Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the Security Value Map? See the map and download the full report today!
Course Of The Month
8 days, 12 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Security
23K
Solutions
171
Articles & Videos
23K
Contributors
Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.
Share tech news, updates, or what's on your mind.
Hi everyone ,
I applied CU 15 on my exchnage 2013 mailbox server,but got an error on step 12 ,below is the full error ,should i consider this update as complete or i will have to run the setup again.
when i run below command to chekc the CU version
Get-ExchangeServer | Format-List Name, Edition, AdminDisplayVersion
it shows the serevr has latest CU version on which i got the error
Error:
The following error was generated when "$error.Clear();
$name = [Microsoft.Exchange.Manage
$dispname = [Microsoft.Exchange.Manage
$dismbx = get-mailbox -Filter {name -eq $name} -IgnoreDefaultScope -resultSize 1;
if( $dismbx -ne $null)
{
$srvname = $dismbx.ServerName;
if( $dismbx.Database -ne $null -and $RoleFqdnOrName -like "$srvname.*" )
{
Write-ExchangeSetupLog -info "Setup DiscoverySearchMailbox Permission.";
$mountedMdb = get-mailboxdatabase $dismbx.Database -status | where { $_.Mounted -eq $true };
if( $mountedMdb -eq $null )
{
Write-ExchangeSetupLog -info "Mounting database before stamp DiscoverySearchMailbox Permission...";
mount-database $dismbx.Database;
}
$mountedMdb = get-mailboxdatabase $dismbx.Database -status | where { $_.Mounted -eq $true };
if( …
I applied CU 15 on my exchnage 2013 mailbox server,but got an error on step 12 ,below is the full error ,should i consider this update as complete or i will have to run the setup again.
when i run below command to chekc the CU version
Get-ExchangeServer | Format-List Name, Edition, AdminDisplayVersion
it shows the serevr has latest CU version on which i got the error
Error:
The following error was generated when "$error.Clear();
$name = [Microsoft.Exchange.Manage
$dispname = [Microsoft.Exchange.Manage
$dismbx = get-mailbox -Filter {name -eq $name} -IgnoreDefaultScope -resultSize 1;
if( $dismbx -ne $null)
{
$srvname = $dismbx.ServerName;
if( $dismbx.Database -ne $null -and $RoleFqdnOrName -like "$srvname.*" )
{
Write-ExchangeSetupLog -info "Setup DiscoverySearchMailbox Permission.";
$mountedMdb = get-mailboxdatabase $dismbx.Database -status | where { $_.Mounted -eq $true };
if( $mountedMdb -eq $null )
{
Write-ExchangeSetupLog -info "Mounting database before stamp DiscoverySearchMailbox Permission...";
mount-database $dismbx.Database;
}
$mountedMdb = get-mailboxdatabase $dismbx.Database -status | where { $_.Mounted -eq $true };
if( …
2 Comments
I have a task attached to an event the runs a powershell script to send an email when ever an event is logged
For actions I have start a program, entered powershell.exe with and path to script in arguments
It all works well except when ever the task runs I get an email with the event details and a 2nd email like below
can anyone tell me how to prevent the 2nd email>>
SubjectUserSid S-1-5-21-2560493146-139777
SubjectUserName service account name
SubjectDomainName AD
SubjectLogonId 0x585dd7
ObjectServer Security
ObjectType Key
ObjectName \REGISTRY\MACHINE\SOFTWARE
HandleId 0x304
TransactionId {00000000-0000-0000-0000-0
AccessList %%1538 %%4432 %%4435 %%4436
AccessReason -
AccessMask 0x20019
PrivilegeList -
RestrictedSidCount 0
ProcessId 0xc9c
ProcessName C:\Windows\System32\Window
For actions I have start a program, entered powershell.exe with and path to script in arguments
It all works well except when ever the task runs I get an email with the event details and a 2nd email like below
can anyone tell me how to prevent the 2nd email>>
SubjectUserSid S-1-5-21-2560493146-139777
SubjectUserName service account name
SubjectDomainName AD
SubjectLogonId 0x585dd7
ObjectServer Security
ObjectType Key
ObjectName \REGISTRY\MACHINE\SOFTWARE
HandleId 0x304
TransactionId {00000000-0000-0000-0000-0
AccessList %%1538 %%4432 %%4435 %%4436
AccessReason -
AccessMask 0x20019
PrivilegeList -
RestrictedSidCount 0
ProcessId 0xc9c
ProcessName C:\Windows\System32\Window
I have 300 Ubuntu 14 PC's that I block all internet except a whitelist - I do this by disabling dns, and have the central server do dns lookups for everything on whitelist and put it in a hosts file and have all the hosts use that. Obviously, this is a bit hacky but it worked.
