Security

26K

Solutions

25K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.

Share tech news, updates, or what's on your mind.

Sign up to Post

Converted a subnet of workstations to an existing domain.
Some workstations in this group are now not able to write to a fileshare.
The users are domain standard users.
The permissions appear to be there just fine.
The file "server" is domain joined as well.
The users are in the domain group giving access (full).
We have a number of these "file servers" and this is the first to exhibit this kind of problem.

Error says:
Destination Folder Access Denied
You need permission to perform this action

????
0
Hello there,

Our company is using O365 Exchange and recently I received a letter from a vendor that we work with to implement the standards below.

1. Trasport layer Security (TLS)
2. Sender Policy Framework(SPF)
3.Domain Keys Identified Email (DKIM)
4. Domain-based Message Authentication, Reporting and COnformance (DMARC)

Does anyone knows how to apply these standards in O365 Exchange and what will I need to do.
0
Exchange 2016 CU9 security update failed, server rolled back. restored exchange services, Internal mail flow is ok. Sending externally ok. Receiving external mail being rejected, unauthorized relay tag in Sonicwall Security Appliance

Went into work with all of it's services set to disabled. Brought the server up. I'm able to send/receive from internal addresses. I can send to external mail but i can't receive external mail. We have a sonicwall Email Security appliance answering email. We see the incoming mail making it to SW. Makes it to Exchange. But exchange rejects it:


Arrived into gateway from: 54.240.8.95 on Mon Nov 4, 2019 at 20:50 GMT+10:00Direction: InboundArrival notes: NoneAudit trail: techies@goguam.comIdentified as: GoodMessage location: BouncedAccepted by: 134.9.1.171:25 on Mon Nov 4, 2019 at 20:50 GMT+10:00

MTA response: 5.7.1 (delivery not authorized)smtp;550 5.7.1 Unable to relay for techies@goguam.com


On my smtp protocol logging i do see this exception with one of IPs:

2019-11-04T12:00:02.009Z,EXC2016\Client Proxy EXC2016,08D761029557F050,1,134.9.1.171:465,134.9.1.25:61825,>,"220 exc.goguam.com Microsoft ESMTP MAIL Service ready at Mon, 4 Nov 2019 22:00:01 +1000",

2019-11-04T12:00:02.018Z,EXC2016\Client Proxy EXC2016,08D761029557F050,2,134.9.1.171:465,134.9.1.25:61825,-,,Remote(SocketError)


So an exchange update failed and disabled all services. Brought it back for internal mail flow. Trying to fix the receive connectors. I tried …
0
Hi,
We are receiving Windows Error 4625 "Audit Failure" every few seconds.
The logon type is 3.  The account name is "Administrator".  And the source network address is an outside IP address (which varies).
When the RDP services are turned off, the errors stop, but we need RDP on for a single remote user.
We have disabled the Administrator account from using RDP and changed the RDP port to something besides 3389.
A third party manages our firewall so we would like to avoid getting them involved.
How can we stop the constant errors from appearing in Event Viewer?  Is there a software firewall we could use that would catch the intrusions before they hit Event Viewer?  (We can specify a MAC address if needed, but not an IP address to block.)
0
I have created a GPO to add a user group to the local admin group on servers using the group policy preference using the method described in the link below:-
http://www.checkyourlogs.net/?p=22921

But it is not adding the group to the local admin group.
I set the security filtering on the policy to only my account and the Server account.
GPO is applied to OU where computer accounts reside.

GPresult /H does not show that policy as applied or denied.
What can I do to resolve this?
0
Hello Experts!

I am working on asp.net application in asp.net technology the application is very old around 10 years back.
I am using this configuration in web.config:

<sessionState mode="StateServer" stateConnectionString="tcpip=127.0.0.1:42424" cookieless="UseCookies" timeout="20" cookieName ="DrainId"/>

As we know that Session hijacking means if someone steal/copy session cookie and paste it another browser then the one can access any inner page of the web application.
how can we stop the session hijacking so that if session cookie is pasted in another browser we can redirect such request to the login page.

 I copied this way the cookie so that I can paste in another browser and open inner page.
0
Q1:
Is blocking of Date of Birth, person's home addr & mobile telephone numbers a practice out there?
I think it's not feasible for Date of Birth  &  home address as they can come in countless formats:
1. dd/mm/yyyy
2. dd MMM YYYY
3. mm/dd/yyyy  : US format
4. yyyy-mm-dd
5. dd-MMM-YYYY
....

Q2:
For mobile telephone numbers reckon, it's not something sensitive or is it??

Q3:
Does O365 DLP function has capability to block Date of Birth??


