Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x

Security

23K

Solutions

23K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.

Share tech news, updates, or what's on your mind.

Sign up to Post

We are developing a SAAS based product, in which two passwords per user will be stored. These are not application passwords but passwords to be used somewhere else.

Since the app is storing passwords, we are a bit concern about its security. For example what if somebody gets access to app or to database itself.

So is there any recommended procedure on this ?
0
The Eight Noble Truths of Backup and Recovery
LVL 4
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

I have been a victim of a fraud on a house purchase and wish to know from which party involved in the transaction the fraud came from?
I have got all email headers and X IP
0
Our company utilizes Tenable Security Center for our vulnerability scanning, and BMC Client Management for our patching/mitigation.

What we are noticing, is that the 2 systems don't always "speak the same language".

For instance, Tenable might say that there is a vulnerability for Plugin ID 100551, but BMC doesn't look at the missing patch roll-up in the same manner.  Trying to reference CVE numbers and the like, also gets messy.

Is there some method in which we could readily compare missing patches between the 2 dissimilar systems?

Thank you
0
After a recent external penetration test, in responding to findings I used the IISCrypto.exe tool to harden our Exchange 2010 server (using the best practices template), disabling old protocols and weak ciphers, as well as reordering the cipher suite order.  After this was done, one of our vendors is unable to receive email from us.  Every other recipient is fine.  When we email them, we don't get the undeliverable right away, it waits 24 hours then we get the NDR as shown below.  I backed out the changes and went back to the server defaults, but we still have the same issue.  I've worked with our encryption vendor, who hosts the outgoing smart host virtual appliance, and they don't see anything other than possible network issues with the vendor's MX records.  I've also been working with the vendor, but their help is only to a certain extent, as they state no one else is having issues emailing them.  My question is, has anyone seen this behavior before?  Is there anything that needs to be reset or do certificates need to be renewed....anything related to the changes I made that could fix this issue?  I don't want to have to rebuild the Exchange server, but will if needed although that doesn't seem like the valid solution.  Any help or at least pointing in the right direction is much appreciated.  Below is a copy of an NDR we are receiving.  Thanks

Michael Deaton
IT Security Officer
Clark County Credit Union
702-939-3147

Diagnostic information for administrators:
0
Why WDS says firewall if off when we have Comodo Internet Security Premium 10 (has Firewall)?  Also noticed "App & Browser control" says it's OFF and device may be vulnerable, what can be happening?

Screen image:
WDS message
Note we have windows 10 pro
0
I have a question related to OLE Automation (reference: Why not enable 'OLE Automation Procedures' )

I need to use OLE Automation to interact with the Windows File System.  I do not want to leave OLE Automation "turned on" because of Security Risks so......

Is there a way to turn OLE Automation On at the beginning of a Stored Procedure and then turn it back off at the end of the procedure?   The Procedure will run on a timed cycle from a SQL Agent job.

Thanks in advance!
0
At NY Data Center, and UK and US Offices the IP addresses accessing in and being accessed out.


Objective is to identify suspicious / unauthorized access or data transfer .
0
Is there any way that I can import saved passwords from the Microsoft Edge web browser to the Google Chrome web browser?

This needs to be done within the Windows 10 Pro OS.

Or can I export these passwords from Microsoft Edge into the Google Chrome web browser?

If so how can this be done?
0
Good day,

Is there a device or any technology that prevents users from opening emails with ransomware and infecting the network shares?

I believe tiers of protection to help minimize but nothing concrete to stop.

regards,
1
Hello,

I am trying to fix the issue with ASA firewalls. I have L2L VPN between two ASAs with IP Sec tunnel with IKEv2. The tunnel is working fine for one pair of source IP and dest.IP address.

However, I have another pair of IPs (two servers between the remote LANs) which are included and permitted in the same access-list and crypto map as the working pair of IPs. But they are not able to communicate.

They are also permitted on the access-list which is applied on the inside interface from the LAN.

I can see the Built TCP connection in the ASA real-time log for the working pair of servers, but absolutely no information in the log for the another pair.

In the LAN we have another ASA directly connected which is showing "SYN timeout" after 30 seconds.

It is very strange, because the access-lists for the mentioned pairs of source and destination IPs have the same configuration and are applied the same way, but security association is bulit only for the first one.

I even see hit counts in the access-list permit statements for both communications.

Is it possible, that the issue can be on the remote end of the tunnel (the 3rd ASA on the way for the packet towards the remote LAN)? I don't have the access to the 3rd ASA.

Please help,
0
Free Tool: IP Lookup
LVL 10
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

So let me start this off as I have no control over how we do things.  The systems are configured to be as functional and secure as possible.  So things that would work on a home system may not work here.  such as keys.

So here is my question:

I have 831 systems that I audit on a weekly basis.  These systems are broken down into networks.  But they all can be reached via a netapps/security server.

I have, over the past few months, been able to write a main menu and many sub-menus to achieve all my goals for automating the audits with the exception of one network that is a bit more complex because it doesn't have a direct path to the NetApps/Security Server, It has to hop from one server to the next to the NetApps/Security Server.

The path looks something like this:
Security --> Network 1 --> Network 2 -->Host

User1 is an Active Directory account
User2 is an LDAP Account

I am writing the menu option to do the audits and move the audit findings to the security server.

