Security

26K

Solutions

25K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.

The onset of year 2018 has been a usual business for IT teams still struggling to find their way out in terms of strengthening their cloud security.
0
Data security in the cloud is very much like a security in an on-premises data center - only without costs for maintaining facilities and computer hardware.
0
The Windows Firewall provides an important layer of protection and a rich interface to configure it. Unfortunately, it lacks item level filtering. This article details my process of implementing firewall-as-code to reduce GPO bloat.
4
Native ability to set a user account password via AD GPO was removed because the passwords l can be easily decrypted by any authenticated user in the domain. Microsoft recommends LAPS as a replacement and I have written an article that does something similar. But what if you want something simple?
3
The Super Bowl is just days away. Millions of advertising dollars will be spent in just a few hours to drive people to websites around the globe. Optimizing your site in anticipation of a big event like this (and the traffic surges that follow) will ensure your success.
0
Feeling responsible for an unfortunate ransomware infection on my parent's network, persistence paid off as I was able to decrypt a strain of ransomware that was not previously (or at least publicly) cracked. I hope this helps others out there affected by the same strain. CL 1.4.0.0 Fairytail
11

Expert Comment

by:Пастовенський Костянтин
3 days of scan - nothing.
Can i give some files to understand 8bit or 9bit (step)??
0

Expert Comment

by:Grimsever
Доброго времени суток, прошу помощи с дешифровкой. Пробовал брут из данного видео https://www.youtube.com/watch?v=oNqcWQ3WL20&index=3&list=LL8Bn9Ctt7r2XNVtTTY2vEcA&t=103s, не помогло. Буду крайне признателен. Ссылка на сам файл https://yadi.sk/d/b6KxCuDtc-A3wQ

Good day, please help with decryption. Tried to brut from this video https://www.youtube.com/watch?v=oNqcWQ3WL20&index=3&list=LL8Bn9Ctt7r2XNVtTTY2vEcA&t=103s didn't help. I would be very grateful. Link to the file  https://yadi.sk/d/b6KxCuDtc-A3wQ
0
In this interview with the head of client strategy for blockchain developer Very, we take a look inside the growing popularity of blockchain development and how this technology can make an impact beyond Bitcoin.
3
There's never been a better time to become a computer scientist. Employment growth in the field is expected to reach 22% overall by 2020, and if you want to get in on the action, it’s a good idea to think about at least minoring in computer science and knowing how to code.
2
This blog will spread awareness about Dropbox. We have given the statements based upon our experience. Along with this, there is a section of some new plans that should be added in Dropbox this year. This will make the storage service enhanced from the existing one and help in better business usage.
0
The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone. Any comments, bug reports etc. are welcome...
7

Expert Comment

by:Joseph Reynald San Pedro
Hi Shaun,

We have already published the site and the error seems to be from IIS. Can we send you the web config and help us check if there is an error in it.

Thanks!
0
LVL 56

Author Comment

by:Shaun Vermaak
Sure. Is the correct user configured on the IIS Application pool
0
Spectre and Meltdown, how it affects me and my clients?
3
LVL 51

Expert Comment

by:dbrunton
That Intel tool is only useful for checking for the Intel Active Management Technology flaw.  That's an old flaw.

This is the Meltdown and Spectre problem which is a new flaw.
1
LVL 28

Author Comment

by:Jose Gabriel Ortega Castro
Thank you for the comment, I've updated it.
1
Each password manager has its own problems in dealing with certain websites and their login methods. In Part 1, I review the Top 5 Password Managers that I've found to be the best. In Part 2 we'll look at which ones co-exist together and why it's often useful to use more than one.
12
LVL 29

Author Comment

by:Andrew Leniart
Hi Bernhard,

Thanks for your comments. 2FA is an important consideration for many, an unnecessary nuisance for others, and then you have the camp that believes it should be forced (or at least made as an available option) everywhere as standard practice :)

For my own part, if 2FA is an option, I'll always enable and use it, but that's not always so. My bank as an example doesn't have the option available to me to just log into my account - opting instead to only force 2FA on money transfers to accounts that have not been transferred to before. I could give dozens of other examples that don't make much sense to "me" personally.

At the end of the day, everyone must reach their own conclusions and decide on what's best for them.

