Security

23K

Solutions

171

Articles & Videos

23K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.

Share tech news, updates, or what's on your mind.

Sign up to Post

We have a wordpress (latest version) site I would like to secure, there is no personal data on there, no contact forms no sales. However I would like to lock down the login page and generally increase the security, I had wanted to put SSL I can't. Any suggestions?
0
Threat Trends for MSPs to Watch
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

does anyone know of a way, perhaps using one of the AD cmdlets, that will get the same info as a Microsoft baseline security analyser scan, in the "shares" section of the report, which gives both the share and directory ACL, but writes the results out to a CSV file so further filtering/analysis can be performed. MBSA does give what I need but the report is essentially read only, I need a way to filter the results as on some servers under review are hundreds of shares, so having it in csv would make that additional analysis a lot easier. Basically MBSA just enumerates all shares on a server and produces the share and directory ACL, in a simple:

share (name), path, share ACL, directory ACL,

so I need a command to do the same and put the results in a nice CSV file with the same columns so I can do similar analysis.
0
Exchange 2016 on Server 2012 R2.

Exchange is working fine.

Mobile users, all on iPhone, can connect to the Exchange Server for mail when they are off site, but not while on site & connected to the LAN Wi-Fi.

If they turn Wi-Fi off, they connect (obviously via cellular)

Why can they not connet through the LAN Wi-Fi?
0
We have blocked yahoo, Hotmail, gmail, dropbox :
our audit says there are some lesser known ones that were
not blocked by our Bluecoat proxy.

Anyone can help list out these browser based emails &
file sharing tools ?  Would like to cover more to be thorough
to prevent data loss/leakage
1
Dell Inspiron 15 (3000 series), OS Windows 10.

Two Step Authentication is  required by Apple from 17 June - today.
 I have been trying to set it up for 3 weeks now without success.
I accessed instructions on how to set it up and follow them to the letter: Here is what happens:

I go to my PC, open my browser, go to www.icloud.com and log in with my Icloud account, name and password.  
My Icloud  page appears and I click on 'Settings' . Next, I click on 'Manage' Apple Id.'  I am asked again (don't know why)  for my Apple ID and password and also am given  two security questions. I answer these  successfully and am admitted to 'Manage my Apple Id' (a page with headings 'Account', Security', Payment and Shipping', 'Devices'.  
According to instructions  I am   now supposed to 'click on "Generate Password..."', but this option is NOT VISIBLE on my screen. Instead under 'the heading of 'Security' is a message:  'TWO-FACTOR AUTHENTICATION. Add an extra layer of security to your account.Get Started'.
So I  click on 'Get started:  A page  appears titled : 'What is Two-Factor Authentication?  - with 'Continue' at the bottom.. I click on 'Continue'.  This leads to a page which informs  the reader 'How To Turn Two-Step Authentication  On. (Not on how to set it up). '  At the bottom of this page is an 'OK' option. I click on this. When I do I AM SIMPLY RETURNED TO THE EARLIER PAGE   (with Account, Security, payment and Shipping, Devices)  with  the message :'TWO-FACTOR …
0
I had this question after viewing Powershell script to export EVents logs in human readable.

Hi

Can we add the target account details to the our put, like the name of the account created

Subject:
      Security ID:            S-1-5-21-183399762-3323212256-414774413-500
      Account Name:            administrator
      Account Domain:            TEST
      Logon ID:            0xAFFB208

Target Account:
      Security ID:            S-1-5-21-183399762-3323212256-414774413-2606
      Account Name:            Devops9
      
Any help would be greatly appreciated.

Thanks
Nizam
0
For security reasons, I want to open the file, let the vba code use the contents, then close the file -- without ever saving the file to the local computer.  I am guessing this is similar to the solution to
https://www.experts-exchange.com/questions/23627204/Download-file-from-remote-ftp-site-via-VBA-Excel.html
except that I do not want to save the file locally, just open it.
0
HI all,

Im currently workign on a project on tightening security on our webservers. First step on this is disabling weak Ciphers that are still currently enabled. Im aware of the list of known weak ciphers, but im wondering if Im to disable these, what the impact be on the browsers connecting in?

We will disable SSLv3.

TLS 1.1 - Not sure what impact this will have?

Weak SHA  - RC4 MD5

Is anyone aware of a list  browser versions that maybe impacted?
0
I have users who log into another domain using Citrix, but they log in with their standard domain credentials using a trust. I am trying to use GPP to Map drives, however it will not map the drives to the users. I have added the users to a domain local security group from the other domain which has a two way forest trust. According to everything I find online this is how it should be done but it's not working. I add users from the domain they're logging into to the OU and it maps the drive fine. Did MS change how this is handled? can I no longer do it this way. I'm only finding threads that date back to 2013 at the latest on this and everyone seems to have gotten it to work by doing what I described. Any clues on what would be causing it? if I do a GPresult I see no GPOs being applied to those users in the security groups.

