Security

25K

Solutions

24K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.

Share tech news, updates, or what's on your mind.

Sign up to Post

What concerns in a work environment are there with letting users add a network switch to their desk that is connected to the rest of the company network? For example to add ports for a persona printer issues from company, instead of dropping another network drop?
Does adding a switch like that typically introduce security concerns?
0
Exploring ASP.NET Core: Fundamentals
LVL 12
Exploring ASP.NET Core: Fundamentals

Learn to build web apps and services, IoT apps, and mobile backends by covering the fundamentals of ASP.NET Core and  exploring the core foundations for app libraries.

Quite often, our threat intel provides us hash value of malwares/IOC in SHA256 only or SHA1 but
we need to key in MD5 into our EDR product to detect/block the IOC.

Have used the following hash converter & another online one but the converted value doesn't match what Virustotal.com give:
  http://onlinemd5.com/

Eg: a recent hash from threat intel, in virustotal it gives the following SHA1 & SHA256 values when I search by MD5 the hash value
      but if we input this same MD5 at above link, it gives a totally different ShA1/SHA256 values

Virustotal gives the following :
SHA-256:  539ecca8b99ef55f41b43a78cd92bd4d7e0ed023063735f0d59f483a6d0de298
MD5  :       ccd53d34c6d61dfce9a42aace3956546
SHA-1 :     2027fabc044797a23ef99b62de704222ee8a8b00

Guess onlinemd5 gives the hash of a string entered.

Without uploading a file, I'll need to calculate the hash values for SHA1 & 256.
Often, virustotal don't have the IOC so I can't always use virustotal.



The MD5_and_SHA_Checksum_Utility  also requires file/IOC to be uploaded.

Appreciate any other online URL or freeware (ideally a standalone one;  a
command line standalone will be even better)
0
The goal:  Copy client files/folders (and their security settings) from Server1 to Server2.  Note:  Server1 and Server2 are on the same network.

The problem:  Due to the collective size (1 TB) of data to be copied, it would take days to complete over a network connection.

Possible steps:
Part A - Goal:  Copy Server1 data to external disk drive  (Drive Letter H)
Step 1:  Attach a USB 3.0 external disk drive to Server1.  
Step 2:  Robocopy Server1 (shared folder "Clients") to external disk drive.  
Step 3:  When complete, disconnect external disk drive.

Part B - Goal:  Copy External disk drive data (Drive Letter H) to Server2
Step 4:  Attach external disk drive to Server2.  
Step 5:  Robocopy external disk drive data to Server2  (shared folder "Clients")
Step 6:  When complete, disconnect external disk drive.

I have reviewed the robocopy command here:  https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/robocopy

To ensure I do this correctly, I have two questions for you regarding Robocopy:
 
Question 1:  What would comprise the robocopy command line, to accomplish Step 2 (Server1 to USB drive)?  
Question 2:  What would comprise the robocopy command line, to accomplish Step 5 (USB drive to Server2)?

Thanks for your help!
0
How to allow an AD security group to read the Security Event Viewer log in all domain via GPO ?
We have server 2008 Dcs
0
After removing our on premise exchange server, we no longer have the ability to edit the "Send on Behalf of" or "Send As" properties of our Active Directory synced distribution lists or mail enabled security groups.
If we create a distribution list, or group in Office 365, we can edit these fields in Office 365.  
Currently, we are looking at deleting our on premise groups/distribution lists, and recreating them in Office 365. (If there is a better way, without using 3rd party tools, please let me know!)

I can use the powershell command "get-adgroup" to find the groups. (I plan on doing distribution lists first, and then mail enabled security groups later, as I have to verify they're not in use for local shares.) and I can use "get-adgroupmember" to find the members of the group.

For ease of creating the new distribution lists in the cloud, it would be nice to have the distribution group name, and email, followed by all members of the group in a file. (Or files.) So that it can be read, while creating the new groups in Office 365.

What is the easiest way to accomplish this?

Thanks for any assistance.
0
I'm looking for a disk wipe utility that adheres to DoD standards, that's bootable.  I've looked at several including DBAN ( wont work with our SSD) ActiveKill Disk, & Eraser.  Looking for freeware is possible.
0
We get a lot of repeated errors in Weblogic logs that seem to start at about the same time as when a non-credential (& non-bruteforce) external penetration testing (using Nessus) started:

<Jan 15, 2019 5:12:36 AM SGT> <Warning> <Socket> <BEA-000450> <Socket 1,544 internal data record unavailable (probable closure due idle timeout), event re
ceived -32>
<Jan 15, 2019 5:12:36 AM SGT> <Warning> <Socket> <BEA-000450> <Socket 1,546 internal data record unavailable (probable closure due idle timeout), event re
ceived -32>
Hibernate: SELECT AAAA_CO_CD  from YYYYYY_COMPANY  where CO_CD = ?


