Security

26K

Solutions

25K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.

Gurus,

Could you please explain the difference between

1. End Point Protection / Anti Virus
2. End Point Detection and Response
3. Threat Hunting

Are these three related in terms of end point protection

SID
0
Can someone share the exact steps (step by step) on how to set
X-frame-options in Weblogic (10.3.6, 12.1.3, 12.2.1.3)  & Tomcat
to SAMEORIGIN to fix XFS/clickjacking?


I'm running Solaris 10 & RHEL 6  OS
0
I've been trying to apply uniform Share permissions across the files and folders of an entire drive in a domain-joined Windows 10 Pro workstation.
I can take the steps but the results look strange.
(I've run sfc and DISM just lately on the host).

If I look at the Share permissions, they vary across the folders.
I did re-propogate the Security permissions just in case that it would have some effect.  Wishful thinking...

I've not yet tried logging into different users on the host to see if there are differences.
When I look at properties over the network, I don't see a Sharing tab at all......
1
Other than Factory Reset, what precautions can I use to DEEPLY erase a used Android Phone that I've gotten?  Need some EXTRA level of erasing before I apply all my data to it.

One idea that occurred to me: activate phone with a dummy account.  Turn on video, and just let it run until all the memory has been written over.

Then: Factory Reset again, add REAL account.

What's a good way?

Many thanks,

OT
0
I have a stand-alone server that is host to a web application.  I've created a new domain (new forest) for security as well as preparing for additional servers.  I have a problem where it looks like dns svr records were not created correctly during the DC Promo operation and now there appears to be connectivity issues.  Dcdiag /fix returns the following error:

   Testing server: Default-First-Site-Name\HOST1
      Starting test: Connectivity
         The host 5c533dbd-a226-42e6-8968-b6c5296c08fe._msdcs.mydomain.com could not be resolved to an IP address.
         Check the DNS server, DHCP, server name, etc.
         Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
         ......................... HOST1 failed test Connectivity

What is the best way to resolve this?
0
What is this? I have several files with names ending with this: _NEMTY_LVMHFKO_-DECRYPT.  Some are .xlsx files, some are .docx files.  Each has the _NEMTY_LVMHFKO_-DECRYPT following the file name.  We can't find the original Excel or Word files, only these files with _NEMTY_LVMHFKO_-DECRYPT tagged onto the end. The file won't open with any program, but if we navigate to it in Excel and open it, Excel will convert it from a text doc to a jumbled up excel doc.
0
When users visit a website hosted on a virtual server at a client site, they are getting a Error and have to refresh the page. 2019-10-10_13h25_26.png
If I select the URL in the toolbar, and hit enter, the page refreshes and it comes up. but then I click on a menu option and it will then time out with the same error unless I hit the uRL and press enter to refresh the page. I have to do this every time I move from one link to another.

The server the site is on is Server 2016.
IIS is where the site is hosted.

I don't see any security updates with Microsoft that could be causing this block. The support entity told me to uninstall a specific security patch that isn't installed. So not sure where to go.
0
I'm trying to configure a rule in Cisco CES cloud platform the stops people masquerading as the CEO
for attempted Phishing. So on our previous FW we had if the mail has the sender as 'our ceo' but does not come from
our Domain, then drop. I can see where to configure this in the CES.
0
I have a stored procedure in one database that writes to another database. Security is assigned using SQL Authentication.
For each user I have issued
GRANT DELETE,UPDATE,INSERT TO JOBCOSTDETAIL TO USERNAME

This stored procedure is called via a  VS C# program. Whenever a user clicks the button to run the stored procedure they get:
The INSERT permission was denied on the object 'JOBCOSTDETAIL' ,database 'DATABASE',schema 'dbo'

I could change my code to run the sp as 'sa' but I should not need to do that. When I check the properties of this user on this database they do have INSERT permission as dbo. What else do I need to set to get an average user the ability to write to this table in this other database.
0
This is a message I got from a friend:

I have a computer problem will you come over about 4 pm and take a look
there is a yellow bar with a green bar in it and a red star in the
corner of it 100% in the bottom of it cant x out of it.


What would be your guess on what it is before I go over there to take a look.
0
Dear All,
I am monitoring ESX logs on a test environment,however I am receiving lot of logs
I need to focus on security logs only
What kind of logs should I look for?Any help?
IN case i want to know if a virtual machine was created,where to look for?
Any tips on monitoring a vmware ESX?
Regards
0
Our apps architect recommends  Alpine Linux for our
microservices/container environment.

