[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More







Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.

Share tech news, updates, or what's on your mind.

Sign up to Post

I'm looking at Votiro, Proofpoint & Israel email security products
to reduce spam, emails from bad reputation IP, emails with
malicious attachments & URL.

What are the features/criteria to assess or look out for?

Esp if I'm on O365.

a) can link to SpamHaus, RBL etc to get bad reputation IP?
b) offers CDR, sandboxing?
c) can claw back malicious emails from users' mailbox once
    Sandboxing completed analysis that an email or attachmt
    is malicious (Proofpoint has one such  product)
d) can withstand email blasting (eg: 80000/minute)
e) in the event the device has an issue, the ease / turnaround
    time to disable it (without changing MX record)
f) allows us to specify IOCs (bad reputation IP obtained from
    threat intelligence or specific payload's hash)
g) the ability to integrate with DLP products : is this supposed
    to be a function of O356 Exchange Online or the filter
    device (as usually such device will be registerd in MX):
    I recall Proofpoint used to be able to integrate with a
    network DLP Codegreen or am I mistaken?
h) ... help add on ...
Acronis Data Cloud 7.8 Enhances Cyber Protection
Acronis Data Cloud 7.8 Enhances Cyber Protection

A closer look at five essential enhancements that benefit end-users and help MSPs take their cloud data protection business further.

CEO wants to add that as part of two-step verification when somebody creates a new account on our site.
Dear Experts,

I have two servers to configure some security settings.

What happened was I took a registry backup of one server and imported into another server.

This caused a lot of mess.

Is there any solution to undo this?
Is office 365 Exchange separate service from Enterprise Mobility + Security?

Also, I need 6 years worth of successful and unsuccessful logins for HIPAA compliance.  Where do I set that up and or review those logs?  Feel free to suggest any other compliance related features that should be enabled.

Finally, anyone familiar with MDM and setting up the equivalent to GPOs for profile setup?   I would like a tutorial link on this.


Extracted fr above, "According to documentation, a Private Database Link is more secure than a public or global link";
we have less critical systems that use DB links to a very critical system (Oracle).

I'm new to the organization & DBA told me there's a number of "Public DB links" including some with RW & without
SSL cert.

Is it a lot of work or feasible to convert from public to private?

Can self-signed SSL certs be used?

Any other mitigations if we leave it as public?
how can i find if the users using complex but week passwords in Local Active Directory?
like Qwe@123

I have been searching for a matrix listing the security advantages and disadvantages of wi-fi vs Bluetooth vs cellular vs ethernet.  I searched for a specific technology I mostly find publications talking about the general connectivity differences using the technologies but nothing side by side like a matrix that includes all three measured against the same baseline. I tried using two different articles and list the information in a spreadsheet but the categories and the baselines used were not the same - problem. Do you know of any resource that may have this information in a matrix view that I can review.  

At work we're a Google shop.  I am wondering what the security is regarding my personal Drive and if that's visible to everyone.

I have to draft a guideline for systems that interface with a CII system & need inputs:
currently, the interfaces concerned are limited to 3 types only:

1. files transfer
I can only think that the generally practices ie:
 a) encryption of data in transit (eg: using sftp instead of ftp/mapping a drive or NFS)
 b) encryption of data at rest if it's sensitive (tampered with)

2. API
how do we secure these (in particular APIs using microServices)??
I've heard of API needs to be certified so before requesting for it, need to be certain
else applications developers may question its relevance/usefulness

3. DBLink
Those sqlconnect  esp Oracle links to extract / update data.
Will need to define if the non-CII system is
   a) updating into CII, will have to be extra stringent but how?
   b) extracting from CII, just encrypting the sql calls

Oracle databases, weblogic are involved in the critical systems
while the less-critical systems may be Windows, Linux on
various apps (including mobile apps).

Editing thread to add Oracle as it relates to DBLink.

Extracted from above links, "Agentless services, on the other hand, talk directly to the underlying cloud platform (e.g., AWS, Azure)...",

Is AWS' AV subscription now an agentless AV?  Is this the agentless Deep Security?

If there are appliance VMs (eg: highly stripped-down Linux), is it the way to go to
adopt agentless (as we may subscribe to say Commzgate SMS or cloud-based
services) AV/end-point IPS as agents can't run/install in the stripped-down guest

in the case of AWS' AV/IPS service (ie the 2nd link above), is this an SaaS of FaaS
(Function as a Service)?
Microsoft Azure 2017
LVL 12
Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

I have a shared folder where permissions for a user are not behaving as displayed in Folder properties. This user exists under a group called "Managers". Managers has been added to the "Share" folder's Permission Entries with full control, applying to "This folder, subfolders, and files".