Regards, Andrew
1
LVL 33

Expert Comment

by:Thomas Zucker-Scharff
Bernhard has an excellent point.  I love Sticky Password, but how does it know it is you if it doesn't store the credential you are logging in with?  I am actually in the midst of a tech support triage with SP and intend to ask the very question.

And by the way SP does have 2FA.
0
Although free tools can be helpful to a limited extent, it’s better to stick to paid versions for business use.
0
2017 was a scary year for cyber security. Hear what our security experts say that hackers have in store for us in 2018.
0
With more and more companies allowing their employees to work remotely, it begs the question: What are some of the security risks involved with remote employees and what actions should we take to secure them?
7
Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense Magazine.
1

Your business may be under attack from a silent enemy that is hard to detect. It works stealthily in the shadows to access and exploit your critical business information, sensitive confidential data and intellectual property, for commercial gain. The term ‘spyware,’ covers a wide variety of such sinister software programs that installs on a computer without the user’s knowledge to essentially hijack web browsers, monitor all user activity on a machine, open backdoors for remote attackers, steal personal information, display unsolicited advertising, and slow PC performance.


The threats and risks posed by spyware for businesses include loss of productivity, profitability and credibility, liability from privacy violations, increased helpdesk cost, and damage to brand reputation. Spyware remediation and countermeasures to keep your company computer systems as safe as possible are in fact as critical as antivirus and antispam measures.


How Does Spyware Work?


Spyware generally falls into two broad categories.


  1. Surveillance software that includes applications such as key loggers, screen capture devices and trojans used to collect sensitive information about the user for monetary exploitation

 

  1. Advertising spyware that can be used by legitimate companies to log information about the user’s browsing history, personal details and online shopping habits to download and display advertisements on your computer utilizing your system resources, such as RAM and CPU.


Once installed on a computer, the program begins logging keystrokes, monitors online purchasing, websites visited, personal data or scans your hard drive to gather valuable information, all of which is then silently transmitted to a third party via file transfers to be aggregated and used for either legal or illegal purposes.


How Does Spyware Infect A Computer?


Spywares are designed to do its work without attracting suspicion and uses a number of convincing disguises to get installed on a user’s computer.


Spyware can be downloaded from web sites, direct file sharing programs, free downloadable software, or even be hidden in email attachments and instant messaging applications. Users can unknowingly install the spyware by clicking on the attachment or weblink, or by downloading the software.


Spyware often relies on “Drive-by installs,” wherein innocuous-looking pop-up windows with “OK” or “Click Here To Read” buttons which, when clicked, leads to the spyware being downloaded. This method of infection is usually accompanied by some form of adware, unwanted toolbars, links, new bookmarks in web browsers, or users get a host of pop-up ads.


Spyware also uses flaws and security holes in certain web browsers.


Often users receive spyware by unwitting accepting an End User License Agreement from a software program.

The new breed of spyware is both clever and tenacious enough to remain undetected for long periods of time. This is when spyware detectors come in handy.


What Are Spyware Detectors?


Spyware detectors are antispyware programs that perform routine checks on the computer to block and prevent spyware infections so that your system is clear of any unwanted and threatening software. Antispyware applications protect organizations from spyware intrusions by automatically scanning and sending potential spyware to quarantine potential malware so that you can delete threats before they can do any damage to your computer software.


They also monitor incoming data from email, websites, and downloads of files to stop spyware programs from being installed. You won’t have to worry about which email attachments are safe to open or whether certain software is suitable for download.


Spyware detectors also send out alerts when a spyware tries to install itself on your computer and warns users against suspicious links within emails, websites and live chats.


Antispyware programs can speed up the computer and browsing performances by removing spyware, adware.


Install Antispyware To Protect Your Business Computers

 

Today, spyware detectors play a critical a role in securing an organization’s system, just like the antivirus and personal firewall software. Always purchase your antispyware program from a retail store or reputable online retailer so that you get a legitimate program. There are many free antispyware programs available on the net but some of these are really spyware programs in disguise and can end up infecting your computer.

Choose the best spyware detector for your business. One that can help scan, detect, remove and block spyware using a friendly and intuitive interface. There are some antispyware programs such as Malwarebytes, SuperAntispyware and Spybot – Search & Destroy  that have been designed specifically to protect your machine from spyware, while others block both viruses and spyware serving as a great endpoint security system, such as Avast Endpoint Protection,  Sophos Endpoint Protection or McAfee. Bitdefender’s GravityZone Business Security package is a more comprehensive security system that can easily detect and fight a variety of malware, ransomware and zero-day threats that may go undetected by traditional security products. For organizations that use a range of different devices and platforms, it may be good to give Trend Micro Worry-Free Business Security a try, as it provides protection for Windows, Mac, mobile devices and servers. Moreover it also stops emails carrying sensitive information from being sent out accidentally or even deliberately.

