Security

26K

Solutions

25K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.

Share tech news, updates, or what's on your mind.

Sign up to Post

I am trying to set user permissions on the AppData/Local/Microsoft/Windows/WinX folder to deny non-admins rights to it; effectively preventing them from accessing the right-click menu when they right-click on the Windows 10 Start button. I am already using the Local Group Policy for Non-Admins for other local GP's.

Is there any way to do this via Local Group Policy or only through AD Group Policy?

The problem is that when I try it through AD Group Policy via Computer Config > Policies > Windows Settings > Security Settings >File System, it doesn't allow me to use the %username% variable; it forces me to select a username. In the screenshot below, I selected the hidden Default user.

gp
0
Looking for guidence on how to answer the following questions.. We are a small / medium company.

  1. Does your company have a written information security program designed to protect the confidentiality, integrity and availability of our information?  If the answer is yes, please note in the adjacent box whether it is recognized by any professional certification such as ISO27001, PCI-DSS AOC, SOC Type II reports, and if so, which one(s).

  1. Does your company have established controls for assessing and ongoing oversight of the adequacy of your own partners’ / suppliers’ IT Security postures? (Note - Leaning on contractual language / provisions is not the same.)  

  1. Does your company have a formalized, documented Corporate Incident Response policy and a formalized Breach Notification process?  
  2. We do not ....what is the best way to write one up?
0
We are looking for expertise in Azure Remote App functionality.   We want to migrate our existing microsoft citrix application delivery to Azure Remote App.  

the issue we are running into is we have 300-400 active directory users and many of these users can get into multiple databases.   We want to be able to point a single active directory login to multiple client databases by imbedding something in the connection string, or using group policies and active directory settings....looking for options such that on user USER0001
can start an application and point to a specific database with a remote desktop session...then have another remote desktop session that has the same user0001 id and starts the same application but points to a different database.


Currently we have a Citrix environment now. We have one application that our users access. We setup multiple ICON's in Citrix to access this one application. Each ICON points to the same app with a different data location. There are over 500 ICON's. When a user logs in to our Citrix site, they have certain ICON's based on Active Directory security. We would like to know how we could efficiently provide the same kind of solution using Microsoft Azure Remote Apps?
0
I must protect source code against theft or modification.So I remove media slots in PC.
 
 If I can monitor all files transfers/uploads.All of the developers just build apps and can't copy source code to any media.That would be better.

 I need any suggestion.Thanks.
0
My client is a property management firm that manages two condo buildings that offer free wifi to the tenants, about two hundred per building.  

The client's ISP, Cox Communications, has sent notices that Cox has received complaints about illegal downloading and distributing of copyrighted materials.  I assume one or more people living in these buildings are running peer-to-peer file sharing clients, like BitTorrent.  What is the best on-premise solution to satisfy Cox that we're doing all we can to prevent this use of our Internet connection?
0
Hello All,

I am unable to access the company website from within the network/domain however the site loads correctly when accessed from anywhere else.  Attempting to access results in a 403 forbidden error.

Our web developer, who uses SiteGround as the host, claims that no changes have been made on their end and they are seeing nothing that could cause the error.  They are saying it has to be internal to our domain or network.

The web address does resolve to the same IP internally as it does externally, and I am able to ping and tracert to both the web address and the resolved IP address.  I cannot access the site by the resolved IP address however, from any location, internal or external, without being brought to a generic "Website Not Available" page for the web host.

If I connect directly to our modem by ethernet or the integrated WiFi which is on the other side of the firewall (SonicWall TZ300) I am able to view the site without any problems.  I do not see anything being caught in the logs, and packet monitor indicates the ip is receiving, acknowledging the packets, and replying.  Content filter does not show anything being blocked.

I was able to have our web person check the CPanel error logs as suggested in the 403 error page.  In the logs we can see the below, where 50.XXX.XXX.XXX is our modems static IP and ourdomain.com is our website address.  Also, FWIW, our internal network domain name is different from from our web domain name by one letter, and …
0
Has anyone made use of the password protection settings in Azure AD in a hybrid environment? More specifically, the banned passwords and password protection for Windows Server for Active Directory? We're looking to leverage these settings in order to ensure 1) avoiding the use of particular words/phrases, and 2) ensure that these policies are also enforced on our on-prem Active Directory domain.
0
I have a Win10 Pro (64bit) WrkStn.  12Gb RAM; 1909 version
When I try to go into the - Settings, Windows Update, Windows Security, and then "any" of the Protection Areas
(ie - Virus & Threat protection; Account Protection; Firewall & Network Protection; etc) the windows opens & then
immediately closes !!!  No matter how I try to access this area - Windows Security - this happens.  I am running, as
Virus Protection, Malwarebytes Premium; and, it tells me I have "NO" infections.  Ideas or suggestions .......

