Security

26K

Solutions

25K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi Experts,

Summary: Does anyone know why, when I make a table a hidden object using VBA code, and then turn on Show Hidden Objects from Navigation objects, the table don't show back up?

Situation:
I'm creating tighter security for a client's sensitive data with an MS Access front end and back end. The back end is password protected, which I know there are a lot of very easy to use utilities on the web where you can use to find out the Database password.  So I'm taking further steps to secure. One of them will be will be to remove the Navigation Pane, turn off the By Pass Key (with a secret way to turn it on) and use a custom ribbon that prevent a user from opening up Options. All that said, if a user can find the password for the database, they can Import or Link to the back end tables, UNLESS they are hidden. So I've written code to hide all the tables in the back end which is launched from an outside application.

tblDef.Attributes = dbHiddenObject

Open in new window


All this works fine. My question is... when hide tables in this manner, and I by pass the start up (using my secret way), and then go into File / Options and turn on Show Hidden Objects
in the Navigation Options, the hidden tables DO NOT SHOW. Does anyone know why?

I've added some code to turn the the hidden object off from the outside app, and when I do that, the tables reappear.

Any help on this would be greatly appreciated.

Thanks,
Eddie
0
Microsoft Azure 2017
LVL 19
Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

I am in the process of creating a rock solid secure image upload system for a website I am working on.

Naturally, I want to do client side checks to validate the image file (jpg or png), before I upload it for further checks to the server (using php) - and I assume for that I will use Javascript.

I know there is quite a lot to take into consideration here, so I'm taking it one step at a time.

My question is this, SHOULD I be using jquery for the client side image verification or vanilla javascript.

I know jquery is just javascript ultimately, but I have a propensity to do this with vanilla javascript. Personally I think vanilla javascript 'reads' better as code than jquery. I would also assume it's actually faster at execution.

Online, there is almost no useful information about vanilla javascript with regards to secure image file validation (there are snippets here and there I know) - but there is lots of information about jquery. I am the sort of person who likes to do things 'raw'. So that I can understand fully what my code is doing without any wrapper.

Am I missing something? Is jquery really great at something I'm not understanding? I see jquery code, and the equivalent javascript code, and don't really understand why people are so 'into' jquery. The code lengths are generally similar, and am personally not afraid of coding a bit more if that's what it takes.

I think part of it might be that jquery is all over the internet, and vanilla …
0
I am sent a zip file daily that contains an excel file.  The zip is protected
When I double click on the zip icon/folder I then see the excel icon.  I double click on the excel file.
I am then prompted for a password - I assume this is the zip password as when I open the excel file there is no password protection.  Without the password I can not initially move the file.  It seems once input the password I can do anything I want with the file, without the password I can not open, move, etc.

Every day I am sent the same file (same filename,same password, but different rows of data) and I follow the very same proceed above but it never prompts me to put in a password again.
If I clear all my temp files and shutdown my PC I will then be re-prompted for the password
Why does this behavior occur ?  Shouldn't I be prompted for the password every day when I am sent the file and open the file ?  I only had to input the password the very first day.
0
If we have a need to retain (can be in zipped/gz format) bsm
(Solaris Basic Security Module), what's the sizing of the partitions
recommended?

I know it depends on the amount of activity but suppose I
currently have 2GB left, how much more to extend?

BSM is merged with auditd logs
0
Hi,

I d like to search for software which matches met hashes. That way I can crosscheck my installfiles/exes.
Please do nog suggest other options: I really need md5 hashes (or sha256), which I generate from my windows software installers, to match to full software names
Can that be done?

J
0
Exchange 2010 local server where to look for blocked emails and resolve

We use Symantec email security which filters all our email, once in awhile it blocks an email that it should not have blocked so I log into the portal and allow it
Issue: I have one user the recipient here in our company that cannot receive from one specific user from a diff company.
everyone else here in our company can send and receive to this user just fine
Example:
anyuser@ourcompany.com can receive from userA@theothercompany.com
Excluding: userB@ourcompany.com from userA@theothercompany.com

when I look into Symantec's email security portal it shows userA@theothercompany.com cannot be delivered because sender was denied our recipient server (This is our Exchange server) where on Exchange to I resolve this?
0
Without providing too much detail publicly... we are a small company that has been asked to craft an API into our system for clients to make updates from their existing software platforms into ours.  We have developers that have created most of the API infrastructure that is needed. However, my question is, from a business standpoint, should we be forcing these interested 3rd parties to sign confidentiality agreements before reviewing the technical documentation that has been created? Should an agreement / contract be created and signed before any work occurs? Are there any best practices when going through this process? This is not our core business function and looking for direction to make sure we have covered ourselves legally as well as an operational and security standpoint. Any feedback or guidance would be appreciated.
0
Dear experts,
We have done a penetration test and one of the oracle servers had a vulnerability which through it the penetration test experts manage to get the hash of the Domain admin users and then get the NTDS database of the entire AD Users.

How is it possible to check the current hash being utilized and to strengthen this on Active Directory servers? The currently installed servers are Windows 2016.

