Security

23K

Solutions

23K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have a user account that is constantly being locked out.  I've narrowed it down to the server but I still can't find the reason for the lockout.  I'll include one of the entries from the security log below.  

An account failed to log on.

Subject:
      Security ID:            NULL SID
      Account Name:            -
      Account Domain:            -
      Logon ID:            0x0

Logon Type:                  3

Account For Which Logon Failed:
      Security ID:            NULL SID
      Account Name:            marshallvarner
      Account Domain:            

Failure Information:
      Failure Reason:            Unknown user name or bad password.
      Status:                  0xC000006D
      Sub Status:            0xC0000064

Process Information:
      Caller Process ID:      0x0
      Caller Process Name:      -

Network Information:
      Workstation Name:      -
      Source Network Address:      -
      Source Port:            -

Detailed Authentication Information:
      Logon Process:            NtLmSsp
      Authentication Package:      NTLM
      Transited Services:      -
      Package Name (NTLM only):      -
      Key Length:            0

This event is generated when a logon request fails. It is generated on the computer where access was attempted.

The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).

The Process Information fields indicate which account and process on the system requested the logon.

The …
0
Ransomware Attacks Keeping You Up at Night?
Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

For everyone who uses a computer, protect yourself from ransomware; do not pay the bounty.  Prevention is the only solution and this author made it very easy for us to learn how.

https://www.experts-exchange.com/articles/30869/Ransomware-Prevention-is-the-Only-Solution.html
5
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
2

I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and, as I said, I am not an expert in the cryptography field, I asked other experts on Experts Exchange to allow me to include some of their thoughts on the matter. Thanks to btan and McKnife for all their input (I edited some out for readability, left some out for technical reasons, and included some in various places in the article). 

 

Let me preface this by saying the best prevention when it comes to any malware is up to date AV/AM software, well tested backups (yes you must test them), and safe computer usage habits. I have also incorporated some suggestions specific to ransomware prevention and more general suggestions on enhancing your computer security.

 

Encryption programs of the ransomware type are usually not virii, but rather trojans that encrypt your computer files and then the writers (thieves) demand a ransom to decrypt them. If you catch it early, there is a slight chance of decryption, but once you get the Ransomware pop-up, it is generally too late. This is because most ransomware works by silently encrypting your files and when finished it displays the ransom popup. If you either pay the ransom (not recommended) in a timely manner or restore from backup, you will probably be okay.

  

You CANNOT really trust that you will receive a working decryption key if you do pay the ransom, although it is in the financial interests of those who encrypted your files to decrypt them. Let me be clear though, I am NOT advocating paying. Generally, the cost of decrypting your files will not be worth it, nor a good idea, for several reasons:

 

  1.  In my opinion, you will NEVER be able to trust the computer again unless you do a complete reinstall of the operating system and any software. The files are not trustworthy either.
  2. The cost of buying a decryption key may be more than your files are worth (going rate, last I looked, was 10 bitcoins, you can do the conversion at preev.com, but as of this writing it is $2,752.00 -- it changes VERY frequently).
  3.  Morally it is wrong to support crooks.
  4.  Finally, although there are plenty more reasons even if you decide to pay, users have not reported that they received a working decryption key 100% of the time. As a matter of fact, many users have reported that they had trouble decrypting some files.

 

So what can you do?

  

Prevention

  

Like location in the real estate market, prevention is everything. Since, if you are successful at preventing anything from happening in the first place, you won't need to worry about anything else. I will deal primarily with methods of prevention. It has become abundantly clear, even before I spoke to others about it, that the cryptography employed in these schemes, although not impossible to break, is difficult in the extreme. So let's look at some measures you can take to protect your computer. 

 

A. BACKUP

 

First and foremost, and not only for this reason, keep good backups and test them regularly. The best backup in the world is useless if you can't restore from it when it is needed. See my article on backups and cloud backups for more information (I especially recommend versioning backups). It is essential that part of your backup routine should be to turn on previous versions/Shadow copy. This is not a difficult task, just follow these steps in Windows:

 

