Security

26K

Solutions

25K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hello, I would like to hear the experts opinion/recommendation on establishing a communication between the subnet with the same IP range on two separate networks. Both networks are physically separated but can be connected with a firewall transit. Network #1 has a security camera system and I want to extend it to Network #2. The security camera system subnet is 192.168.20.0/24 and is VLAN20 on Network #1. I created the same subnet and VLAN on Network #2, thinking that would all I needed. However, having the firewall transit in between, I figure it's not that simple. I assume a typical solution would be using a different subnet range and VLAN with a static route to route the traffic between the networks, but I wanted to check if it's possible somehow to establish the communication between the system being on the same subnet and VLAN over the firewall transit. Thanks in advance for any comments.
0
OWASP: Avoiding Hacker Tricks
LVL 13
OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

Yesterday I got an interesting SPAM that looked very much like the scam you see here.

I right clicked on the shortcut and copied it to the clipboard then pasted it into chrome on my test machine.  It takes me to what appears to be a legit bankofamerica website.  I have attached a screenshot.  I did not enter my passwords, but it sure looks 100% legit to me.

Here is the url:  https:/ / billpay-ui.bankofamerica.com/ imm/ PaymentCenter/ Index/ 8404?csbi=644077671&b0=20190916192841396056
I have added a space after each / to make it safe.


I've been told that some legitimate looking URL's will automatically redirect me to a bogus website, but how does that work? If the domain controller does the redirecting wouldn't bankofamerica.com avoid a bogus address? Or does the redirecting occur on the routers that the packets hop through?

In other words how can this particular link get me in trouble?
ee-bankofamerica.png
0
I am the sys admin in a large organization that practices 'separation of duties'.  At my division I have admin rights to do everything, EXCEPT logon to the domain controllers.  I am trying to track logon events on local member servers, but I can't seem to get the audit logon events listed in event viewer.  I have server GPOs to enable success/failure of 'audit logon events'.

I thought 'audit logon events' are shown on the local server and 'audit account logon events' are shown on the domain controller?

How do I audit local logon events on the member servers?

Logon event ids
0
I have On-Prem Azure MFA. How can I enable a domain account (Admin) to get MFA when accessing a server either by RDP, \\Server1\c$\, Interactive Login , etc.
We do not have MS Federation Service setup. Windows Hello for business seems a bit cumbersome for this objective.

Ideally, it will be with push notifcation and easy to implement.

I briefly came across Centrify.- https://www.centrify.com/privileged-access-management/authentication-service/mfa-system-login/

Any idea or suggestions welcomed.
0
We are looking for a way to make documents (preferably PDF files) self-destruct after a set period of time.  We strongly prefer a strictly client-side solution with no central management server.  Is there an easy solution?
0
I've got a Python script that traverses S3 Buckets and prints out what folders and files have public permissions. This can be handy when auditing AWS for potential security issues.

Right now, the script runs fine, but takes a long time to run, due to a CDN that has known public permissions. I would like to exclude that bucket when I run the script.

Can someone please help me create a line in the script that allows me to EXCLUDE a particular bucket? Let's call the bucket I want to exclude "cdn-twt" for the sake of this script.

Thanks in advance for your assistance.

#This Script will use Paginator to print result for each bucket, executed in multiple threads
import boto3
import threading
import os.path

ACCESS_KEY = 'A*****************A'
SECRET_ACCESS_KEY = 'P******************************2'

session = boto3.Session(aws_access_key_id = ACCESS_KEY, aws_secret_access_key = SECRET_ACCESS_KEY)

maxthreads = 5
sema = threading.Semaphore(value=maxthreads)

def list_object(bucket):
    try:
        s3 = session.client('s3')
        flag1 = objcount = 0
        paginator = s3.get_paginator('list_objects')
        page_iterator = paginator.paginate(Bucket= bucket)
        for page in page_iterator:
            if 'Contents' in page:
                for obj in page['Contents']:
                    uniobj = obj['Key'].encode('ascii', 'ignore').decode('ascii')
                    objAcl = s3.get_object_acl(Bucket=bucket, Key=obj['Key'])
                    flag2 = 0
   

Open in new window

0
I have an Active Directory server that hosts files and permissions. One of the employees just got a new laptop and will be going out of town for a few days.