The problem now - I have a need to whitelist *.slack.com. Slack says subdomains change too much, they cant provide a static list, or even a current list and then let me update it.
So I guess I need to enable DNS - what might be easy ways to still restrict to a whitelist of domains? I can easily run shell scripts on all 300 machines. (they check in with central server and grab a script and run it regularly). So anything I can install/configure via script is a viable option...
If it's not too hard I could set up an ubuntu machine to be a dns server.
Basically what I want is whatever is easiest so that I can just provide a whiltelist, that is allowed to have wild cards like *.slack.com and block everything else. I suppose it doesn't actually have to be a DNS based block if there is some client app.
Whatever it is, I am OK to set up a server myself - but the clients, it needs to be scriptable install/config.
I want to be able to update the whitelist easily/quickly.
Any ideas/suggestions?
The problem now - I have a need to whitelist *.slack.com. Slack says subdomains change too much, they cant provide a static list, or even a current list and then let me update it.
So I guess I need to enable DNS - what might be easy ways to still restrict to a whitelist of domains? I can easily run shell scripts on all 300 machines. (they check in with central server and grab a script and run it regularly). So anything I can install/configure via script is a viable option...
If it's not too hard I could set up an ubuntu machine to be a dns server.
Basically what I want is whatever is easiest so that I can just provide a whiltelist, that is allowed to have wild cards like *.slack.com and block everything else. I suppose it doesn't actually have to be a DNS based block if there is some client app.
Whatever it is, I am OK to set up a server myself - but the clients, it needs to be scriptable install/config.
I want to be able to update the whitelist easily/quickly.
Any ideas/suggestions?
I know that my cipher suites are causing the issue with not being able to connect to certain sites - I'm not sure how or why but somehow it's only allow HTTP connections and is not allowing HTTPS connections (windows update can't check for updates, can only browse http websites)
I also can't connect to my IIS site as it's HTTPS as well - there are no errors in the logs
I know the cipher information is in computer\HKLM\SYSTEM\Curre
What do I need to do to check/fix to allow both http and https connections on this server?
See attached photo
I've seen this issue before but cannot for the life of me remember what I need to do to resolve it
IIS 7.5 - Win Server 2008 R2
experts_exchange.PNG
I also can't connect to my IIS site as it's HTTPS as well - there are no errors in the logs
I know the cipher information is in computer\HKLM\SYSTEM\Curre
What do I need to do to check/fix to allow both http and https connections on this server?
See attached photo
I've seen this issue before but cannot for the life of me remember what I need to do to resolve it
IIS 7.5 - Win Server 2008 R2
experts_exchange.PNG
Over the past month we have built 2 Tier 2 PKI environments for our domains. One of them appears to be working correctly and the certificates from the templates are being pushed (Workstation Authentication, RDP Auth) as normal. However on our second domain this is not the case. I have setup both PKI environments for the domains exactly the same (minus the domain names) as i read through the same article for both installs. I did notice that some of my servers in the partially functioning PKI have gotten the Workstation Authentication cert, however i can only get the RDP Auth template to work if i am on a server and i put in a Certificate request. The Active Directory call comes up and when i request the RDP Auth certificate it pulls from my new PKI Environment. I'm doing a controlled decommission of the old CA (no templates present and slowly revoking certificates) but as i am not seeing the new environment push out new certificates correctly i am stalled.