PC is working fine otherwise .......
0
a leading 1-ERP cloud provider (one of those 3 like SAP, Oracle, MS)
has replied to us that they can't share the hardenings that they have
in place for their OS;  neither would they sign on the hardening
checklist as well as share the penetration test report.

What's typically the way from a customer's Cyber Governance that
we can do?  Ask for SOC2 report or which report which would have
certified that they have performed the required (CIS) hardening &
penetration testings?

Or we can still demand to sight the hardening settings & pentest
reports?  We are using their SaaS
0
I researched Csrf and CORS. what I understood was

say User A is authorized to access a site, but it is possible to exploit and execute say javascript from user A's browser to perform unintended actions from his/her browser.

To avoid this, browsers has same origin policy , where If I have a website say in one domain,

www.mywebsite.com and I have some javascript in my web page that makes an AJAX calls to say a api in a different domain, say www.yourdomain.com/api/users or something like this.

browser will see my domain is mywebsite and the call is being made to yourdomain.com and it will block it.

to be able to make a successful call from mywebsite to the api hosted at www.yourdomain.com. the yourdomain server   has to send Access-Control-Allow-Origin in response .

I am not clear on one thing,

so say,

1. if i make an ajax call to the api ( a get call)
2. does the api send the Access-Control-Allow-Origin header in the response header, along with the data for the get call?

Question:


1. is this done in 1 call or is it done in two steps, first browser calls to see if the server sends back
Access-Control-Allow-Origin in the header and then it issues a Get call?

2. if the call is not from the browser , and my backend code calls this api, does the CORS policy apply then?

I apologize for the long questions, I wanted to see if i can explain what i understood before I asked the question.
0
Cisco ASA 5506 VPN Connectivity problem

I have an ASA that has a configuration issue. The PROD network behind the ASA has connectivity from the LAN to WAN but when users try to connect from an outside network using the Cisco Secure Mobility Client the connection fails.

 

In the ASDM the connection errors outwith:

Routing failed to locate next hop for TCP from Spectrum:67.XXX.XXX.149/49747 to IBS:0.0.0.0/443

The client side errors out with:
Connection attempt has timed out. Please verify internet connectivity.
VPNCapture2.pcapng
asaconfig.txt
0
Hi, is there a MDM type solution for a laptop to prevent user from logging, installing certain apps, geolocate, remote wipe?
0
I have IoT devices where the same client certificate is installed and cannot be changed without recalling the already sold devices. This is a major security concern.  I am asking if anyone can think of an alternative to resolving an issue like this without spending millions of dollars in recalling and updated each device?
0
After migrating from the exchange server 2007 to 2013, our users keep getting Windows Security pop up for Microsoft Outlook, and The Exchange server 2013 Outlook anywhere authentication is set to NTLM.
Annotation-2020-02-19-083859.jpg
0
Around 250 pcs still running Windows 7, already purchase Windows 7 Extended Security Update license. How to deploy the ESU to clients easily for deploying security update for clients? There's a WSUS but not SCCM for the deployment.
0
I have a PHP Web application which we sell on subscription model and I would like to add an authentication option like authenticator to add another layer of security an also that our users can feel that the application is more secure.
I'll appreciate your advise on which authentication tool could be more useful and could be implemented in PHP and please advise if there are some other alternatives to authentication.

Thanks

Luis Rodríguez
0
Do the latest iphones i.e. iphone 8 still sync up with an exchange server 2016 using a self signed certificate

I am having trouble every time I try to create an account, I keep receiving the message "cannot verify server identity" and it seems that the continue tab is missing and I cannot go any further than this

I have googled this and it seems that Apple have tightened up on their certificate security

I am sure if the customer had a globally trusted certificate there wouldn't be a problem

Was just wondering if anybody could give me a definitive answer on this

Thank you
0
I need to create a white paper based on actual usage in the field for monitoring traffic.  In particular, monitoring encrypted traffic.  Our data center is receiveing netflow and IPFIX data from a few dozen client enterprises that we are serving.  The netflow/IFIX data that is being sent to us real-time but we do not have control over where our clients are sourcing.  It is up to them.   In other words, the "tap' they use is most likely outside their firewall, and probably outside their boundary router, but may not always be.  So in the case of encrypted traffic, obviously we are not reading their payload, but we need to be able to detect whether specific traffic is encrypted.  For both cases, for SSL traffic and for IPSEC VPN traffic, we need to identify as much as we can for our clients sake, without deciphering the payload.

