OS Security





Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

Share tech news, updates, or what's on your mind.

Sign up to Post

A customer called a number claiming to be HP and spoke to someone who ran LogMeIn onto his PC, logged in, and told him that his computer has been the target of hacks and that people "in another state are using his computer to launch attacks."  Anyways, I logged onto his computer, did a full virus scan, reset his Windows Firewall settings, ran SFC, and checked all his startup programs and nothing come up unusual.  Is there anything else I can do to verify that there's no damage or back door left on his PC?
Get 15 Days FREE Full-Featured Trial
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Is there any real benefit in setting a BIOS password on laptops/desktops to prevent your staff messing around with boot sequence if the disc drive is full disc encrypted (bitlocker)?

I have seen numerous boot discs and USB which can exports/crack or even reset local windows password hashes, and booting from linux type distro's  for unencrypted systems bypasses windows login so you could access any sensitive local information. But I am not sure if there is any benefit in doing so if the drive is encrypted, as a boot CD/USB wont be able to pull hashes/sensitive files until the C drive has booted and the encryption key entered to make the data accessible?

Are there any remaining risks with not BIOS password if the drive is encrypted, or any benefits still in setting a BIOS password?
We have difficulties getting monthly downtimes from business & applications teams.

Beside using HA/clustering where we patch one side, swing over (incurring several seconds
or minutes of downtime) & patch the other side, what are the ways people deploy patches
with no or minimal downtime?

I guess Tandem's  Non-Stop Himalaya  could achieve this but what we have here are:
a) AS400 or OS/400 R7
b) Windows 2008 R2 & 2012
c) UNIXes (Solaris, AIX, RHEL)
d) Cisco switches/routers
e) Checkpoint & Juniper firewalls

What is TrendMicro's  virtual patching & does it help minimize downtime for patching?
We are moving from Fireeye MTP  to another product, considering Lookout .

Anyone can point me to or share reviews on Lookout?

Also, what are the assessment criteria I have to look out for considering that
our corporate phones (mostly iOS currently) & iPad are managed by
MobileIron MDM?

Email to be used is MI's email+  (not the native built-in email client)
Any security concern  (incl data loss/leakage risk) to
enroll Linkage Inc apps to Apps@Work authorized apps list?

This app is for training / courseware purpose.

If there are risks, what's the mitigation?

We use mobileIron's  MDMb
I installed Crashplan on a windows machine and have a mapped network path as drive letter f: and crashplan cannot back it up, but on a MAC I installed Crashplan and it can backup the same network path. What is the limitation in windows that prevents this and is there a work around? I have even attempted mapping the drive in windows then creating a symbolic link and it still does not work.
hi experts,

 I've been asked to design it, present it as to why it needs to be done and implemented. Can someone with experience in this subject on how to proceed , what information I need to gather and what steps actions need to be taken to secure and protect uers/network/workstations from ramsomware.
Hi guys

Could you tell me what is the GPO to enable this  %windir%/perfc and push to all WKS ?

We have heard that it is possible that TrueCrypt can be accessed when the volume is mounted; it’s keys be retrieved.  

What considerations should one take in account for this possible breach of data?

... and does other OTFE apps suffer same conditions or flaw?

Please advice.
I have a client that has forgotten his BitLocker key on his Surface Pro 3 and his Surface Pro
asks for it before he can even get to the log in screen.
I have done some research and it seems as it is a tough nut to crack.
I was thinking a bootable program on a flash drive that can tell me what the password
for the BitLocker is.
Any ideas would be appreciated.
Threat Trends for MSPs to Watch
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Is there any update windows (such as windows 7) update patch for dealing with wanna cry threat?

for any SQL server install SSL security , under what situation your customer will do it ? usually company I work with install SSL only in web server login page.

to protect DB backup from getting restore to other DB ? so using TDE ?  but TDE must use SSL cerification from a known provider like symantec ?
I'm writing a doc to list out the circumstances / criteria when we need to engage a
professional forensic IT service or when engaging our HQ's forensic team (which
we don't have locally).

Blocking a malicious IP or source of a spam & phishing sites (that resemble ours),
recovering from a malware using our AV & backup is something we have
competencies to do.

We don't know how to use Windows sysinternals tool & possibly most forensic tools

What are the criteria people out there resort to when engaging professional IT
forensics ?
I've seen the questions and answers about using /etc/pam.d/system-auth and "auth required pam_lastlog.so inactive=30" ( I also added to /etc/pam.d/gdm), but that seems to depend on lastlog and users logging into the gdm are not tracked in lastlog.

Making the password alone lock isn't enough since I want to lock for smart card login as well.

Do I need to implement a script/cron to track inactivity? Or can pam really take care of this for gdm logins?

Thanks in advance!
I view the blocking of USB for 2 reasons:

a) data leakage/loss prevention (so that sensitive data is not copied out):
     but copying data from thumb drives into the laptop is Ok, right?
     No data loss/leakage concern right?  
     So does anyone know if there are tools out there that allows the
     USB port to permit data to be copied into laptops but not out?
     Our McAfee tool doesn't appear to have this feature

b) the concern of malwares (including scripts) being executed from
     thumb drives : well for this, we'll have on-access AV in place so in
     a way this is mitigated.  Win 10 with is AV Defender also prevents
     execution of Java, VB scripts etc

Now, between item a & b, my much bigger concern is item a because
for item b, a good AV will mitigate quite well while I've not heard of
any tools that permit one-way data copying into laptop via USB.

Or does anyone know of any tools such as wireless HDD that has
such feature such that users can't reconfigure the "firewall rules"
so that data can only be copied into laptops & not out ?

