Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.

Share tech news, updates, or what's on your mind.

Sign up to Post

In a Cyber Security training, the trainer/consultant from UK has recommended to my colleague (I did not attend the training) to use MS sysinternals.

Our role is to capture the evidences/artefacts using Sysinternals.

a) an End User IT support told me that sysinternals is not supported by MS, it's given as it is for use.
    Concern is : has MS been updating the version of sysinternals for use on Win 7, 8, 10 and Win2008 R2, Win 2012 R2, Win 2016
    so that it can be run / used on these versions of Windows (both 32bit Win7 as well as 64 bits Windows)?   I felt if sysinternals
    could run & capture evidences/artefacts on these platforms/versions of Windows, it's good enough  or is there any concern
    since MS is not supporting it?    We do have MS Premier support contract including MS Security escalation, so I guess MS
    will still analyse dumps captured using sysinternal or won't MS do it?

b) our role is to capture the evidences/artefacts in the event of compromises/attacks & we'll engage external forensics
     experts to analyse.  Which of the tools/components in sysinternals offer these capturing?  Will need to elaborate a
     bit for this one.  Example for "Process Explorer", we can select the specific process & "Create Full Dump" or take its
    hash & submit to Virustotal if any of the 60+ security products in Virustotal reported the hash as malicious
WEBINAR: GDPR Implemented - Tips & Lessons Learned
WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

How to deploy the software to the client side safely so that no one can steal the code and data?
We have a site to site IPSEC vpn up and running and communicate to each security appliance, the gateways and VLANs We have connected laptops and other devices and can traverse back and forth.  However, Site A has a vcenter server and we are trying to add two hosts on Site B to the site a vcenter.  I can ping the hosts from site A, and ping B and vice versa. However, I cannot get access from site A to the ESXi Host on site B.  Is there a TCP/UDP necessary to connect to the host?
Dear Experts, when review the event viewer in Server 2012R2, we see this Null ID in logon task. But it should be the account username, am I right?

The logoff event works fine AFAIK

Could you please suggest? We'd like to trace the logon/logoff activities of domain users. Many thanks!
I Have Problem with Microsoft Office 2010 Excel i have Enable Security Settings but when i restart computer it automatically disabled

i want macro security options enabled for any time and through some regitory or  hotkey or any other solution.

Please Guide Regards,
I have to give a talk to older people about security online.  Would anyone have slides they have or would use?

I envision talking about how to try to tell if emails are legit, ignore calls from microsoft and others, dangers of opening attachments, ignore emails / calls from the IRS, etc.  Ie basics, not all that complex.

Any recommendations?
I have a simple PHP password application that checks for strength of a password before changing it.  In the link below I am trying to use the part that checks that the password is not a dictionary word.  The password I'm checking doesn't seem like it should be a dictionary word, but I keep getting that it is.  The link is:  

Test password is MzRZ=2wdu;x?NLk

Code snippet I'm using is:

 $word_file= '/usr/share/dict/words';
   $lc_pass = strtolower($newPass);
   $denum_pass = strtr($lc_pass,'5301!','seoll');

   if (is_readable($word_file)) {
        if ($fh = fopen($word_file,'r')) {
            $found = false;
            while (! ($found || feof($fh))) {
                $word = preg_quote(trim(strtolower(fgets($fh,1024))),'/');
                if (preg_match("/$word/",$lc_pass) ||
                 preg_match("/$word/",$denum_pass)) {
                    $found = true;
            if ($found) {
                $message[] = "Your new password is based on a dictionary word.";
                return false;

Open in new window

My Hotmail account is not a domain account and is controlled by someone else. I have given Microsoft all the documentation to prove this is my account. They have not done anything, Now I do not even have administrative
authority. I think I need my registry rebuild either from Microsoft updates and corrupt files. I was in the insiders program for a while and lost my computer for 6 weeks to Microsoft controlling my Hotmail account.
Is your service the answer
Hi All

This is not a question as such im looking for information ideas on how i can pass VLAN's across a ipsec VPN tunnel

Ive got 16 VLANS that is hosted at one site located a few hundred kilometers away from my secondary site and i want to be able to push the vlans from the main site to the secondary site and then be able to distriube those via a switch at the remote site

The sites currently will be connected via either Sonicwalls or WatchGuard UTM Appliances

Any help or suggestions on this would be greatly appreciated
Dear All,

Friend of mines company server got hijacked by using  Disk-crypt after much negotiation we got the codes (reduced prices £4000 to £300) so the laptops have all been decrypted; The sever dell using raid 1 mirror Perc S300 controller hasn’t been straight forward; eventually worked out how I had to boot from a alternate SSD with driver an SMB server 2011 etc, I’ve now decrypted the drives even though the server boot BSODS (sort later) but does anyone know how to remove the demand at boot from the MBR please for the password.

