We help IT Professionals succeed at work.

Security

26K

Solutions

25K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.

I am unable to RDP to a laptop connected to AD. It was working fine for one day. This morning I attempt to connect and It hangs at security authentication. No error messages.
0
Hello.  In our group policies we have several OU.  We have two OU in particular that we want the objects to have separate password lengths.  I made two fresh policies, and I changed the security settings for each. I made one policy with the long password and one with a short password.  In all of the remaining policies, I changed the security settings to Not Configured.  
When I linked the policies to the respective the OUs, the long password policy would override the other.  The only way to get the password with the short limit was to not link the policy for the long password to any OU.
0
Emails are getting to Exchange 2007 fine and we can view the emails if we log in via the network, however most access is via remote and we are not able to connect our MS Outlooks to the server and we have the error message - There is a problem with the proxy server's security Certificate. Outlook is not able to connect to the Proxy Server remote.domainname.co.uk.

I have run the Fix My Network wizard but this has not fixed the issue.

If we try to log in via a browser to use OWA Anywhere then we receive the message ...

There is a problem with this website’s security certificate.  
The security certificate presented by this website is not secure.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.

Can someone help please?
0
Hi Team,
I have a PCAP file can someone help me to identify which traffic is normal and which traffic is suspicious.
or Any specific activities: to collate together all the evidences found from the
Wireshark output file ,deduce what kind of malicious activities e.g. network
scanning, DoS or access attack etc. are being performed on the network.Please help me.I have attached the file in google drive as i was not able to upload the file.https://drive.google.com/open?id=1kIqnSYfL0MhHRU67cDIQU96fa57E092o

0
I was wondering if someone had an LDAP query or script that can compare the security groups that two user accounts in Active Directory belong to?  Having them be able to provide a side-by-side comparison would be ideal in this case.  Thank you kindly for your help!
0
Hi All,

We are currently configuring a wifi solution for several hospitality suites. The Internet feed has been installed and we will be using a Watchguard Firewall with three Vlans. One for management that will host the switches and Access points. And two for connections to the outside world. One VLAN will be used to broadcast the SSID the second is for private use.

What is the best way to configure the Watchguard Firewall. I was thinking to have one interface for each vlan. IE trusted for Management, and then a seperate interface each for the other two. Or would it better to leave the trusted interface alone and configure one of the other interfaces for vlan use and put all three VLANS on this one. Or is there a better way of doing this?

Thanks for your help.

Paul
0
Are there any security issue anyone know about with Microsoft QuickAssist?
Is there a security drawback to using QuickAssist that is built into  Windows 10?
0
Hi All,

Recently I am facing issue with Group policy Replication and While am checking on SYSVOL folder on PDC its showing all the policies, But in ADC newly  created policies are missing and inaccessible showingwhile am trying to detect now on the group policy objects . and also i can't acces netlogon/sysvol its is showing acces denied (Prompting user name password)by IP, but can acces by FQDN
I chechecked syvol folder security its included authenticated user and Administrator and everyone.
Group-test.JPGEvent-NTFR-.JPGdc2.JPG################################################################################################

The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.
 
 Replica set name is    : "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"
 Replica root path is   : "c:\windows\sysvol\domain"
 Replica root volume is : "\\.\C:"
 A Replica set hits JRNL_WRAP_ERROR when the record that it is trying to read from the NTFS USN journal is not found.  This can occur because of one of the following reasons.
 
 [1] Volume "\\.\C:" has been formatted.
#################################################################################################
The File Replication Service is having trouble enabling replication from Server-DC01 to Server-DC02 for c:\windows\sysvol\domain using the DNS name server-dc01.demo.localL. FRS will keep retrying.
 Following are some …
0
I am trying to find a simple-to-use, motion activated, HD security camera for my home that will connect to the internet so I can view it and download video events remotely.  I bought an Amcrest camera which is horrifically complicated to use - and which saves video events as *.DAV files that none of my programs can read or convert.  Is there a simple camera that can do what I need?

