Security

26K

Solutions

25K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.

Share tech news, updates, or what's on your mind.

Sign up to Post

After running the CIS hardening script on our RHEL 7,
Mesosphere can't install at all : I don't have the error
message as app team & vendor working on it.

General questions:

Q1:
Besides logging a case with reseller/vendor (which often
disappoints, what's the fastest way to isolate/narrow
down which hardening item caused an issue?
Binary (ie harden half & then kept halving down) isolation
or google for the error?  

Q2:
Or are there free tools out there (in Tripwire we can quickly
tick/untick for remediation/auto-remediation) to ease this
isolation (esp for Linux & Windows)?
0
Learn Ruby Fundamentals
LVL 13
Learn Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

Following migration we are having an issue connecting to a TLS1.2 server from a Dynamics Ax12 client on a Windows 10 PC. Up to migration the Dynamics Ax09 client worked fine, connecting from the SAME client to the SAME target.

I am seeing a lot of Schannel errors in the event log, but I am unsure if these are a red herring as they go back to before migration.

I have turned up Schannel logging and am seeing informational events similar to below in the logs. I have tested https connections from Edge browser to common sites and that works fine.

I need a solution to this FAST. Does anyone have any solid experience that might point us in the right direction?
--------------------------------------------
The description for Event ID 36880 from source Schannel cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

client
TLS 1.2
49199
255
2408782208416
settings-win.data.microsoft.com
C=US, S=WA, L=Redmond, O=Microsoft, OU=WSE, CN=settings-win.data.microsoft.com

The handle is invalid
0
I am looking for some form of security checklist/questionnaire to use as a baseline for ideas to put forward to a 3rd party software supplier who host one of our corporate applications and associated database(s) which capture relatively sensitive information. There does not appear to be any form of obvious 'right to audit' clause in the contract with the 3rd party but we need some degree of assurances that our data is secure on the 3rd parties network. Have you ever had to do this before and are there any specific checklists you used to extract what procedures/controls/policies they had in operation. I appreciate its a broad question and we don't necessarily know the specifics of the technology stack for the application as yet. I'm hoping they will be forthcoming with giving us some degree of assurances that they follow security best practices as a customer but we shall see.
0
I really must know how to do this Security on my workstation  only allows confirmed downloaded files and no network interaction with Eclipse Marketplace  so I require ideally a downloaded binary file
I can simply drag and drop to install.

Any special instruction would be great.
AGAIN - ABSOLUTELY NO INTERACTION WITH ECLIPSE MARKET PLACE - PRETEND IT DOES NOT EXIST
0
I set up in task scheduler a trigger that if a USB connection to the computer is detected it should do a action, I use for the trigger  
Log: Microsoft-Windows-Kernel-PnP/Device Configuration, Source: Kernel-PnP, Event ID:410

I want to add few more triggers
Switch to battery
power on
login
setting change
Run a exe
Save a file to the system

What trigers would I use
0
Recently office products (excel and word) are opening some (not all) documents from network shares in "Protected view".

So far I have added the drive letter and the server name to the GPO's
       UC\Policies\Admin tools\Microsoft office 2016\security settings\trust center\Trusted Location #1

Added trusted locations for drive letters and server name with subfolders which should work.

I can turn the security mode off but this feels the wrong thing to do.  Am I missing something very obvious?
0
Hi,

Is it possible to assign Office 365 Admin Roles to users using Cloud or AD Security groups?

Regards,
Richard
0
What is the syntax for adding a user who has MFA enforced to a dynamic security group in Microsoft Office 365.  I want to be able to have users dynamically added to a security group based on their MFA status.
0
I am using Freepbx 14 and working fine but I got thousands of attacks and in Intrusion Detection, my public ip  has been blocked sometimes and because of this calls are not working. I am using fortigate firewall and opened the 5060 to 20000 ports for the FreePBX so My question is 1. are ports forward mandatory for inbound route ( if I change the sip registration port from 5060 to other and do same with the trunk provider ) . Please let me know how I can make this FreePBX more secure so call disturbance would not occurred in future.
0
Hello,


I have server infected by Ransomware and sysvol including script was encrypted,with file name :

gpt.ini.id-96EA6CAA.[backdata@qq.com].qwex

I don't have good system state backup at all.

My question, is that possible to create new policy for :

Default Domain Controllers Policy
Default Domain Policy

Is OK for me to setting the policy as long user & security on AD still there, because our AD sync to Azure AD.