I would appreciate your recommendations.

Thank you
0
Hello,

how secure is 7zip password protection?

Thank you
0
We're getting Nessus Tenable for vulnerability scans (likely with admin-credentialed scans)
& likely penetration tests.

Q1:
https://security.stackexchange.com/questions/71389/where-to-place-a-vulnerability-scanner-within-a-data-center
Above link has various views & I don't understand one of the line:
"If you're not granting the scanner admin level access to your assets and you're allowing an IPS to interfere then you're doing yourself a disservice."

Q2:
I intend to scan through the Network IPS because we may not be able to apply patches
in time (can't test out patches & obtain downtime in time), so most likely we'll deploy
NIPS virtual patches as interim remediation.  So do we still scan using 'admin credential'
scan in my scenario?

Q3:
Certainly dont plan to scan from public Internet but where is the best location within
our Prod network should we connect up this virtual (runs in VM) scanner?  Management
VLAN or in each Prod subnet, we place one scanner or run from laptop & connect to
a switch port which is assigned all the VLANs  or we just place in DMZ  or  internal
subnet & open up firewall rules?  Firewall may slow down the scans.

Q4:
From secure perspective, which is the most secure place to connect it as we may
use admin credentials (at this moment, no idea how to get it to integrate with
TPAM though we may move to CyberArk in 12-16 months' time as Nessus told
us it integrates with Cyberark, querying the password from Cyberark)
0
Acronis in Gartner 2019 MQ for datacenter backup
Acronis in Gartner 2019 MQ for datacenter backup

It is an honor to be featured in Gartner 2019 Magic Quadrant for Datacenter Backup and Recovery Solutions. Gartner’s MQ sets a high standard and earning a place on their grid is a great affirmation that Acronis is delivering on our mission to protect all data, apps, and systems.

Hi,

I am auditing a large file server using Netwrix. The goal is to audit all files modifications like changed, deleted, added and credential or owner change.

For some share folder, i also want to audit List folder / read data. Until now, I know what to do.

List Folder / read data generates a lot of entries in the Security events log, this is why I don't enable it on all shares.

Netwrix use an agent scan all the files and create a state-in-time report of the files and folders permissions in time. So, that process is accessing millions of files and generating millions of audit events.

I am receiving a lots of events 4663 even in folder that I haven't enable Liste folder / read data. I am trying to find a way to eliminate those events to extend the security log retention.

The maximum size of the security log is 4GB and some audit plans in Netwrix doesn't have enough time to catch all the events before they are getting remove because it is getting full.

The solution, it is lower the number of audited events.

The following screenshot shows my auditing settings. LCDomainUsers is a Local Domain Group that contains Domain Users from 2 domains (forest).
2019-12-03AuditSettings.jpg
The next screenshot shows a generated audit event. Note that SRVSHARE1$ is the computer name and it is not part of the group LCDomainUsers. I don't understand why this event is generated. The process name NwxFsAgent.exe is the Netwrix agent.
2019-12-03Event4663.jpg
I am asking the …
0
How do I transfer a collection of group policy objects from one domain to another.  Domains are not related in any way and never will be, but the group policy objects are a bunch of security settings that are not specific to user names, computer names or any other specific name.  So they should easily transfer.  I just can't find a way to do it, other than to manually rebuild them one at a time in the second domain.
0
I got a new Lenovo laptop running Windows 10 and iTunes 12.  I am running Outlook from Office 365, and have iTunes set to use Outlook for syncing Contacts and Calendar.  But when I synced my iPhone 6 to iTunes through the computer it wiped out all my existing Calendar and Contact data, although Outlook on the computer has all the information.  I tried using the "Replace Contacts and Calendar" option, but that didn't accomplish anything.  Please help.

Thanks,

Phil
0
Audit mandated we must enable  password expiry for MS SQL accounts though we say they're service accounts:

from DBA: change cannot be implemented as it will expire service accounts
Set the 'CHECK_EXPIRATION' Option to ON for All SQL Authenticated Logins Within the Sysadmin Role

What's the practice out there?  
Can we automate changing the password quarterly & yet not affect service accounts (which I assume
do not need to know the password)?  One of them is nagios

Or set the accounts to non-interactive & how to do it for MS SQL?
0
Hello experts

I have a customer who is asking me if they can automate  and O365 ATP reports .
He want to receive the reports by mail for the Security Team instead of going to the Portal to get the reports

Is there any possibility?

Rgds
0
Hi Experts!
I have an old AD domain, abc.com, and a new domain, xyz.com.
I need to copy all users and groups (along with group memberships) to the new domain...
I have successfully utilized LDIFDE to clone the OU Structure to the new domain, now I need to do the following:
1. Export all users from abc.com domain, with all attributes if possible
2. Export all groups from abc.com domain
3. Export Group membership list from abc.com

4. Import list of all users to new domain, xyz.com
5. Import list of new groups to new domain, xyz.com
6. Add users to required security groups in new domain, xyz.com

As I said, I have the OU structure in place and ready to be populated, I'm just having a very difficult time with the outstanding items!