The domain I'm attempting this on is all Windows server 2012r2 and consists of 1 DC and 1 RDS
0
We currently have a Dell Sonic Firewall that is our firewall as well as our company router.  This is our main router for all of our sites in the company.  We have 16.  We implemented through our EMR (Electronic Medical Records) software an upload to a billing company.  They in turn configure and print bills and send them out to our customers.  This has worked fine for over two years.  When this was implemented, we were not required to make any firewall changes at all.

A week ago, the user doing this procedure received an error that the file could not be uploaded.  She called the EMR company, who in their effort to troubleshoot the problem, changed the upload method from ftp to sftp.  She then tried to upload and she got an additional error that port 22 was unable to send.  Seeing that error, the EMR said that the problem has to do with our firewall.  I spoke with the billing company who tried to do a trace route to our external IP.  They were unsuccessful, but I was able to do a trace route to them.  The only caveat is that the user can do this procedure from home with no problem.

I am willing to make firewall changes if necessary, I just don't know what they would be or why it is necessary now, if no one has made any changes other than the upload method from ftp to sftp.

Please help.  I am desperate.
0
On Demand Webinar: Networking for the Cloud Era
LVL 8
On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Hi,

We have a login page that saves a cookie so that the username is stored and shows next time the user logs in.
We ran a security scan and got the following alert:

"Cookie without 'httpOnly" flag

Below is the code for setting up the cookie. How can we resolve the issue of the alert?

        function createCookie(name, value, days) {
            if (days) {
                var date = new Date();
                date.setTime(date.getTime() + (days * 24 * 60 * 60 * 1000));
                var expires = "; expires=" + date.toGMTString();
            }
            else var expires = "";
            document.cookie = name + "=" + value + expires + "; path=/";
        }

        function eraseCookie(name) {
            createCookie(name, "", -1);
        }

Open in new window

0
Here's the situation:

I need to add a user (domain\ITS) to the ACL of a folder, all subfolders and files.  The subfolders may or may not have inheritance enabled.  Actually most of them do NOT have inheritance enabled.

The problem is when I run the script I have, the user is being added in a way where it shows up on a Folder's Security tab as an entry BUT the permissions are all blank (no checks next to Modify, read, etc...).  Then when I click the Advanced button I see the user listed and I see the permissions BUT the user does NOT have access to the folders, subfolders and files.  It is listed as 'This folder only'.  I just can't get the user to actually have access.  If I manually go to the Security tab on a Folder, click Edit, highlight the user and grant Modify THEN the user can access everything under that folder.  Unfortunately there are thousands of folders and subfolders so obviously we're not looking forward to having to do that manually for every folder.

I am attaching two files to show what I am describing:

Security tab showing missing permissions
Advanced view of permissions showing 'This folder only'
Here is the script I've been using to try and get the user successfully added to the folders:

$FilesAndFolders = gci "e:\data" -recurse | % {$_.FullName}
foreach($FileAndFolder in $FilesAndFolders)
{
    $item = gi -literalpath $FileAndFolder
    $acl = $item.GetAccessControl()
    $permission = "domain\ITS","Modify","Allow"
    $rule = New-Object …
0
Hello all,

I have some Win 2012 3cx v15 phone systems and was having trouble with apple push notifications for calls to remote devices.  I've determined it to be a TLS issue.  I had used IIS Crypto to remove the less secure SSL 3.0, TLS 1.0 and 1.1, leaving just TLS 1.2 and more secure ciphers.  This breaks apple push notifications from the 3cx server/software.  I put back TLS 1.1, no luck.  Put back TLS 1.0, now push notifications work.  I find it odd that I should still need 1.0 enabled on the server.  

Is apple push still using that protocol and not 1.1 or 1.2, or might there be something else going on here.

I'm by no means familiar with protocols/ciphers, just determined what fixes the problem.
0
Hi there,

i need help to write a windows power shell script to run a command to check if IIS_IUSRS group have access to the iisWasKey revoked.

- I need the script to pull the windows server <MachineGUID> dynamically before running the command:

- Obtain the machine GUID at the Registry Value "MachineGuid" in the Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography

Next, open a command prompt and run the following icacls command, ensuring that BUILTIN\IIS_IUSRS(R) has been removed:

icacls %ALLUSERSPROFILE%\Microsoft\Crypto\RSA\MachineKeys\76944fb33636aeddb9590521c2e8815a_<MachineGUID>

Open in new window


Refernce to this is: 3.11 Ensure 'encryption providers' are locked down of https://benchmarks.cisecurity.org/tools2/iis/CIS_Microsoft_IIS_7_Benchmark_v1.8.0.pdf

