OS Security

21K

Solutions

23K

Contributors

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hello,
      We have installed a new Exchange server on our single domain network. Since configuring another public IP to accomodate it we are getting many "High-Risk Intrusion Detected" alerts from the Symantec Endpoint we have running on this server. It is mostly:

Attack Signature
Web Attack: Remote OS Command Injection

with some:
Attack Signature
Attack: D-Link DSL 2750B Arbitrary Command Execution


The attacking IP's change so I can't blacklist them on the firewall. We are using Sonicwall NSA 2650 as a firewall. Is there anyway to stop these attacks? I realize that the Endpoint protection is doing what it should but I am concerned that eventually the bad guys will get through.
0
Cloud Class® Course: Certified Penetration Testing
LVL 12
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

I have a Cisco nexus switch (48-port) and wanted to setup for the first 24 ports on a vlan and the next 24 ports on a separate VLAN.  How do I do this on a Nexus switch?
0
I have an Active Directory Group (Group1), for now it is able to add users to other groups.
I want to Prevent Group1 from adding or removing users from the following groups:
GroupA
GroupB
GroupC

They still can add/remove users from other groups.

I looked at the Group1 membership, I could not tell which group has given them  power to add / remove users... The groups they are memebr of are not nested in other groups and I do not see them memebrs of known groups such as Domain Admins group

Any idea on how to figure out how they are able to add usersto groups and how to limit Group1 from add/remove of users to just to those 3 groups.

Thank you
1
Hello,

I am being asked to track access to log archives or audit trail files in our Windows system environment.  

Would someone advise what that means?  Do I enable this tracking in a group policy or the default domain policy?  

Thanks.
0
I attached exports of both the Default Domain Policy - Local Policies - User Right Assignment and Security Options from our DC.  I believe most all policy settings are set "Not Defined" with the exception of a few policy settings within Security Options.

I believe this particular policy (Default Domain Policy) should apply to all non DC servers and workstations joined  to the same domain.  We have member servers that are Exchange 2010, SQL 2014, .NET/Image Storage, etc.  All workstations are Windows 10 Pro.

So, I am trying to figure out if the defined local policies, which appear to be the defaults, needs to be updated to properly secure all joined machines to the AD domain.  Maybe the existing settings are fine as is, but I am not sure so that is why I ask.  I am more concerned the Windows 10 Workstations are properly locked down than anything.
Prometheus-SecurityOptions-Export.txt
Prometheus-UserRightsAssignmnets-Exp.txt
0
Hi Experts - we currently manage Microsoft Updates for about 100 Windows Servers from Server 2008r2 -2016.   We use 2 methods to install updates,

1. Via LogMeIn Central's "Updates" console, which allows you to granular selection of servers and updates to install, schedule the reboot after the updates install, see progress, etc  
2. Log directly into the Server and install them via Updates GUI

LogMeIn's console works for MAYBE 1/2 of the machines, the rest we have to login manually and install updates.  

Servers are all on different WAN connections.  

I'm looking to cut down the time we have to spend on this as the updates need to be installed and machines rebooted after hours.

I'm open to something moderate to low cost, or free.  Currently we pay for the LogMeIn Central subscription exclusively for that functionality.   Looking for something fairly easy to setup and maintain.
0
Hello Experts,

i need an User Account Auditing tool, i mean we need to check how many users Accounts are logged in with different credentials on Each Machine \ Laptop.Please advise
0
We have a Windows 2008 R2 domain environment where we would like to prevent executables (.exe, .bat, .com, .scr etc) from websites from being downloaded/launched on their users local computers. The users in question do not have administrator-level accounts. Users currently have access to use various browsers including Internet Explorer, Edge, Chrome and Firefox. All users are using Windows 10.

Can this be achieved with group policy? Although not preferred, it would also be acceptable (but not preferable) if the users received a popup that at least prompted / warned them about launching the executable much like with UAC. If it's not possible at the point where a user clicks on the link to the download, then can we simply restrict the running of the program when it's launched?
0
Hi,

Having a content security policy on one's website is a good way to provide an extra layer of security on one's site.  

I have a content security policy that works as expected on desktop, but it breaks the site on mobile (safari). The content security policy is inside meta tags. I am using nonces and hashes.  On mobile I get the error stating that it refused to execute inline script because it violates the Content Security Policy directive which includes the hashes and nonces.  The error also states that I need either a hash or nonce in the code to execute the code, but they are already present there, and that's how it works well on desktop. The problem is that on mobile it's acting as if the hashes and nonces didn't exist.  Any tips are appreciated.
0
I got a bunch of machines trying to access this IP(208.91.197.27) that looks very suspicious when doing a WHOIS. OpenDNS Umbrella blocks the traffic as malware but no other details are given.  I've ran extensive tests with different anti-spyware/antivirus solutions(safe mode and such) and was not able to find anything. In the last month or so there were at least 10 machines that tried to get to that IP address over port 443. Machines are either inside the network or just working in the field. Any suggestions on how else to tackle this problem would be appreciated.

Thanks!
0
Get your problem seen by more experts
LVL 12
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Hi,

I'm trying to get rid of local admin privileges for users. All users have a scheduled task that runs a Syncback backup of local files.
Works fine when user is admin, but when I remove local admin privileges, users are not able to schedule tasks.