This issue started with this user not being able to save files, delete files, create new folders, or move files to new folder locations with full control. In order to try to fix this issue I dragged and dropped the "Share" folder into a FAT32 drive, then copying back the folder to the C:\ (NTFS). This was to clear any permissions. Here were the exact steps performed.

1. Closed all files/apps using anything in the Share folder.
2. Verified all files were closed.
3. Created a copy of Share folder inside C:\
4. Copied original Share folder to FAT32 drive.
5. Deleted original Share folder from C:\
6. Copied FAT32 drive Share folder back to C:\
7. Set share settings on Share Folder
- Full Control
- Security Tab > Add Managers group > Assign full control
- Share Name > Share

After completing these steps, the user is able to save files and create new folders inside the drive, but cannot delete or move locations of a file/folder. The only file the user was able to move was one where the user was the owner.

The goal here is to have this user actually have full control of any folder/files inside the "Share" folder. Images attached of share folder properties and permissions.
I am getting too many failed login attempts (Event ID 4625) in the security event log.  They are happening once every 3 or 4 seconds.  It appears to be a brute force attack on the server.  I am running Server 2012 r2 (not a domain controller) and below is one of the thousands of entries in just the past few hours.  Is there anyway to prevent these attempted logins?  It has been a long time since I've been down this rabbit hole and I somewhat recall blocking  inbound connections on port 3389 or 389 would work but I would like to consult the experts here.  I think port 3389 is for remote desktop connection which I do need for this server.  Thank you in advance for any and all help.

An account failed to log on.

      Security ID:            NULL SID
      Account Name:            -
      Account Domain:            -
      Logon ID:            0x0

Logon Type:                  3

Account For Which Logon Failed:
      Security ID:            NULL SID
      Account Name:            CHRISTINA
      Account Domain:            

Failure Information:
      Failure Reason:            Unknown user name or bad password.
      Status:                  0xC000006D
      Sub Status:            0xC0000064

Process Information:
      Caller Process ID:      0x0
      Caller Process Name:      -

Network Information:
      Workstation Name:      -
      Source Network Address:      -
      Source Port:            -

Detailed Authentication Information:
      Logon Process:            NtLmSsp
      Authentication Package:      NTLM
      Transited Services:      -
      Package Name …
I've attached two screen shots from my Practice Exam for SY0-501, both questions identical with different answers.  So I know when i go to take the test, which is the correct answer?
RAT or Worm?
In our test/dev lab we are running vSPhere 6.0, 6.5 and 6.7 on different platforms.

We are looking into how to perform forensics on VMs (OVFs, Snapshots, etc.) off line.

Does anyone know of any products in the VMware portfolio or partner products that may be a good option for this use case?
We are moving some of our apps/systems to the cloud.
However, some vendors for the cloud projects came back to
say that the OS is a stripped down Linux which is hardened
& that it's not applicable to install/run AV.

In view of high profile attacks and audit requirements, I
loathe to raise exemption/deviation even if the cloud VM
is not accessible to public (ie firewalled to our corporate
only).  I noticed that AWS & another vendor that uses VM
on WIndows guest offers AV

Is there a quick/easy way for me to verify that the 'strip-
down Linux OS' the vendor uses in the cloud truly could
not support AV?  Guess by running 'uname -a' is not
enough.  Or is there a script for me to verify?
Or can I verify by checking what are the past patches
they had been applying?  If it's all RedHat/Rhel patches
then, it's just simply a hardened RHEL which should
support many AV

What are the usual audit requirements for AV for a custom
Linux VM in the cloud?  Don't really need an AV under what

If it's truly a stripped-down Linux say based on CentOS or
FreeBSD, can I assess the patch requirements based on
CentOS & FreeBSD?  I recall when running a VA scan
against a PABX that's based on RHEL, all vulnerabilities
for RHEL are applicable & the PABX vendor produces
the patches though they are behind RedHat by a few
months in coming out with the patches.

This reminds me of IOT, many of which are appliances
that customizes their OS from …
First I have reviewed a few different solutions listed on Experts Exchange, but none seem to work, this is why I am posting this question.

Cannot connect to a network share across sub-domains.  History on situation:  Setup TEST AD ( My IT staff and I we looking at applying a AD for Desktop security.  
We joined about 5 computer all IT staff.  
When the AD was active we all could share data across the subnets.
Worked great but when we went to Office 365 we decided to no use local AD and demoted our Domain server after dis-joining our computers.
So we are all using work groups.  
Now as long as everyone is in the 0.X sub net they can see the shares in that sub-domain, but are unable to connect to the 30.X shares, and visa versa the 30.x users cannot see anything in the 0.x sub domain.  
I tested the same situation on the 30.X sub domain and I am able to share across 30.x subnet but the 0.x subnet cannot connect.
I am looking for any type of suggestions to help?

