Security

23K

Solutions

174

Articles & Videos

23K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.

Share tech news, updates, or what's on your mind.

Sign up to Post

Make the most of your online learning experience.
3
Ransomware: The New Cyber Threat & How to Stop It
LVL 4
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

In this blog we highlight approaches to managed security as a service. We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
0
Patch Pic
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP, Windows Server 2003 and 2008 - Both 32 and 64 Bit installs.
0
Internet of Ransomware Things ...
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others. This conference is aimed mainly at government agencies. So it addresses the various compliance issues with which they have to deal.
2
pexels-photo-112571
In light of the WannaCry ransomware attack that affected millions of Windows machines, you might wonder if your Mac needs protecting. Yes, it does and here is how to do it.
0
There is a lot to be said for protecting yourself and your accounts with 2 factor authentication. I found to my own chagrin, that there is a big downside as well.
1
Recovering from what the press called "the largest-ever cyber-attack", IT departments worldwide are discussing ways to defend against this in the future. In this process, many people are looking for immediate actions while, instead, they need to thoroughly revise their security concepts.
9
 
LVL 55

Author Comment

by:McKnife
Comment Utility
Andrew, thanks for the feedback. I am aware that this article is mainly raising question while not answering many.
Maybe it's rather a starting point for discussions than sharing solutions.

You ask "So what's the solution? Shutting it all down..." which is the same that I ask in the article and I answer with "no" immediately afterwards.
You write "it's not quite fair to point blame on IT administrator's shoulders ...These guys more often than not work with tied hands" - that's exactly what I am saying. If the admin is not comfortable making his concerns heard, then he is not employed at the right place and should not fear to be replaced but leave on his own.

Before you start discussing - let's wait for other comments.
0
 
LVL 55

Author Comment

by:McKnife
Comment Utility
Some news that might be of interest for Americans: https://www.upguard.com/breaches/the-rnc-files
In short: US politicians payed for analysing voter opinions on US election-critical topics. Voter data (1,1 TB!) of 198 million Americans was uploaded to an amazon server but the access rights were incorrectly set - it was open to the public and the data was not encrypted. It leaked.
See what I am talking about?
0
Here's a look at newsworthy articles and community happenings during the last month.
3
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
6
 
LVL 8

Expert Comment

by:Senior IT System Engineer
Comment Utility
Hi Shaun,

Why there is a need to use Configurator.exe (Configurator Editor) to do this?
I believe this can be done purely with Group Policy Preference for Windows Vista-Server 2008 and above.
0
 
LVL 31

Author Comment

by:Shaun Vermaak
Comment Utility
Enforcement, yes but not the part where group members are moved to AD. If you do it individually with Preferences you will how to create a preference item for each possible combination.
Also, the configurator is the configuration tool, admingroups.exe is the actual application.
0
Email attacks are the most common methods for initiating ransomware and phishing scams. Attackers want you to open an infected attachment or click a malicious link, and unwittingly download malware to your machine. Here are 7 ways you can stay safe.
1
Free Tool: ZipGrep
LVL 9
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Liquid Web and Plesk discuss how to simplify server management with a single tool in their webinar.
2
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
1
Ready for our next Course of the Month? Here's what's on tap for June.
3
When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and protection.
1
A hard and fast method for reducing Active Directory Administrators members.
3
Update Pic
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me is flawed and borders on irresponsible behavior!
9
 
LVL 1

Expert Comment

by:SpiderlinK
Comment Utility
Sometimes we will get "The update is not applicable to your computer" when updating the patches as well; so Wait a bit :)
0
 
LVL 10

Author Comment

by:Andrew Leniart
Comment Utility
Hi SpiderlinK, thank you for your comment.  I've found that failure to often be a result of being behind in issued Service Packs. A patch will often fail on a Service Pack 1 or 2 installation if a SP3 has been released.

Best..
0
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract user data, including hashes from an IFM backup.
1

Many of you may be aware of the recent Google Docs scam emails that have been floating around coming from various people that you know. Here's a guide on identifying


How To Identify the Scam Email

You will see an email from someone you’ve had correspondence with (and in many cases know well) that contains the subject line stating that a document has been shared on Google Docs (example: John Smith has shared a document on Google Docs with you). You will not see your email address because it is in the bcc field, however you will see the email address hhhhhhhhhhhhhhhh(AT)mailinator.com appear.



The message will contain a link saying Open in Docs. Do not click this. If for some reason you do, you will get prompted to sign into your Google account if you are not already signed in. Afterward, you will be prompted to give permission to “Google Docs” access to your email and contacts.



Clicking the info button (The “i” inside of the circle) will show developer information that contains a random Gmail account. Do NOT click the allow button, as it will send the scam message to your contacts. While the adversaries do not have your password, they will have access to read emails in your account as well as to send emails from it without the need for any sort of security check (both passwords and two factor authentication get bypassed).



How do I know if I’ve been affected?

If you clicked the Allow button, then you’re affected. And you may have heard back from acquaintances, friends, and family by now. Another way to know is to check your Sent messages, and see if any strange emails have been sent.


How do I fix the problem?