What is the best way to setup her laptop for security while allowing her to still access the server and its files?

Thank you!
0
I accidentally locked myself out of my computer. I set Lockout Policy for Admin (0) after 5 bad attempts, which wouldn't be a problem normally, cause I'd login as Admin and clear the user account, however, I setup a configuration that allows a User to elevate permissions without an Admin password but when the session is not active it disables the Admin account. :(

It has been working great for 2 years and then while I was on a call I didn't focus that much effort into my logins and boom the hammer dropped...lockout.

How can I login again...I don't want to reformat.

-Windows 10 Pro (fully updated)
-workgroup

Thanks!
0
This works:

const express = require("express");
const jwt = require("jsonwebtoken");
const app = express();
const mongoose = require("mongoose");
const session = require("express-session");
const MongoDBStore = require("connect-mongodb-session")(session);
const csrf = require("csurf");

const MONGODB_URI =
  "mongodb+srv://username:password@brucegust-wxyz.mongodb.net/applied";

app.get("/api", (req, res) => {
  //console.log("hello");
  res.json({
    message: "Welcome to the API"
  });
});

app.post("/api/posts", verifyToken, (req, res) => {
  jwt.verify(req.token, "secretkey", (err, authData) => {
    if (err) {
      res.sendStatus(403);
    } else {
      res.json({
        message: "Post created",
        authData
      });
    }
  });
});

app.post("/api/login", (req, res) => {
  //Mock User
  const user = {
    id: 1,
    username: "brad",
    email: "email@domain.com"
  };

  jwt.sign({ user: user }, "secretkey", { expiresIn: "30s" }, (err, token) => {
    res.json({
      token: token
    });
    console.log("yes");
  });
});

// format of Token
// Authorization: Bearer <access_token>

//verify Token

function verifyToken(req, res, next) {
  //get auth header value
  const bearerHeader = req.headers["authorization"];
  // check if bearer is undefined
  if (typeof bearerHeader !== "undefined") {
    // split at the space
    const bearer = bearerHeader.split(" ");
    //get token from array
    const bearerToken = bearer[1];
    console.log(bearerToken);
    

Open in new window

0
We are getting a CORS error when trying to run and API request from one of our subdomains to another. I saw an htaccess fix...

<ifmodule mod_headers.c="">
   SetEnvIf Origin "^(.*\.MyDomain\.com)$" ORIGIN_SUB_DOMAIN=$1
   Header set Access-Control-Allow-Origin "%{ORIGIN_SUB_DOMAIN}e" env=ORIGIN_SUB_DOMAIN
   Header set Access-Control-Allow-Methods: "*"
   Header set Access-Control-Allow-Headers: "Origin, X-Requested-With, Content-Type, Accept, Authorization"
</ifmodule>

I added that to the htaccess file of where the API request was going *to*, but we still get the error. Does it need to go in the htaccess of the site the request is coming *from*? Or both? In other words, does the htaccess stuff need to live where the request originates or where the request is processed? Or both?
0
CompTIA Network+
LVL 13
CompTIA Network+

Prepare for the CompTIA Network+ exam by learning how to troubleshoot, configure, and manage both wired and wireless networks.

Two separate businesses using the same domain name have now merged into one.
This is the first time I've ran into this and hope someone could shed some light. We've recently acquired a new client who at one point had two domain controllers. Server 2008 and Server 2012. They moved Server 2012 over to a new location as part of a different business, but kept the same domain name. Server 2008 AD sees the 2012 as a DC, However 2012 doesn't see 2008 as a DC. They are now on different networks, but recently was configured to tunnel back to corporate to share resources.

What I'm trying to accomplish: Join a 2016 DC to their corporate to decommission 2008.

