[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Security

25K

Solutions

24K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have this php that looks if a user is part of a group if so Great you can view the full web page if not you can only view some of the web page.

<?php
//ini_set("display_errors",0);
//error_reporting(E_ALL);
error_reporting(E_ERROR);

$vistor = substr($_SERVER["AUTH_USER"], 20);

$myUsername = "work\jtest";

$myPassword = "password100";

// specify the LDAP server to connect to
$Groupconn = ldap_connect("192.168.1.1") or die("Could not connect to server");

ldap_set_option($Groupconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($Groupconn, LDAP_OPT_REFERRALS, 0);

$Groupbind = ldap_bind( $Groupconn, $myUsername, $myPassword );

    if ($Groupbind) {
// echo PHP_EOL . "LDAP bind successful...<br>" ;
    } else {
        echo PHP_EOL . "LDAP bind failed...";
    }


$Groupbase_dn = 'DC=work,DC=com';



$group = "CN=HR,OU=Security Groups,DC=work,DC=com";




$GroupFilter="(&(objectCategory=user)(sAMAccountName=".$vistor .")(memberOf=" .$group. "))";


$Groupresult = ldap_search($Groupconn, $Groupbase_dn, $GroupFilter) or die ("ldap search error");

$Groupinfo = ldap_get_entries($Groupconn, $Groupresult);

$Groupfound = false;

if ($Groupresult !== false) {
    $Groupcount = ldap_count_entries ($Groupconn, $Groupresult);
    if ($Groupcount !== false && $Groupcount > 0) {
     $Groupfound = true;
    }
}



if ($Groupfound === true) {
    $Groupyes = "1";
    echo "yes";
} else {
    $Groupyes = "0";
    Echo "no";
}

?>

Open in new window


THis code works great I

add
IF($Groupyes == "1"){
Echo "only cool people can see this";
}Else{
Echo "you are NOT cool";
};

Open in new window


But this only works for 1 Security Groups HR

I need to have levers

group 1 = ceo
group 2 = IT
group 3 = HR
group 4 = all other staff

then in the php code if I want only HR to see some thing but not IT I can do

IF($Groupyes == "3"){
Echo "HR can see this ";
}Else{
Echo "You are not HR";
};

Open in new window


or have more this 1 group able to see a part of the web site.

IF($Groupyes == "3" AND Groupyes == "1" ){
Echo "HR and the CEO can see this ";
}Else{
Echo "Sorry IT you can't see this. ";
};

Open in new window

0
OWASP: Forgery and Phishing
LVL 12
OWASP: Forgery and Phishing

Learn the techniques to avoid forgery and phishing attacks and the types of attacks an application or network may face.

Hello,

I have this message when I try to log in Facebook account that request a security check with an SMS.
When I do continue after confirming my phone number I hav ethis message:

"It looks like you’re using this feature in a way it wasn’t meant to be used. Please slow down, or you could be blocked from using it."

Do anyone have an idea to get of of there?
Both my profile and buiness page are down.

Thanks
Fault message
0
We have Centos release 6.10 (final) and want to apply the security patches assuming yum -y update -security will do the job. But there is a new version of Centos available.
Can i just issue yum upgrade to jump into next version .
I would appreciate your recommendation on this.
0
Hello Experts,

We have implemented a script to partially automate our server deployments.  The issue is when it has already run on a system, it does not fully apply and errors out stating it cannot modify because it already exists.

1.  Can we modify this script if it detects the predefined setting is already there, to move on to the next step?
2.  Certificates - Instead of defining a static path can it prompt for the path to generate the CSR within?
3.  Secedit - prompt for the location of the new security template file
3.  Some of our applications need TLS 1.0 to actually work - So prompt if we really want to make this change?

