Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x

OS Security

21K

Solutions

23K

Contributors

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

Share tech news, updates, or what's on your mind.

Sign up to Post

My colleague has managed to configure one of the PC as Super-Agent ie
other PCs could get the McaFee AV signature updates from it or

Q1:
is this a 'push' update ie from Super Agent, it pushes to the slave PCs
or it's a pull ie Slave PCs pull signature updates from it?

Q2:
How do we configure the slave PC portion (screen by screen will be good)?
0
How Blockchain Is Impacting Every Industry
LVL 4
How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.

Hi,
In Win 10, how to get into Control panel to uninstall/install program?
0
I was wondering if anyone has seen any issues with setting Network security: LAN Manager authentication level : Send NTLMv2 Reponses Only with currently support Mac OS's, Linux.

We are a large environment.
0
https://www.bleepingcomputer.com/news/security/apple-releases-critical-security-updates-for-ios-macos-and-other-core-products/

Referring to above link, does it mean iOS prior to Ver 10.2.1 is not affected or versions after 10.2.1 is affected?

Last query:
does Apple releases vulnerabilities quarterly, 6-monthly or yearly & where can we find this information?
0
We have been faulted on several cases where after restoring back an AD
/domain account of a staff who has left (on the request of their
supervisors), we forgot to remove the restored AD accounts.

I know in the days I was doing backup/restore of the proprietary OpenVMS
files, I can immediately set an 'expiry' date (say 1 week) on the restored
files such that they will be expired/deleted.  

Is there anything similar for AD restored account which I can preset an
expiry date the moment I've just restored the AD account to expire/delete
it on an exact future date (based on what's requested in Service Request)?

If there's no such feature, what's the best way to do this to ensure we
don't leave restored accounts lying around after they are no longer
needed?
0
For external vendors/consultants who come onsite to do source code review
& penetration testing of apps codes, we're creating 5 Windows accounts &
provide them 5 PCs to use onsite.  They don't need Internet access but will
need Intranet access (ie within our internal netwk).

They need sort of 'power users' privilege on the Windows PCs so that they
can install & run their tools with elevated privilege.  We want the 5 of them
to be able to use the 5 PCs interchangeably ie any one of them can use
any of the 5 PCs but not any other PCs in our organization

Q1:
What's the best practice?  Create domain accounts for each of them (with
no domain admin rights but just normal domain user) & assign the 5
domain IDs under local Administrator group in each PC?   Or create
5 local accounts in each PC with power user rights (ie under the group
of "Power Users" or "Administrator"  or ?

Q2:
If the best practice is to create non-privileged domain admin IDs, what's
the steps to restrict them to the 5 PCs: was told by a colleague this is
very tedious to set up as it involves OU etc : pls give step by step
instruction as I'm newbie to Windows.  The PCs are all on Win 7.
Or it's less effort & faster to just create 5 local accounts on each of
the 5 PCs?

The 5 vendors will be onsite for about 2 months & we may a lot of such
future vendors coming onsite so we need to be able to delete their
accounts timely & something sustainable to manage & yet comply
to IT security
0
There's eicar for Android & Windows.  Is there any for IOS?

Appstore doesn't show eicar for IOS  tho playstore has it.

I need to test an Mobile Threat Prevention product for IOS.
Any other test files/IOCs I can use for IOS to test this new MTP called Lookout?
0
Anyone can point me to where I can get resource for the above?
CIS does not appear to have one (not for guest OS but VMWare
architecture & ESXi):
ok to include best practices as well such as VMs that backup each
other should be in different hosts, VMs for different projects/
purposes must not be able to ping/reach each other (containerized)
& best way of encrypting (at storage/hardware or at software) &
locking away virtual USB
0
I am wondering if anyone has any feeling for the error rate on any of:

- Iris scans
- Face recognition
- Finger print

I was just wondering...

Thanks
0
I need to draft sort of guideline to govern Remote Access by external vendors/parties.
Anyone has any documents or links to share?

Off hand, I can think of:

a) for access to UAT/development servers, remote access with encryption (eg: ssh
    or RDP) needs to be video-recorded / screen logged for long-term vendors who has
    signed Non-Disclosure Agreement with us.  UAT/Developmt may contain actual data

b) for access to Production, an authorized staff needs to initiate/trigger the connection
     (eg: WebEx or Remote Assistance) & watch what's being done with screen logging/
     video recording of the session

c) do we need access through a jump host (I've heard of RDP jump host)

d) the external parties/vendors PCs need to be updated with latest patches & AV
    signatures

e) every single staff of the vendor needs to have indiv account (ie no account sharing)

f) under what circumstances do we need 2FA ?
0
Free Tool: Path Explorer
LVL 10
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Our audit requested to do the above but from what our mobile applications team's
understanding, we usually scan the mobile applications website, not the device.

Is it essential & what are the ways / tools people use to scan mobile apps running
on mobile phones & iPad (IOS specifically) or usually people just do secure coding
on the apps, do static codes analyses (using Fortify etc) on the codes only?
0
In our environment, secure zone refers to internal zone which hosts the critical backend systems
while DMZ hosts the more 'exposed' systems.

We got an audit finding that supporting infra systems (like SCCM, WSUS, NTP, our internal Vulnerability
Assessment scanner) should not store authenticators (I assume this refers to credentials) of the
critical systems (critical financial systems that transacts huge amount of $) that are hosted in the
non-DMZ (ie secure) zone.