Error I'm getting when promoting 2016 to a DC: "Active Directory preparation failed. The schema master did not complete a replication cycle after the last reboot."



What I've gathered so far.

Server 2008 - DC - samedomain.local - Corporate Office

At one point was replicating to 2012.
Server 2012 - DC - samedomain.local - Remote Office

No longer replicating from 2008.
Recently a WatchGuard VPN was put in so the two locations could talk and share resources. Different IP schemes, and they don't know about each other.

My Question: Can I safely remove 2012 DC from 2008 to stop attemping replication and at the same time continue to operate both under the same domain names, but seperate?

Remote Office will still use 2012 to authenticate locally until we can sit down and plan out a migration plan several …
0
Hey guys,

I have a folder on one of our DFS shares, ( on server 2008 R2)  which I want to configure so its "invisible" to users who do not have access to this folder. Currently everyone can see it but get access denied message when they click on it. I want to configure it somehow that this particular folder on this DFS share is ONLY visible to users who have access to it.

Name space: \\domain.com\CompanyShared   ( X drive )

X drive have 100 folders within it, one of the folders is called - "Procurement" which have a security group assigned to it for specific people.

I want folder named "Procurement" only visible to people who are part of this security group which is applied to it and not everyone else.

Is it possible ? Can you point me in right direction ?  

Thank you in advance!
0
We're on O365 E1 & E3.
From browsing, understand our Enterprise E1 & E3 O365 has DLP feature.

I'd like to implement Data Loss Prevention for outgoing emails and files uploaded to OneDrive/Sharepoint.


Need advice here if O365/Exchange Online can fulfill the following requirements & point me to the links that guide on the steps to configure/set:

a)      To configure for a pilot group initially before rollout corporate-wide: can we specify a few users 1st?

b)      When outgoing emails sent by staff contains NRIC (in the email content as well as its attachments such as MSOffice & PDF attachments), the emails will be quarantined/withheld till myself or alternate approver  approves to release them.   Ideally the approval for release is done via email or demonstrate how this is done.

IT administrator is not the right party to assess if the user’s function/role requires the user to send the sensitive information so ideally we can designate for each department a couple of approvers.

c)      Likewise, if the outgoing emails contain encrypted attachment, the email ought to be withheld/quarantined till the sender’s manager releases it

d)      On a lower priority, outgoing emails tagged as “Confidential, Sensitive” or emails with attachments that are tagged with these keywords are to be quarantined till the sender’s approver releases it


e)      Repeat the above tests when users upload documents containing NRIC or tagged as ‘Restricted/Confidential’ to OneDrive & SharePoint Online

0
I have used ADMT to migrate user account, security translation and computer accounts all successfully. When logging in with migrated user account on new domain, a new local user profile is created on the machine. Should the user profile not be migrated as well?

Current Domain: old (2008)
New Domain: new (2012)

I run ADMT from old domain DC and do migration successfully.

Please help!
0
We are in the process of deploying  new laptops, PCs and MACs   across the board to employees at all branches.
Would appreciate the advice of Experts before the handover:

1. Which is the best software to monitor in case the  laptop/PC/MAC gets lost and to get it back.
2. What the best way to physically secure these devices.

Any other advice will be appreciated.
0
Hi We have a fail open policy set. Can someone advise on the quickest way to simply completely turn off scansafe cws using asdm. briefly   - I'm not after a bypass for 1 IP- just want it off briefly while continuing to allow web traffic to flow and then quickly turn back on - - since I have a fail open policy set is it simply a matter of just removing the tower IP address set  in  configuration - device management cloud web security - by having nothing here (removing) will this turn off CWS? - thanksimage from asa Thanks
0
I am trying to do a quick audit of our security landscape (such as, not limited to, which versions of SQL / OS are running, patching levels, misconfigurations. attack surface etc) and thought I would ask what other people are using.  So I am currently only looking at free tools (Using Powershell / WMI etc) that are easy to use and can quickly give us an overview of the security health of our domain (Windows / Linux / Mac) - we will look at paid products separately down the line.