My router does not have any rules for sub nets.
Our work stations are connected as a workgroup.
We are not using anything in the AD except we are connected to Office 365, we have not implemented Azure.
We are looking at some interesting connections that appear to be inbound from the below snippet:
Incoming connection from ( [source ip here] Port 46525 ) to svchost.exe

The source of the incoming traffic is connected to an external suspicious ip address and not part of our infrastructure.  We would like to see if there is a way to determine whether incoming traffic with svchost.exe as the communicating file can be reasonably white listed?

Is there a set of expected source ip's that we could reference that would allow us to sift out possible known external ip's that are valid incoming connections to an svchost.exe process running on an end point?

Setting up a laptop to connect to an exchange 2010 Server. Its not connected to domain as is being used at different sites -using autodiscover

Keep getting certificate error . ive tried to install the certificate but keep getting error attached.

"There is a problem with the proxy server security certificate . outlook is unable to connect to the proxy server "domainname.com" error code 8

Any ideas ?
We are restructuring the ownership of documents with new staff/teams being formed.

We currently have IT Applications teams (who run IT Quality Management & still running it), IT Security Governance
(new team), IT Infra Ops.

In general practice (or commonly adopted out there), which team or person owns the 4 documents below:
1. IT Application Delivery Framework :  applications PM, IT Security governance, IT Quality Managemt, or ?
2. Vendor & Contract Management Framework : applications team, IT Security governance, IT Procurement or ?
     (a mix of IT applications, infra, security vendors but most of the vendors are applications vendors)
3. Project Management Methodology : applications PM, IT Quality Management, IT Security governance or ?
4. DR Plan : We don't have a DR team;  so hv to choose betw IT Ops, applications team, IT Security governance or ?

Any authoritative references (eg: NIST, big four consulting firms papers) will be helpful.
IT Pros Agree: AI and Machine Learning Key
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

Can someone help me with creating a PowerShell script that will pull from Active Directory the following report from selected AD Security groups like "Domain Admins", "Enterprise Admins" etc.

formating as followed. Name,Displayname,Title,SamAccountName,DistinguishedName(filtered by out to list only domain)

Looking for the report to be a CSV file.  Thanks
In general, does Non Disclosure Agreement covers
a)  information should not be disclosed even verbally?
b) accidental divulging of sensitive information?
c) that a vendor is working for this specific customer on a specific project?
d) the size of the data or database of the customer?
e) the value of the project?
How does password reset works in international locations with MFA.  Here in US I can input a phone number in AD Mobile field. example +1-415-111-1111
Then it sends a code to the phone and you confirm.  Would it work with international locations?  Example China +86-180-1111-1111

Wonder if anyone have experience with this and if any input?  Or if there better things out there.
Is it a good option for okta security?
Hey Guys  - I have a csv file with Group names and descriptions over 100 of them . I need to create these groups and populate description and Note field also set the group scope to Global and the Group type to Security and the managed by property with the owner SAmaccountname in the object  ADUC.

Thanks in advance
Need to harden a Solaris 10 that is connecting to Internet  from DMZ.

Anyone has a Solaris 10 hardening script that once run will harden for
a) Level 2 Profile
b) "Scored"

The attached which I got from GitHub doesn't seem quite fit to what's needed
& with all the "printf ...", it's more of listing out than actually doing hardening.

From CIS benchmark:

Scoring Information
A scoring status indicates whether compliance with the given recommendation impacts the assessed target's benchmark score. The following scoring statuses are used in this benchmark:
Scored  <==
Failure to comply with "Scored" recommendations will decrease the final benchmark score. Compliance with "Scored" recommendations will increase the final benchmark score.
Not Scored
Failure to comply with "Not Scored" recommendations will not decrease the final benchmark score. Compliance with "Not Scored" recommendations will not increase the final benchmark score.


 Level 1
Items in this profile intend to:
o be practical and prudent;
o provide a clear security benefit; and
o not inhibit the utility of the technology beyond acceptable means.
 Level 2  <==
This profile extends the "Level 1" profile. Items in this profile exhibit one or more of the following characteristics:
o are intended for environments or use cases where security is paramount
o acts as defense in depth measure
o may negatively inhibit the utility or performance of the …






Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.