Go to the Permissions section of your Google account at https://myaccount.google.com/permissions to see the apps that have access to your account. Click the one that says “Google Docs”, then click the Remove button. (In this screenshot you will WhatsApp because it is an app that was given permissions from an Android phone) Optionally, you can change your password (even though the adversary never received it) as it a good security practice to change passwords periodically. Also please be sure to check your sent mail for the scam email. Alert the recipients that not to open the email and to delete it right away, and let them know what happened.


3
keylogger
Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
4
2017 Webroot Threat Report
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs of each program we employ. As luck would have it, our days are often spent with other important tasks, leaving us unable to thumb through 300-page guides.


To help Active Directory administrators understand Microsoft’s latest guidance, Skyport Systems hosted a webinar last week that detailed the high-level action items needed to secure Active Directory (AD) in its most recent update.


The main issues they see in companies mitigating AD security issues are threefold: operations, complexity, and cost. Not only are there so many teams involved in managing and securing active directory, but the complex application has many ports of connection, raising cost to implement best practices and install programs built to specifically secure this infrastructure.


And why is AD security so important? Easy—AD systems are the central point of authentication for most companies, Bhavik Shah, CISSP at Skyport Systems explained. Cloud based services, internal operations tools, external platforms, all tie back to AD. So if a hacker gains access to AD, they have access to so much more than simple credentials. This is why the system is so heavily targeted. If a hacker owns AD, they own the entire network.


Skyport Systems understands this problem and so does Microsoft. Microsoft has even tried to close the gaps by releasing new tools proven to work.


“But the problem with implementation is there are vague guidelines,” said Shah. “It takes money, expertise, and other programs to successfully secure Active Directory.”


So Skyport took Microsoft's 300 pages and broke it down into something consumable—a phased approach, broken out into buckets of focus into the modern security framework.


Active Directory Hygiene

Shah recommends looking into existing complexity of hygiene protocols, like whether you’re checking domains frequently enough. He compares this level of security to having a bunch of locks on a door, and that it isn’t a matter of whether or not the hackers will get in, but how long until they do.


“Hackers will get in quickly if this is the only area of focus,” Shah advised.


Secure Admin Workstation

“This is the biggest gap that I’ve seen as far as what Microsoft is telling you to do and what people are actually doing,” said Shah.


In this gap, there will be no jump server set up between a laptop and its domain controller, meaning credentials are cached locally on the device, sitting in the memory of the laptop. If not addresses, credentials can easily leak into the user environment.


Protect Domain Controller

In this level of security protection, administrators need to only allow ports AD needs to perform its job, protected by a firewall and shielded from the internet. In some cases, administrators may completely wipe AD’s connections and start from scratch to gain the level of protection they desire.


Admin Forest

As the final bucket of the security process, this step requires an effort to segregate credentials into separate forests, with users in different locations than admin credentials and so forth. Shah mentioned this step is usually reserved for large enterprises.


For more detailed information on how to implement these steps of security and how Skyport System’s SkySecure product includes hardware and software components to deliver a secure virtualization environment for Active Directory, check out the webinar!



2

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabilities to a minimum is necessary. This popular system has the ability to both help and hurt corporations.


Recently, Microsoft published a guide containing more than 300 pages on how to keep Active Directory systems safe and secure. While a thorough breakdown of all available techniques and best practices, most teams don’t have idle time available to spend thumbing through the document—especially in a moment of critical need.


In response to this, Skyport Systems is hosting a webinar to provide quick, easy-to-implement tips on the best ways to secure the most vulnerable parts of your Active Directory infrastructure. They’ve done the heavy lifting of understanding this document.


Join us Thursday, April 20th, to learn:

  • Easier ways to secure AD based on Microsoft’s guidance
  • How to secure workstations and domain controllers with their SkySecure product
  • How to create an admin/red forest with SkySecure


Register Now


0
No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
1
 
LVL 28

Expert Comment

by:Thomas Zucker-Scharff
Comment Utility
Andy,

I'm impressed with this article.  I like the way you tested it out. Extremely well thought out.  Some things you may woah to address:

1. Don't repeat the summary.  Summary was good, but repeating it (or copying the first paragraph) is not a great practice.
2. Remove the word "not" from the summary.
1
 
LVL 10

Author Comment

by:Andrew Leniart
Comment Utility
Thanks for your comment and suggestions Thomas. Have taken them on board and removed the word "not" from the Summary as suggested.

Best...
0
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/securing-privileged-access-reference-material
6
 
LVL 8

Expert Comment

by:Senior IT System Engineer
Comment Utility
Great, so in this case by I assume that utilizing your GPO with WMI filtering above, the tier separation can be fully separated.
So do I just implement the Group Policy Preference above ?
0
 
LVL 31

Author Comment

by:Shaun Vermaak
Comment Utility
You need the groups, GPOs and filters on the GPOs. At the end you link these policies to the root of the domain but during testing it should only be linked to a specific testing OU
1
Do you know what to look for when considering cloud computing? Should you hire someone or try to do it yourself? I'll be covering these questions and looking at the best options for you and your business.
0
Smart phones, smart watches, Bluetooth-connected devices—the IoT is all around us. In this article, we take a look at the security implications of our highly connected world.
4

Security

23K

Solutions

174

Articles & Videos

23K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.