Thank You Very Much
0
Build an E-Commerce Site with Angular 5
LVL 13
Build an E-Commerce Site with Angular 5

Learn how to build an E-Commerce site with Angular 5, a JavaScript framework used by developers to build web, desktop, and mobile applications.

We are converting an enterprise from peer-to-peer to a domain.
The file sharing approach has been fairly open between workstations and, in some cases, has been tightened up.
The result is a hodgepodge of permissions.

When joining to a domain, some of the definitions of Groups and permissions change.  Authenticated Users is one of those.

What I'd like to do is to remove all the permissions and start fresh with the domain-joined computers.  So, no file sharing at all at that point.


Many of these computers will be left in this state hereafter.
Others will have specific permissions added so they can be (will continue to be) file servers.
Are there any permissions that should be left alone and NOT removed?
I guess one could say that if the Sharing permissions are all not ALLOW, then that will be the most restrictive.
But, for the file serving computers, Sharingis likely to be set at ALL ALLOW.
That leaves the Security settings....

What's best practice?
0
Anyone see any type of decryption for .harma ransomware?  I have most files restored from tape backup but there are some i did not have in the backup pool.
0
Windows Security Essentials/Defender is using a lot of memory It is always at the top of the list of services. Are there any settings/tweaks that can help that. Is there another antivirus program that is not a memory hog?
1
Just saw an email in my gmail spam which claims to be from someone who claims to have installed some malware from a visit on an adult web site.  He has part of a password phrase that I use but I have a unique password for each site.

He's obviously asking for money in bitcoin.
Claims to also have video footage of what I've watched and from my macbook air camera.  I doubt the latter as its a mac and no light comes on my camera.  I have two step verification on my gmail and the email address he correctly has is a forwarding domain name e.g. peter@neverland.com forwards to petersurname@gmail.com

Suggestions as to what I should do?  I cant identify the web site where it was taken from, could be a hack from a web site Im not sure.  What good mac detection tools are there?
0
Hi Guys,

We installed some security updates on our Exchange server 2016 on Windows server 2016.

Something went wrong during the update / installation process, and as a result the updates were automatically rolled back by the system.
Upon server restart all Exchange services were disabled.  We re-enabled all Exchange services, but starting with AD Topology service for Exchange, all services failed to start.
The Event logs showed a problem with .NET 4.03

We installed the .NET repair tool and had no success.
Same with the .NET clean-up tool.  All efforts results in a broken .NET installation, with the current server being completely dysfunctional.
No way to fully uninstall .NET or fix the installation with re-install.

Has anyone perhaps experienced any similar situation?

We have another Exchange 2016 server pending updates, and we don't want to run into the same problem.
0
We're on O365 E1 & E3.
From browsing, understand our Enterprise E1 & E3 O365 has DLP feature.

I'd like to implement Data Loss Prevention for outgoing emails and files uploaded to OneDrive/Sharepoint.


Need advice here if O365/Exchange Online can fulfill the following requirements & point me to the links that guide on the steps to configure/set:

a)      To configure for a pilot group initially before rollout corporate-wide: can we specify a few users 1st?

b)      When outgoing emails sent by staff contains NRIC (in the email content as well as its attachments such as MSOffice & PDF attachments), the emails will be quarantined/withheld till myself or alternate approver  approves to release them.   Ideally the approval for release is done via email or demonstrate how this is done.

IT administrator is not the right party to assess if the user’s function/role requires the user to send the sensitive information so ideally we can designate for each department a couple of approvers.

c)      Likewise, if the outgoing emails contain encrypted attachment, the email ought to be withheld/quarantined till the sender’s manager releases it

d)      On a lower priority, outgoing emails tagged as “Confidential, Sensitive” or emails with attachments that are tagged with these keywords are to be quarantined till the sender’s approver releases it


e)      Repeat the above tests when users upload documents containing NRIC or tagged as ‘Restricted/Confidential’ to OneDrive & SharePoint Online

0
Dear Experts, we have problem of high CPU process in Cisco 2960 switch (core 3).

We saw the problem is due to the HULC LED process but dont know how to fix it. Can you please suggest?