https://support.oracle.com/knowledge/Middleware/1052919_1.html
Above link (which I don't have a login to Oracle) appears to indicate load testing could trigger BEA-000450 errors :
Anyone encountered this?

a) how can the penetration test proceed further?  By limiting the non-intrusive scan to 1 thread (we've reduced from 10 to 5)?
b) is there any patch or ways to fix this?
0
Hello,

I am not sure if I interpret this correctly but this security report seems to show a few workstations have some suspicious DNS activities and trying to resolve some DGA domain - please see the attached.  

I am not in the security area.  Someone who knows how to handle please advise.  

Many thanks.
mysecrpt.png
0
A user of mine has a copy of office365 for business prmium with ODFB and sharepoint etc and wishes for his secretaries/assistants to view/edit a selection of his files. This he has done successfully via a link share, however this seems a grave security risk, whether the link can be shared or not etc, he wishes for the users to at least login to gain access.
We have created a number of users within his organisation however each appears to need a licence to be assigned for access, which seems over kill when Onedrive shares a link for free.
These created users obtain a link and logon  e.g     users1@mysite.onmicrosoft.com which is good except they still can't view any of the shared files. I'm sure if we purchases a number of sharepoint licences for the users we could setup a team site however the usage from the users is minimal and not worth the £3.80 per month per user.

So there must be a way of sharing your data on one drive for business in a more secure way than sending a link
0
How to extract NTFS Disk Security user list which was added in a disk using command prompt
0
Fundamentals of JavaScript
LVL 12
Fundamentals of JavaScript

Learn the fundamentals of the popular programming language JavaScript so that you can explore the realm of web development.

What is the best (and safest) website for testing my internet connection speed on my Windows 10 computer?  I used to use 2wire, but they're no longer in business ... and SpeedTest gives me a Malwarebytes security warning.  Thanks,  Phil
0
I need to modify the domain password policy complexity requirements.  Symbols aren't required.   (e.g. ~!@%#$)  So users can have it but this is not a necessary requirement.
I do not see that option in group policy manager.  Is there a way to modify it somewhere?
0
Howdy folks,

I have a question in regards the ASA 5505. I totally understand the concept from higher to lower level, but I noticed something interesting while I was doing something at work today. Traffic from my inside could see my web server located in my DMZ via local IP address. For example source local IP (MyPC 192.168.1.50) was able to establish tcp session towards my Apache server addressed to 192.168.50.50.  I thought once you've created level of security none of them interface should communicate unless you have an access-rule such as NAT or ACCESS-LIST in placed. Please let me know if im wrong.

 Also, I have no routing nor access-list, just basic simple configuration, I just noticed it after mistakenly typed an IP address.

INSIDE 100
OUTSIDE 0
DMZ 50

Thanks you!
0
I need to add a spf record to avoid spoofing and I use register.com as dns provider. They told me to add the following into the txt record.

@     "v=spf1 include:spf.registeredsite.com ~all"

I did that. When I sent a test mail to my gmail account, the mail went through but the header showed me it is has a softfail and the error message is as following:

pf=softfail (google.com: domain of transitioning me@mysite.com does not designate 192.168.0.1 as permitted sender) smtp.mailfrom= me@mysite.com;

For your information, my A record is the following:

*.mysite.com        10.10.0.1     <- webserver
mail.mysite.com      192.168.0.1   <- emailserver

Note: Please pardon the email address and ip addresses in this post are not real for security reason.
0
The Default Domain Policy GPO specifies a value of 3 for the "Account Lockout Threshold", however, the value that is in effect is "5".  I've discovered that users are getting the effective value from the Domain Controllers' Local Security Policy (not to be confused with the Default Domain Controllers Policy GPO), which some people say is by design.  My first question is:  Is this how the system should be working? My second question is, if the answer to the first is "yes", what other settings/values in the Domain Controllers' Local Security Policy might be overriding my Default Domain Policy GPO?
0
Which security cameras will work with the Amazon Echo Dot device?
0
I need to copy a file from one Ubuntu server to another.

They are two servers in the same AWS VPC and are in the same Public Subnet. They are both running Ubuntu (Ubuntu 14.04.5 LTS and Ubuntu 18.04.1 LTS, respectively).

I've opened up the Security Group for BOTH Server using Port 22. I also confirmed that openSSH is running by using this command "ps -A | grep sshd" and seeing process ID's.

I created a Text file for testing.