Start-Transcript -Path C:\Temp\serverbuildpolicylog.txt -Append -Force -Verbose

# Create CSR for RDP certificate.
$certname = Read-Host -Prompt "Enter FQDN of server."
(Get-Content -Path C:\temp\servercerttemplate.txt -raw) -replace 'fqdn', $certname | Set-Content -Path C:\Temp\servercerttemplate.txt
certreq -new C:\temp\servercerttemplate.txt servercertCSR.csr

# Set registered owner and registered.
$registrypathregowner = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion"
$registrykeyregowner = "RegisteredOwner"
$registrykeyownervalue = "Some University"
$registrypathregorg = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion"
$registrykeyregorg = "RegisteredOrganization"
$registrykeyregorgvalue = "Some Unit"
Set-ItemProperty -path $registrypathregowner -name $registrykeyregowner -Value $registrykeyownervalue
Set-ItemProperty 

Open in new window

0
Trying to deploy Logmein via GPO and im getting Event ID 102. The install of application Logmein from policy Logmein failed. The error was %%1603.

I checked and the security of the MSI file is set to Everyone with full permissions. It even added the computer to the logmein control panel but there are no system files in the Logmein program folder.
0
What are Enterprise size businesses using to replace old FTP Server technology.

Where I work we are looking to update our technology and replace our FTP Server.  I have been charged with researching alternative solutions to using an in house FTP server.  This F.T.P. Server is used by our:

- Employees
- Customers

To share files from different locations.  We want to have it secured so its not open to everyone on the internet.  Citrix ShareFile is good; but, it is expensive.  IS there any type of technology that we can use and setup on premises?  That we cna install and have it work better and more securely than FTP?

Even if you need to pay a little bit that is fine.  We wil need several dozen accounts to connect and share files to this alternative solution.
0
I am trying to find out if my system has been compromised or not.  I have a simple Windows domain with two servers.  One is for Active Directory and the other is an exchange server.  The domain scheme was setup to be xyz.local and has been working for several years now.  Today, we realized that something has changed and we can only now login with the credentials of xyzabc.local.  When you look at the system properties on both servers, it still says xyz.local.  Is there some way to check on this change was made?  Thank you!
0
Office 365 Security and Compliance.
I would like to structure a content search query so that it will return any email sent externally. I'm struggling with finding the syntax for it.

Example of the results I'm looking for.
Internal domain: dom.com
Should match: Recipients - joe@ext.com
Should match: Recipients - joe@ext.com, jane@test.com
Should match: Recipients - joe@ext.com, jack@dom.com, jill@dom.com
Should not match: Recipients - jack@dom.com, jill@dom.com
Should not match: Recipients - jack@dom.com
0
Domain Admin Group. As of now we have four actual people in the domain admin security group, the administrator account and then a handful of service accounts that primarily read AD...example a C# program logs in using windows credentials but uses the service account to authenticate with AD, another example is using service accounts to run services on specific servers.

My question. the four people only need access to this group for access to servers  and network shares (I can get rid of this).
Administrator account of course has to stay.

This leaves my service accounts, whats the best way to go about removing these accounts from domain admin group while still allowing them permission to run the actions they run?
is it through group policy or local server access?

Looking for how we can minimize risk, also curious- how you treat your domain administrator account password? We have it pretty much limited to only access servers from a login standpoint, but who has access to this password, what do you guys use it for if anything?
0
I've got a problem with Exchange 2013, when I add recipients to security groups for access such as to shared mailboxes, and permissions do not seem to have any effect. If I add the users individually with the command below, then everything works as it should. There's no error or obvious issues, the users just confirm that they are unable to access the shared mailbox. Anyone seen this, or any ways to find out what the problem might be?

Add-MailboxPermission -Identity "sharedmailbox_name" -AccessRights FullAccess -User "recipient_name" -AutoMapping $true
0
Learn SQL Server Core 2016
LVL 12
Learn SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

Anyone have any experience with Cisco Cloud Email Security with the AMP add-on? We are currently using Office 365 for email and are looking for a more robust email security platform.

The Cisco solution is one we are looking into, does anyone else have any experience with any others or would be able to make any recommendations?