CORE3#sh process cpu sorted
CPU utilization for five seconds: 31%/1%; one minute: 31%; five minutes: 31%
 PID Runtime(ms)     Invoked      uSecs   5Sec   1Min   5Min TTY Process
 160    68678432    12264266       5599 14.88% 14.87% 14.88%   0 Hulc LED Process
 205      711476     5789330        122  0.47%  0.28%  0.25%   0 IP Input
 130     1192777      490653       2430  0.29%  0.29%  0.29%   0 hpm counter proc
  15      664721     2320338        286  0.29%  0.33%  0.35%   0 ARP Input
 166        1468         660       2224  0.23%  0.02%  0.00%   1 SSH Process
 171      718708       97952       7337  0.11%  0.12%  0.11%   0 HQM Stack Proces
 191      124439      218366        569  0.05%  0.02%  0.00%   0 CDP Protocol
 218      343549     4363165         78  0.05%  0.04%  0.05%   0 Spanning Tree
   8           0           1          0  0.00%  0.00%  0.00%   0 DiscardQ Backgro
   9           0           2          0  0.00%  0.00%  0.00%   0 Timers
  10          16         668         23  0.00%  0.00%  0.00%   0 WATCH_AFS

Open in new window


Besides, we also noticed the flapping in log. And all LED lights are blinking like crazy
CORE3#sh logg
Syslog logging: enabled (0 messages dropped, 1 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message 

Open in new window

0
Hi All,

I am seeking your help on the below situation. Please advise me well defined solution to proceed further.I am  also looking for any documents/Workflows/PPT for references.

Objective :

•      Human errors are happening because of  using elevated privileged access
•      Excess rights given to L1 and L2 teams to perform the tasks
•      Accessing production environment with privileged rights, when is not needed /working on non prod environment
•      Usage of Privileged access on prod environment for non admin tasks, leading to human error

Current Status:

•      We have Verified few  projects internally they are using Tool Based PAM (Privileged Access management) Solution and defined process  
•      Most of the Projects don’t have tool based solution and all support team have privileged Access, few projects have role based access implemented and Few projects have
        customized solution for access management for specific towers like (Windows,Unix,Storage).

Target Status (or) Solution needed :  

•      We are looking for standard role based Access Management-PAM solution with Native Tools.


Thanks in Advance.
Madan.
0
We have an Exchange 2010 with a couple of receive connector.  I have configured one for receiving incoming mail from the Internet
Most of the incoming mail is working fine

The thing is that with some  remote domains (that seem badly configurated like the smtp FQDN banner is an invalid domain name (.local) or the reverse DNS does not match and these servers try the StartTLS the receive connector selected by Exchange is the "Default" one even thoug my "Default" one is bound only to receive from my local private subnet.  Checking Anonymous users permission this connector solved the problem  but that seems odd since it's bound to my local subnet only.  Server was checked and is not an open relay as the security right to relay has not been added on the Default Receive connector

Any logical explanation ?
0
Why Diversity in Tech Matters
LVL 13
Why Diversity in Tech Matters

Kesha Williams, certified professional and software developer, explores the imbalance of diversity in the world of technology -- especially when it comes to hiring women. She showcases ways she's making a difference through the Colors of STEM program.

I'm receiving spam/phishing emails.  Is there a way to analyze the data and documents being sent?  Such as a free analyzer of some sort?
0
I was asked on an interview, where do you get IT security info regarding IT security.  I drew a blank since the only know a couple of CVE websites.  What would be a proper answer and where should I be looking?
0
I recently resigned from my last company and have been receiving calls for new employment; however, I'm a bit confused as to how to address why I left my last company without sounding "bad".
0
Are VMWare Security Groups an only available to VMs when and NSX Manager is registered to vCenter?
That is - if someone unregisters an NSX Manager from vCenter and they look up a VM in vCenter, would
the Security Group memberships no longer be visible?
0
Hi Guys,

We have a couple of "internal" servers with self-signed certificates.  An IT audit raised concerns about the self-signed certificates as some are using SSL 2 & SSL 3 encryption methods.  Services and applications running on these servers are only accessible internally.

A second scenario is a server which has external access, but do have a proper SH2 2048 public certificate installed.  However, the report still picks up an issue with another self-signed certificate on the same server.

My question, does these self-signed certificates pose any security risks, or can it be safely ignored?
0
Hi team,
In the process of migrating to Office 365, we have Zscaler tenant restrictions enabled but for some reason we can still access a 3rd party user's one drive and was able to upload and download files to/from it. Is there a way to block the access to 'other' OneDrive accounts on our corporate network?

Any thoughts would be greatly appreciated.

Thanks!
0

Security

26K

Solutions

25K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.