  1.  Click on the Start ball in the lower left corner of your screen (Windows 8 users start at step 3)
    0001---start-ball.PNG
  2. Right click on "Computer" and select properties (alternately, you can just type in system and choose the system control panel from the list). For Windows 7 users, skip to step 8.
    0002---system-search.png
  3.  For Windows 8, hover over the top right corner or swipe from the right of the screen to get the search bar.
    0010---bring-up-search-bar.jpg
  4. Click or tap on the magnifying glass symbol to open search
    0020---search-bar-opens.jpg
  5.  Click or tap on the down arrow next to Everywhere to change that to Settings
    0030---in-searrch-bar-change-to-settings
  6.  Type the word System in the search box
    0040---type-in-the-word-system.jpg
  7.  Click or tap the System control panel (in this instance the fourth one down)
    0050---choose-system-control-panel-optio
  8.  The System control panel will come up (Windows 7 or Windows 8)
    0003---system-control-panel.png
  9. Click on the "System Protection" link on the left-hand side of the control panel
  10. If you are not already there, click on the System Protection tab
    0010---system-properties-system-protecti
  11.  Look down at the Protection Settings section, all your internal hard drives and USB drives should be listed here
  12.  Click on each one you want to have system restore points and/or previous versions/Shadow Copy for and then click configure
  13.  On the next screen you will see a section for Restore settings -- there are three options. I suggest the first one
  14.  In the Disk Space Usage section, give it as much as you can afford.  The more room allotted to this, the more restore points and previous versions you will have available to you.
  15.  When you are finished click okay, okay again, save any work and reboot your computer
    0020---system-protection---system-proper
  16.  You have now enabled system restore and previous versions/shadow copy.

 

In Windows 8, turn File History on. This backs up selected directories in a Time Machine like fashion. Note that it will only work when the external drive that you designate as the file history drive is connected. And since it will only backup some directories, other measures are called for. A micro tutorial on starting and using File History can be found here. I also recommend using CrashPlan for Windows 7 or Windows 8

 

Although CrashPlan used locally is free, the cloud option is an excellent value. Another free option is DriveImageXML for Windows 7 or Windows 8. And if you are using Windows 7 don't forget to enable and use the Native backup options. I have said more than once that you can never have too many backups, or to put it more bluntly, files you don't have backed up in two other locations, are files you don't care about. (That is two locations other than your computer, at least one of these should be physically in another geographic area -- that is why cloud backup is helpful.)

  

B. NETWORK SHARES

 

This applies to the question of what to do once you have discovered the infection as well. Cryptography infections such as the ones discussed here CAN encrypt network shares that are mapped as a drive on your computer (assigned a drive letter), but they do not encrypt network shares that are either mapped using a UNC path (\\myserver\myshare) or connected to by using a shortcut.  UPDATE: It was pointed out to me that a new variant of ransomware - CryptoFortress - WILL encrypt network shares that use a UNC path.  See this article (also linked to below in the comments). Thanks to Rob Hoffman for the heads up!  So the only real defense is prevention!

  

So, the best way to be nice to whomever is taking care of the network share and, at the same time, prevent your files stored on it from being encrypted, is to NOT map it as a drive (assign it a drive letter). Either use the UNC path, or create a shortcut to the drive in question and use that. At this time it behooves me to remind system administrators and anyone else in charge of network shares that the most important part of protecting yourself and everyone who uses the share is to set permissions properly.

  

Follow the Principle of least privilege. The link will take you to explanations and best practices (if you still need them). In this way, if a user does get infected, only the directories they have write permissions to will be encrypted. If policies are set correctly, either using GPOs or the bulk version of CryptoPrevent, you will have a lot less to worry about. Also, your backup routine should be significantly more robust and incorporate better testing than the ones I have outlined here.

  

C. ANTIVIRUS/ANTIMALWARE

 

Second, have up to date AV/AM software. This will help but don't count on it. Make sure you have heuristics turned on. You also should look into EMET. EMET (Enhanced Mitigation Experience Toolkit) will help protect you from various malware and should be an integral part of your security setup.

  

D. SAFE COMPUTING

 

Third, practice safe computing (especially since crypto type trojans use social engineering to get people to download and execute them), that means

 

