OS Security

21K

Solutions

23K

Contributors

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi,

My company have some VM which running IIS web server on Windows OS. Based on BitSight - Web Server Vulnerabilities.

My tasks are assigned as follow.

Services require to reverted back
2. Where to disable SSLv2 and SSLv3 protocol, the Diffie-Hellman encryption length also require to use 2048bit
3. How to update those outdated IIS server

Ps advice me accordingly as i've never done this before as require by our Cyber team.

If there is any best practice to perform hardening, ps advice and share for my knowledge.

Tks.

Lcuky
0
Upgrade your Question Security!
LVL 12
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

I received advice on another question I posted here that I could do without antivirus in Android:

What is the best anti-virus for Android (paid or unpaid)?

But I don't understand that advice because from what I've read Android is the OS for smartmobiles that is most targeted by hackers.

For example, would I be safe if I download apps from other places than Google Play?

And for using apps like for Uber, map apps other than Google Maps etc., would I be safe without anti-virus?
0
We have a large number of programmers adding service accounts with UN and PW inside of their code for purposes of moving files ad other AD integration points.    Recently we found a service account that was a Domain Admin.   The question posed was , short of changing password and seeing what happens, can we get a clean Query from AD looking back 120 days for the source computer and desired service-elevation being requested by this service account such that we might re-task this in a controlled manner ?
0
I work for a small company with roughly 50 users and have been asked to have an outside vendor perform security/vulnerability testing.  We have several servers, ranging from SQL, to Exchange, to Remote Desktop with a hosted firewall through Windstream.  I thought I would appeal to the Experts in the Experts-Exchange community for advice and/or recommendations for a good vendor that specializes in such things.
0
EE,

We have been attacked by the "rapid' ransomware virus - most of our key information assets have been locked, all with the extension of ".rapid" on each file.
> The worst part is that they locked all of our backup files as well - we are stuck.

I am looking for some suggestions on how to deal with this... Yep, first time for me and my company.

Should we pay or should we fight...

Rojosho
2
Hello Experts,

i need an User Account Auditing tool, i mean we need to check how many users Accounts are logged in with different credentials on Each Machine \ Laptop.Please advise
0
We have a Windows 2008 R2 domain environment where we would like to prevent executables (.exe, .bat, .com, .scr etc) from websites from being downloaded/launched on their users local computers. The users in question do not have administrator-level accounts. Users currently have access to use various browsers including Internet Explorer, Edge, Chrome and Firefox. All users are using Windows 10.

Can this be achieved with group policy? Although not preferred, it would also be acceptable (but not preferable) if the users received a popup that at least prompted / warned them about launching the executable much like with UAC. If it's not possible at the point where a user clicks on the link to the download, then can we simply restrict the running of the program when it's launched?
0
Hi,

Having a content security policy on one's website is a good way to provide an extra layer of security on one's site.  

I have a content security policy that works as expected on desktop, but it breaks the site on mobile (safari). The content security policy is inside meta tags. I am using nonces and hashes.  On mobile I get the error stating that it refused to execute inline script because it violates the Content Security Policy directive which includes the hashes and nonces.  The error also states that I need either a hash or nonce in the code to execute the code, but they are already present there, and that's how it works well on desktop. The problem is that on mobile it's acting as if the hashes and nonces didn't exist.  Any tips are appreciated.
0
We are reviewing compliance against cis/sans top twenty cyber controls, and one of the controls is that of limiting access to script tools, which it sites an example of powershell and python. If users only have standard user rights (no local admin) what is the risk of them having powershell at their disposal on their assigned laptop/workstation?

And how from a systems admin / support perspective could you restrict access to such scripting tools to standard users? e.g. how can you hide/uninstall powershell for all?
0
I got a bunch of machines trying to access this IP(208.91.197.27) that looks very suspicious when doing a WHOIS. OpenDNS Umbrella blocks the traffic as malware but no other details are given.  I've ran extensive tests with different anti-spyware/antivirus solutions(safe mode and such) and was not able to find anything. In the last month or so there were at least 10 machines that tried to get to that IP address over port 443. Machines are either inside the network or just working in the field. Any suggestions on how else to tackle this problem would be appreciated.

Thanks!
0
How do you know if your security is working?
LVL 1
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

Hi,

I'm trying to get rid of local admin privileges for users. All users have a scheduled task that runs a Syncback backup of local files.
Works fine when user is admin, but when I remove local admin privileges, users are not able to schedule tasks.

Windows 10 client.1709. Domain member.
Group policy:  Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment.
Allow members of domain group Staff to Log on as a bath job.

Suggestions?