Any advise / assistance with some powershell scripting would be awesome!

Many thanks,
Simon
0
We are undergoing a Security Audit of our internal computer systems by an external 3rd party auditor.
We just rolled out new Windows 10 PCs to 75% of our staff and everything is working great.
We use Ivanti for patch management and all PCs are fully patched with all Windows updates and application security patches.
My question is:
What benefit , security wise, is there in ensuring that Service Packs are all completely up to date?
i.e. Does Windows 10 Service Pack 1909 contain more security patches or benefits if all individual Windows updates and security patches are already up to date?
I'd rather not install the Service Pack since all is working fine.

Thanks!
0
Hi,

This may sound a bit crazy, but is there a way to protect sensitive data from programmers while there are developing the application? (sounds crazy because the programmers has to see the data).  For example,  we are compiling social data of staff like family components, relationships, members income, health issues, etc.  Management want to protect the data from IT support techs that will support this apps and from programmers that will be developing the apps.  If there is no way, and IT has to see all the data, what can a company do to manage this situation where very sensitive data is projected to in the system?

What we have come up with is using dumb data (not real data) for developers to create the applications.  We will use this data from creation up to validation stage.  In data import, the tech responsible has to see this data (so here must be some sort signed agreement) in the support stage since the tech has to see the problem, they have to see data but will not have a test environment with real data.

What u guys think? - any Experts with this type of experience fully appreciated you input
1
I went to extensions ( not add-ons) in Google settings and also to my control panel and programs. I saw nothing to identify these lower right hand corner popup ads. I used Malwarebytes and it found nothing and Trend micro finds nothing, I cleared all chrome data. These ads were x rated and now not so.
Within the ad you see: Google Chrome - www.heavy-r.com.
Is there a setting in Chrome to stop these or should I remove Chrome? I do see a option in the settings to restore Chrome to the default.
This started early yesterday and never before. When they pop up which is every 5-10 minutes, if I ignore them they close. When they re-appear an annoying sound.
Close does nothing and open just opens another window to some site,
Untitledfvfvfgfg.jpgThanks.
0
11/26 Forrester Webinar: Savings for Enterprise
11/26 Forrester Webinar: Savings for Enterprise

How can your organization benefit from savings just by replacing your legacy backup solutions with Acronis' #CyberProtection? Join Forrester's Joe Branca and Ryan Davis from Acronis live as they explain how you can too.

Hello,

When trying to install a Windows application using Clickonce technology, I receive the following error message in detail section of failed installation:

"Deployment and application do not have matching security zones"

How do I fix this error?

Victor
0
we are getting security warnings prompts in outlook for add-ins.

wanted to know i s it related to macro settings with outlook.

i see following settings enabled in outlook- apply macro settings to installed add-ins

can this be the cause or any other reason,
i was also referring to this article.

https://getadmx.com/?Category=Office2016&Policy=word16.Office.Microsoft.Policies.Windows::L_VBAWarningsPolicy

the values are 0-3  , none of which are prompt. Can we find a way to use prompt.
0
I have a Certificate that I am trying to install on IIS Windows Server 2012 R2. The certificate file is a CRT.
I have tried a number of methods including:

  • Convert the CRT to CER on the server I want to install on.
  • Choosing "Complete certificate request" on the IIS / Server Certificates dialog.
  • Select the CER file, and  choose
  • Web Hosting
  • for the store.

This ultimately give me a "Failed to remove certificate" message.

If I choose "Personal" for the store, it will import, but then the certificate does not show in the list for binding to the web site.

I have Googled a lot of posts regarding this, but have not been able to resolve this issue.

I am hoping  to get some advice to be able to install this cert properly.
0
Hello All,
I have a question about SSO (Single Sign-On).
There is a website that offers a service and in order to use their service they used to require knowing what our IP address was in order to control access to their services by IP. Now they are changing to SSO instead and even though I'm not familiar w/ SSO I know that they would need to connect to our AD for authentication and as we know a lot of breaches happen with Third party companies having access to internal network infrastructure. I don't feel comfortable using this method and since I'm not all that familiar with it I figured I'd ask your opinion. Yes, I do know that NOTHING is 100% secured and full proof but I want to at least make sure that I'm not potentially opening a can of worms.

My questions are:

- What are some of the risks if I chose to give their SSO access to our AD?
-If I decide to go w/ the SSO what are the questions I should be asking them to make sure that they have their "sh#*" together and will not potentially compromise our Server/network.
-What are some of your opinions on going w/ SSO from a Third party vendor?
-Should I implement SSO in this case or hold my ground and ask for another solution?
-Could I use AWS, Azure AD (or similar) to create just a stand alone AD on it's own to use with this service and is is cost prohibitive?

Thanks in advance for all your help, it's greatly appreciated!!
0
how to block phpmyadmin page to be accessible from external ip
0
What command can i use from mac terminal to determine the version of phpMYAdmin running on an IP address
0

Security

26K

Solutions

25K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.