Security Help

LVL 98

Article by

John Hurst

Windows 10 2017 Fall Creator Update (V1709)

This article is about the new functionality and features in Windows 10 Version 1709 Fall 2017 Creator Update.

0 Comments

Add Comment

Important Lessons on Recovering from Petya

LVL 10

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

I cannot log into my Qsee DVR to check to see who ran into my fence. I do not know if I even set up a password. If I did I do not remember it.

3 Comments

My company is developing a mobile App, and it is advised to block Rooted machine from using it.
The Rooted detection mechanism works, but has false positives on non-Rooted Miui Xiaomi mobiles, because they seems to have some Root-bundled function even it is new.

Is there any way to distinguish a Rooted and non-Rooted Xiaomi? to check the bootloader lock or unlock status? Grateful if any can share me some source code for the check.

Thanks a lot.

4 Comments

Question by

John Doe

1d agoSolved

Math logic question

One of the datacenters a company uses is a converted nuclear shelter.
Switzerland, paranoid about security, has enough nuclear shelters to protect all of its inhabitants. Imagine if we converted all of these nuclear shelters to power racks and racks of standard 1U servers instead. How many servers can we support? Make your best guess and round your answer to the nearest million.

7 Comments

Question by

beavoid

2d agoSolved

Wifi connection on macbook pro lost.

I am writing this from my son's computer, as I have lost my wi-fi connection at my house. How do I get it back?
I have looked at the modem and router. They still have the right number of icons lit on their dials. I phoned Netgear and got an answering machine, and was unable to get the help I need.

I am wondering if this info can help you diagnose for me: Recently there has been a third sentence in the window drop-down [when I clicked on the wi-fi icon.] It said something about recommendations. Shortly after this I lost wi-fi to my computer.

Also and perhaps . . . Do I have a security problem?
In System Preferences > Wi-fi . . . I see most networks have Security labeled WPA/WPA2 Personal. I have just WEP.

2 Comments

LVL 6

Article by

Gene Richardson

2d ago

How to Protect Against Ransomware [ VIDEO]

Let's take a look into the basics of ransomware—how it spreads, how it can hurt us, and why a disaster recovery plan is important.

0 Comments

Add Comment

Downloading employee financial reports from third party company and no green padlock after I click the retrieve report link. everything else; login, report access page has the https and green padlock except the retrieve report execution link.
Here is what happens.
You click the retrieve report link. a script is running, then a pop-up window opens and the report is retrieved and downloaded. that pop-up window isn't displaying a padlocked icon but rather an (i) icon indicating unsecured.

Should we be worried because these financial reports obviously contain sensitive protected data?

2 Comments

LVL 26

Question by

Fred Marshall

2d agoSolved

PowerShell or .bat code for DCOM settings

I have PowerShell code for setting up WMI on a workstation.
It lacks the necessary setting for DCOM.
Manually, we would do this:

DCOMCNFG.EXE
Computers / My Computer / Properties / COM Security
Launch and Activate Permissions … add “name” with full privileges

How can I get this into the PowerShell code?

(I already have code to switch DCOM from Connect to None and from None to Connect which involve registry edits done in the code - for an altogether different purpose. But this looks a bit different).

7 Comments

Question by

ManieyaK_

2d ago

Can't log on locally

Hello Experts, to satisfy the NIST 800-171 requirement for Dual Authentication for privileged accounts we have a way to do this, but we must disable Local Policy to prevent local logons. The solution we're toying with now is using our KVM to connect remotely. Only concern if for what ever reason the KVM fails & we have disabled local logons, how would we get past this?

We're running Server 2008 R2 environment.

2 Comments

I have this issue where non-root (ie non-priv) UNIX users or even applications could
alter or create files that are world-writable & this will easily become an audit issue.

As the creator/owner, they can always change the file permission using chmod.
"umask" can set the default settings for files created but this will not stop them
from altering it subsequently.

Q1:
Can provide sample ACLs or any method such that even owners of files can't alter
the UNIX file permission?

Q2:
Is there any way without using paid products (OpenSource is fine) to alert us if
file permissions are being changed? Sort of File Integrity Monitoring but we
don't want to be alerted/notified if file content or dates are changed, only if
permission is changed.

We run Solaris 10 & 11 (both have ACL features) & AIX 6.x/7.x and RHEL 7.x.

Or is there a "find ..." command which we can run daily to identify which files'
permissions got changed the last 1 day?