Windows 10 client.1709. Domain member.
Group policy:  Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment.
Allow members of domain group Staff to Log on as a bath job.

Suggestions?

BR,

Nils
0
Hi,
I added a Content-Security-Policy that works in Firefox and Chrome but not Safari.  I am using Safari 10.1.2. In Safari I get the error:
“Refused to apply a stylesheet because its hash, its nonce, or 'unsafe-inline' does not appear in the style-src directive of the Content Security Policy.”
So, I tried adding ‘unsafe-inline' to style-src but I still get the error in Safari.  I have some hashes in style-src (that were provided by Chrome), and when I get rid of the hash, Safari gives no errors as long as I have ‘unsafe-inline’ written.  If I put the hash back in, I get the error again in Safari.  The other browsers work fine.  Does anyone know what I can do to get the Content-Security-Policy working in Safari?  Any help is greatly appreciated!
0
[root@db01 ~]# yum updateinfo info --cve CVE-2017-5715
Loaded plugins: product-id, search-disabled-repos, subscription-manager
updateinfo info done

I am pretty sure this CVE is not installed. However i am unable to see the this CVE in the list.
0
How do i get into the bios? It's running Win 10 Home and the fingerprint reader WAS active in Windows but now isn't. I'm wondering if the fingerprint reader has been enabled FOR entering the bios as well, so needs to be used in conjunction with key presses? There's also the issue of the toggling of function keys as well to add to the complexity. I suspect that F1-F12 are not defaulted but what's above IS.
0
I am running a Apple MacBook (Retina, 12-inch, Early 2016) and OSX 10.13.1 (17B48) as a company note book. Today it is the 3rd time i discovered item in my trash which do not belong to me. I can not say if this has happened before nor how long this is already happening. I found this more or less by accident. The files must belong to one of my colleagues. I have colleagues running PC's and Mac's. We are working in a co-working-space where we use our own router but use the network from the landlord. All trash items so fare where just colleague stuff wich i know from the content of course. the first time i discovered this i turned of all kind of file-sharing etc... but it keeps on happening.
0
How do ireset my qth81admin account??
0
How to disable cortana searching in certain directories.  I am trying to keep users out of the windows dir and running certain files.  right now I have hidden the c: but if they search using contra for ie..."shutdown -" and open file location they have access to the windows dir.  

Is there a way to remove windows dir from the search or
disable the open file location for contra.
Completely disable Cortana
disabling allowcortana in the GPO does no longer work with build 1703

I have found ways to do this with file explorer but they do not translate to contra.
0
Looking for Patch Management Cloud service. I have found a few on the Internet but not sure who is good. Looking to patch OS and 3rd party Apps
0
We are still using Tomcat 6.0 and plan to move to latest version by next year. Problem with current version is to set the access deny to our web-application.

I tried adding valve with webapps/META-INF/context.xml file as below but nothing works. Can you please provide a fix.

<Context antiJARLocking="true" path="/">
<Valve className="org.apache.catalina.valves.RemoteIpValve" />
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="{IP_address}" />
</Context>

Or

<Context antiResourceLocking="false" privileged="true">
    <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.0\.0\.1,8\.8\.4\..*"/>
</Context>

Open in new window


Do you guys have any another solution as I want to restrict outside users from accessing Manager view and it will be accessible only from localhost?

Best Regards
0
INTRODUCING: WatchGuard's New MFA Solution
LVL 1
INTRODUCING: WatchGuard's New MFA Solution

WatchGuard is proud to announce the launch of AuthPoint, a powerful, yet simple, Cloud-based MFA service designed to eliminate the vulnerabilities that put your data, systems, and users at risk.

On a slave KDC server running MIT Kerberos, I get the below error message when trying to access kadmin.local.  The master server works fine.  

I think this is because I created the Kerberos DB on the slave KDC with a different password, but when I updated the stashed password, it still doesn't work.


# kadmin.local
Authenticating as principal root/admin@KERBEROS.REALM.NET with password.
kadmin.local: Unable to decrypt latest master key with the provided master key
 while initializing kadmin.local interface

The servers are RHEL 6.5.
0
I need to know if there is a way to track how many files users download/copies from our file server. I know I can turn on Auditing using group policies but is there a better way to do this. also, will the auditing tell me who and how much was downloaded/copied?
0
I am trying to deploy the latest security patch through Ninjarmm for several clients. I think it has to be applied through the command line. Is there a way to deploy it to multiple clients at one time remotely using Ninja?
0
I wish to change my password!
0
I am applying advanced firewall settings thru a GPO but other than actually looking at the firewall settings on the target systems I cannot view the settings by using rsop,msc, gpedit.msc, etc.  I even tried secpol and attempted to find the appropriated netsh advfirewall command to view settings with not luck.  Any tricks or workarounds?
0
Hi all,

I have installed Tectia client on two client machines installed with Windows 2008 R2. Tectia client comes with an executable scpg3.exe to copy file to a remote host securely.

I am using the public key method for authentication. I notice that on machine A the file copy to a remote host server with SFTP server installed takes around 3 seconds to complete

ON another machine B, I have tried that the file copy to the same remote host server (using the same file) takes a much longer time to complete (~10 seconds). It seems that the authentication takes around ~8 seconds from machine B.

Please advise the possible causes. Thanks.

I
0

OS Security

21K

Solutions

23K

Contributors

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.