Security

26K

Solutions

25K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi, I'm using the Quarantine feature from Watchguard and this creates a Quarantine website users can log onto. But the problem is that it's an intranet server and as such doesn't have an 'official' SSL certificate. I tried to create a self-signed one etc but I keep on failing ... could someone please give me step-by-step instructions on how to create a self-signed certificate and attach it to that website so that the browsers won't throw their security warnings anymore? Thanks!
0
I've searched the internet and I still don't understand what it means when NCA\ANONYMOUS LOGON locks and/or unlocks the domain administrator account.
Below is an extract from the event viewer in an easy to read format. Can anyone explain the best way to determine if it is an intrusion attempt or a process, application or service causing this?

An event has occurred in which you are on the notification list.
Time Stamp: 10/23/2019 11:56:45 PM
Perpetrator: CN=Anonymous Logon,CN=WellKnown Security Principals,CN=Configuration,DC=***,DC=local
Perpetrator Name: ***\ANONYMOUS LOGON
Event Source Type: Active Directory
Domain Name: ***
Policy Name: AD: User Account Lockouts
Event Name: Object Modified
Event Name Translated: Account unlocked
Originating Server: ***\***-DC01
Originating Server IP:   *.*.*.10
Target Host: n/a
Target Host IP: n/a
Class Name: user
DN: CN=Administrator,CN=Users,DC=***,DC=local
Affected Object SID: S-1-5-21-3359379490-2354048252-4260778802-500
Affected Object Account Name: ***\administrator
Operation Successful: True
Operation Status: Success
Blocked Event: False
Perpetrator Sid: S-1-5-7
Originating Client: AUTH:***-DC01
Originating Client Host: ***-DC01.****.LOCAL
Originating Client IP: x.x.x.10
Originating Client Protocol: AUTH
Originating Client MAC: **:**:**:**:**:FF
Events Count: 1

Open in new window

Thanks in advance.

David
0
Hi Experts,

I have a question regarding AD scurity groups.
Lets say I have two security groups.
One group is filled with users (modify rights).
The other group is filled with FullAccess Users.

Lets say one teamleader is in both groups, which group counts ?
The group with the highest right or lowest ?
1
I recently took away users local admin privileges from all the end users computers.  The people who seem to be affected by this the most are the programmers. They have issues with running docker which needs to be run with elevated privileges (Just one example so far ).  I would be interested in hearing what other sys admins are doing with the more technical end users to let them work properly?

Thank you.
0
Within splunk enterprise, when I am running a search and see the matching term suggestion pop up, is there a keystroke I can hit to select the matching term?  Currently I have to click it with my mouse.
 See picture.
pic2.PNG
0
Script to audit memory on a remote machine.

Does anyone know of or have a Powershell script that will loop through a text file (where i add computer names) and check the memory on each of these and write back to a CSV file with the headers - COMPUTERNAME | MEMORY

I have found scripts but I am unable to use Get-WmiObject for security reasons will not allow on any machine (Get-WmiObject : The RPC server is unavailable)

Any help would be appreciated

Thank you
1
Android 9, Oreo.

New phone.

Samsung A7.

Got a notification from...Find My Mobile.

Don't have this app.

Clicking the notification it says "These notifications can't be turned off."

What can I do?  Need notifications from Apps I use.  Don't want ads.

Thanks!

OT
0
How can I lower the Java Security Rules for internal networks only?

Currently our users are needing to manually enter an internal web address in their Java Exception list.  I have been charged with trying to make the process more automatic for our users.  Specifically to allow all URL's for internal web addresses to allow the Java Applet.

I did find a way to create an Exception list for the computer:  https://community.spiceworks.com/how_to/123766-java-site-exceptions-list-and-certificates-for-all-users

but, this option takes away the user's ability to have their own list or to add the web sites that they want and the list will be managed by the local administrator.  Equally important, if I used the above mentioned web page documentation then it will overwrite any Java exception list that the user already created.  We do not want to go that route.