To provide another intermediate laptop with sftp etc is out of the
question as this solution is too unwieldy
Hello Experts,

Is the following Local Policies/Security Options group policy as listed below need to be only set/must be set at the "Default Domain Policy" GPO and not in any other GPO? I am curious because we have this in our Default Domain Policy gpo as 'disabled' and 'enabled' in a GPO that is linked to our Domain Controllers OU. When I run secpol.msc on the domain controller itself, it is showing this option as 'disabled' (same setting as the default domain policy) AND 'not configured' when I run an RSOP on the domain controller.

Computer Configuration -> Window Settings -> Security Settings -> Local Policies - Security Options -> Network security: Force logoff when logon hours expire

Can someone please shed some light?

Thank you!
I'm looking for zipping tools that could create zips with password
for OS/400 R7  platform so that sensitive data in files are encrypted
& when we sftp over to Windows/Unix, the encrypted zipfiles are
sent over : for PCI-DSS compliance, we want data at rest to be
encrypted both at AS400 & the Windows/Unix ends.

Ideally the zipping tool can be called by RPG & Cobol

In Unix, we can 'pipe' data stream directly into a zip; would be good
to have this feature for the AS400 tool.  

Also, we have tons of logs (eg: audit trails) taking up valuable space
in AS400 so this zipping can hopefully reduce the size of these
Pretty regularly - 1 or 2x a day, I get a popup on 1 computer (win 7 SP1, fully patched) about 'your computer is infected', we're from microsoft call us, etc.

I realize it's a scam.  But curious how it's getting on there.  I've run malwarebytes, superantispyware, hitmanpro and they don't find anything.

I am streaming a radio station based in NY.

Am I mistaken that the people running the malware buy ad space on legit websites and thats how they get on the machine?

these have been easy to get rid of - just close the browser by clikcing on the x in the top right corner (it takes over the tab the radio station was on, another indication that's where the malware is getting in from?).  I've seen other versions where you have to kill browsers through task manager or reboot the computer.
We have quite a number of special Win 7 workstation PCs that have local
administrator accounts : the password never expire as each time changing
the password will involve quite some efforts of application changes.

What's the best practices to manage such accounts & any special mitigations?

a) make the passwords of such accounts dual control : ie different teams
     hold the passwords?
b) I'm not sure if we can make it "cant logon interactively" : I'll do it if it wont
     break the app.  Besides this what else can we harden?  No Local Logon?
c) noLMhash needs to be enabled so that the password cant be cracked
    easily;  what other hardenings?
d) any other mitigations such as enabling Windows Firewall?
e) pls add on any other best practices ...
Ready to trade in that old firewall?
Ready to trade in that old firewall?

Whether you need to trade-up to a shiny new Firebox or just ready to upgrade from whatever appliance you're using now, WatchGuard has the right appliance for you! Find your perfect Firebox today with appliance sizing tool!


when we try to create an ODBC connection to SQL server 2000 we see this:

ODBC error
any idea on why is it ?

I read this one:


but it don't say what registry user fixed, any idea?

the box connect to that SQL server 2000 also windows 2003 standard edition.

there are more than one server box has this problem and some serve connect to the SQL 2000 box is upgrade from Windows 2000 to Windows 2003 by in-place upgrade, VM clone.
The Chubb contact person I liaise with told me all their customers are recommended
not to install AV on Chubb's custom Windows CCTV recording server as it will cause
severe perf issue & will conflict with some sort of built-in security feature.

Anyone know what is this feature?  is it apps whitelisting, AV or ??   The person I
liaise appears uncertain
A consultant has recommended to disable the 2 attached settings on our PCs/laptops:
considering we have about 2% of our PCs that are offsite & can't join our AD, which
approach shd we adopt?

harden registry via GPO (ie enforce by GPO which I think won't help with that 2% &
when new laptops are cloned, there is a few days they won't be used which I'm not
sure if someone will brg the laptop somewhere to try to crack the password) or
clone image/local security policy or both?

Can't attach screen shots now: somethings wrong with my IE; will attach later
What are the gaps / items in my outsourcing vendor (for hosting & Datacentre) that I ought to
look out for?  I'm sort of auditing them

i have a problem, i have many servers where the KB cannot installed, system tell this UPDATE is not applicable to your system.

i use this KB for our Windows 2008R2 server: windows6.1-kb4012212-x64_2decefaa02e2058dcd965702509a992d8c4e92b3

what i have see, is this KB i can install without problem on Window 2008 R2 SP1, but not on WINDOWS 2008 R2 SP0:

OS Version
Microsoft Windows Server 2008 R2 Standard  6.1.7601 (SP1) [x64-based PC] ==> KB is installed OK
OS Version
Microsoft Windows Server 2008 R2 Standard  6.1.7600 (SP0) [x64-based PC] ==> KB is not installed

any help plz?


We are seeing some potentially odd behaviour which I'd like some suggestions for if possible please?  We have two audit tools which are showing that the local administrator (and sometimes guest) accounts are having their badpwdcount increased.  The common experience appears to be:

Workstation XYZ seems to have a burst of attempts against server ABC (all within the same minute)
ABC local admin account is unlocked by the workstation, the badpwdcount is then incremented until the account is locked, the account is unlocked again by the workstation and it tries again until the account is locked.  The attempts are ceased.

We have seen badpwdcount rising to 56 or so for some attempts.
The source workstation or target server are not always the same (I've not found any link yet)
The admin account is enabled on the servers and workstations.
Local Guest is disabled.

We have seen servers lock out their own local admin accounts (e.g. ABC$ against ABC$)
The domain admin account is the same name as the local admin account.
No malware has been seen and both workstation and server have different AV vendors (for what AV is worth nowadays at least).


OS Security





Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.