Q1:
Well, SCCM (which we use to deploy PCs patches & collect info from them & these PCs include PCs
used to make/process large payments) & WSUS (which deploys patches to all servers include the
critical/sensitive servers)  will need to have access to those critical systems to be able to deploy
patches.  Any idea if SCCM/WSUS store authenticators ?    We place these systems in our DMZ;
should we place them in an isolated/more secure zone?

Q2:
I presume when SCCM/WSUS is compromised, hackers could access the critical PCs & serrvers
via these tools?  If so, what are the mitigations?

Q3:
We also have Cyberark tt we lodge admin IDs of critical servers in them?  if this Cyberark server
is hosted in DMZ, what's the risk?  What are the mitigations?  The vendor who help us set it up
suggested to place it in DMZ (so that we could access via Internet to approve access requests):
is this risky & what are the best practices to mitigate?  I'm inclined to think these vendors are
seasoned in selling …
0
What is the best way to whitelist/blacklist devices so they cannot run when plugged into a usb, serial port?  We may want some devices to run but others we may not want to run.  Note, this machine would be windows and would typically not be connected to the network.
0
I have a folder named "Credentials" on our Windows 2012 R2 file server that I disabled inheritance on.  

screen2
This removed all security permissions from that folder and now I cannot get access to that same folder.

screen1
I ended up doing a restore from backup and I put that restored folder in the same location with a different name.  The restored folder works fine; but, I still cannot remove the original folder from that location because I have no security permissions.

I even tried to push a restore to overwrite the existing folder; but since the security rights were removed the backup software could not replace that folder.  I tried to access the same folder with DOS and I could not.  Any suggestions regarding how I can remove that 'credentials' folder?
0
Hi all, i'm looking to deliver a cyber security presentation to customers to raise their awareness of the threat.

Does anyone know of some sites or links with up to date / relevant content which i can use

Thanks in advance
0
We previously set up SCCM using a domain admin account SCCMAdm :
we have since removed it's domain admin privilege but with its domain
password dont expire.

is this a security concern (need assessment) & how we can mitigate?
0
i'll need a Shell script that scans thru creation dates of all patches (ideally only the security ones but
if this is not possible, then all patches) installed in an RHEL 7 server, get the latest one, compute
the difference from today's date & give the difference in number of days & if the difference is
more than 90 days, echo out a message, "It has been more than 90 days since last patch)

Purpose is to check the last patch date & remind Linux admins.  Believe RHEL releases patches
at least every 3 monthly?
0
I can't seem to find any documentation as to what the Mac OSX equivalent might be for 'AUDITCTL' 'AUDITCTLD' - any help appreciated thanks.
0
Hi,

Does anyone know a definitive way to disable the "Security and Maintenance" popups temporarily?

Popup
I have tried Group policy settings in various ways and combinations, after reading a few dozen articles, but none seem to work.

Policy
I have read a number of articles, a couple saying that MS removed similar ability to this due to a vulnerability. Not sure if that applies here.

If someone could please give me some direction or even if you know the answer, that would be great.

Systems are Windows 10 Creative/Anniversary edition.

While not really relevant as to the "how to do it", the reason I need this is because I am performing an AV upgrade, and during the process the old AV stops for about 2 seconds and the new one starts. I therefore would like to avoid mass panic and 1000's of end users calling into the helpdesk saying their AV has just stopped. I will obviously be re-enabling after the upgrade.
0
Technology Partners: We Want Your Opinion!
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

What is a good anti virus software

Something that may combat ransomware
on windows 10
1
I would like to get opinions on the best antivirus for a small (less than 6 Windows devices) LAN. Thanks for your help.
0
Hi All,

We have just moved to Kaspersky EndPoint security 10 (10.3.0.6294) from Sophos.
Some of the users have complained that now it takes them few minutes when they start there computer in morning and when they shutdown.
Is there anyway we can monitor whats taking up resources when the computer starts and how can we minimize Kaspersky resource utilization?

thanks.
0
Before we use our EPO to block access to PowerShell, we put it to
Detect mode for EPO to detect what's calling PowerShell & found
a lot of PowerShell calls made by svchost, explorer, rundll32.

As Win XP doesn't have PowerShell, are these calls by Win 7 truly
legit?   What's the purpose they call PowerShell  & how to trace
this?

What's the impact if PowerShell is blocked?
What does event ID 1095 mean?

Refer to attached on what EPO logs showed us
Monitor-Powershell-UsageTr.xlsx
0
When a user tries to access an encrypted Excel file he gets the error message "Excel cannot access [filename]. The document may be read-only or encrypted."

This is happening on a Windows 10 64-bit OS.

When we try to remove the encryption attribute from the file we get an "Error applying attributes message. An error occurred applying attributes to the file. The specified file could not be decrypted."

What can be done to fix this issue so we can either open the file or so that we can remove the encryption from the file?

CANT-ACCESS-ENCRYPTED-FILEERROR-DECRYPTING-FILE
0
Hi Experts,
could you pls advise how to install 32bit unixODBC driver on 64bit Oracle Enterprise Linux using yum. software which I'm planning to install on this 64 bit server only support 32 bit driver. Hence need to install

unixODBC-2.3.1
unixODBC-devel-2.3.1

Thanks in advance
0

OS Security

21K

Solutions

23K

Contributors

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.