Currently we use O365 to block NRIC  (sort of unique identification #) but
passport#  is something that varies for different countries & changes each
time the passport is renewed
0
How do I give ownership of a folder (C:Windows\CSC) and all child objects to the Domain Users security group (domainname\Domain Users) via PowerShell?
1
I am trying to run an adit on a my Juniper SSG,  Seems like there is a gap in the syslogs for over 1 month and trying to determine what happened, where in as the logs are missing..
0
I have a web-based file manager system that allows users to log on and browse folders and files via a php script.

I use the google doc viewer to display the files.

My problem is that if anyone works out the URL of the file, then they could bypass the file manager system and just access the file in any browser.

Please can someone advise the best way to secure access to the files with IIS from direct URL browser access, but allow the PHP script, and the google doc viewer, to access it.
0
I am trying to install SSL certificate on F5, I keep getting Import error (Screenshot attached) I have tried entering password, and changing the option for Key security, it doesnt work.

The certificate i am selecting is in .pem format, have selected .crt and .p7b as well, none of them works.

Have anyone experienced the same error?

Thanks for your help.
0
How can I fix the security certificate trust for an server that is only accessed internally?

I have tried to install the cert but still keep getting the same error.   It is a Host server that I access all the time.     I can continue but it still shows the certificate error.  I can successfully launch the vsphere web client.   Just trying to eliminate the error.  I also get an error when I try to import a file into the Datastore because of the certificate error.    Is there a way to fix this problem?
0
Hi,

I have a user on a HP elitebook, and I have setup fingerprints in HP Client Security, but it doesn't work when trying to unlock his PC.

When he swipes his finger, nothing happens.

Nothing happens when he tries to log in with fingerprint either.

I installed the HP Client security manager, and he scanned his fingerprints no problem, and the reader is working because when we went back into HP Client security manager it asked him to authenticate with password or fingerprint, and he successfully authenticated with fingerprint.

Within Windows 10 itself, the sign in options are poor. Finger print just says:  "This option is corrently unavailable - click to learn more" and "Something went wrong. Try again later".

Please help, many thanks.
0
O365 Risk Watch and Fortify for Protection

Have couple of questions about these two products. how does these 2 products work. Does they come under ATP.
0
I created a GPO to add some needed trusted sites to to the local intranet in the security tab of IE which works fine. The only problem is that some users, because of their job function, need to add to this list but cannot because it is managed by GPO. Is there a way around this? We have too many computers in our domain spread across multiple locations so doing this manually is not feasible. We are in the process of integrating Force Point in our environment so adding the trusted sites is necessary.
0
We are having loads of trouble configuring a Site2Site VPN with a pair of Watchguard T35 firewalls.
Neither is configured pretty much outside of the initial setup wizard.
The current site 2 site vpn is stock from the vpn configuration guide from Watchguard.

We tried a number of different configs, but have currently deleted them to restart fresh.
Also we are trying to set the connection to initiate from SiteB to SiteA just to limit randomness, but can set bidirection or SiteA to SiteB as initiator.  Doesn't really matter to us

My theories may be off, so I'll just throw out the logs from each to see what you may think is happening.

Thank you in advance.


Site A
*** WG Diagnostic Report for Gateway "AA-to-TC-Gateway" ***
Created On: Tue Oct 29 09:22:49 2019

[Conclusion]
	Error Messages for Gateway Endpoint #1(name "AA-to-TC-Gateway")
		        Oct 29 09:22:35 2019 ERROR  0x02030015 Message retry timeout. Check the connection between local and remote gateway endpoints.


[Gateway Summary]
	Gateway "AA-to-TC-Gateway" contains "1" gateway endpoint(s). IKE Version is IKEv1.
	  Gateway Endpoint #1 (name "AA-to-TC-Gateway") Enabled
		Mode: Main
		PFS: Disabled 	AlwaysUp: Disabled
		DPD: Enabled 	Keepalive: Disabled
		Local ID<->Remote ID: {IP_ADDR(A.A.A.A) <-> IP_ADDR(B.B.B.B)}
		Local GW_IP<->Remote GW_IP: {A.A.A.A <-> B.B.B.B}
		Outgoing Interface: eth0 (ifIndex=4)
			ifMark=0x10000
			linkStatus=0 (0:unknown, 1:down, 2:up)
		Stored user messages:
		        

Open in new window

0
MyPhoneExplorer 1.8.12 released      2019-06-17

They say:
Simply explore your Android phone !
Connect your phone via WiFi, cable or bluetooth and you'll be surprised how easy and efficient it will be to manage your phone with our software. Since it's first release MyPhoneExplorer evolved into the most popular freeware tool for smartphones. The software is constantly updated with new features.