  •  Be very suspicious of any link that simply says "Click here." If you can't get the exact link by putting your mouse over the link, use extreme caution!
  •  DON'T ever click a link in an email -- if you trust the sender and know their account has not been hacked, type the link directly into your browser's location bar. Even better maintain a virtual machine with a browser installed for this purpose. In that way if it is a malicious link, all you need to do is exit the VM and either delete it or restore it to a previous save point (what is extremely disturbing to me, is that many times the subject line in an email is something you are expecting. One common subject, that carried an infected payload, was "Scan from a Xerox WorkCentre" -- see the most common subject lines that Cryptolocker used in the cryptolocker guide from BleepingComputer linked to at the end of this article. I immediately changed the message sent to users when they scan a document on finding this out.).
  • DON'T click links in any document or webpage unless you know exactly where it will take you. Many sites will have multiple download links. Usually the software you are looking for is linked to in smaller type and/or near the bottom of the page. I have seen several reputable sites which use Google AdWords and have ads with large download buttons that look like the download you are looking for; do not be fooled! These tend to download either download helpers you do not need or Browser helper Objects (BHOs) that purportedly help you download. Either can contain adware and may contain malware. Always look for the real link to the download you are looking for by hovering your mouse over the various download links to see where they will take you.
  •  DON'T ever click a shortened URL in Twitter or the like if you do not know the sender or it appears all by itself (such as a shortened link tweeted to you with no explanation -- if I receive one of these I automatically report the tweet as SPAM). You can often see many examples of these on Twitter.com (e.g., @yourname bit.ly/01234 or @yourname Check this out! bit.ly/01234).
  • DON'T visit websites that harbor malware, that being said, know that many websites subscribe to advertising bots that may send out something known as malvertising (malware advertising). You can get easily infected through malvertising on a legitimate site. Use a browser that protects against this, such as using an adblock plugin, or something like Cocoon for Firefox or WOT for Chrome, or best of all browse in a Virtual Machine).
  • DON'T download software from warez sites (illegal sites -- this includes illegal video and audio). I know this sounds restrictive, but weigh it against having all your most important files encrypted and essentially lost forever (think wedding pictures, birthday pics, or if you're like me and keep all your tax documents scanned in and on your computer -- those as well).

 

E. MULTI-LAYERED SECURITY

 

Fourth, use a multi-layered approach to security. You may ask, isn't this what everyone advises against? What you need to understand is that advice against using more than one AV solution means don't use more than one solution that ACTIVELY scans your files. Some applications call this on-access scanning. As long as only one application is allowed to do on-access scanning, multiple applications can run on your machine. For instance, on one of my machines I have Malwarebytes Anti Malware Pro with on-access scanning running and Microsoft Security Essentials with on-access scanning turned off (it doesn't like that, but tough). So to best protect your computer I suggest the following:

 


In terms of CryptoPrevent (free or Premium), the software is built upon the ideas in the post on CryptoLocker at bleepingcomputer.com. The CryptoPrevent program makes the necessary changes as outlined in the guide at bleepincomputer; the difference is that the program doesn't require the user to deal directly with the registry. It not only locks down execution of programs from certain directories, you can also create a whitelist of programs that are okay to run (a whitelist is a list of something that has been approved in some way -- in this case if your computer is clean the whitelist contains the names of the programs that AREN'T malware).

 

This is in comparison to a blacklist, in which you would have to list all the programs you don't want to run (for an example of a blacklist check out the host file mentioned earlier). A whitelist is not only easier to create and maintain, it is also more likely to protect you. If you use CryptoPrevent to its best advantage, you will add all current applications (assuming your system is clean -- CryptoPrevent is just that a preventative measure -- it will NOT decrypt files that have been encrypted) to a whitelist. The program will prompt you to do this. Note that the free edition does not automatically download definition updates, as stated on the bottom of the CryptoPrevent page. The author of CryptoPrevent has created several videos to show it in action. Just remember that these were made by the author:

  

CryptoPrevent vs CryptoLocker 2

CryptoPrevent in action

CryptoPrevent 2.01

 

There is also a silent video here that shows CryptoPrevent installation (latest version) on a Windows 7 64-bit machine. Another tool, released by SurfRight (now owned by Sophos), is CryptoGuard.  It should be noted that this is trialware. The software will scan your computer, tell you what needs to be deleted (you can choose what to do with each entry or take the defaults), and will then delete the various occurrences, at least until the trial runs out. CryptoGuard is more intrusive than CryptoPrevent. They work differently, assuming you are using the free version of CryptoPrevent. CP free makes some basic registry changes and enables and changes local or group security policies. CryptoGuard is more of a monitoring application. Learn more on how CryptoGuard works here.

 

I can't emphasize enough that CryptoPrevent/CryptoGuard or similar software should be just ONE facet of an overall security plan to prevent any malware infection.