We Need Your Input!
We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

Dear Experts, we realized some abnormal traffic on my Cisco 3925 router when issued command: "show processes cpu, show ip flow top-talker, show ip nat translations" and blocked some IPs which were strange, but the other keep coming to attack us on port 389.

Is there any way to configure the Router so that it can react automatically? for example: block IP when the connection is higher than the pre-defined threshold? my router's CPU is 17-25%, is it too high? normally at offpeak time, it's just about 10%

Please suggest. Many thanks as always!
Hello ,

We have a strange behaviour on our server, 2012r2 Virtual machine joined to domain.
All users a connecting with RDP.
Every minutes we have a new connection from to 3389 that triggers the following events on the RemoteDesktopServices-RDPCoreTS, Module remoteFX
ID 141 Perfcounter started with ID 127 (for example)
ID 65 Connection session created
ID 131 Seever accepted a new TCP connection from
ID 103 Deconnection code 0
ID 102 Server finisehed principal connection with the client.
All the event are infromationals, no warnings or errors.
All this events are made in one seconds.

Nothing strange on the security event viewer.
Firewall is on, external RDP port is changed.

Do you have an idea form where this behaviour can come ?

Many thanks for you help.
Hi Guys,

We are trying to set up a Graylog platform with Incapsula.
The server was downloading the logs just fine, But then we found an error message in our server log.

2018-03-20 21:59:09,298 INFO LogsDownloader initializing is done
2018-03-20 21:59:11,084 ERROR Could not find file*******/***_520.log. Response code is 404
2018-03-20 21:59:11,085 INFO Sleeping for 20 seconds until next file download retry number 1 out of 3

We checked the*******/logs.index and the oldest log files are:


Do you know how can we restart the process counter?

It seems like the process is stacked in the log file number ***_520

On the other hand, we downloaded and added the content pack from Incapsula into our Graylog platform, but no dashboard or inputs were added.

Please let us know if you have some kind of recommendations or instructions.
The client gave me a WSDL file and from that I'm using svcutil.exe to generate the proxy class.   I did the following steps:

1) Opened up Developer Command Prompt for VS2015
2) Ran the following command > svcutil.exe CORETransactionService.wsdl CORETransactionService_schema1.xsd

I get the following error:
The attached file (outputfromSVCUTIL.png)

If I removed this from the wsdl file
 <wsp:Policy wsu:Id="wsp-d022643e-c1aa-467f-8471-f28e404d63fb"><ns2:AsymmetricBinding xmlns:ns2=""><wsp:Policy><ns2:InitiatorToken><wsp:Policy><ns2:X509Token ns2:IncludeToken=""><wsp:Policy><ns2:WssX509V3Token10/></wsp:Policy></ns2:X509Token></wsp:Policy></ns2:InitiatorToken><ns2:AlgorithmSuite><wsp:Policy><ns2:STRTransform10/><ns2:Basic128/></wsp:Policy></ns2:AlgorithmSuite><ns2:RecipientToken><wsp:Policy><ns2:X509Token ns2:IncludeToken=""><wsp:Policy><ns2:WssX509V3Token10/></wsp:Policy></ns2:X509Token></wsp:Policy></ns2:RecipientToken><ns2:Layout><wsp:Policy><ns2:Strict/></wsp:Policy></ns2:Layout></wsp:Policy></ns2:AsymmetricBinding><ns2:Wss11 xmlns:ns2=""><wsp:Policy><ns2:RequireSignatureConfirmation/></wsp:Policy></ns2:Wss11></wsp:Policy>
    <wsp:Policy …
Hello Experts,

I have a server (Windows Server 2008 R2 box) that is not getting Microsoft security updates.  The anti-virus it is running has created the QualityCompat registry key, but the server still only gets the non-security updates.  Any ideas?

We would like to lock down our work group PC's via the local security policy so they will not accept usb keys but will still charge usb devices, is that possible? We have a mixture of Windows 7/10 pro installed.