So the current way I do it is I run a single script each time.  For this particular network/host it looks like this:
sshpass -p $pw ssh -q -t $user1@Network1 "ssh -q -t $user1@Network2 "ssh -q -t $user2@Host sudo su -; ./audit.sh"

Then I have to do this:
sshpass -p $pw ssh -q -t $user1@Network1 "ssh -q -t $user1@Network1 'sudo chmod 664 /tmp/audit-backup*;  sudo scp -q /tmp/audit-backup* $user1@Network1:/tmp; sudo rm -f /tmp/audit-backup*'"

And lastly I need to do this:
sshpass -p …
0
One of our ERP systems is provided and hosted by a third party.  One of the security features in place is that the system can only be accessed from our network.

How can such a solution be implemented, my basic understanding is that this would involve some kind of whitelist on a firewall or web server?

My question is how is this possible and what should I be asking our third party for to do a quick audit of the IP address ranges to ensure they only contain IP address from our network (or any other legitimately needed IP addresses)
0
We are implementing a new system that will be interfaced with several of our other internal systems.  These interfaces are being built in house using SSIS.  As this new system is hosted by a third party, the outputted files from the SSIS job are then SFTP’d to the third party for input.

My concern is around the security of this SFTP process, but FTP is something I’m not particularly hot on at the moment.  From the research I have done so far, SFTP is not natively supported by SSIS?

The information I have found from our in-house guys is that the interface file is outputted to one of our network shares, where an SSIS job then SFTP’s it to the third party.  This is fully automated I am told, which I presume means the SFTP username and password are then stored in the SSIS job so that a user doesn’t have to enter the details each time (every night).

What security best practices should we be implementing here, especially around this account name and password being stored in the SSIS Job, is it a concern and how can we control it etc.?
0
Morning all,
   I have scanned a set of 20 computers (windows 7) and have received a report back with the following medium risk:

SMB Signing Disabled
Signing is not required on the remote SMB server. An unauthenticated, remote attacker can exploit this to conduct man-in-the-middle attacks against the SMB server.

I have done a little research but everything seem to be pointing to server side change and from operating systems from 2000 to XP with a reference to:
https://support.microsoft.com/en-us/kb/887429

I wanted to know is this something i need to be concerned about from the client side? and has anyone anything windows  related?
0
if I have this Ubiquiti Unifi Security Gateway ,

I don't need a router?
0
Hello,

I installed a free version of Malwarebyte on a server.  If I upgrade it to premium edition (stand alone), what are the steps?  If I click the UPGRADE button from the server, I am assuming it will ask for my credit card info, right?  Can I do it on my workstation and apply the premium license on the server?  

Please advise.  

Thanks.
0
I'm trying to set a GPO to push some Firewall rules to allow remote management of all PCs. I created a new, blank GPO and navigated to Computer Config > Policies > Windows Settings > Windows Firewall with Advanced Security > and this is the result

Screen-Shot-2017-09-19-at-1.05.27-PM.png



Thoughts?
0
I seem to have an employee that's making changes to security groups within active directory that were not permitted. Is it possible to track changes made with event viewer? Ideally what was changed, by who, and at this date and time. Any suggestions? Thank you for your time.
0
Hi,
I'm in the process of setting up SSO for users so we can control our internet access. We only want domain users to access internet and none domain users such (visitors) need to be blocked.

I have read a couple of articles but am still a little unsure which method to use, so here I am asking experts for guidance. I would also appreciate if someone can write step-by-step setup guide or an article that I can follow with some screen prints?

Please also point out any "gotcha"

This article says that "Event Log Monitor” has to be installed on all domain controllers, but later its talks about pushing out SSO client to machines which is also used for authentication, so am a bit confused if this is needed or not? Please clarify
http://www.skype4badmin.com/watchguard-sso-part-1/


and then this video also talks about "Exchange Monitor" for authentication.. do I need all of these options or will one suffice?
https://www.youtube.com/watch?v=qw8e85hXVcg

much appreciated!

Thanks
0
Put Machine Learning to Work--Protect Your Clients
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

We have just deployed a Cisco Meraki wifi solution and are trying to set up our wifi networks. However the domain is setup as XX.local.
the commercial cert authorities will not  give  a trusted certificate for XX.local, so we a trying to work out how to deploy a SSL that  is trusted to make wifi for things such as BYOD work seeamlessly , We have considered self-signed but that shows as untrusted, we also need to open  up security on trusted machines to allow it. Has anybody done this or got a good idea
0
Attached are outputs from some of the commands (obtained from vSphere hardening gde 6.0):
I have some questions which I've highlighted in green text in the attached: appreciate
clarifications on the green text question in the attached
ProdESXi_extractn-modified.docx
0
1- How to set a server that is in compliance with 21 CFR Part 11?

2- What audit trail can be used?
0
Which Antivirus - Endpoint Security is most reliable in cooperate firm. Should have device control function and password utility.
Which Antivirus could you rate best
0
Has anyone worked with getting a windows Domain and network compliant with the NIST SP 800-171 requirements.    are there any software tools/solutions present to assist in being compliant?

Looking for feedback from other experts that have gone through this or similar compliance and can offer some guidance.   Thanks!
0
We are working with a customer that wants to use their SSO to access our web server. I have never worked with SSO before and am lost as to what we need to do to get this accomplished. Server is on a 2008R2 server with IIS 7.5. Current logins for the web page are not domain accessed.

We do not want to have to set up a trust with the company in question and they do not want to set up the trust either.

How would I go about getting this accomplished?

Any help/information would be greatly appreciated.
0

Security

23K

Solutions

23K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.