Thanks,

Phil
0
I run Windows 10 on a Lenovo laptop.   I recently got a security camera that saves events as an *.DAV file.  None of the numerous video programs on my computer can read the files (Cyberlink, NERO, Movies and TV, etc.).  Is there a conversion program out there (paid is fine) that can handle these files?

Thanks,

Phil
0
Hi All.  

This particular VM we are running is reporting HD Controller failures.   Since it is a VM which has many VM's running off the box is there a way to determine whether or not the failure is the physical hard disk on the server or something else reporting?  Here is the error.

The driver detected a controller error on \Device\Harddisk0\DR0.
The driver detected a controller error on \Device\Harddisk2\DR1
The driver detected a controller error on \Device\Harddisk2\DR2.


+ System

  - Provider

   [ Name]  disk
 
  - EventID 11

   [ Qualifiers]  49156
 
   Level 2
 
   Task 0
 
   Keywords 0x80000000000000
 
  - TimeCreated

   [ SystemTime]  2020-03-30T15:00:03.147781900Z
 
   EventRecordID 2202132
 
   Channel System
 
   Computer TMMSage.tmmontante.local
 
   Security
 

- EventData

   \Device\Harddisk0\DR0
   1004800001000000000000000B0004C0030100000000000000000000000000000000000000000000BA20000000000000FFFFFFFF060000005800072200000000E42000000201200000000000F000000000000000000000000000000000000000000000000000000080A78E1600E0FFFF0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000


--------------------------------------------------------------------------------

Binary data:


In Words

0000: 00800410 00000001 00000000 C004000B
0010: 00000103 00000000 00000000 00000000
0020: 00000000 00000000 000020BA 00000000
0030: FFFFFFFF …
0
OK so I wanted to prevent some users from access certain IP address on my network (NAS, printers etc)

The network is 192.168.1.X.  The NAS is 192.168.1.100

So I setup a rule for 192.168.1.102 to never allow access on any port to WAN 192.168.1.100.

However 192.162.1.102 is still able to access the NAS on 192.168.1.100.

Am I missing something?  I thought I had understood this.
0
Hello I have enable audit policies in our domain and would like to read the Message content of the security log and grab the New Logon and Network Information fields

I am executing the following script

Get-WinEvent -Computername DomainController01 -FilterHastTable @{logname='security';ProviderName='Microsoft-Windows-Security-Auditing';id=4624;StartTime="3/27/20";EndTime=3/28/20"}

or by using Get-EventLog

Open in new window


See screenshot, how do i grab the individual properties or some properties from the Message section ?

Thanks for your help,
Screen-Shot-2020-03-27-at-5.54.44-PM.png
0
If you have any responsibilities for managing the ICT budget for your organisations, can you share any examples of lessons learned on areas you may have identified or any honest 'mistakes made' where your company was perhaps wasting money.

We have a risk/audit team who do a lot of good focus on cyber security, data protection etc, but some other issues have come to light in recent years where money was being wasted due to poor asset management/monitoring processes (i.e. smartphones that were not even being used by the person given them), which got me thinking what other common mistakes could be being made which may be worth delving further into as part of their cycle of reviews.

Not overly sure what category to add this to so gone with a broad area as I know a lot of participants in these areas often seem to have senior titles in their profiles so may be involved in this type of area or report directly to others who do.
0
Dear Experts,
I have just started using Sharepoint 2019, and wanted to create a calendar to book multiple conference call numbers to avoid double booking.  I am able to create a Site Content, but I wanted to put that on my Home page, and cannot find a way to refer to either the link itself (HTML Field Security issue) or add Web App parts.  (I can only choose Events, not calendar.)  I am not sure what permission I do not have, and this was set up as a learning platform, so no one that installed this on prem server can answer my question.  Please advise.
0
Looking for comments on the overall security of FireFox Send (send.firefox.com).  My understanding is that all of the security tasks regarding the file (encryption, link generation, decryption) take place on the client side.  However, also received some sage advice that what a provider 'says' and what they 'do' (federal FISA warrant) can be two different things.  