Anyone have experience with this app?

My main question: in syncing data, does the transfer between android phone and PC get sent encrypted, or can anyone read it?

Thanks!

OT
0
When you have a business that has say 5 Access Points in a building is all you really need to do is set the SSID and Security the same on all of them so anyone in the building can Roam at which point they will transparently move from AP to AP?

   That is more in the Client's ability isn't it?
0
We get an audit finding from one of the Big Four audit firms as follows:
"A study should be conducted to determine the granularity of the segmentation of end-users. Minimally,
  IT administrators should be in a separate network segment from the rest of the end-users."
"Inadequate network segmentation increases the ease and risk of lateral movement by cyber-
  attacks, if a server or device in the segment is compromised."

As sysadmins have "privileged" access to servers & compromise of their PCs will risk compromising
the servers in a 'privileged' way, we'll adopt the recommendation.

I'll need some good points/arguments to support our stand of not further segmenting each
departments from each other:

a) the main exposures are from "Internet surfing" & emails access (lots of malicious attachments,
    phishing, spam emails seen in email gateways) besides USB ports

b) all other users belong to same trust domain as they read emails & surf internet (yes, the
     sysadmins are encouraged to surf internet on PCs not used to surf Net & read emails)

c) for workstations used for Industrial Control Systems/Operations Tech, they don't have email
    access & Internet surfing &  have been rightfully segregated as per existing set-up

d) To prevent lateral attacks, EDR, AV & email security (forwarding of malicious emails to
     other colleagues) are in place with SIEM for detecting such events in the pipeline

e) if we were to segregate every departments (eg:…
0
Hi All,

I would like to create a "Dynamic" security group in Active Directory. So basically my need is as following:

I need a security group which will contain 3 computer objects. These computers will be reimaged ever now and then, but they will always have the same hostname. I need those objects in the same Security Group after they rejoined the domain. A colleague of mine attended me on "Dynamic" Security Groups, yet i cant find any usable information. Does this exist? Maybe you guys have more information

Thanks in advance!
0
Hi, I'm using the Quarantine feature from Watchguard and this creates a Quarantine website users can log onto. But the problem is that it's an intranet server and as such doesn't have an 'official' SSL certificate. I tried to create a self-signed one etc but I keep on failing ... could someone please give me step-by-step instructions on how to create a self-signed certificate and attach it to that website so that the browsers won't throw their security warnings anymore? Thanks!
0
I've searched the internet and I still don't understand what it means when NCA\ANONYMOUS LOGON locks and/or unlocks the domain administrator account.
Below is an extract from the event viewer in an easy to read format. Can anyone explain the best way to determine if it is an intrusion attempt or a process, application or service causing this?

An event has occurred in which you are on the notification list.
Time Stamp: 10/23/2019 11:56:45 PM
Perpetrator: CN=Anonymous Logon,CN=WellKnown Security Principals,CN=Configuration,DC=***,DC=local
Perpetrator Name: ***\ANONYMOUS LOGON
Event Source Type: Active Directory
Domain Name: ***
Policy Name: AD: User Account Lockouts
Event Name: Object Modified
Event Name Translated: Account unlocked
Originating Server: ***\***-DC01
Originating Server IP:   *.*.*.10
Target Host: n/a
Target Host IP: n/a
Class Name: user
DN: CN=Administrator,CN=Users,DC=***,DC=local
Affected Object SID: S-1-5-21-3359379490-2354048252-4260778802-500
Affected Object Account Name: ***\administrator
Operation Successful: True
Operation Status: Success
Blocked Event: False
Perpetrator Sid: S-1-5-7
Originating Client: AUTH:***-DC01
Originating Client Host: ***-DC01.****.LOCAL
Originating Client IP: x.x.x.10
Originating Client Protocol: AUTH
Originating Client MAC: **:**:**:**:**:FF
Events Count: 1

Open in new window

Thanks in advance.

David
0
Hi Experts,

I have a question regarding AD scurity groups.
Lets say I have two security groups.
One group is filled with users (modify rights).
The other group is filled with FullAccess Users.

Lets say one teamleader is in both groups, which group counts ?
The group with the highest right or lowest ?
1
I recently took away users local admin privileges from all the end users computers.  The people who seem to be affected by this the most are the programmers. They have issues with running docker which needs to be run with elevated privileges (Just one example so far ).  I would be interested in hearing what other sys admins are doing with the more technical end users to let them work properly?

Thank you.
0
Within splunk enterprise, when I am running a search and see the matching term suggestion pop up, is there a keystroke I can hit to select the matching term?  Currently I have to click it with my mouse.
 See picture.
pic2.PNG
0

Security

26K

Solutions

25K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.