On the new PKI Templates i made sure that Domain computers has Read Enroll and Auto Enroll. I also made sure that Cert Publishers on the domain has the computer that is my Subordinate Ca as a member. I also verified that in our Default Domain Policy the settings for Auto enrollment under the Security Policy is configured per Microsoft articles i have found. I did a tab by tab comparison of the working PKI to the "Non working PKI" for RDP Auth and the settings are the same.
I am not sure what else to look at now and am…
On the new PKI Templates i made sure that Domain computers has Read Enroll and Auto Enroll. I also made sure that Cert Publishers on the domain has the computer that is my Subordinate Ca as a member. I also verified that in our Default Domain Policy the settings for Auto enrollment under the Security Policy is configured per Microsoft articles i have found. I did a tab by tab comparison of the working PKI to the "Non working PKI" for RDP Auth and the settings are the same.
I am not sure what else to look at now and am…
OK this seems shocking to me. I've just started a new sys admin role (my 1st sys admin role) and I am looking after a clients SBS2011 server which has over 35000 updates waiting to be approved/installed. I've got the number down a bit by removing superseded updates but I'm after some advice. I'll be starting with Critical and then Security updates 1st by trickling them in but should I be looking at installing all of them or can I get by on just the Critical/Security updates?
A bit of extra background. The current sys admin is leaving and the only other guy here is more 1st/2nd line so isn't much help. Google has been my only friend so far. That being said, advice is definitely required so feel free to chip in with your thoughts.
A bit of extra background. The current sys admin is leaving and the only other guy here is more 1st/2nd line so isn't much help. Google has been my only friend so far. That being said, advice is definitely required so feel free to chip in with your thoughts.
Can you please suggest best IT security vulnerability reporting software like hackerone which will be also cost effective.
Hi,
Can you please suggest best Employee Safety and Security solution in software as a service?
Regards,
Naresh
Can you please suggest best Employee Safety and Security solution in software as a service?
Regards,
Naresh
In light of the WannaCry ransomware attack that affected millions of Windows machines, you might wonder if your Mac needs protecting. Yes, it does and here is how to do it.
Free NetCrunch network monitor licenses!
Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!
Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!
Act now. This offer ends July 14, 2017.
Only 10 days left to sign up for our ransomware prevention and preparation Course of the Month for June. With a 300% increase in ransomware attacks from 2015 to 2016, it is vital to decrease your vulnerability to the next attack and enhance your security by enrolling today.
Hi All,
We have a certificate installed and it contains private key in it... we cannot export private key as that is grayed out.
not sure who installed it.
my question is if we missed to enable both (Allow private key as exportable and Mark key as exportable) then is there any chance to export .pfx format from installed certificate??
We have a certificate installed and it contains private key in it... we cannot export private key as that is grayed out.
not sure who installed it.
my question is if we missed to enable both (Allow private key as exportable and Mark key as exportable) then is there any chance to export .pfx format from installed certificate??
When my site are in development I have always gotten the IP address from AWS, then accessed them from my browser. But here's an article I would read if there is a secret exposure...
https://www.imore.com/how-edit-your-macs-hosts-file-and-why-you-would-want
I do not take lightly to changing my Hosts file because I do not want to put myself into an unstable condition, if I missed something in the directions.
Is there risk to using an IP address to directly access my PC? I assume the biggest benefit is that the site can be kept private from public view, but is there any way in the world that someone cold guess that address?
Are the scrapers out there pinging billions of IP addresses?
As far as keeping it private, it is mainly that I can use my real domain name and keep that private? That's nt important to me since I can buy the SSL cert and do that before launch. AT the moment, I just need to look at the sire and test it, so by adding my IP into the browser, does that expose my IP to scrapers?