Some time back, a patch management vendor told us
that patching for Alpine can't be managed by Satellite
or BigFix  ie we have to manually download & patch.

Q1:
is the above true or is there something like 'yum' in
RHEL to patch Alpine.

Q2:
Also, there's no CIS hardening benchmark nor any
docs that standardize what to harden for Alpine.

Q3:
Architect further points out that Alpine is the most
secure & efficient Linux to use for microservices;
is this true?  Does Alpine has good development
team that constantly check for vulnerabilities &
release advisories/patches (at least like RHEL)?

https://alpinelinux.org/about/
https://en.wikipedia.org/wiki/Alpine_Linux

Q4:
Where can I view past Alpine's CVEs/vulnerabilities
list & how can we assess how good are support
for Alpine?  Don't want a case where we log a
case for support & there's lack of response &
no solution
0
Looking for help getting my Sonicwall logs files to upload the the Microsoft Azure Cloud App Security system. I am trying to setup the Sonicwall's so they forward their logs to MS to be analyze. I need to have a forwarding machine installed to do this. They have a Docking image of Linus, but I can't seem to get it to work. My working knowledge Linux is pretty limited. I have been using this article as a reference: https://blogs.technet.microsoft.com/cloudready/2018/03/07/configure-microsoft-cloud-app-security-to-analyze-sonicwall-logs/. Thanks
0
I have a question about ransomware.  If my computers C drive is already encrypted, is it still possible for ransomware to hold my computer hostage by encrypting files?  if we have office 365 and all the files are also backed up to the cloud through OneDrive, doesn’t that also create a level of protection?
0
Hi All,

We use WatchGuard as our firewall and have Dimensions setup for reporting. What is the easiest way to find out and possibly monitor all users that have some form of file transfer either ftp, or web/app based such as dropbox etc?

Can this be done / how best to view this info or set this up?

Cheers,
Paul
0
Hello:
I have a script to create an AD user and add to its respective security groups, this script works 80% of the time without issues, but sometimes I have the problem that It can not add the user to his group because it can not find the recent create user.  If I add a delay it fixes the problem.  I want to fix it without adding the delay, any suggestions

function New-OPAdDomainStudent
{
<#
.Synopsis
   Short description
.DESCRIPTION
   Long description
.EXAMPLE
   Example of how to use this cmdlet
.EXAMPLE
   Another example of how to use this cmdlet
#>
    [CmdletBinding()]
    [Alias()]
    [OutputType([int])]
    Param
    (
        $SamAccountName,
        $Surname,
        $FirstName,
        $MiddleName,
        $HomeFolderPath = "\\myd-fileserver.mydomain.com\students$",
        $HomeDrive = "H:",
        $ID,
        $OU = "DOMAIN Students"
    )
    Process
    {

        $EmailSuffix = "@students.mydomain.com"
        $Email = $SamAccountName + $EmailSuffix
        $HomeFolder = Join-Path -Path $HomeFolderPath -ChildPath $SamAccountName
        $OuDn = (Get-ADOrganizationalUnit -Filter {Name -eq $OU}).DistinguishedName
        if ($OuDn -eq $null) {
            log -message "Unable to find OU $OU, exiting" -level Error
            Stop-MPScript
        }
        $Password = "Welcome"
        $EncryptedPassword = ConvertTo-SecureString $Password -AsPlainText -Force
        log -message "Creating account $SamAccountName" …
0
we use a 3rd party SaaS provider for our HR system, and as part of the application there is a so-called self service module which allows employees to login to the system and view their payslips, which expose personal and sensitive information. Access can be achieved from any location, e.g. any Internet connection, no restrictions specific to the companies network etc. At present access is based on single-factor authentication (basic username & password) and a review of the costs associated with making the system require 2-factor authentication for access is beyond current budget. Are there any compensating controls/security techniques you can think of that minimise the need for 2-factor authentication for such a system that we can look at which may be more practical with budgets in mind. At present I am not sure what technology stack the application is based upon if that has any relevance but that is perhaps something we can review.
0
https://jonlabelle.com/snippets/view/javascript/jquery-1124-xss-patch
https://www.cadence-labs.com/2018/07/magento-outdated-jquery-version-how-to-patch-without-upgrading-cve-2015-9251/

Referring to 2nd link above, we're using jquery (though may not be magento).

As instructed above, to run in Chrome console (Alt-Shift-I  or  F12 to invoke console) & enter:
  jQuery.get('https://sakurity.com/jqueryxss');

Q1:
So to verify my URL, I replace sakurity.com  with my URL or I load in the Chrome'
browser my URL & in the console, I enter the above jQuery.get ...  ?  
How do I use it to verify my URL?