BR,

Nils
0
Hi,

My user required to install software frequently on one of windows 2008 server , for that he has requested local admin rights, but I would like to know before granting him local admin rights whether he can  install software  with other privileges , if so what are all other alternatives to follow least privileges policy in granting him rights?
0
Hi,
I added a Content-Security-Policy that works in Firefox and Chrome but not Safari.  I am using Safari 10.1.2. In Safari I get the error:
“Refused to apply a stylesheet because its hash, its nonce, or 'unsafe-inline' does not appear in the style-src directive of the Content Security Policy.”
So, I tried adding ‘unsafe-inline' to style-src but I still get the error in Safari.  I have some hashes in style-src (that were provided by Chrome), and when I get rid of the hash, Safari gives no errors as long as I have ‘unsafe-inline’ written.  If I put the hash back in, I get the error again in Safari.  The other browsers work fine.  Does anyone know what I can do to get the Content-Security-Policy working in Safari?  Any help is greatly appreciated!
0
[root@db01 ~]# yum updateinfo info --cve CVE-2017-5715
Loaded plugins: product-id, search-disabled-repos, subscription-manager
updateinfo info done

I am pretty sure this CVE is not installed. However i am unable to see the this CVE in the list.
0
How do i get into the bios? It's running Win 10 Home and the fingerprint reader WAS active in Windows but now isn't. I'm wondering if the fingerprint reader has been enabled FOR entering the bios as well, so needs to be used in conjunction with key presses? There's also the issue of the toggling of function keys as well to add to the complexity. I suspect that F1-F12 are not defaulted but what's above IS.
0
I am running a Apple MacBook (Retina, 12-inch, Early 2016) and OSX 10.13.1 (17B48) as a company note book. Today it is the 3rd time i discovered item in my trash which do not belong to me. I can not say if this has happened before nor how long this is already happening. I found this more or less by accident. The files must belong to one of my colleagues. I have colleagues running PC's and Mac's. We are working in a co-working-space where we use our own router but use the network from the landlord. All trash items so fare where just colleague stuff wich i know from the content of course. the first time i discovered this i turned of all kind of file-sharing etc... but it keeps on happening.
0
How do ireset my qth81admin account??
0
How to disable cortana searching in certain directories.  I am trying to keep users out of the windows dir and running certain files.  right now I have hidden the c: but if they search using contra for ie..."shutdown -" and open file location they have access to the windows dir.  

Is there a way to remove windows dir from the search or
disable the open file location for contra.
Completely disable Cortana
disabling allowcortana in the GPO does no longer work with build 1703

I have found ways to do this with file explorer but they do not translate to contra.
0
Looking for Patch Management Cloud service. I have found a few on the Internet but not sure who is good. Looking to patch OS and 3rd party Apps
0
Protect Your Employees from Wi-Fi Threats
LVL 1
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

We are still using Tomcat 6.0 and plan to move to latest version by next year. Problem with current version is to set the access deny to our web-application.

I tried adding valve with webapps/META-INF/context.xml file as below but nothing works. Can you please provide a fix.

<Context antiJARLocking="true" path="/">
<Valve className="org.apache.catalina.valves.RemoteIpValve" />
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="{IP_address}" />
</Context>

Or

<Context antiResourceLocking="false" privileged="true">
    <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.0\.0\.1,8\.8\.4\..*"/>
</Context>

Open in new window


Do you guys have any another solution as I want to restrict outside users from accessing Manager view and it will be accessible only from localhost?

Best Regards
0
On a slave KDC server running MIT Kerberos, I get the below error message when trying to access kadmin.local.  The master server works fine.  

I think this is because I created the Kerberos DB on the slave KDC with a different password, but when I updated the stashed password, it still doesn't work.


# kadmin.local
Authenticating as principal root/admin@KERBEROS.REALM.NET with password.
kadmin.local: Unable to decrypt latest master key with the provided master key
 while initializing kadmin.local interface

The servers are RHEL 6.5.
0
I need to know if there is a way to track how many files users download/copies from our file server. I know I can turn on Auditing using group policies but is there a better way to do this. also, will the auditing tell me who and how much was downloaded/copied?
0
I am trying to deploy the latest security patch through Ninjarmm for several clients. I think it has to be applied through the command line. Is there a way to deploy it to multiple clients at one time remotely using Ninja?
0
I wish to change my password!
0
I am applying advanced firewall settings thru a GPO but other than actually looking at the firewall settings on the target systems I cannot view the settings by using rsop,msc, gpedit.msc, etc.  I even tried secpol and attempted to find the appropriated netsh advfirewall command to view settings with not luck.  Any tricks or workarounds?
0

OS Security

21K

Solutions

23K

Contributors

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.