Here's the command I used to copy between servers:

scp ubuntu@**.*.**.***:/usr/local/thomtesttext.txt ubuntu@**.*.**.***:/usr/local/testtext.txt

Open in new window


This is the error I'm seeing:
ssh: connect to host **.*.**.*** port 22: Connection timed out

Open in new window


What am I doing wrong? How can I get an AWS Ubuntu Server to copy files between them?

Thanks for your help!
0
I had this question after viewing How to Save Database Connection info with Crystal Report Version 11 for Use on Business Objects Server.

I have a Crystal Report v 11.5ish that I want to send to a conversion company but I'd like to delete the Database information for security reasons.  However, when I try to delete it or replace info with junk, it attempts to make the connection and then fails.  How can I remove those details?
0
I am using a Synology NAS as my Active Directory domain controller. The Active Directory Server package on the NAS is implemented by SAMBA. Now I need to communicate to the AD controller from my other application, but couldn't find the port and the encryption (None? SSL? or startTLS?)  to use. The NAS documentation refers to SAMBA but didn't say anything else about this. I guess SAMBA's default AD controller port and encryption should be worth trying.

Can you help me to find the default port number and encryption method used by SAMBA AD controller?

Thank you!
0
Introduction to Web Design
LVL 12
Introduction to Web Design

Develop a strong foundation and understanding of web design by learning HTML, CSS, and additional tools to help you develop your own website.

I have a Netgear Nighthawk Router and I am trying to block a specific port, 42443.  The issue is the port still shows open after I blocked it at the router.

  1. Clicked on Advanced tab
  2. Then Security tab -> Blocked Services
  3. Used below settings and rebooted router:
    • Protocol: TCP/UDP
    • Starting Port:      42443
    • Ending Port:      42443

The port is still open. I can go to https://xxx:xxx:x:xxx:42443 and get to a page, 404 not found. When I surf to http the browser reports ERR_EMPTY_RESPONSE.  When I go to http://www.canyouseeme.org/ and add my ip and the port, it shows it is open.

I have a comcast router that is in bridge mode that connects to a Netgear Nighthawk r7000 router where I added the block. There is a Cisco SG 300-28P 28-Port Gigabit PoE Managed Switch attached to the router but from what I can see, it is basically being used as an unmanaged switch. Attached to the switch are VOIP phones, ubiquiti AP's, computers and multi function devices.  

How can I detect what on the network is using port 42443?  Am I missing something in trying to block that port on the router?
0
Hello we've got got a bunch of VM's hosted on two server 2016 servers.  All VM's are managed using Hyper-V.  We've got a requirement to enable Secure boot on all connected devices including VM's,  we've got a single VM which we've been able to enable secure boot on.  I've followed the suggestions in the following article, the problem is not all VM's have the Firmware Section & Under Security No Secure Boot just "Encrypt State and virtual machine migration traffic"
https://blogs.technet.microsoft.com/dubaisec/2016/03/29/secure-boot-on-virtual-machines/
0
I am working on a CASB solution and would like to know what cloud security metrics are usually important to management.  The plan is to build a dashboard to include these metrics.
0
Besides Imperva, what are the other leading DB Activity Monitoring products that are known to
a) have least performance load on the DB/system
b) could track unusual amount of data being queried
c) could do granular control (ie ACL) of what DBAs could query
d) supports Oracle, MS SQL & MySQL databases
0
Hello all,
        Our company is just getting into AWS and we are trying to run security reports across multiple Account IDs that the company has (to list users etc.)
When I run <aws iam get-account-authorization-details> i am able to see the users on the account i am signed in on.
         My question , is there a way yo retrieve the info across multiple Account IDs using a similar CLI method?


Thank you for your time,
0
I'm writing a doc on Data Classifications (taking local regulatory/practices into context with
international practices such as GDPR as optional).  Data we have in mind are:

a) our customers particulars (which includes their NRIC# ie equiv of Social Security # in the
    US, their mobile/tel# and addresses : guess all these are PII)

b) bank account numbers of the customers (for payments)

c) the transactions including historical transaction details (customers sea-port clearances
    as well as the volume & types of goods they go through our sea-port)

d) IP addresses of customers who connect to us, internal IP addresses/hostnames of our
    servers

So for each data class, need to identify if
1. they must be hosted within our country if we use cloud (& if this is IaaS, SaaS, PaaS)
2. backup of the data must be encrypted
3. data at rest/in-transit must be encrypted
4. to be classified as Restricted, Confidential, Secret, or any other categories
5. which category to be detected by DLP & which category to be blocked by DLP
6. any other actions for each of the data categories

If there are such sample docs out there, care to point me to them?
0

Security

25K

Solutions

24K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.