OS Security

21K

Solutions

23K

Contributors

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

Share tech news, updates, or what's on your mind.

Sign up to Post

What is the best way to whitelist/blacklist devices so they cannot run when plugged into a usb, serial port?  We may want some devices to run but others we may not want to run.  Note, this machine would be windows and would typically not be connected to the network.
0
Threat Trends for MSPs to Watch
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Hi all, i'm looking to deliver a cyber security presentation to customers to raise their awareness of the threat.

Does anyone know of some sites or links with up to date / relevant content which i can use

Thanks in advance
0
We previously set up SCCM using a domain admin account SCCMAdm :
we have since removed it's domain admin privilege but with its domain
password dont expire.

is this a security concern (need assessment) & how we can mitigate?
0
i'll need a Shell script that scans thru creation dates of all patches (ideally only the security ones but
if this is not possible, then all patches) installed in an RHEL 7 server, get the latest one, compute
the difference from today's date & give the difference in number of days & if the difference is
more than 90 days, echo out a message, "It has been more than 90 days since last patch)

Purpose is to check the last patch date & remind Linux admins.  Believe RHEL releases patches
at least every 3 monthly?
0
I can't seem to find any documentation as to what the Mac OSX equivalent might be for 'AUDITCTL' 'AUDITCTLD' - any help appreciated thanks.
0
New install of server 2012 64bit,  not a OS upgrade, but old server data such as program files still on the 'c' drive.
no problems during the install, no yellow flag warnings except for "AD Rights Management" needs post configuration.
Rolls installed are AD, DNS, DHCP, as a full secondary domain controller,  application server, and file server.   I did not ask for IIS,  but got it anyway.   A pop up window keeps asking to install .NET 3.5.   NO changes to group policy.  
A funny thing about the folder share security;   the double head icon does not show up on C drive but does on the 'D' drive.
Configuring share security on 'D' is normal,  I get the groups I want.   On 'C' it configures the way I want,  but is erased by the next logon.  
WHAT IS GOING ON HERE??
0
Hi,

Does anyone know a definitive way to disable the "Security and Maintenance" popups temporarily?

Popup
I have tried Group policy settings in various ways and combinations, after reading a few dozen articles, but none seem to work.

Policy
I have read a number of articles, a couple saying that MS removed similar ability to this due to a vulnerability. Not sure if that applies here.

If someone could please give me some direction or even if you know the answer, that would be great.

Systems are Windows 10 Creative/Anniversary edition.

While not really relevant as to the "how to do it", the reason I need this is because I am performing an AV upgrade, and during the process the old AV stops for about 2 seconds and the new one starts. I therefore would like to avoid mass panic and 1000's of end users calling into the helpdesk saying their AV has just stopped. I will obviously be re-enabling after the upgrade.
0
In auditing our server event logs we have several users generating Event 4625, which are basically bad password/user name.  We are a multi-domain environment.  Users systems are in my domain 'A', but their user accounts are in domain 'B'.  We have login scripts that map drives to our server (also in domain 'A'), but the 4625 event error shows that their system is attempting to connect to the share using the wrong domain for the user name (i.e. A\username instead of B\username).  The time stamp on the users workstation seems to confirm that the System thread (process PID 4 ntoskrnl.exe) is the process at the root of the call to the server.

e.g. B\username is logging into A\computer,   GPO set login script has B\username attempt to map several shares on A\server.  For some reason windows attempts to use A\username instead of B\username

Now, the drives do end up mapping, so its almost like Windows by default is applying the computers domain to the current logged user ID then continues to try moving to the actual domain of the user.

I've cleared the mapped drives, tried setting the map command to work with the /PERSISTENT:NO to make sure there isn't a 'stored credential', but it doesn't change the symptoms.

May not be a fix and this is just the default method for windows, but its a bit annoying to dig through all the false positives.  We will not be able to change either the computer's or user's domain so that is not an option.