Q2:
Tried several URLs & got various returns below, are they pop-ups or what's the
expected value (in the pop-ups) that will indicate my URL is vulnerable or what
other values mean?   The values returned that I got so far:

a)
jQuery.get('https://www.myURL.com/jqueryxss');
{readyState: 1, getResponseHeader: ƒ, getAllResponseHeaders: ƒ, setRequestHeader: ƒ, overrideMimeType: ƒ, …}

b)
jQuery.get('https://sakurity.com/jqueryxss');
{readyState: 1, getResponseHeader: ƒ, getAllResponseHeaders: ƒ, setRequestHeader: ƒ, overrideMimeType: ƒ, …}

c)
jQuery.get('https://www.google.com');
{readyState: 1, getResponseHeader: ƒ, getAllResponseHeaders: ƒ, setRequestHeader: ƒ, overrideMimeType: ƒ, …}
(index):1 Access to XMLHttpRequest at 'https://www.google.com/' from origin 'https://www.jp.com.sg' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is …
0
We have an lone ESXi 6.7 host in our DMZ which is the dedicated host for our DMZ VMs. It is directly connected to the DMZ port on our ASA. We're trying to figure out the safest way to management it. As it stands right now, our two options are:

1. Connect the management interface directly to our management network. I don't particularly like this because that host is directly connecting our DMZ to our management network, and we're relying on VMs not being able to attack their host to keep our management network secure.

2. Connect the management interface to an empty port on our ASA, set that port to a higher security level than our DMZ network but lower security level than our internal production network, then manage it directly through our production network. I don't particularly like this since the management interface will be directly exposed to our production network, though it would be on a different network.

Any thoughts, comments, insults, rants?
0
As i am viewing logs on the SIEM,I noticed that logs of event ID 4624 and 4625 happens concurrently
I couldn't understand how and account who is failing to log on is also successfully loggin on at the same time
within a timeframe of two hours knowing that the logs are related to yesterday which was a holiday
Can I have an understanding about what is going on?AccountfailedtologonAccountsuccessfullylogedon.jpgPS:The username is the same.For the sake of privacy I have erase the name from the pictures
0
jQuery (Javascript libraries) are bundled with a number of our
softwares (Weblogic, a supplier app, mobile app): quite a number
of XSS vulnerabilities were found by our pentester.

Q1:
One app vendor replied that updating (ie patching) or upgrading
jQuery may destabilize their app?  So are we supposed to wait
for these vendors to release their next release app so as to
bundle in newer & patched jQuery or we can get the patches/
updates from Oracle & just update/patch it??   Or by doing so,
we'll lose the support of the app vendor?

Q2:
In the case of Weblogic 12.2.1.3, jQuery ver 3.2 is bundled.
Since both Weblogic & jQuery are from Oracle, is it supported
if we just update jQuery (or there's no patch/update ie we
just have to upgrade jQuery to ver 3.3 or 3.4)?

Q3:
Is jQuery vulnerabilities the same as javascript (read at Oracle
site that jQuery is actually  javascript library) vulnerabilities?
0
I have already updated my WiFi password but why some devices still able to connect to my Wifi even I have rebooted my router? My router is Nighthawk X6 R8000.
1
Dear Guru, we would like to mitigate the DDos attacks on Sophos XG firewall however not sure how to fill these parameters. Can you kindly suggest and explain? How to make sure that we did not drop legit sessions?

Capture.JPG
0
Hello

I need to block regular users using GP from viewing, not just clearing the event logs  for domain connected secure win10 desktops due to NIST STIG requirments

You would think this was a common and easy thing to do.....  You do not want non admins in a secure environment looking at the security log.

I have followed the instructions from this link below, with limited success. Its blocking admin also. the SDDI is am using is O:BAG:BAD:(A;;RC;;;BA)

https://support.microsoft.com/en-us/help/323076/how-to-set-event-log-security-locally-or-by-using-group-policy



I have also tried this approach

https://social.technet.microsoft.com/Forums/en-US/1c4e9583-2c71-4d05-bbc1-d7fd214b9e57/block-event-viewer-access-to-users?forum=winserverDS

Win 10 desktops and 2016 server DC


Does anyone know of a better approach?
0
On my work network. I have one computer sending random emails.  And then my ip is being blocked by my ISP.
How can I discover wich computer is doing it.
0

Security

26K

Solutions

25K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.