Security

26K

Solutions

25K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.

Share tech news, updates, or what's on your mind.

Sign up to Post

I am sent a zip file daily that contains an excel file.  The zip is protected
When I double click on the zip icon/folder I then see the excel icon.  I double click on the excel file.
I am then prompted for a password - I assume this is the zip password as when I open the excel file there is no password protection.  Without the password I can not initially move the file.  It seems once input the password I can do anything I want with the file, without the password I can not open, move, etc.

Every day I am sent the same file (same filename,same password, but different rows of data) and I follow the very same proceed above but it never prompts me to put in a password again.
If I clear all my temp files and shutdown my PC I will then be re-prompted for the password
Why does this behavior occur ?  Shouldn't I be prompted for the password every day when I am sent the file and open the file ?  I only had to input the password the very first day.
0
Can anyone refer me to a consultant who can advise regarding various website security issues? I'm in need of quickly moving my client's insurance brokering website to an offshore host, and there are a bunch of security issues with which we need to achieve compliance. And, quite honestly, much of this sort of thing is well over my pay grade.

Thanks,
Jonathan
0
refer to attached codes that we do input validation for
a reflected XSS:

we've increased the validations but each time a rescan
is done, there's new set of "pattern" that's not caught
& the same pentester conveys we just have to follow
Owasp recommendations:

Q1
can anyone help review the attached & enhance to
make it fully compliant?

Q2
pentester says they can't possibly provide all the
possible patterns, so what does this mean?  No
closure possible or we can reduce to a minimum?
Our apps team is getting tired & claims the pentester
fails to provide the full patterns while pentester says
we just need to adhere to Owasp, so which is which
as I'm confused who is right & what's best practice?
0
If we have a need to retain (can be in zipped/gz format) bsm
(Solaris Basic Security Module), what's the sizing of the partitions
recommended?

I know it depends on the amount of activity but suppose I
currently have 2GB left, how much more to extend?

BSM is merged with auditd logs
0
Hi.

I am setting up a SOHO.
Equipment is as follows.
1)  4 security cameras that record to the cloud through a Northern system
2)  Home wireless system mesh network
3)  Usual computers,  printers, etc
4)  Other "internet of things devices"  such as thermostats, lights.
5)  I have a total of 10 Ethernet jacks in our home, but only 6 in current use.

I will be installing a 19 inch 6U Wall Mount Patch Panel Bracket - 13.75 inch deep (also 24 port Cat 5E patch panel etc)
Gigabit internet.


I have concerns about putting all these things on one switch.  I like the idea of segmenting my network.  
I have heard good things about the Ubiquiti.  I am not an expert on routers, but I not a unfamiliar either.  
I am thinking about a router/switch capable of VLANS and POE for the cameras.  If I am misguided, then new insights are welcome.

With that in mind,  I would appreciate any help in selecting  a router / switch that would be appropriate but not more expensive than I need.

Thank you for your help.
0
Anyone has a sample table (which I need to submit in monthly
ppt slide) for covering patching metrics?

I plan to have a column for virtual patches (as we use NIDS &
endpoint IPS) included, so columns like the following:

a) date vulnerability published by product principal
b) date virtual patch is released, tested in our UAT &
    implemented in Prod  (which I'll indicate as 'NA'
    if not available
c) date actual principal product (ie Oracle, , RHEL, Fwall
    vendor) release their patches & date scheduled to
    test in UAT & date to deploy in Prod

Any other information/columns that I miss?
 

In particular I have the following products to cover:
a) Solaris OS 10
b) Weblogic  middleware 12.2.1.3
c) Firewall
d) WAF
e) Oracle DB
f) RHEL 6
0
Hi,

I d like to search for software which matches met hashes. That way I can crosscheck my installfiles/exes.
Please do nog suggest other options: I really need md5 hashes (or sha256), which I generate from my windows software installers, to match to full software names
Can that be done?

J
0
I am trying to log sonicwall capture logs to an FTP server but it fails I have attached a pcap file of the failurefailed-ftp.pcapng
0
Exchange 2010 local server where to look for blocked emails and resolve