Thanks.
https://www.imore.com/how-edit-your-macs-hosts-file-and-why-you-would-want
I do not take lightly to changing my Hosts file because I do not want to put myself into an unstable condition, if I missed something in the directions.
Is there risk to using an IP address to directly access my PC? I assume the biggest benefit is that the site can be kept private from public view, but is there any way in the world that someone cold guess that address?
Are the scrapers out there pinging billions of IP addresses?
As far as keeping it private, it is mainly that I can use my real domain name and keep that private? That's nt important to me since I can buy the SSL cert and do that before launch. AT the moment, I just need to look at the sire and test it, so by adding my IP into the browser, does that expose my IP to scrapers?
Thanks.
Is there any update windows (such as windows 7) update patch for dealing with wanna cry threat?
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP, Windows Server 2003 and 2008 - Both 32 and 64 Bit installs.
I got hit with Amnesia Ransomeware...
Any help to decrypt?
Any help to decrypt?
We have a wordpress (latest version) site I would like to secure, there is no personal data on there, no contact forms no sales. However I would like to lock down the login page and generally increase the security, I had wanted to put SSL I can't. Any suggestions?
South Korean web host pays largest ransomware demand ever.
https://www.cnet.com/news/largest-ransomware-ever-demand-south-korea-web-host/
https://www.cnet.com/news/largest-ransomware-ever-demand-south-korea-web-host/
Active today
Guess it was easier for them to pay $1M than restore 153 servers from backup? I'd think if they have $1M, they'd have backups? Sheesh.
In related news, Coinbase is shutting down the accounts of people who pay ransoms:
http://www.coindesk.com/coinbase-white-hat-hacker-dont-want-bitcoin/
In related news, Coinbase is shutting down the accounts of people who pay ransoms:
http://www.coindesk.com/coinbase-white-hat-hacker-dont-want-bitcoin/
Drew Frey writes articles on cyber security and ransomware protection. Follow him if you're interested in seeing new articles in those topics.
https://www.experts-exchange.com/members/Drew-Frey.html
https://www.experts-exchange.com/members/Drew-Frey.html
Complete VMware vSphere® ESX(i) & Hyper-V Backup
Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)
Hello
We are very worried because we have just find out that some users can "send as" emails, sent on behalf,...
How could this be possible?
Ahmed
We are very worried because we have just find out that some users can "send as" emails, sent on behalf,...
How could this be possible?
Ahmed
does anyone know of a way, perhaps using one of the AD cmdlets, that will get the same info as a Microsoft baseline security analyser scan, in the "shares" section of the report, which gives both the share and directory ACL, but writes the results out to a CSV file so further filtering/analysis can be performed. MBSA does give what I need but the report is essentially read only, I need a way to filter the results as on some servers under review are hundreds of shares, so having it in csv would make that additional analysis a lot easier. Basically MBSA just enumerates all shares on a server and produces the share and directory ACL, in a simple:
share (name), path, share ACL, directory ACL,
so I need a command to do the same and put the results in a nice CSV file with the same columns so I can do similar analysis.
share (name), path, share ACL, directory ACL,
so I need a command to do the same and put the results in a nice CSV file with the same columns so I can do similar analysis.
Hi all,
I'm after your thoughts. USB drives are a big risk to any network. However, if a business enforces the encryption of USB Drives once they have been attached to a computer and are also scanned by an anti virus product, just how much risk do they now pose?
Any corporate data on there is now encrypted incase it is lost or stolen and any malware/virus should be detected before it is able to run (as long is it is not 0 day for example).
Should we still be concerned? Many in the business want USB drives disabled by default, where as other think that the above controls mitigate the risks and will only force people to start printing (and losing) paper documents.
I'm after your thoughts. USB drives are a big risk to any network. However, if a business enforces the encryption of USB Drives once they have been attached to a computer and are also scanned by an anti virus product, just how much risk do they now pose?