Is there a way to allow internal web addresses to have a lower Java Security level then external web addresses?  TO actually allow Java to be run on those internal web url's.
0
I would like to find a way to see which security protocols/ciphers are being used with IIS 6 on our windows 2008r2 server.
Where is the right place in the registry, or IIS to look for these settings?

Thanks,
0
I have a domain network that needs to have a security warning appear just before the user logs onto their computer account.   I have never done this nor have any idea where to start.  It is on a Windows 7 computer, soon to be a Windows 10.  Any directions on how to do this?
0
Have a new Samsung A7, Android 8.0.0 OS.

Can't see the option for encrypting the PHONE.  

Have encrypted the SD card.

Have set up a PIN & fingerprint sensor unlock.

I recall there was an option to encrypt the phone - had one with my Sasumg J5.

But, can't find the option to encrypt anything beyond the SD card on this phone.

What am I doing wrong?

Many thanks!

OT
0
Hello,

Our users are having issues with sending emails with zip file attachments. I have looked at our exchange server setting and I can seem to find anything that pops out. I also verified our email security gateway and did not find anything. I have not changed anything in our server or Barracuda email security gateway. Below is the error I get. Any help would be greatly appreciated.


Delivery has failed to these recipients or groups:
Starlyn.Sarmiento@amormeus.org
The email system had a problem processing this message. It won't try to deliver this message again.





Diagnostic information for administrators:
Generating server: xxx.amormeus.org
Starlyn.Sarmiento@amormeus.org
Remote Server returned '554 5.6.0 Invalid content'
Original message headers:
Received: from xxx.amormeus.org ([::1]) by xxx.amormeus.org
 ([::1]) with mapi id 15.00.1473.005; Mon, 21 Oct 2019 07:48:36 -0500
MIME-Version: 1.0
Content-Type: text/plain
Date: Mon, 21 Oct 2019 07:48:36 -0500
X-MS-Exchange-Transport-FromEntityHeader: Hosted
Message-ID: <c444d4072b8544aaafe8cf98e980babb@xxx.amormeus.org>
Subject: this is a test
0
FileZilla-Server-Connection-Issues-.docxFileZilla Server SFTP connection issue from outside network. I need help resolving issues with sftp connection to filezilla server from outside network. Please see attachment for details for my current Router, FileZilla Server, and FileZilla Client configurations.
0
Goal:
Only allow domain users to use a simple user interface and the least needed settings for their daily work.
For security, privacy concerns. Administrators are not affected.
Missions:
1.  Standard taskbar system icons and notification icons by Group Policy. For example, hide Windows Ink Workspace, show Input Indicator, etc...
2. Only show specific apps on the start layout by Group Policy. For example, show Photos app icon, hide MS store, games, xbox, etc...

Could I have some advice or guidelines on which Group Policies can do that? I already imported the Windows 10 GPO templates into the Domain Controller, but do not know which policies can meet my missions. Thank you.

Environment:
Server 2012 R2 AD, Windows 10 professional
0
Self-signed certificate vs ca signed certificate,

I have done some reading online about this topic but I get this : "The primary operational difference between a self-signed certificate and a CA certificate is that with self-signed, a browser will generally give some type of error, warning that the certificate is not issued by a CA"

I believe self signed certificate is free and the CA certificate is not.
if so, then why would not everyone use the self signed?

any explanation on this topic will be very much appreciated.

thank you
0
We have an old version of barcode printing software that has a parallel port security key.  The desktop that the software is running on is dying so we were able to find (amazingly) the installation file for the same version of the software and we were able to successfully install it on a Win 10 Laptop using compatability mode.  Of course the laptop does not have a parallel port so we bought a USB > Parallel port from Amazon.  Unfortunately, the software still does not see the key when it is plugged into the USB adaptor.  We are about to give up but thought I would post this just to see if maybe there was a windows setting or something that someone could suggest that might make this work?  Crazier things have happened!!!   Thanks for any suggestions!
0
Hello experts,
Just curious in your company how do you determine your endpoints (machines - Windows/MACs and Android/iOs mobile) are trusted (owned by your company) to allow user to accesss Office 365?