 

For more general cryptography information (and a more technical bent), check out this article by Giovanni Heward: http://www.experts-exchange.com/Security/Encryption/A_12460-Cryptanalysis-and-Attacks.html

  

User MASQ has an excellent post on CTB-Locker as an answer to a question here.

 

If you are familiar with security blogs, you will be familiar with Krebs on Security. I highly suggest reading Brian Krebs' articles/posts. At any rate he has a post about how to avoid Cryptolocker here. There is also a good article on the Malwarebytes website. And there is a tool to search for and list encrypted files here (the page is also another excellent reference).

 

Bev Robb, the person who mentored me into E-E, wrote a great article about ransomware on her security blog: https://teksecurityblog.com/4-ransomware-lessons-you-need-to-learn-before-it-snags-you/. There are some great guides if you need further help located here, here, here or here.

 

It has been pointed out that this guide may give a good preventative solution.  Also, It is worth taking a look at Umbrella by OpenDNS.  They have a blog located at https://blog.opendns.com.  If you are interested you should especially check out this blog on Umbrella: https://blog.opendns.com/2013/11/06/umbrella-msps-protects-networks-cryptolocker/.

 

I have been a subscriber to the windows secrets newsletter for over a decade (possibly two), and recently their lead article was about Ransomeware and how to defend yourself against it, I received permission to link to it - ou can read it here.  Note that you may have to answer a question before reading the article.  The article was written by Susan Bradley, who is a Small business Server and Security MVP.

 

User btan pointed me to this page with a bunch of toolkits to help out.  And user Eirman suggested this article in the comments below. The article is about how harmless looking attachments might bring down certain doom. It is a must read. Btan's suggestion is also a must for anyone who has already been bitten.  Another tool for those who have been bitten was pointed out by user btan - check out the locker unlocker tool.

5
 
LVL 14

Expert Comment

by:Ajit Singh
Comment Utility
The title stated everything.

What a great piece of article! Seriously I really did enjoyed it! Well described.

Simple things you can do to protect against ransomware attacks:
http://expert-advice.org/2017/07/ways-to-protect-yourself-from-ransomware-attack/
https://www.lepide.com/blog/what-can-you-do-if-youve-become-the-victim-of-a-ransomware-attack/

Stay safe and don’t forget the best protection is always a backup.
0
 
LVL 17

Expert Comment

by:Kyle Santos
Comment Utility
Great article, Thomas.
0
I have a folder of screenshots on my computer and everytime I go to look at said screenshots I find at least one of them modified. It's always either completely black or looks as of someone scribbled over it with a black paint tool. It sometimes shows in the propeties of the image that it has been modified and sometimes it doesn't. I'm wondering if this is some sort of virus? I've tried scanning each image with Web root but it never seems to pick up anything like malware. It's  yet to modify any picture outside of my screenshot folder as well.
0
If you're an app developer (iOS or Android) and want to add facial recognition to your app for free, then you may want to take a peek at ZoOm. Maybe Experts Exchange will add it to their nifty little app.

Side note: You won't be able to use it to replace the fingerprint reader on your iPhone. I too was excited by the prospect of swapping one biometric for another, but sadly it doesn't have that function.
5
I need to draft sort of guideline to govern Remote Access by external vendors/parties.
Anyone has any documents or links to share?

Off hand, I can think of:

a) for access to UAT/development servers, remote access with encryption (eg: ssh
    or RDP) needs to be video-recorded / screen logged for long-term vendors who has
    signed Non-Disclosure Agreement with us.  UAT/Developmt may contain actual data

b) for access to Production, an authorized staff needs to initiate/trigger the connection
     (eg: WebEx or Remote Assistance) & watch what's being done with screen logging/
     video recording of the session

c) do we need access through a jump host (I've heard of RDP jump host)

d) the external parties/vendors PCs need to be updated with latest patches & AV
    signatures

e) every single staff of the vendor needs to have indiv account (ie no account sharing)

f) under what circumstances do we need 2FA ?
0
Bear with me because I am by far an exchange expert, I am an IT admin for an HR company who was brought in an don't know exchange well at all.  So if I use the wrong verbiage I apologize.

Last week on tuesday, we came to an outage on exchange.   We ran scans and found our database was corrupt.  We started a new database and ran the migration tool bringing over one user at a time, everything is back up and running properly now after the migration tool.  The old database is unmounted and only the new database is mounted and all users are connecting and running email fine.