If you have used Cisco CES, how is it working out? Is there a big difference vs Office 365's built in security features?
0
We are currently using a Meraki MX84 for VPN.  It connects to our Active Directory to authenticate users.
I am setting up a Duo Authentication Proxy to tie into my Meraki MX84 so I can have Multi-Factor Authentication on my VPN.  The Duo Auth Proxy is asking for a Radius Secret from the Meraki.  I am not sure where to setup the connection on the Meraki side.  Am I setting up sign in with my Radius Server under Access control?
0
We have set up several Windows Server Essentials 2012/R2 servers for remote web access (Anywhere Access) with the free Microsoft remote web access domain name and certificate (i.e., company.remotewebaccess.com).  We are now receiving alerts on the server indicating that the remote access certificate is about to expire and needs to be "renewed with your Certification Authority."  Could you please let me know the simplest, most efficient way to renew the Microsoft remotewebaccess.com certificate we originally set up?

If that cannot be done, what is the most straightforward way to resolve this problem and keep Anywhere Access working?

Security certificates are not something I am very familiar/experienced with,unfortunately.

Thanks very much.
0
I have an HP E5406zl switch with several vlans that was set up by a vendor. The switch seamlessly routes traffic for all vlans... meaning there appears to be no security between vlans.
All subnets can reach each other.

Is it possible for the switch to route selectively? Can I create an access list that prohibits certain vlans from communicating? (or is this just wrong?)

I can use a firewall to protect a vlan, but I'd like to do it with the switch itself if that even possible.

Thank you!
0
Q1:
There are numerous Wordpress & PHP vulnerabilities:
Besides patching, which is more appropriate to provide a mitigation
(looking at virtual patching) between an IPS or a WAF ?

I tend to think WAF is more for XSS, injection, brute force, "file inclusion", CSRF
kind of vulnerabilities (that are related to Secure Coding) while IPS in general
will match the vulnerability patches from product principals.

Q2:
Correct me if I'm mistaken or is there a WAF (looking at Barracuda) that could
perform both WAF plus IPS functions?
0
Is there anywhere on the One drive desktop client to identify what files are shared with other users internal and external. Its a security concern as it seems you have to access One drive on line to identify what you have shared with third other users, thanks.
1
I'm listing out IT Infra changes that require CR / change control ie subject to CAB.
1. OS, network device OS patching/update/upgrade
2. Installing or configuring a software/feature
3. Adding/deleting/amending an ACL or firewall rule for Production purpose
4. Configuring DB changes : to list out ...
5. Hardenings & OS changes (permission changes etc)
6. OS/device tunings (including migrating services behind WAF, ...)
7. changing account/object privileges

However, I think the following just require an SR/email:
a. blocking of IOCs (from threat Intels)
b. unlocking accounts/password resets
c. login to check/extract information (Cisco 'show run')
d. restarting / rebooting a service or OS due to fix a problem
0
hello,

i need a script to add a right on specific dns zone integrated in my active directory, i need to select all host A entry that name is like computer123 "computerxxx" and for every entry add in security the dns service account "dns_service" with read and write permission.
the permission may be already exist.

thanks for help
0
We just had an incident where  Wordpress auto-updates  failed (it was
looking for "“wp-config-sample.php”  which was not there & thus failed.
It's on our public facing web server & it caused an outage

What's the best practice for Wordpress updates :
a) allow auto-updates for minor + security patches  or disallow this?
b) disallow major feature update?

We are on version 5 of Wordpress : auto-update was Enabled & never
triggered such outage till we moved to Ver 5 (as I was told).

Senior management is against the idea of auto-update


got the following from some sites:

Automatic Background Updates
For WordPress 3.7+, you don’t have to lift a finger to apply minor and security updates. Most sites are now able to automatically apply these updates in the background. (You’ll still need to click “Update Now” for major feature releases.)

A site quoted:
“be careful disabling automatic security updates for WordPress as doing so could put you at risk for a brute force attack, hack, etc”


So what's the best practice?  Allow minor+security auto-update (what's the risk of service disruptions if we allow)
& can Ver 5 of WP allow both auto (for minor+security) but disallow auto-update for major version updates ?