In today’s world of data threats, your business just cannot do without antivirus and antispyware software. Also implement proactive measures, such as being selective about what you download, reading licensing agreements, being aware of clickable ads and antispyware scams, to deal effectively with both known and unknown threats.

0
It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
1
Phishing emails are a popular malware delivery vehicle for attack. While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to come from a trusted source. Ready to learn more?
1

The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security tools at their disposal to keep cybercriminals and hackers at bay. It can be a real challenge to know where to start, when you are defending against malicious code that can damage your system and against cyberthieves on the lookout for sensitive data to sell on the black market. One thing every business can do to protect their website and customers is to use Secure Sockets Layer (SSL) certificates, particularly if they run an e-commerce site or collect personal customer information through their site.


What Is SSL?


The Secure Sockets Layer (SSL) is the most widely used Internet security protocol used today. This encryption technology protects your sensitive information as it travels between the visitors’ web browser and the web server of the website they are interacting with. This secure link ensures that all data is transmitted without being intercepted by prying hackers.


SSL encrypts all data before it is sent so that no one besides you and the website you’re submitting the information to, can see and access what you type into your browser. Random characters are inserted into the original information to make it incomprehensible for anyone without the proper encryption key. Therefore, if it does fall into the wrong hands there is nothing to worry about since the information is unreadable.


SSL Certificate Basics


When you visit a website that has an SSL certificate issued by a trustworthy authority, your browser (i.e. Internet Explorer®, Firefox® and Chrome™) will form a connection with the webserver, recognize the SSL certificate, and then connect your browser and the server so that confidential information can be exchanged.


To enable SSL on your site, you need to get an SSL Certificate that identifies you and install it on your web server. The SSL certificate must also be digitally signed by another trusted root certificate to prove that the SSL certificate provider can be trusted. Business owners can get standard and extended certificates along with tools to manage multiple certificates or security challenges.


Steps For Getting A SSL Certificate


Once you have selected Certification Authority vendor, send a request for certification and pay for the certificate.

Every CA will provide a Certification Practice Statement (CPS) with more specific information about their verification process and how long it will take to receive approval, depending on the complexity of your organization and the type of certification applied for. Business owners then have to go through various stages of vetting before they can install the certificate on their site and connect to a secure server on the web.


When the SSL Certificate is installed properly, you can access a site instantly by changing the URL from http:// to https://. The secure connection happens instantly and technically.


How Can Consumers Tell if a Website is Certified?

SSL is a transparent protocol which requires no interaction from the end user. Users can verify whether the web address in their browser displays a padlock, or, in the case of Extended Validation SSL, if there is both a padlock and a green bar. This assures visitors that the site is SSL certified and that your connection is automatically secured.


How Can SSL Be Used For Business?  

 

The most common applications of SSL are to secure payment transactions, system logins, email, data transfer, and any other sensitive data exchanged online.


If your organization has to comply with regional, national or international regulations, such as Payment Card Industry compliance, on data privacy and security then you will need an SSL certificate with the proper encryption. EV SSL provides advanced security measures to deal with the bigger risks that come with e-commerce today.

SSL is critical for protecting sensitive information such as customer names, phone numbers, addresses and credit card numbers. It also defends your site from malware and prevents malvertising from eating into your resources.

SSL secures webmail and helps establish secure connection between an email client such as Microsoft Outlook and an email server such as Microsoft Exchange.


SSL can also be used to secure intranet based traffic such as internal networks, extranets, and database connections. It also helps transfer of files over https and FTP(s) services safely.


Future-Proof Your Site With SSL Certificate


Online businesses can gain and retain their customer’s trust by getting SSL certification.  Lunarpages offers free dedicated  SSL certificate  and dedicated IP’s with all of our business plans or you can get a Dedicated SSL certificate on your account. Shared SSL certificate will function only with HTML, and cgi/perl based documents/scripts/carts but it will not work with ASP, JSP or PHP pages because of security restrictions on the servers. For that you will need to purchase a Dedicated SSL Certificate and Dedicated IP. If you’re still unsure about how SSL will affect your website, contact Lunarpages at 1-877-586-7207 (US/Canada) to know more.