Just looking for options...
0
How does 2 Factor Authentication work, exactly, for Office 365?  We are interested in possibly implementing it - but we don't want users to have to CONSTANTLY re-authenticate, either.  And are there control options for how it works - or is it Microsoft-controlled?

Thank you
0
The user was visiting the web page for thinkwellgroup.com (which looks to be a pretty amazing company).  They were using a recent model iPhone and were browsing in Safari for the iPhone. They wanted to call for information on behalf of their company, and saw a phone number on the bottom of the home page.

They then had some sort of message from switch.com appear on their Safari screen.  Switch.com is a colocation company.

Should they be worried about iPhone security?  Could there be an issue with a colocated website?

Thanks.
Phone number link on homepage
0
We have started giving users the option to work off of a Mac instead of PC but an annoying issue has come up.

Unlike in the PC world where users can install Windows Updates, admin credentials are needed for Mac users to install updates.  Is there a way for standard users to install Mac updates other that entering admin credentials or having their accounts changed to admin accounts?

Thanks!
0
Before the last few days we had a setting that would go back to the login screen and require the password. I could be sitting here doing nothing and maybe every 10 minutes this event would happen. Now today I left at 4pm and back at 6pm and the system was still on. Who changed the setting and how to prevent it from failing. The computer was not secure today during those 2 hours. I think the setting I had was 10 minutes.

I went into these settings and not seeing it. Windows 10 desktop.
y
0
We have numerous instances of MS SQL Standard 2012 in our environment. MS's product lifecycle page shows SQL 2012 Service Pack 4 as supported until July 2022.

I'm seeing different information regarding MS support for Critical and Security WSUS updates. Am i reading it right that if we install SP4 on those we will continue to get WSUS critical and security updates but may have to pay a fee if we call MS as they are in extended support and no longer mainstream?

Do i have that correct?
0
Hello,

I have a cloud server where I am hosting a website. It is a Windows Server 2012 R2. Recently I noticed a message in my account control panel saying something like this:

"CRITICAL NETWORK - 384 kbit/s received       12.11 MBit/s transfered"

This is the first time I received a message like this. The server has been operating since 2015.
I am not a network administrator so I do not really know how to proceed. So, I will very much appreciate any support/help you can provide to find out what is going on.

I had watched the Network Activity in Task Manager and I am attaching a screenshot just as a reference. Maybe I need to go over log files but I a not sure which ones are the correct to review and how to proceed.

For example, I watched the System log and I see error entries like this:

"A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203."

I found the error below in the Administrative Events log:

"The RD Session Host server received large number of incomplete connections.  The system may be under attack."

Something I should say is that I use Remote Desktop to connect to my cloud server.

Task Manager Network Activity Screenshot
Respectfully,
Jorge Maldonado
0
Dear Ladies and Gentlemen

we need to find whether D-Link DWM-222 Dongles have any security vulnerability (with latest firmware update).
Do you know any? If not where should I start?

Thanks
0
We got quite a bit of phishing/spamming lately so my IT support colleague has recommendation below:
for your inputs/views if the recommendation below is good or any other alternative best practices out there:
We don't have Proofpoint or email security gateway.

"Note that we should keep the Exchange Online rule/filter as empty as possible as rules filtering affects performance on the Exchange Online; every rule/filter is processed on every single email individually, delaying email delivery eventually.

Recommendation is to perform the blocking at our Exchange Online first (for faster turnaround) and highlight the phishing/spamming source to our host (ie MS team supporting O365) and allow them to take the appropriate actions at their end as ultimately, the RBL/DNSBL relies on the origin/host backend infrastructure.

After acknowledgement from the origin/host on the actions taken, we then remove the rule/filter from our Exchange Online"
0

Security

26K

Solutions

25K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.