Admins by reports SEPARATELY by using Nessus Pro, how can I do scan for OSs exclusively, and applications exclusively?
And how do scan Windows exclusively? And Linux
I'm implementing a new ADFS version -- testing is done by editing the local hosts file.  Users run Windows 10.  Some users can run as Administration using Notepad and edit c:\windows/system32/drivers/etc/hosts and save it.  Some absolutely cannot.  It looks like they should have permissions - based on effective permissions --but they get a permissions error.  We've tried 4 desktops running Windows 10 -- 2 worked easily -- 2 will not work.  What's the difference?  The user is an Administrator on the computer.  We stumped.
There's a request for "Change runbook" that documents/records changes from Day 1
so that in the event of bad changes (malicious or inadvertent ones) being introduced
over along the line of changes, we can rebuild a server/system back selectively,
dropping the "bad" change so that we can bring up the system to a "clean" slate.

Was told it's not "Change Control" nor CRs that we are looking at here.

I've suggested that a 'bare metal' backup be done with incremental backups (think
EMC has one such product) but this is not what the team requires.

Any document, tools or method are much appreciated.
Why Diversity in Tech Matters
LVL 12
Why Diversity in Tech Matters

Kesha Williams, certified professional and software developer, explores the imbalance of diversity in the world of technology -- especially when it comes to hiring women. She showcases ways she's making a difference through the Colors of STEM program.

Was told by CyberArk  vendor that the Windows server/VM hosting Cyberark's Vault
should not be hardened ie leave it as vanilla: during installation, Cyberark will auto-
harden it?  Is this the recommended practice?

Can share what are the hardenings that Cyberark do on the Vault (ie the Cyberark
DB) server?

For the server running Cybark's PVWA & CPM, was told a few hardened off services
must be unhardened for PVWA/CPM to work: can share what are these?
I had this question after viewing Locating ClientCertificate to use in WinHTTP.

Similar question, when using the SetClientCertificate property on a WinHttpRequest, I receive a "Certifcate is required to complete client authentication". The certificate has been created successfully, and appears in the Certifcate Store under Console Root -> Certificates (Local Machine) -> Personal -> Certificates.

The Issued to is ABC Certificate, the Friendly name is ABC

The parameters I am using are as follows:

myMSXML.SetClientCertificate "LOCAL_MACHINE\\Personal\\ABC"

I've tried ABC Certificate etc... tried putting the certificate in different stores, tried a number of other things, but still getting same message returned.

How did you go with your problem referencing a certificate in the Cert Store?
I am getting the following error message in the event log each time it's restarted.
This is a Windows 2016 Hyper-V Host.  There's no virtual machines on it yet, this is a brand new install:

Log Name:      System
Source:        Microsoft-Windows-Kernel-Boot
Date:          9/7/2018 7:48:33 AM
Event ID:      124
Task Category: None
Level:         Error
Keywords:      (70368744177664)
User:          SYSTEM
Computer:      HostName.Domain.com
The Virtualization Based Security enablement policy check at phase 0 failed with status: The object was not found.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15CA44FF-4D7A-4BAA-BBA5-0998955E531E}" />
    <TimeCreated SystemTime="2018-09-07T12:48:33.163793600Z" />
    <Correlation />
    <Execution ProcessID="4" ThreadID="8" />
    <Security UserID="S-1-5-18" />
    <Data Name="Phase">0</Data>
    <Data Name="Status">3221226021</Data>

I'm running CentOS Linux release 7.4.1708 (Core), issue is i'm able to login using local users but not using ldap users, please help me on this.

I've tried restarting services using authconfig-tui command, but still i'm getting authentication failure error for ldap user.

please see the attached doc (ldap issue.docx), and below output commands and let me know if any other details are required.

[root@server01 log]# cat /etc/openldap/ldap.conf
URI ldap://<ldap servrer ip>:389/
BASE dc=prod,dc=hclpnp,dc=com
[root@server01 log]# getent passwd testuser
[root@server01 log]#

[hubba@servder01 ~]$ su - testuser
su: Authentication failure

[root@server01 log]# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
# Valid entries include:
#       nisplus                 Use NIS+ (NIS version 3)
#       nis                     Use NIS (NIS version 2), also called YP
#       dns                     Use DNS (Domain Name Service)
#       files              …
      We have installed a new Exchange server on our single domain network. Since configuring another public IP to accomodate it we are getting many "High-Risk Intrusion Detected" alerts from the Symantec Endpoint we have running on this server. It is mostly:

Attack Signature
Web Attack: Remote OS Command Injection

with some:
Attack Signature
Attack: D-Link DSL 2750B Arbitrary Command Execution

The attacking IP's change so I can't blacklist them on the firewall. We are using Sonicwall NSA 2650 as a firewall. Is there anyway to stop these attacks? I realize that the Endpoint protection is doing what it should but I am concerned that eventually the bad guys will get through.
I have a Cisco nexus switch (48-port) and wanted to setup for the first 24 ports on a vlan and the next 24 ports on a separate VLAN.  How do I do this on a Nexus switch?