I've done some basic searching online; have found some tutorials and an explanation by Mozilla on how the system works.  Really looking for some independent, third party vetting results.  I have looked on Git Hub, but didn't see anything that conclusively stated FF Send meets standard xxxxx or is xyz compliant, etc.

Is there any documentation out there verifying Mozilla's security claims and does anybody have any concerns with using this product when sharing PII (e.g. name, address, health status, income, etc)?
0
I'm trying to understand what a digital certificate is and why I need it to sign a document.  I know in the following instructions I can create my own digital certificate for free, but when and how do I use a digital certificate to sign something?  What is a digital signature in comparison to taking a picture of my signature and pasting it.  

Thanks.
0
Hi All,

How to prepare runbook for Security operation centre?Is there any sites that can be referred to

Thanks,
0
I want to create a GPO that will cause all the computers in the OU to reboot at a scheduled time.
I've searched but can't find a way to make it happen.
It appears there's a Windows security patch that won't allow the runas settings for the task scheduler to be set - it's now grayed out.

Any other ways that may be useful for this?
0
I need to edit my HOSTS file and it says only an administrator can do this.
when I go into security settings the key settings are grayed out!
I am the administrator. it's my laptop


This is Windows 7 BTW,
0
CIS hardening benchmarks for Win 2016 (pg 534) & 2019 (pg 463 & 690)
 both indicated to enable EMET : attached.

However, link below indicates it's been EOL so does it
still make sense to install/enable EMET or there's a newer
version of EMET?

https://support.microsoft.com/en-sg/help/2458544/the-enhanced-mitigation-experience-toolkit 

Is ASLR & DEP also deprecated  as well?
CIS_Microsoft_Windows_Server_2016_RT.pdf
CIS_Microsoft_Windows_Server_2019_RT.pdf
0
I have a security group A with 144 total members, i need to move half or 72 members to group B. Is there a way to do this via powershell?
0
If I need to protect PII information, has Dropbox progressed to the point where the community feels safe using them?  Where do I get specific data on the actual standards they use?
0
See attached image for general idea about the structure...

I have a c# website built on IIS on SERVER01, and the website webform has the function as attached in image 1

public static string[,] ServiceInstalledList(string machineName)
        { 
            // get list of Windows services
            ServiceController[] services = ServiceController.GetServices(machineName);
            string[,] serviceList = new string[services.Length, 5]; 
            int i=0;
            // try to find service name
            foreach (ServiceController service in services)
            {
                serviceList[i, 0] = service.ServiceName;
                serviceList[i, 1] = service.Status.ToString();
                serviceList[i, 2] = service.DisplayName.ToString();
                serviceList[i, 3] = service.MachineName.ToString();
                serviceList[i, 4] = service.StartType.ToString();
                i = i + 1;
                // if (service.ServiceName == serviceName)
                //    return true; 
            } 
            return serviceList;
        }

Open in new window



It is working as expected when the "machineName" is local "SERVER01", it shows the list services on the server.

But when I change the machineName to a remote server (server host name or server IP address) in the same network (10.0.0.0/24),  I got the error attached in the send image.

The error shows the website can reach to the server and can see it, but it does not have the access only. It is something related to security, passwords ...etc.



[Win32Exception (0x80004005): Access is denied]

[InvalidOperationException: Cannot open Service Control Manager on computer 'SERVER02'. This operation might require other privileges.]
   System.ServiceProcess.ServiceController.GetDataBaseHandleWithAccess(String machineName, Int32 serviceControlManaqerAccess) +51781
   System.ServiceProcess.ServiceController.GetServicesOfType(String machineName, Int32 serviceType) +183

Open in new window

123.PNG
122.PNG
124.PNG
0
I have a weird issue with my AD. We have a mix of 2008R2 and 2016 AD servers. We have a global security group for VPN users. If you are not part of that group VPN access is denied. For some reason users get removed from that global security group. It is different users effected. I checked my default domain policy and there are no restricted access. What could cause this behavior?
0

Security

26K

Solutions

25K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.