Looking for potential ideas.
0
I would like to get opinions on the best antivirus for a small (less than 6 Windows devices) LAN. Thanks for your help.
0
Hi All,

We have just moved to Kaspersky EndPoint security 10 (10.3.0.6294) from Sophos.
Some of the users have complained that now it takes them few minutes when they start there computer in morning and when they shutdown.
Is there anyway we can monitor whats taking up resources when the computer starts and how can we minimize Kaspersky resource utilization?

thanks.
0
Threat Trends for MSPs to Watch
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Before we use our EPO to block access to PowerShell, we put it to
Detect mode for EPO to detect what's calling PowerShell & found
a lot of PowerShell calls made by svchost, explorer, rundll32.

As Win XP doesn't have PowerShell, are these calls by Win 7 truly
legit?   What's the purpose they call PowerShell  & how to trace
this?

What's the impact if PowerShell is blocked?
What does event ID 1095 mean?

Refer to attached on what EPO logs showed us
Monitor-Powershell-UsageTr.xlsx
0
I have had a disk failure on my DC, so need to recover.
However a while ago I had the brilliant idea of backing up to an iscsii volume on a netgear NAS.
Now I need to recover , I can mount the iscsii on another system, but cannot read. All I get access is denied.
When I try take ownership  with a local admin, it will not allow me.....

I don't want to be to adventurous with attacking the prob as it is the only backup . Any suggestions  .....
0
We have manually disabled PowerShell on a few PCs : refer to attachment 1.

As there are close to 3000 PCs in our place, it's not feasible to do it this way.

Also I wanted to disable it batch by batch (by network subnet/segment or
by department) in case things break, impact is not so widespread.

Q1:
How can this disabling of PwrShell be done in GPO ?

Q2:
is there a way to use SCCM or MS Desktop central or sort of scripts for
me to deploy this batch by batch (or by IP segment) ?  Kindly elaborate
the method
Disable_PwrShell.jpg
0
We are still using Tomcat 6.0 and plan to move to latest version by next year. Problem with current version is to set the access deny to our web-application.

I tried adding valve with webapps/META-INF/context.xml file as below but nothing works. Can you please provide a fix.

<Context antiJARLocking="true" path="/">
<Valve className="org.apache.catalina.valves.RemoteIpValve" />
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="{IP_address}" />
</Context>

Or

<Context antiResourceLocking="false" privileged="true">
    <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.0\.0\.1,8\.8\.4\..*"/>
</Context>

Open in new window


Do you guys have any another solution as I want to restrict outside users from accessing Manager view and it will be accessible only from localhost?

Best Regards
0
ive been hit with a ransomware attack
I can still use the computer but all word docs have been encrypted
I can open docs but they are blank
is my only option paying or can I get these back?
they are requesting over £800
0
I about 10 yrs back, there are CIS tools that we could download for free
that will flag out the date of the last OS patches.

Q1:
Are these tools still available for free download & what's the URL?

Q2:
Without these tools, how can we check in an OS (Windows 2008 R2, Win 2012,
Solaris 10 & 11,  AIX 6.1 & 7.1) , the date of the latest patches applied in the
system?
0
Hi Guys,

We have a domain-joined PC (Win8.1) pops out the message "Your system administrator has blocked this program. For more information, contact your system administrator." whenever i try to install any program or launch any program as administrator.

This is the only pc having the issue, the pc and user is in the same AD object containers as others, there is no such rules set on domain level.

When i logged in as another standard user, it had the same problem, but if i login as any admin account, it acts normal.
i suspected UAC setting as the UAC was set to the lowest level, but nothing happened after i changed UAC back to default.

Can anyone shed light on this problem pls?
0
The formerly known as Sentinel & now named as EPT is a forensics &
anti-malicious activities (process & memory scans) product.