I'm drafting a guide on governing / reviewing external vendors connections to our corporate for support/development purposes:
so far we have 2 types of connections that are of concern (leaving out those ad hoc ones like Webex) :
a) permanent point-to-point VPN (using leased lines or permanent tunnel via Internet)
b) vendor are given RSA tokens to connect to us

Anyone has any such guide/doc to share & what are the fine points to look out for?  Eg:
1. periodically expiring the connection so that outsource owner (or the vendor's contact in our company) is forced to review it if it's still needed
2. review the staff list of the vendors (as user recertification of the vendor)
3. change in the hours of access?
4. permitting access to specific PCs at vendors' end?
5. logging / reviewing of the vendors' access?  (local regulator requires that vendors access must be 'monitored' so thinking of how to fulfill this)
6. ... ?

Any thoughts on whether it is possible to attach an access list of allowed IP addresses to individual users or groups on SharePoint 2013?

Would be useful in a number of scenarios on Extranet. It seems to be part of policy based security on SharePoint Online but we have SharePoint 2013 onsite.
Hi all

We got 7 MFPrinters.
We use some for "Send to mail".

We want good security, and therefore we have started to investigate, what type of security possiblities there are.

We use STARTTLS for now, and it might be the solution.
We talked about  implementing digital signature, but it seems rather impossible.

Do you have any ideas of what to look for in printer "Send to mail" security. ?

Our printer supplier wants us to use STARTTLS, and just stay there for now and wait for some better digital signature system.

I hope you can help.

Best regards
Mike Kristensen
Simple Misconfiguration =Network Vulnerability
Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

We are using Kaspersky Endpoint Security 10 for Windows on all our Domain computers, Just wanted to know is there a way that in Kaspersky we can define that whenever a computer  connects to our network if it has no AV, it detects and installs the AV by itself?
would a nessus scan include details of which devices/IP were scanned? We need to provide assurances that all servers joined to our domain are scanned at least every 14 days, and the only evidence we would have is the actual report. I am unsure having not used the product how the initial scan/scope is configured, but it would be interesting if you have to manually enter a list of IP's/server names, or if it integrated with AD etc, any feedback on what evidence could be used from within nesses for validating what scans they have run would be most useful. Would the scan results also include a time/date when it was run, and can the results be exported/provided by the admin and viewed on a machine without nessus installed?
We have a internal zone server holding financial data.

Users would like to load ACL (Audit Command Language) into it to analyse the data but ACL
requires periodic (think can be daily) connection to Internet (& possibly incoming ports but
I'm not certain about incoming) for license validation.

For a server that goes out to Internet, shouldn't it be placed in DMZ rather than internal zone?

Or it does not matter for outgoing;  it's more for incoming connections (eg: web server) that
needs to be placed in DMZ?

If we don't move the server to DMZ, what are the mitigations we can consider?
Let this server connect to a proxy to go out to Internet?
Use firewall to permit it to a specific destination IP for license validation only?
If the ACL component can't go by proxy, but it requires a non Tcp80/non Tcp443,
is this considered safe to permit (without going thru proxy)?

If an internal zone server (Prod) goes out via proxy on Tcp80/443, isn't this
akin to a sysadmin being allowed to browse Internet from an internal server
which is risky?
I’m trying to find a scanner (brand and model), along w/highly secured software that will support me being able to scan both medical and tax documents...
Based on my research, I need to scan and use software w/layers of security and encryption such as WPA2, VPN w/OSI layer 3, SFTP, etc.,
Do you have any suggestions on what scanner and software to use and how to securely set this up?
I work in a medium sized private school in asia. We're planning to get tablets for our students that can be brought home for their use. We would like to be able to enforce our school policies, will filter web content, and be able to control their internet access (to limit their access so they dont stay too much time. Can anyone propose any solutions?

Thank you
How to block outgoing SMTP-connections from one IP on a Linux server.

I have a Linux server (Running Plesk) with 2 IP's
IP1 is used for website
IP2 is used for mail

I want to block users from creating script to send mail directly (spam).
All mail are supposed to be send via the mailserver on IP2

In the Plesk Firewall, I can block incoming connections on ex. port 25, but not (as far as I can see) outgoing.

I found this suggestion:
iptables -I OUTPUT -m owner ! --uid-owner postfix -m tcp -p tcp --dport 25 -j REJECT

How can this be done?







Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.