Can you point me to explanations and scenarios (preferably real case scenarios) where this is done, and how the security techs, who are monitoring this in our data center, are handling this?  Especially, as is most like the cases, if the data we are receiving is from the encrypted data flow.
0
I have recently installed an Offline Root CA with Issuing SubCA.  I want to test them but don't know how.  When I encrypt a file it is not showing up in issued certs area of the CertSrv Utility.  It did show up before I added it to the Certificate to the GPO to push out across my lab.  Shouldn't it still show up in issued certs tho??
0
I just began to test users connecting via Remote Desktop.  

When I log in as a user they can see all the folders, but cannot access the ones they do not have permission to.

In Active Directory they cannot see the folders they do not have access to.

I have ABE set correctly but users can still see the files

Access Based Enumeration
0
My company is using group policy for workstations to check for Microsoft updates on a daily basis. If there are updates, they are downloaded and wait until 5:00 pm Thursdays to apply. This works for the most part, but some users may have already put their machine to sleep by that time, and we aren't forcing reboots. We have enough users that occasionally our help desk has to get involved for manual corrections if the number of machines pending updates climbs too high, which wastes resources. We also use LogMeIn Central for monitoring and deployments.

I am looking for some best practices here. Is anyone forcing reboots after updates? Did you tell users to reboot their machines weekly and put the task in their hands? Or, distribute a company-wide security policy that if a machine receives an update, rebooting is going to happen automatically whether the users like it or not?  I could probably ask 50 more questions about this...
0
Hi Expert

Just check is there a custom script for "Audit purpose" for RHEL 7.2 Distribution?

Please advise
0
There are a number of different MSSPs offering managed detection and response services using different tools.  Some use a network appliance, some use endpoint agents, and some use both.  

We have a small office network with a couple dozen endpoints.  The MSSPs we are looking at offer both endpoint EDR agents and a network appliance (a NIDS) attached to the firewall, both of which they will monitor.  They recommend we have both the network appliance and the endpoint agents.  The network appliance costs a lot more than the endpoint agents.  We are uncertain if we should just get the endpoint agents or if we should get both the endpoint agents and the network appliance.  I would like to get a neutral third party opinion on this.  What do you recommend?
0
I have two scheduled tasks set to trigger on security event IDs, 4767 and 4740 that fire on two of my domain controllers.  They run a short powershell script like this:

$eventcontent = wevtutil qe security "/q:*[System [(EventID=4767)]]" /f:text /rd:true /c:1
$SmtpClient = new-object system.net.mail.smtpClient
$MailMessage = New-Object system.net.mail.mailmessage
$SmtpClient.Host = "[smtp server]"
$mailmessage.from = ("[DC1@domainname]")
$mailmessage.To.add("[alert@domainname]")
$mailmessage.Subject = $eventcontent
$mailmessage.Body = $eventcontent
$smtpclient.Send($mailmessage)

Open in new window


The script works, as every time we have a lock or unlock we receive the email.  The problem is that every morning between 2 and 6AM we get a set of three email, one of which is blank, the other two continuously reference the same old pair of logs.

Interesting details:
It was the case that all three of them were blank emails for a while, until I expanded the size of the security event log.  At that time two of them started to contain event information.  The event information they contain are one user account lock and the corresponding unlock for that user account (4767 and 4740).  These two emails come from two different domain controllers, the lock event coming from the PDC.  The third (which is blank) comes also comes from the PDC.

I don't have any idea how to approach this, there is nothing special about the logs that are getting resent every day, so if anyone has any ideas I'm all ears.  Thanks!
0
Hi,

I'm really struggling at the moment with an issue getting Windows 10 wireless clients to authenticate using machine certificates to an NPS server. This previously worked but clients are now timing out when they try to authenticate, despite accounting logs showing a success.

I believe I've configured everything right because this worked before and I'm getting IAS_SUCCESS in the accounting logs on the NPS server, showing that the policies have matched, but the clients just time out.

On the client side, in the Windows Event Viewer under WLAN_AutoConfig, it's showing "Restart Reason: Onex Auth Timeout".

On Wireshark on the NPS server, I'm seeing a series of Access-Challenge and Access-Request messages and nothing else. Should there be an Access-Accept?

Does anyone have any suggestions? I can provide logs/config info if needed!

Thanks in advance,
Adrian
0

Security

26K

Solutions

25K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.