I am being asked to track access to log archives or audit trail files in our Windows system environment.  

Would someone advise what that means?  Do I enable this tracking in a group policy or the default domain policy?  

I attached exports of both the Default Domain Policy - Local Policies - User Right Assignment and Security Options from our DC.  I believe most all policy settings are set "Not Defined" with the exception of a few policy settings within Security Options.

I believe this particular policy (Default Domain Policy) should apply to all non DC servers and workstations joined  to the same domain.  We have member servers that are Exchange 2010, SQL 2014, .NET/Image Storage, etc.  All workstations are Windows 10 Pro.

So, I am trying to figure out if the defined local policies, which appear to be the defaults, needs to be updated to properly secure all joined machines to the AD domain.  Maybe the existing settings are fine as is, but I am not sure so that is why I ask.  I am more concerned the Windows 10 Workstations are properly locked down than anything.
Hello Experts,

i need an User Account Auditing tool, i mean we need to check how many users Accounts are logged in with different credentials on Each Machine \ Laptop.Please advise
Check Out How Miercom Evaluates Wi-Fi Security!
Check Out How Miercom Evaluates Wi-Fi Security!

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom on how WatchGuard's Wi-Fi security stacks up against the competition plus a LIVE demo!


Having a content security policy on one's website is a good way to provide an extra layer of security on one's site.  

I have a content security policy that works as expected on desktop, but it breaks the site on mobile (safari). The content security policy is inside meta tags. I am using nonces and hashes.  On mobile I get the error stating that it refused to execute inline script because it violates the Content Security Policy directive which includes the hashes and nonces.  The error also states that I need either a hash or nonce in the code to execute the code, but they are already present there, and that's how it works well on desktop. The problem is that on mobile it's acting as if the hashes and nonces didn't exist.  Any tips are appreciated.
I got a bunch of machines trying to access this IP( that looks very suspicious when doing a WHOIS. OpenDNS Umbrella blocks the traffic as malware but no other details are given.  I've ran extensive tests with different anti-spyware/antivirus solutions(safe mode and such) and was not able to find anything. In the last month or so there were at least 10 machines that tried to get to that IP address over port 443. Machines are either inside the network or just working in the field. Any suggestions on how else to tackle this problem would be appreciated.

I added a Content-Security-Policy that works in Firefox and Chrome but not Safari.  I am using Safari 10.1.2. In Safari I get the error:
“Refused to apply a stylesheet because its hash, its nonce, or 'unsafe-inline' does not appear in the style-src directive of the Content Security Policy.”
So, I tried adding ‘unsafe-inline' to style-src but I still get the error in Safari.  I have some hashes in style-src (that were provided by Chrome), and when I get rid of the hash, Safari gives no errors as long as I have ‘unsafe-inline’ written.  If I put the hash back in, I get the error again in Safari.  The other browsers work fine.  Does anyone know what I can do to get the Content-Security-Policy working in Safari?  Any help is greatly appreciated!
How do i get into the bios? It's running Win 10 Home and the fingerprint reader WAS active in Windows but now isn't. I'm wondering if the fingerprint reader has been enabled FOR entering the bios as well, so needs to be used in conjunction with key presses? There's also the issue of the toggling of function keys as well to add to the complexity. I suspect that F1-F12 are not defaulted but what's above IS.
I am running a Apple MacBook (Retina, 12-inch, Early 2016) and OSX 10.13.1 (17B48) as a company note book. Today it is the 3rd time i discovered item in my trash which do not belong to me. I can not say if this has happened before nor how long this is already happening. I found this more or less by accident. The files must belong to one of my colleagues. I have colleagues running PC's and Mac's. We are working in a co-working-space where we use our own router but use the network from the landlord. All trash items so fare where just colleague stuff wich i know from the content of course. the first time i discovered this i turned of all kind of file-sharing etc... but it keeps on happening.
How do ireset my qth81admin account??

OS Security





Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.