Any corporate data on there is now encrypted incase it is lost or stolen and any malware/virus should be detected before it is able to run (as long is it is not 0 day for example).
Should we still be concerned? Many in the business want USB drives disabled by default, where as other think that the above controls mitigate the risks and will only force people to start printing (and losing) paper documents.
Exchange 2016 on Server 2012 R2.
Exchange is working fine.
Mobile users, all on iPhone, can connect to the Exchange Server for mail when they are off site, but not while on site & connected to the LAN Wi-Fi.
If they turn Wi-Fi off, they connect (obviously via cellular)
Why can they not connet through the LAN Wi-Fi?
Exchange is working fine.
Mobile users, all on iPhone, can connect to the Exchange Server for mail when they are off site, but not while on site & connected to the LAN Wi-Fi.
If they turn Wi-Fi off, they connect (obviously via cellular)
Why can they not connet through the LAN Wi-Fi?
I have created root certificate while signing sub ca certificate using root key basic constraints , Key usage as Certificate signing and not coming in certificate. below is the openssl config file.
##########################
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
# Policies used by the TSA examples.
tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7
##########################
[ ca ]
default_ca = CA_default # The default ca section
##########################
[ CA_default ]
dir = ./demoCA # Where everything is kept
…
##########################
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
# Policies used by the TSA examples.
tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7
##########################
[ ca ]
default_ca = CA_default # The default ca section
##########################
[ CA_default ]
dir = ./demoCA # Where everything is kept
…
A $1 million payout in a ransomware case?! Well crap... That's worrisome. What'll the hackers do with that money? How many new attempts will this incentivize? What would you do in their place?
https://arstechnica.com/security/2017/06/web-host-agrees-to-pay-1m-after-its-hit-by-linux-targeting-ransomware/
https://arstechnica.com/security/2017/06/web-host-agrees-to-pay-1m-after-its-hit-by-linux-targeting-ransomware/
Active today
Restore last good version, apologize to clients, and probably end up losing clients would be the proper thing to do.
I would assume that if it was done due to damage control, paying up would lose me more clients and face then dealing with the issue at hand best as one can. This is a terrible incentive to these type of ransomware developers. They might now target this webhost on purpose in the future.
I would assume that if it was done due to damage control, paying up would lose me more clients and face then dealing with the issue at hand best as one can. This is a terrible incentive to these type of ransomware developers. They might now target this webhost on purpose in the future.
Active today
And the reality is now that this is public news they will lose all their customers anyway and probably be outta business within a month
If some hosting company can afford to pay that much money to get their data back they should have been able to employ someone for a lot less money to make sure it didn't happen in the first place
If some hosting company can afford to pay that much money to get their data back they should have been able to employ someone for a lot less money to make sure it didn't happen in the first place
Security
23K
Solutions
171
Articles & Videos
23K
Contributors
Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.
Top Experts In
Security
-
1
btan25,750 points -
2
McKnife19,896 points -
3
masnrock16,520 points -
4
Shaun Vermaak14,961 points -
5
Adam Brown11,000 points -
6
Wayne887,800 points -
7
arnold6,332 points
-
8
David Johnson, CD, MVP5,600 points -
9
Jackie Man5,430 points -
10
Experts Exchange5,016 points -
11
Thomas Zucker-Scharff4,364 points -
12
oBdA4,000 points
-
13
Andrew Leniart3,964 points -
14
Justin Pierce3,586 points -
15
Andrew Hancock (VMware vExpert / EE MVE^2)3,448 points -
16
Ray Paseur3,060 points -
17
Cliff Galiher3,000 points -
18
Vasil Michev (MVP)3,000 points
-
19
Alex Green3,000 points
-
20
Qlemo2,800 points -
21
Natty Greg2,800 points -
22
irweazelwallis2,800 points -
23
Shawn Stewart2,664 points
-
24
John Hurst2,564 points -
25
Dr. Klahn2,515 points