Anyone (esp those who have used / assessed it) care to share reviews on it:
a) how easy to use & accurate/thorough is its forensics
b) does it have predictive capabilities of malicious behaviors
c) how does it compare with competing products?
d) does it deal with apps vulnerabilties like injections & XSS ?
e) it was supposed to deal with APT (Advanced Persistent Threats):
    does it deal with 0-day (signatureless?) malwares ?
0
As we are now using RHEL 7.x (not the more than decade ago Red Hat Linux 7)
& Solaris 10, are the following still applicable to us:

Exploit             OS                                       Vulnerability

CATFLAP               Solaris 7/8/9                           Remote code execution

COTTONAXE   LiteSpeed Web Server    Remote code execution

dtspcdx_sparc SunOS 5.0-5.8 DTSPCD  Remote code execution

EARLYSHOVEL RedHat 7.0-7.1                Unspecified
                         & Sendmail 8.11.x

EMBERSNOUT  Red Hat 9.0                   Unspecified ==> I suppose this is the decade ago RH Linux 9, right?

sneer                Sun SNMP daemon        Remote code execution
                           mibissa      

statdx                Redhat Linux                  Remote root access  ==>  is this the decade ago Linux?
0
Need protection from advanced malware attacks?
Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Q1:
We are concerned with using the latest Chrome due to data loss/leakage
via whatsapp sidebar : does this feature enable files upload/downloading?

Q2:
is there any way to remove/disable it & how to go about doing this?

Q3:
If it's a data loss risk & not possible to disable, which previous latest
version of Chrome doesn't have this sidebar?  I'm thinking of using
the older version & hopefully Google still release patches for it


I just thought that since Whatsapp on my Android allows us to attach
files, this feature in Chrome may allow the same
0
On a slave KDC server running MIT Kerberos, I get the below error message when trying to access kadmin.local.  The master server works fine.  

I think this is because I created the Kerberos DB on the slave KDC with a different password, but when I updated the stashed password, it still doesn't work.


# kadmin.local
Authenticating as principal root/admin@KERBEROS.REALM.NET with password.
kadmin.local: Unable to decrypt latest master key with the provided master key
 while initializing kadmin.local interface

The servers are RHEL 6.5.
0
People,

I've got the existing Exchange Server 2013 Standard SP1 that is running as MBX&CAS role in one AD site called Default-First-Site-Name.
I want to decommission it so that I can run the both MBX & CAS on new Win2012 R2 VM so I can configure DAG on the other AD site called Head-Office1.

Existing:
AD Site Default-First-Site-Name
PRODMAIL14-VM [Mailbox & Client Access Server] - Windows Server 2008 R2 existing legacy.
PRODMAIL15-VM [Mailbox server only] - Windows Server 2012 R2 newly built for DAG.

AD Site Head-Office1
PRODMAIL20-VM [Mailbox & Client Access Server] - Windows Server 2012 R2 existing newly built for DAG.

Proposed:
AD Site Default-First-Site-Name
PRODMAIL14-VM [Decommissioned]
PRODMAIL15-VM [Mailbox & Client Access Server] - Windows Server 2012 R2 setup for DAG with Head Office.

AD Site Head-Office1
PRODMAIL20-VM [Mailbox & Client Access Server] - Windows Server 2012 R2 existing newly built for DAG with PRODMAIL15-VM.

How to do that safely without causing email flow issue during the production business hours ?
What're the steps in installing CAS so that it does not cause any email flow during the business hours on PRODMAIL15-VM ?
If I install the windows update now during the business hours on PRODMAIL15-VM is there any impact or problem when I reboot it ?

Thanks, in advance.
0
I need to know if there is a way to track how many files users download/copies from our file server. I know I can turn on Auditing using group policies but is there a better way to do this. also, will the auditing tell me who and how much was downloaded/copied?
0
this is what i have.
user teacher1
teacher shared folder
              teacher1 folder

teachers group share folder    
                sharing shared
                       with advanced permissions of
                                      authenticated users full control
                                      domain admin full control
                                      local file server admin full control
                 security permissions
                                        domain admin owner
                                       creator owner full control subfolders and files only
                                        authenticated users read/execute this folder only
                                        system full control this folder, subfolders and files
                                        local admin full control this folder, subfolders and files
                                        domain admin full control this folder, subfolders and files
                                        domain group teachers read/execute this folder, subfolders and files
                   teacher1 folder
                                     shared
                                                administrator owner
                                                admiistrator read/write
                                                teachers read
                                   advanced sharing none
                                   …
0
Hi Experts
I need a batch file to change folder permissions and sub folders to the following
remove every users permissions except the administrator and the administrator only have the read only option
0

OS Security

21K

Solutions

23K

Contributors

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.