Ever since the migration and the new database the security requirement on mobile phones has been messed up.   It seems only on android devices so far, but as you can see from the settings below simple password is checked, alpha numeric is not, however on android it is making you now do a 4 digit code, with one Capital Letter, one lowercase, and the other two are what you pick.

Before the migration you could do a simple 4 digit number passcode.

Any ideas what I am doing wrong or what might have changed?
Capture.PNG
0
Hello,
Looking for an alternative to this

set-gppermissions -Name $Name -TargetName $TargetName -TargetType $TargetType -PermissionLevel $PermissionLevel -Domain $Domain -ErrorAction Stop

Open in new window


Setting the permissionLevel to none is generating a prompt for confirmation which causes issues with automation

Any help much appreciated
0
We want to implement this across all computers in our domain. However our PDC is still running SBS 2008 and the Advanced Audit Policies are not available to do so. So before we go and touch 50 or so workstations, we're wondering if there is a simple way to do this, maybe through a script?
0
U.S. Department of Agriculture and Acronis Access
LVL 4
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Vendor      Certification
CompTIA       A+
CompTIA      CompTIA Advanced Security Practitioner (CASP)
CompTIA      Convergence+
CompTIA      DHTI+
CompTIA      Network +
CompTIA      Project+
CompTIA      Security +
GIAC      GAWN
GIAC      GCFA
GIAC      GCFW
GIAC      GCIA
GIAC      GCIH
GIAC      GCIM
GIAC      GCIM
GIAC      GCUX
GIAC      GCWN
GIAC      GISP
GIAC      GNET
GIAC      GSEC
GIAC      GSIF
GIAC      GSLC
GIAC      GSOC
IBM      Certified Advanced Database Administrator
IBM      Certified Application Developer
IBM      Certified Database Administrator
IBM      Certified Database Associate
IBM      DB2
ISC2      Associate of (ISC)2 Designation
ISC2      CAP
ISC2      CISSP
ISC2      SSCP
Microsoft      Microsoft Certified Applications Developer (MCAD)
Microsoft      Microsoft Certified Architect: Database
Microsoft      Microsoft Certified Architect: Messaging
Microsoft      Microsoft Certified Database Administrator (MCDBA)
Microsoft      Microsoft Certified IT Professional: Business Intelligence Developer
Microsoft      Microsoft Certified IT Professional: Database Administrator
Microsoft      Microsoft Certified IT Professional: Database Developer
Microsoft      Microsoft Certified IT Professional: Enterprise Administrator
Microsoft      Microsoft Certified IT Professional: Enterprise Project Management
Microsoft      Microsoft Certified IT Professional: Server Administrator
Microsoft      Microsoft Certified Professional Developer: Enterprise
Microsoft      Microsoft Certified Solutions Expert: SQL Server 2012
Microsoft      Microsoft Certified Professional Developer: Windows
Microsoft      Microsoft Certified Solutions Associate Server…
0
OwnYourId.jpg
Your Identity Is Yours. Here’s How To Keep It That Way.

Have you ever been out with friends, had a little too much to drink, and left your credit card in a bar? Or maybe you thought you’d stowed your child’s social security card safely away in your desk drawer, but now you can’t find it. It may seem like losing these items is just an inconvenience, but the reality is that simple slip-ups like these can spell disaster for you and your family.
 
We recently took to the streets of Denver to get a feel for how average Americans are staying safe from identity theft. Their responses were not so surprising.  
 
How are you protecting your identity?
3
 
LVL 7

Expert Comment

by:Brian Matis
How are you protecting your identity?
I'm with you on the credit monitoring and credit freeze. Although, full disclosure, I did spend many years working for one of the major credit bureaus on their consumer credit monitoring products and wrote the business requirements for my team's portion of the credit lock feature—still one of my favorite projects from when I was there. We made it so much easier for customers to manage their freeze status through our service. :-)
1
 

Author Comment

by:Drew Frey
The credit piece is a big one that I think many don't pay enough attention to. It's important to know where you stand and stay up to date with your credit score and in some cases, freeze when needed.

That project sounds really interesting! Fun that you got to work on that Brian!
0
Community-SocialMedia-People-Native.pngHacks, breaches, and the daily tech emergencies—together tech communities can solve some of the toughest problems. Check out how important fellow community members believe Experts Exchange is in our new infographic!
4
Have PHP website on an ubuntu server.  The site is not SSL.  It is accessed via HTTP.  In the .conf file I have require ip x.x.x.x.