We use Symantec email security which filters all our email, once in awhile it blocks an email that it should not have blocked so I log into the portal and allow it
Issue: I have one user the recipient here in our company that cannot receive from one specific user from a diff company.
everyone else here in our company can send and receive to this user just fine
Example:
anyuser@ourcompany.com can receive from userA@theothercompany.com
Excluding: userB@ourcompany.com from userA@theothercompany.com

when I look into Symantec's email security portal it shows userA@theothercompany.com cannot be delivered because sender was denied our recipient server (This is our Exchange server) where on Exchange to I resolve this?
0
Without providing too much detail publicly... we are a small company that has been asked to craft an API into our system for clients to make updates from their existing software platforms into ours.  We have developers that have created most of the API infrastructure that is needed. However, my question is, from a business standpoint, should we be forcing these interested 3rd parties to sign confidentiality agreements before reviewing the technical documentation that has been created? Should an agreement / contract be created and signed before any work occurs? Are there any best practices when going through this process? This is not our core business function and looking for direction to make sure we have covered ourselves legally as well as an operational and security standpoint. Any feedback or guidance would be appreciated.
0
Dear experts,
We have done a penetration test and one of the oracle servers had a vulnerability which through it the penetration test experts manage to get the hash of the Domain admin users and then get the NTDS database of the entire AD Users.

How is it possible to check the current hash being utilized and to strengthen this on Active Directory servers? The currently installed servers are Windows 2016.

I would appreciate your recommendations.

Thank you
0
Hello,

how secure is 7zip password protection?

Thank you
0
Dear Experts

As per the policy we must deploy on-premise email server and we are planning to go for exchange enterprise or standard.  However our user base is 20 users at present and we may maximum have 25 to 30 users in next 5 years. We are planning for barracuda email security appliance.  
1. Please suggest is it recommend going with exchange standard OR exchange enterprise
2. As security point of view we should have tight security hence will there be any difference between standard and exchange
3. Understood standard will provide 5 mail database will this be sufficient for 25 to 30 users
4. What all features that will not be available in exchange standard compared to exchange enterprise.
please help, thanks in advance
0
We're getting Nessus Tenable for vulnerability scans (likely with admin-credentialed scans)
& likely penetration tests.

Q1:
https://security.stackexchange.com/questions/71389/where-to-place-a-vulnerability-scanner-within-a-data-center
Above link has various views & I don't understand one of the line:
"If you're not granting the scanner admin level access to your assets and you're allowing an IPS to interfere then you're doing yourself a disservice."

Q2:
I intend to scan through the Network IPS because we may not be able to apply patches
in time (can't test out patches & obtain downtime in time), so most likely we'll deploy
NIPS virtual patches as interim remediation.  So do we still scan using 'admin credential'
scan in my scenario?

Q3:
Certainly dont plan to scan from public Internet but where is the best location within
our Prod network should we connect up this virtual (runs in VM) scanner?  Management
VLAN or in each Prod subnet, we place one scanner or run from laptop & connect to
a switch port which is assigned all the VLANs  or we just place in DMZ  or  internal
subnet & open up firewall rules?  Firewall may slow down the scans.

Q4:
From secure perspective, which is the most secure place to connect it as we may
use admin credentials (at this moment, no idea how to get it to integrate with
TPAM though we may move to CyberArk in 12-16 months' time as Nessus told
us it integrates with Cyberark, querying the password from Cyberark)
0
I'm thinking about using Companionlink to sync my Outlook to my Android phone.

Have used it in the past.

Looking at connecting via Bluetooth as it's the simplest option.

Concerned about security.  

Seems like the software sends data via Bluetooth encrypted.  So, checks one box.

Here's my question - after I get the phone and the PC paired I can turn off discoverability.  But...seems like, for my Win10 PC (and lots of others) turning off Bluetooth is not enough.  I've got to run services.msc to get discoverability  ACTUALLY turned off.

So, my question is: am I on the right track here: to ACTUALLY keep my PC undiscoverable I would have to run services.msc and disable it at that level?

Then, to the base of my question: somehow having my Outlook data transferred via Bluetooth is dismaying.  Should I have that concern?  

My other options used to date have been using MS Exchange locally via a program called Akruto.  Or, using Companionlink over Wifi.  Each of these are also locally broadcasting my Outlook data to my phone.  (At one point I was even super secure syncing with Companionlink via USB cable.  Safe, but not efficient.)

So, my thinking now is this - if I can get Bluetooth discoverability ACTUALLY disabled on my PC and my phone that would reduce the chance when I'm on the road for a malefactor …
0
Hi,

I am auditing a large file server using Netwrix. The goal is to audit all files modifications like changed, deleted, added and credential or owner change.

For some share folder, i also want to audit List folder / read data. Until now, I know what to do.

List Folder / read data generates a lot of entries in the Security events log, this is why I don't enable it on all shares.

Netwrix use an agent scan all the files and create a state-in-time report of the files and folders permissions in time. So, that process is accessing millions of files and generating millions of audit events.

I am receiving a lots of events 4663 even in folder that I haven't enable Liste folder / read data. I am trying to find a way to eliminate those events to extend the security log retention.