0

When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from others breaking into your data. Google, Mozilla, and other major browsers are on a mission to make insecure HTTP a thing of the past. Google has made HTTPS (Hypertext Transfer Protocol Secure) and website loading speeds major ranking factors.  HTTPS uses a connection encrypted by transport-layer security to protect transmitted data from eavesdropping. Most browsers like Firefox and Chrome now prominently show ‘Not Secure’ warnings in the address bar and warnings also appear directly below form fields on pages using HTTP. These changes show that HTTPS is now a necessity for all sites, because of its privacy and security benefits.


Businesses depend upon SSL certificates to encrypt data and authenticate both internal and external systems and applications to ensure appropriate access. By having websites and endpoints on the Web configured with a SSL certificate, users are assured that the endpoint has been authenticated and any communication with these sites over the HTTPS protocol is encrypted. Complete encryption of data transfer with Secure Socket Layer certificates (SSL certificates) is quickly becoming the norm throughout the Internet.


The Need For Automated SSL Encryption


SSL certificates are used not just for browser-based security but also for secure server-to-server communication for applications and data exchange. The implementation of SSL certificates is rarely automated which means trying to recall special commands, going over steps to renew and deploy a certificate and then tackling complicated installation processes, which can be tricky even for experienced website administrators. The consequences of improperly configured or expired certificate can be disastrous for an organization amounting to financial losses, fines for non-compliance, and lower productivity.


All SSL digital certificates have a lifecycle anywhere between one and three years and upon expiration are not considered valid. SSL certificates need to be renewed at the end of their life to avoid outages, service disruption, and security concerns. Sometimes certificates may also need to be replaced earlier (e.g., bugs, end-of-life of SHA-1 hashing, change in company policy). Keeping certificates up to date, especially when maintaining a multitude of servers can be really annoying. Moving to an automated SSL certificate lifecycle processes takes out the need to rely on manual processes; it takes the guesswork out to improve efficiency and reduce security risks for your business. cPanel addresses the pain point of SSL installation and renewal through the AutoSSL feature.


Fully Automated SSL Encryption With AutoSSL


cPanel, Inc., has recently added a feature called AutoSSL (automated SSL) to automatically provision, issue, configure and install validated SSL certificates to its web hosting partners’ websites. Automated SSL also enables SSL on admin-based logins, email and internally running services in cPanel. AutoSSL is now available to all cPanel web hosting accounts and those running WHM version 60 or later. It is possible to view the logs for AutoSSL right from the WHM interface. AutoSSL automatically includes corresponding www. domains for each domain and subdomain in the certificate. But AutoSSL only includes domains and subdomains that pass a Domain Control Validation (DCV) test as proof of ownership of the domain.


Take The Hard Work Out With Automated SSL Encryption


With AutoSSL enabled, there is no need to fill out lengthy forms and no more having to manually copy certificates into place.  Your websites are automatically secured and encrypted with free Domain Validated SSL certificate and your coverage never lapses. A cronjob handles the request, download, and installation of new SSL certificates around expiration time for all of your hosted domains.


Secure Your Website With Automated SSL Encryption


Users will enjoy a more streamlined experience, with fully automatic issuance, renewal, validation, and setup of SSL certificates for all websites, logins, and endpoints on the server. An automated SSL encryption system eliminates common human errors in the process, which may be caused by the system admin or anyone installing the certificate. Automated SSL encryption improves the privacy, security, and trust of websites for the end users because there will be no lapse in a valid certificate.

0
Securing your business data in current era should be your biggest priority. Numerous people are unaware of the fact that insiders commit more than 60 percent of security breaches. You need to figure out the underlying cause and invoke your potential to enhance security.
0
Experts Exchange expands question security options for members.
5
This article is about my experience upgrading my consulting machine to Windows 10 Version 1709 (The Fall 2017 Creator Update)
5
LVL 68

Expert Comment

by:Jim Horn
Well written John, and excellent images.  -Jim
0
LVL 115

Author Comment

by:John
Thanks. I appreciate that. I will work on improving things going forward.
0
Let's take a look into the basics of ransomware—how it spreads, how it can hurt us, and why a disaster recovery plan is important.
2

Security

26K

Solutions

25K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.