I am trying to figure out all the security concerns.

This site is supposed to be accessed via VPN.  OpenVPN is what is being utilized to connect to the network.  However, the VPN is NOT forcing the traffic over it.  VPN was set up to not force all traffic through VPN only the traffic to and from the site.  The network engineers stated that that was done because of speed.

Because the site is HTTP removing require ip x.x.x.x and utilizing require ip all allows me to access the site outside of the network so this is an issue.

I don't know when the latest patches were installed or how to install them or where to get them.  Any suggestions?

Any other issues?
0
Hi all, i want to set up a new drv for my 5 security camera.
this dvr has to have internal hard disk , usb port , cloud support and obviously lan nic.
I want to delocalize continuos recording;
a) i cannot use ftp copy scheduled (if i a schedule every hour a copy, i can lose 59 minutes...and if dvr is stolen i'll no have recordings...)
b) i cannot use usb disk cause i cannot put usb disk so far from dvr
My wan connectivity is not so powerful, so i need as a first approach -> a real time copy from dvr hard drive to a nas over lan.
When my wan will be faster, as a second approach -> i can delocalize over clolud (maybe only motion detection and no all continuos recording)

You can help me in this way:
- give me a good dvr model that support 8 camera and this configuration
- advice on configuration based on real experience (someone use a dvr and a nas\cloud for recordings real time synch)

Please ask me for details, sorry for my english
Really thanks
0
Dear Experts,

I need your opinion on this question we have. Currently We host a SaaS environment for our customers. Due to a lot of legacy our SaaS environment is connected to the same domain controllers as our internal network and computers. Everything is very open and security is becoming a real issue. Now the question we struggle with, what is the best thing to do.

1. We completely separate our SaaS environment from their current domain. Create a new domain with its own forest. Only the administrators get a username and password in this new forest. This will make sure none of my employees can access the SaaS environment without an administrator knowing about it (which is what I eventually want to achieve).

2. We keep the the SaaS environment and our own network in the same domain and forest, and we block any access for my users to the SaaS environment based on firewall rules, leased privileged user account, and audit policies.

I don't quite know what the best option is, both bring a lot of configuring and after work hours to implement. We just want a secure environment for our customers which is compliant with ISO 27001.
0
What are the ways to get RHEL patches ?

1. Doing 'yum' to pull down directly from RHN support
2. My Unix admin told me he could download via Tcp443 all the rpm packages
    for RHEL 7 patches (to a development server in DMZ) & then do 'yum'
    against these RPMs : is this true?
    Then he can scp/sftp these RPMs internally to other RHEL (or share out via
    NFS) servers to update patches to the other servers.
3. Set up a Satellite server : there's cost to this.  Is Satellite servers hosted in
     DMZ as a practice
4. Any other methods?

Which of the above are more secure?  We prefer not to let all servers directly
'yum' to RHN support due to security & bandwidth concerns
0
Our audit requested to do the above but from what our mobile applications team's
understanding, we usually scan the mobile applications website, not the device.

Is it essential & what are the ways / tools people use to scan mobile apps running
on mobile phones & iPad (IOS specifically) or usually people just do secure coding
on the apps, do static codes analyses (using Fortify etc) on the codes only?
0
In our environment, secure zone refers to internal zone which hosts the critical backend systems
while DMZ hosts the more 'exposed' systems.

We got an audit finding that supporting infra systems (like SCCM, WSUS, NTP, our internal Vulnerability
Assessment scanner) should not store authenticators (I assume this refers to credentials) of the
critical systems (critical financial systems that transacts huge amount of $) that are hosted in the
non-DMZ (ie secure) zone.

Q1:
Well, SCCM (which we use to deploy PCs patches & collect info from them & these PCs include PCs
used to make/process large payments) & WSUS (which deploys patches to all servers include the
critical/sensitive servers)  will need to have access to those critical systems to be able to deploy
patches.  Any idea if SCCM/WSUS store authenticators ?    We place these systems in our DMZ;
should we place them in an isolated/more secure zone?

Q2:
I presume when SCCM/WSUS is compromised, hackers could access the critical PCs & serrvers
via these tools?  If so, what are the mitigations?