I welcome suggestions of tools you have used top criteria would be:-

1. Can quickly audit a whole environment preferably without needing agents preinstalled
2. Free (or very cheap)
3. Provide up to date information

Thanks!


Jon
0
We have a kiosk tablet [Microsoft surface] when the application is running there is no way out of the application without a password so access is restricted to the OS, but there is a loophole if you attach a keyboard and press the Windows key. Is there a way to set up that if the tablet detects a UBS being connected it should email me a picture?
I created a task schedule as following
Tasktrigger:  on event, Log: Microsoft-Windows-Kernel-PnP/Device Configuration, Source: Kernel-PnP, Event ID:410

But when I set @ action send email I get the following error
The task definition uses a deprecated feature, based on what I see on the internet this will not work and the workaround is to run a script I tried 3 different scripts but none worked see attached.

Also this will only send me a notification but not snap a photo, I need to know who it was that violated the company policy.
script.ps1
Sendemail.ps1
tssendemail.ps1
0
is PowerShell get-hotfix command a reliable way to determine that last windows security update applied to a windows server/client? I have used it on a sample of servers and it seems to sort the results into a sequential order although some seem a little but out of order so to speak, I've picked that the last value in the sequence and then gone online using the KB number, e.g. KB4499151 - to determine the date is was released/issued by Microsoft. Is this an accurate way to determine the last date an update was applied.
0
Become a Microsoft Certified Solutions Expert
LVL 13
Become a Microsoft Certified Solutions Expert

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

hi any document or link where explain which security policies apply or create documentation of security policies
0
I'm curious and would like to settle an argument in our office. If we are running desktops with Windows 10 Pro v1903 with all updates, and all drives are Bitlocker encrypted (including the free space), is it possible for our data on these drives to be attacked by Ransomware?
0
Hello to everyone,

while I was installing some software,I don't know where I have clicked,but something very bad is happened. I've activated a virus that has crypted a lot of important data saved on all the attached disks. The files after that they have been crypted appears like this :

autoexec.bat.id[0E9A1736-2275].[recovermyfiles2019@thesecure.biz].ADAME
WhatsApp.lnk.id[0E9A1736-2275].[recovermyfiles2019@thesecure.biz].ADAME

This is the message that I seen after some time :

All you files have been encrypted due to a security problem with your PC. If you want to restore them, there are 2 ways of contact.

1. Jabber contact -       recovermyfiles2019@thesecure.biz

- https://www.wikihow.com/Create-a-Jabber-Account
- https://psi-im.org/download/
- Once you created a jabber account. Make sure you add the contact first and wait for our approval to begin sending message.
- Directly messaging us with out accepting your request will result to Forbidden message

2. Bitmessage contact address-       BM-2cVoXfF2BdYyfxBrady3hopZN6izutPyEr

- https://bitmessage.org/wiki/Main_Page
- After all the sync is finish. You can directly send message here.

Try both method of contact to ensure we receive your message.

Free decryption as guarantee

Before paying you can send us up to 5 files for free decryption. The total size of file must be less tthan 4mb(non achieved), and files should not contact valuable information. (databases, backups, large excel sheets, etc.)
0
Windows 2012 server - PDC, need to edit  Local Security policy | Local Policies | User Rights Assignment | Manage auditing and security log > add user/groups is grayed out; logged in as domain/Administrator.  Need to add groups Administrators and Exchange Servers.
0
Hi Experts - my inquiry boils down to three questions:  

1.). What might a Security Analyst have found in AWS instances (e.g., any hosted database or server solutions) to indicate TOR usage?

2.). How do you effectively detect and contain/eradicate TOR usage?

3.). What are sure tell-tale behaviorism's that TOR is being used on your network?

Thanks a million in advance for any insight provided!
0
I am curious what technology trends are on Technology Officer's minds and what you think every company should be aware of right now.   What practices to you incorporate within your company to make sure your whole team is aware of these trends and making the right decisions?
1

Security

26K

Solutions

25K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.