6 Comments

Hello Everyone,

I am trying to publish CRL to file share location which is on a different server. Though i am able to publish the CRL to the file share , when i open my 'PKIVIEW.msc' it shows that the CDP location is not reachable. I have also checked from the client computers using the 'certutil -url' command but there also the CDP shows unreachable.

The permissions which i have applied are :

1. the CRL folder is in C drive of the server.

2. I have given modify permissions to the CA computer and the administrator.

3. I have also given security permissions to the CA computer.

4. I have configured the CRL as ->
file://\\Server1.contoso.com\dump\<CaName<CRLNameSuffix>.crl

5. I am not using delta CRL. The duration of Base CRL is 1 weeks.

Can anyone please help me in knowing where am i doing wrong. I am testing this scenario using single tier enterprise CA .

Thanks and Regards,
Rahul Kumar

1 Comment

Dear experts,

I would like to set access control (IP address) by /etc/hosts.allow and /etc/hosts.deny in Ubuntu. I like to deny all IP address to use ssh except some IP address.

(1) could you please teach me how to do this by editing /etc/hosts.allow and /etc/hosts.deny. I am kind of confused about the order of use this 2 files. could you please give me examples? If add allow entries in /etc/hosts.allow , does rest of others is denied?

(2) Can /etc/hosts.allow and /etc/hosts.deny also control the access of Xrdp (port 3389)? if yes, how to do it?

Thank you so much!

6 Comments

Cyber criminals continue develop new anonymous technology, like viruses mutate constantly, makes the previous vaccine failure, cyber criminals trying to adopt new techniques in anonymous confuse malicious behavior and conceal the true identity, and easy to implement attacks.

Security

0 Comments

Add Comment

LVL 17

Question by

Tiras25

3d ago

Water sprinklers in the server room

So I walked into this newly built server room and see a water sprinklers hanging right on the top of the racks.

I never seen sprinklers in the server rooms before in my career. Is it acceptable for the server rooms or absolutely no no? Wonder other's opinions before I push back hard. I understand this is not a data center but a server room for 100 users office floor.
Thanks in advance.

12 Comments

Ransomware - Defeated! Client opened the wrong email and was attacked by Ransomware. I was able to use file recovery utilities to find shadow copies of the encrypted files and make a complete recovery.

0 Comments

Add Comment

Greetings,

For all the programming and brainpower that goes into protecting systems today, anti-virus programs are always going to be desperately playing catch-up when it comes to zero-day attacks, I would like to create an access policy through Windows that looks something like this:

Name: Block access to *.doc except for winword and other allowed programs
Processes to include: * (all)
Exceptions: winword.exe, chrome.exe, adobe.exe, explorer.exe (there are more to include, this is just an example)
File/folder name to bloc: *.DOC
Actions to block" Write access to files, New files being created

With the above policy in place, an illegitimate ransomware virus executable, e.g. deathstar.exe, would be unable to write to the data files because the access policy would block their efforts to write to and encrypt the protected data files.

I would want to do this for all main file types, e.g. *.doc/docx, *.xls/xlsx, *.pdf etc.

With what tools can I put these rules into place on a given Windows XP / 8 / 10 PC and/or on a Windows 2008 / 2012 / 2016 server?

Thanks.

jkirman

5 Comments

Recently I have created new DFS Namspace (in preparation to move users redirected folders to different server share)

Until now users folders were redirected to

\\server\USERS\username\...

After implementing DFS Namespace users folders are still pointing to the same place but it is now showing as

\\domain.local\shares\users\username\...

The issue is that when users click on to files located in the new DFS namspace they get this message every time they try to open file:

Open File - Security Warning
We can't verify who created this file. Are you sure you want to open this file:

"..filename..."

This file is in a location outside your local network. Files from locations you don't recognize can harm your PC. Only open this file if you trust the location.

How do I fix this annoyance?

1 Comment

Hi All

We have an o365 environment that doesn't use ADFS but we want to enable MFA to secure our environment. Is there a way to disable MFA from activesync and autodiscover as we do not want to be prompted for the one time passwords when logging on to devices.

Thanks in advance.

1 Comment

Hi,

Please see the diagram attached for a better idea of the setup. I am planning on deploying a pair of ACS servers in a cluster. Is it best to deploy the ACS servers in datacenter 2 behind a load balancer such as a F5? Also, is there a document/books which can be recommended which explains the different cluster deployment scenarios and how to pretty much configure an ACS from scratch?