Q3:
We also have Cyberark tt we lodge admin IDs of critical servers in them?  if this Cyberark server
is hosted in DMZ, what's the risk?  What are the mitigations?  The vendor who help us set it up
suggested to place it in DMZ (so that we could access via Internet to approve access requests):
is this risky & what are the best practices to mitigate?  I'm inclined to think these vendors are
seasoned in selling …
0
Technology Partners: We Want Your Opinion!
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure
0
Can loved one's or family members see my credit report if I put a security freeze on it?
0
All end users (from 5 different companies/locations) in our domain login to the same application server.  Each company will have an accounts payable clerk who has 2 printers sitting at his/her workstation.  One is a "check" printer, the other is a "reports" printer.

Our software vendor's software works best when these printers are networked (assigned a Static IP address) instead of plugging into the clerk's computer via a USB cable.  I usually install these printers on the local machine with the Static IP address and have a naming convention as follows:
LOC_A_CHECKS
LOC_A_REPORTS
LOC_B_CHECKS
LOC_B_REPORTS
LOC_C_CHECKS
LOC_C_REPORTS
LOC_D_CHECKS
LOC_D_REPORTS
LOC_E_CHECKS
LOC_E_REPORTS
When prompted to "Share this Printer", I answer "No."  When prompted to "List in the Directory", I answer "No."  So, at this point the clerk at LOC_A has 2 printers listed in the "Printers and Devices" folder - LOC_A_CHECKS and LOC_A_REPORTS.  This is repeated at every location.

Again, our software vendor's software prints best when the same printer(s) for LOC_A are added to the Server's Printers and Device" list.  To insure I'm installing the same driver on the Server as is installed on the local machine, I add the Printer to the Server by IP address.  The Server then queries the printer and successfully adds the printer.  During this installation process, I'm given the opportunity to change the Printer Name.  I always use the same printer name as was used on the local …
0
If you're a modern-day technology professional, you may be wondering if certifications are really necessary. They are. Here's why.
5
 
LVL 14

Expert Comment

by:Justin Pierce
Comment Utility
Hi Gene,

Unfortunately, I ran smack into this wall. I made the mistake of thinking my traditional education and work experience would carry me through in this industry because I didn't factor in the most important of variables "change".

Being born in the 70's and growing up in the 80's (my generation is called The Net Generation)  I was taught that degrees were vital to grabbing a good job, and that work experience was proof of your skills. For the most part if you went to a 4 year college (prestigious or well-known was better), maintained a good GPA, had an inside connection to the company you wanted to work for, were willing to conform to a dress code, you were almost guaranteed a job. Not so anymore.

To keep things short, my work as a government contractor kept me deployed out with my customer (US Army Air Defense) for months at a time where I taught officers and soldiers how to be System Administrators and run tactical networks in austere environments. Needless to say, I didn't have much time to work on grabbing certifications, but when I found an hour to use, I worked on grabbing certs that were tied to universities. That was a mistake.

Why?

Because "change" happened and industry recognized certs became a thing. Certs became so important my colleagues and I were told that DoDD 8570 was being put into place and that we would have to grab a few certs to prove our skills or risk being dropped from the contracts we were working on (of course we all laughed). We laughed not because we were arrogant, but because the team was comprised of Warrant Officers, Navy Chiefs, and Army SFCs, who all had 20+ years each in specialized military training. Not too long after we were told about DoDD 8570, Sequestration took place and killed the contract. That left us guys with work experience and degrees scrambling to get a few certs that pertained to the fields we were already working in. It was very hard for many of us to train up, grab a cert, and apply for a job before the mortgage payment became an issue (it worked out for most of us).

Not the fairest of lessons to learn, but when has life ever been fair, or change been halted in its tracks?
6
 
LVL 17

Expert Comment

by:Kyle Santos
Comment Utility
Justin's comment should be an article.  My kid is almost 2 and I'm thinking about how I can prepare him in the work force already so he has better advantages than I ever did!
0
I had this question after viewing anti virus software protecting against ransom ware.

Is this for a single computer or network of them?  

The best and cheapest protection is a solid regular backup of your system. Windows 10 has built in backup utilities.

I am looking for a product I can put on 4 personal computers windows 10,8,7 so I can defend my new and old computers
Not for business use
0
Please provide me with a URL address to download the Symmetry Business 7.0.1 (120400) door badge system software.

This is the software that allows the laptop (while connected with the cable to the security system) to activate and deactivate security cards that are used to unlock doors.

SYMMETRY-BUSINESS-V-7.0.1
0

Security

23K

Solutions

23K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.