Great thanks!
0
Hi, does anyone know any weakness of Cisco devices (router, switch, Firewall)? Is there any way/tool to assess their vulnerabilities?
0
Im currently running eset FILE SECURITY on some of my servers and i just noticed that my virus signature database wasn't updating on two of my servers. the other installs are running and updating fine. ive already cleared the cache and tried ive also ran a cmd and pinged the update server with no issues. i have noticed that some of my settings are "Read-Only" and i cannot change them. also i have noticed that its using a proxy and the ip address of a server that has nothing to do with my eset install. Is there any way to change these settings or figure out why its not updating?
Product Version: 6.3.12004.0
Server 2012R2
0
I have 2 servers (Windows Server 2012 R2 and Windows Server 2008) being scanned by Qualys that have surfaced this finding:

HTTP Security Header Not Detected HTTP Security Header Not Detected port 80/tcp

THREAT:
This QID reports the absence of the following HTTP headers:
X-Frame-Options: This HTTP response header improves the protection of web applications against clickjacking attacks. Clickjacking, also known as
a "UI redress attack", allows an attacker to use multiple transparent or opaque layers to trick a targeted user into clicking on a button or link on
another page when they were intending to click on the the top level page.
X-XSS-Protection: This HTTP header enables the browser built-in Cross-Site Scripting (XSS) filter to prevent cross-site scripting attacks. X-XSSProtection:
0; disables this functionality.
X-Content-Type-Options: This HTTP header prevents attacks based on MIME-type mismatch. The only possible value is nosniff. If your server
returns X-Content-Type-Options: nosniff in the response, the browser will refuse to load the styles and scripts in case they have an incorrect MIMEtype.
QID Detection Logic:
This unauthenticated QID looks for the presence of valid X-Frame-Options, X-XSS-Protection HTTP and X-Content-Type-Options headers in a
HTTP request.
IMPACT:
Depending on the vulnerability being exploited, an unauthenticated remote attacker could conduct cross-site scripting, clickjacking or MIME-type
sniffing attacks.
SOLUTION:
N/A
0
Is it possible if any one knows my social security number and date of birth can pull my credit history?
0
Is it possible that I have some kind of spy camera around my shirt which also can pass me thru metal detector. And also send me the live stream video.
0
Retailers - Is your network secure?
Retailers - Is your network secure?

With the prevalence of social media & networking tools, for retailers, reputation is critical. Have you considered the impact your network security could have in your customer's experience? Learn more in our Retail Security Resource Kit Today!

I use this tool EvlWatcher :https://www.itsmdaily.com/block-rdp-brute-force-attacks-windows-webserver-free/
 to block the Ip's who intends to atack my remote pc
I made a test and i blocked my brotehr IP so my question is how to unblock blocked IP's?
thank you
0
We have quite a number of special Win 7 workstation PCs that have local
administrator accounts : the password never expire as each time changing
the password will involve quite some efforts of application changes.

What's the best practices to manage such accounts & any special mitigations?

a) make the passwords of such accounts dual control : ie different teams
     hold the passwords?
b) I'm not sure if we can make it "cant logon interactively" : I'll do it if it wont
     break the app.  Besides this what else can we harden?  No Local Logon?
c) noLMhash needs to be enabled so that the password cant be cracked
    easily;  what other hardenings?
d) any other mitigations such as enabling Windows Firewall?
e) pls add on any other best practices ...
0
Hello All,

I have a customer who has SBS2011 and he use to use the exchange... Last year we stopped using the exchange on SBS and moved him over to Office 365... We are not using Azure/etc just moved over his domain to office 365 and repointed all of his outlook clients to office 365... Worked like a charm.

However sometimes the users get a Security Alert when opening/closing outlook .... The Security certificate has expired or is not yet valid. Any idea why they are recieving this? I assume it has to do with the old SMS Exchange? Why would his outlook be throwing that error if its pointed to office 365 an not his old on premise exchange?

If anyone has any ideas please shoot them my way... Thanks
0
The Chubb contact person I liaise with told me all their customers are recommended
not to install AV on Chubb's custom Windows CCTV recording server as it will cause
severe perf issue & will conflict with some sort of built-in security feature.

Anyone know what is this feature?  is it apps whitelisting, AV or ??   The person I
liaise appears uncertain
0
I am having a strange issue with Kaspersky Security Center 10.

When pushing out the AV to new clients I get to the license key screen to select the correct key but its blank, I have tried adding the key and it says 'Successful' but the screen stays blank.
kspkeyscrn.PNGThe key was visible until the MMC crashed.
If I continue with out selecting a key and push out the AV client it installs the license key.

(new clients get put in to an install group that has no tasks to install a license)

Does anyone know how to resolve this?
0
I have a new project which involves demonstrating exactly how ransomware works. I need to set up a virtual machine with some sample data and some variant of ransomware. I need to run a live demonstration which shows what happens on a PC from the initial point of infection all the way to the point where the ransom notice is displayed. Obviously I know this is dangerous and the correct precautions will be in place to ensure that the VM is completely network isolated. Does anyone know how I can do something like this?
0

Security

23K

Solutions

171

Articles & Videos

23K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.