Does IPS signatures out there auto-deploy "Block" mode for Wordpress signatures or only "Detect"?
(I don't have access to an IPS anymore):

If senior managemt disallows auto-updates, what's the mitigations?  Permit IPS to auto deploy "Block"
mode…
0
Acronis True Image 2019 just released!
LVL 1
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

I would like to change the old directory and its contents on the server to read only to prevent all users to modify it because I have already moved all contents to new location. I just want to change the old directory to read only in case some one would like to refer the old contents. May I know how can I do it?
0
Please HELP!!! Now this is going on approximately 6 months now and the only resolve this to this is rebooting our Domain Controllers in our environment.  We have spend countless dollars having Microsoft review logs, webX and remote administration but to know avail as it relates to Event 21 errors with the use of Smart Cards
NOTE:  PIV card - Certificate error - smart card certificate used for authentication is not trusted.

We use SolarWinds Monitoring tool to alert of us critical events that will affect our operations and availability to the customer.  I suspect an issue with Replication from our OCSP Servers to CA, etc.  <See Attachment >
Application Name: PIV Authentication Event Monitor

Components with Issues: Event ID 21(Down)

Event Details: --- Event 1 of 1:

Log Name: System
Source: Microsoft-Windows-Kerberos-Key-Distribution-Center
Logged: 12/06/2018 15:12:59
Event ID: 21
Level: Warning
User:
Computer: HQ1-XXXXX-S5.example.com

The client certificate for the user HQ\_jdoe is not valid, and resulted in a failed smartcard logon. Please contact the user for more information about the certificate they're attempting to use for smartcard logon. The chain status was : The operation completed successfully.
replication_info.png
Site-Intervals.png
0
Windows 2008 server R2 and around 200 users.

In the beginning, we had missed this setting in GPO: "Add the Administrator security group to roaming users profiles"

So let say that half of our user home folders are unavaible for admins, and the other half (the one we created after the setting in GPO was applied) works fine.

Admin need access to all user folders for two reasons:

1. Manually deleting user folders when users are deleted from AD.
2. We need to move the whole user folder to another drive.

So, what is best way to give admin access to theese folders?  I would prefer to avoid the step of going to every folder one by one, giving admin ownership of the files.
The user still wants to be the owner of his files.

There must be a better way.

Suggestions?
0
Hello everyone,

I'm currently working on a Exchange 2013 infrastructure, and I was wondering how to manage calendar rights on ressource mailboxes.
As a matter of fact, each user who wants to access one of these is directly added to the calendar, until now. Here's an instance :

Ressource email : "test_ressource@domain.com:\calendar"
User : test_user@domain.com
AccessRights : {ReadItems, CreateItems, EditOwnedItems, FolderVisible}


I'd like to manage it with AD security groups instead, but the only way is to create a distribution group (Type : Security) in EAC. We can't do this with regular AD groups.

Does someone have any idea what are the best practices about this subjet ? I didn't find something relevant on the internet...


Thank you in advance for your help !


Regards,
Nicolas S.
IT System Adminitrator
0
Looking for Script to find current page file Size/ status on windows 2008 and 2012 Server
and can we automate the Pagefile setup for servers in domain according to  Memory assigned on different Boxes
Will there be any Reboot required or if we can do it without reboot
1
we are setting up a co-managed IBM QRadar siem but i have 7 out of 200+ targets where i cant open the application or system logs remotely. they are fine locally. i can open security and setup so doesnt look like a larger port or security issue.
error message is event viewer cannot open the event log or custom view verify that event log service is running or query is too long (5)

the entity connecting is in local security with manage auditing and security log. there are 2008 r2, 2012 r2 and a brand spanking new 2016 server involved. i cant see any reason they should not be openable(??). i have tried with the service account and a domain admin account. same result.

cant find much in a google search but thats usually failure to ask the question correctly.  anyone have an idea?
0

Security

25K

Solutions

24K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.