Thank you
Diagram1.JPG

0 Comments

Free Tool: IP Lookup

LVL 10

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Hi,
I support a number of Windows Server 2008 R2 installations for very small businesses. I'm looking for a good, affordable intrusion detection and prevention software to install on servers. Most typical case of security concerns I see in the event logs is event ID 4625 - failed logins - spaced just a few minutes apart. They are trying a brute force dictionary attack of usernames thousands of times a day, Microsoft, in their infinite wisdom, does nothing to lock out repeat offenders based on IP address. Their best solution is to temporarily lock out user accounts if successive login attempts for the same username occur. Duh - wouldn't it make sense to lock all activity from that IP address? Also, why don't all these 4625 failed login events have a source IP address in the event log? Seems like a critical piece of info is missing! Is their somewhere else to look?

I did see a recommendation for an Intrusion Detection software from CyberArms.net which I downloaded yesterday, only to learn they have stopped selling and supporting the product due to lack of sales. Company is in Germany and said not enough people were interested in their product at $150! Sounds very affordable to me...

So, can anybody recommend a good ID software that would allow me to configure a permanent "hard lock" of the IP address described in my 4625 scenario above?

TIA,
Mike

6 Comments

On October 16, the international well-known vulnerability repository common vulnerability disclosure ( CVE ) release reported that the wpa / wpa encryption protocol, used to protect wi - fi security, was exposed to " key heavy attack" k, which would almost affect wi - fi devices such as all computer

Security

0 Comments

Add Comment

Question by

Member_2_5947542

4d ago

Passive FTP

My server admin is asking of me to open up 1000 ports for a server to run passive FTP. Is there any other way to have passive FTP without opening up all those ports?
What concerns should I be aware of security wise in doing this?

5 Comments

Question by

Renee Burke

4d ago

How to reset forgotten password

I forgot my password for our qsee how can I reset it so I can get in

Security

1 Comment

LVL 14

Post by

Justin Pierce, CEH

4d agoEdited

Hello, EE Experts!

I wanted to make sure that all Apple users understand what's going on with the new Wi-Fi (WPA2) vulnerability "KRACK."

Apple is working on a fix to roll out as soon as possible to all its users. They've stated that there is a fix for this vulnerability in the beta versions, but that the fix is not in the latest update you have on your device.

So, what can you do?

Don't connect to Wi-Fi at hotels, coffee shops, or anywhere outside your place of business or home. Even at your house or area of work use a VPN.

Wait, even at my house?

Yes. Essentially the attacker can read all the information that is being transmitted wirelessly throughout your home. That said, if you use a VPN you're making an encrypted tunnel around the information you're sending and not relying on the WPA2 protocol that should keep your data safe. So, even if the attacker is looking at the data on your home network, the VPN is making it unreadable.

Also, if you're out and about, please turn off the Wi-Fi capability on your iPhone or iPad. By turning off the Wi-Fi, you're making your iPhone or iPad solely dependent upon cellular data, which is not susceptible to this attack.

Where can I get a VPN?

I use Encypt.me because it's fast, simple, relatively cheap, and works on all of my devices without In-app purchases. However, there are free VPNs that you can grab …

0 Comments

Add Comment

Hi

I am using acrobat pro 11 to convert a word doc to pdf using vba in word 2013. I need to know how to change the security setting within vba to restrict editing of the pdf doc.
Thanks.

Here's my code :

Sub Créer_PDF()
'
' Créer_PDF Macro
'

Dim CurrentFolder As String
Dim FileName As String
Dim myPath As String
Dim UniqueName As Boolean

UniqueName = False

'Store Information About Word File

  myPath = ActiveDocument.FullName
  CurrentFolder = ActiveDocument.Path & "\"
  FileName = Mid(myPath, InStrRev(myPath, "\") + 1, InStrRev(myPath, ".") - InStrRev(myPath, "\") - 1)

  ActiveDocument.ExportAsFixedFormat _
        OutputFileName:=CurrentFolder & FileName & ".pdf", _
        ExportFormat:=wdExportFormatPDF, _
        OpenAfterExport:=False, _
        OptimizeFor:=wdExportOptimizeForPrint, _
        Range:=wdExportAllDocument, _
        From:=1, _
        To:=1, _
        Item:=wdExportDocumentContent, _
        IncludeDocProps:=False, _
        KeepIRM:=False, _
        CreateBookmarks:=wdExportCreateHeadingBookmarks, _
        DocStructureTags:=True, _
        BitmapMissingFonts:=True, _
        UseISO19005_1:=False
End Sub

Open in new window

1 Comment

COURSE of the MONTH

Security

Related Topics

Security

Related Topics