The maximum size of the security log is 4GB and some audit plans in Netwrix doesn't have enough time to catch all the events before they are getting remove because it is getting full.

The solution, it is lower the number of audited events.

The following screenshot shows my auditing settings. LCDomainUsers is a Local Domain Group that contains Domain Users from 2 domains (forest).
2019-12-03AuditSettings.jpg
The next screenshot shows a generated audit event. Note that SRVSHARE1$ is the computer name and it is not part of the group LCDomainUsers. I don't understand why this event is generated. The process name NwxFsAgent.exe is the Netwrix agent.
2019-12-03Event4663.jpg
I am asking the …
0
How do I transfer a collection of group policy objects from one domain to another.  Domains are not related in any way and never will be, but the group policy objects are a bunch of security settings that are not specific to user names, computer names or any other specific name.  So they should easily transfer.  I just can't find a way to do it, other than to manually rebuild them one at a time in the second domain.
0
I got a new Lenovo laptop running Windows 10 and iTunes 12.  I am running Outlook from Office 365, and have iTunes set to use Outlook for syncing Contacts and Calendar.  But when I synced my iPhone 6 to iTunes through the computer it wiped out all my existing Calendar and Contact data, although Outlook on the computer has all the information.  I tried using the "Replace Contacts and Calendar" option, but that didn't accomplish anything.  Please help.

Thanks,

Phil
0
Audit mandated we must enable  password expiry for MS SQL accounts though we say they're service accounts:

from DBA: change cannot be implemented as it will expire service accounts
Set the 'CHECK_EXPIRATION' Option to ON for All SQL Authenticated Logins Within the Sysadmin Role

What's the practice out there?  
Can we automate changing the password quarterly & yet not affect service accounts (which I assume
do not need to know the password)?  One of them is nagios

Or set the accounts to non-interactive & how to do it for MS SQL?
0
We are changing our Microsoft Partners for Dynamics GP and they requested our Microsoft Customer PSBC account and authorized numbers so they can fill out the Microsoft "Change of Partner" form. Just checking if it is safe to provide this information to the new Microsoft Partner? If it is not safe what are the risks or concerns?
0
Hello experts

I have a customer who is asking me if they can automate  and O365 ATP reports .
He want to receive the reports by mail for the Security Team instead of going to the Portal to get the reports

Is there any possibility?

Rgds
0
Dear Experts
We are evaluating CCTV surveillance system appox 25 to 30 cameras which should store 03 months of recording hence NVR hard disk capacity we have sized 6 TB.  We have connected this location over MPLS link to the Head office hence we are thinking to look for solution but not sure at camera side or NVR side the recording to happen parallel to NVR and also to NAS device and this NAS device will replicate to another identical NAS device over MPLS link at head office
1.Please help is there any specific type of cameras OR NVR we should consider so that at the same time two places the recording is done one at NVR disks this is going to rotate once in month hence at any given time only last 30 days recording is available.
2.Also simultaneous recording in additional to NVR to store to NAS box for example synology NAS box ( one at site and another one in head office every day replication scheduled to head office)
0
Hi Experts!
I have an old AD domain, abc.com, and a new domain, xyz.com.
I need to copy all users and groups (along with group memberships) to the new domain...
I have successfully utilized LDIFDE to clone the OU Structure to the new domain, now I need to do the following:
1. Export all users from abc.com domain, with all attributes if possible
2. Export all groups from abc.com domain
3. Export Group membership list from abc.com

4. Import list of all users to new domain, xyz.com
5. Import list of new groups to new domain, xyz.com
6. Add users to required security groups in new domain, xyz.com

As I said, I have the OU structure in place and ready to be populated, I'm just having a very difficult time with the outstanding items!

Any advise / assistance with some powershell scripting would be awesome!

Many thanks,
Simon
0
We are undergoing a Security Audit of our internal computer systems by an external 3rd party auditor.
We just rolled out new Windows 10 PCs to 75% of our staff and everything is working great.
We use Ivanti for patch management and all PCs are fully patched with all Windows updates and application security patches.
My question is:
What benefit , security wise, is there in ensuring that Service Packs are all completely up to date?
i.e. Does Windows 10 Service Pack 1909 contain more security patches or benefits if all individual Windows updates and security patches are already up to date?
I'd rather not install the Service Pack since all is working fine.

Thanks!
0
Hi,
I'm looking for a easy and free possibility to increase the ActiveDirectory password complexity.
In order to force :
- A minimum length
- Both upper and lower cases
- A letter in the first space
- Special characters
- Numbers
- No dictionary words, blacklisted words, or patterns that are easy to crack
0

Security

26K

Solutions

25K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.