Security

26K

Solutions

25K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.

Share tech news, updates, or what's on your mind.

Sign up to Post

How does 2 Factor Authentication work, exactly, for Office 365?  We are interested in possibly implementing it - but we don't want users to have to CONSTANTLY re-authenticate, either.  And are there control options for how it works - or is it Microsoft-controlled?

Thank you
0
CompTIA Security+
LVL 13
CompTIA Security+

Learn the essential functions of CompTIA Security+, which establishes the core knowledge required of any cybersecurity role and leads professionals into intermediate-level cybersecurity jobs.

Before the last few days we had a setting that would go back to the login screen and require the password. I could be sitting here doing nothing and maybe every 10 minutes this event would happen. Now today I left at 4pm and back at 6pm and the system was still on. Who changed the setting and how to prevent it from failing. The computer was not secure today during those 2 hours. I think the setting I had was 10 minutes.

I went into these settings and not seeing it. Windows 10 desktop.
y
0
We have numerous instances of MS SQL Standard 2012 in our environment. MS's product lifecycle page shows SQL 2012 Service Pack 4 as supported until July 2022.

I'm seeing different information regarding MS support for Critical and Security WSUS updates. Am i reading it right that if we install SP4 on those we will continue to get WSUS critical and security updates but may have to pay a fee if we call MS as they are in extended support and no longer mainstream?

Do i have that correct?
0
Hello,

I have a cloud server where I am hosting a website. It is a Windows Server 2012 R2. Recently I noticed a message in my account control panel saying something like this:

"CRITICAL NETWORK - 384 kbit/s received       12.11 MBit/s transfered"

This is the first time I received a message like this. The server has been operating since 2015.
I am not a network administrator so I do not really know how to proceed. So, I will very much appreciate any support/help you can provide to find out what is going on.

I had watched the Network Activity in Task Manager and I am attaching a screenshot just as a reference. Maybe I need to go over log files but I a not sure which ones are the correct to review and how to proceed.

For example, I watched the System log and I see error entries like this:

"A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203."

I found the error below in the Administrative Events log:

"The RD Session Host server received large number of incomplete connections.  The system may be under attack."

Something I should say is that I use Remote Desktop to connect to my cloud server.

Task Manager Network Activity Screenshot
Respectfully,
Jorge Maldonado
0
My fiancée's mother exchanged her laptop for a pawn loan 3 months ago and she bought it back today. The laptop had no password on it. Just turn on the power and your in. Now she is staying with us for a bit and wants our WiFi password so she can connect to the internet with it.

The problem is I am very worried about her laptop compromising the security/safety of my family and their devices. (I.e., In 10 seconds couldn't the pawn owner turn it on and install spyware that could spread to everyone's devices connected too it?!)

I Just wanted to get some feedback from professionals out there on what you would do in my scenario, what are some worst case scenarios and how likely are they too occur? Would you let her login too your WIFI? (Part of me wants to just burn it and buy her a new one)
0
A few years ago we looked at a product named IE Tab for Chrome by Blackfish.  Back then, we weren't convinced of the security because, from what we understood, ulnerabilities of the IE version you selected would be present.  

https://community.spiceworks.com/topic/431687-thoughts-on-the-ie-tab-chrome-extension

We are revisiting the solution due to the ease of use it offers our users but the jury is still out on the security of it.

Security experts, what are your thoughts? Any recommendations on security settings for it? Are there any other products or methods you would recommend in it's place?

Thanks again,
Steph M
0
Gurus,

Could you please explain the difference between

1. End Point Protection / Anti Virus
2. End Point Detection and Response
3. Threat Hunting

Are these three related in terms of end point protection

SID
0
I've been trying to apply uniform Share permissions across the files and folders of an entire drive in a domain-joined Windows 10 Pro workstation.
I can take the steps but the results look strange.
(I've run sfc and DISM just lately on the host).

If I look at the Share permissions, they vary across the folders.
I did re-propogate the Security permissions just in case that it would have some effect.  Wishful thinking...

I've not yet tried logging into different users on the host to see if there are differences.
When I look at properties over the network, I don't see a Sharing tab at all......
1
Other than Factory Reset, what precautions can I use to DEEPLY erase a used Android Phone that I've gotten?  Need some EXTRA level of erasing before I apply all my data to it.

One idea that occurred to me: activate phone with a dummy account.  Turn on video, and just let it run until all the memory has been written over.

Then: Factory Reset again, add REAL account.

What's a good way?

Many thanks,

OT
0
What is this? I have several files with names ending with this: _NEMTY_LVMHFKO_-DECRYPT.  Some are .xlsx files, some are .docx files.  Each has the _NEMTY_LVMHFKO_-DECRYPT following the file name.  We can't find the original Excel or Word files, only these files with _NEMTY_LVMHFKO_-DECRYPT tagged onto the end. The file won't open with any program, but if we navigate to it in Excel and open it, Excel will convert it from a text doc to a jumbled up excel doc.
0
OWASP: Forgery and Phishing
LVL 13
OWASP: Forgery and Phishing

Learn the techniques to avoid forgery and phishing attacks and the types of attacks an application or network may face.

When users visit a website hosted on a virtual server at a client site, they are getting a Error and have to refresh the page. 2019-10-10_13h25_26.png
If I select the URL in the toolbar, and hit enter, the page refreshes and it comes up. but then I click on a menu option and it will then time out with the same error unless I hit the uRL and press enter to refresh the page. I have to do this every time I move from one link to another.

The server the site is on is Server 2016.
IIS is where the site is hosted.

I don't see any security updates with Microsoft that could be causing this block. The support entity told me to uninstall a specific security patch that isn't installed. So not sure where to go.
0
I'm trying to configure a rule in Cisco CES cloud platform the stops people masquerading as the CEO
for attempted Phishing. So on our previous FW we had if the mail has the sender as 'our ceo' but does not come from
our Domain, then drop. I can see where to configure this in the CES.
0
I have a stored procedure in one database that writes to another database. Security is assigned using SQL Authentication.
For each user I have issued
GRANT DELETE,UPDATE,INSERT TO JOBCOSTDETAIL TO USERNAME

This stored procedure is called via a  VS C# program. Whenever a user clicks the button to run the stored procedure they get:
The INSERT permission was denied on the object 'JOBCOSTDETAIL' ,database 'DATABASE',schema 'dbo'

I could change my code to run the sp as 'sa' but I should not need to do that. When I check the properties of this user on this database they do have INSERT permission as dbo. What else do I need to set to get an average user the ability to write to this table in this other database.
0
This is a message I got from a friend:

I have a computer problem will you come over about 4 pm and take a look
there is a yellow bar with a green bar in it and a red star in the
corner of it 100% in the bottom of it cant x out of it.


What would be your guess on what it is before I go over there to take a look.
0
Dear All,
I am monitoring ESX logs on a test environment,however I am receiving lot of logs
I need to focus on security logs only
What kind of logs should I look for?Any help?
IN case i want to know if a virtual machine was created,where to look for?
Any tips on monitoring a vmware ESX?
Regards
0
Our apps architect recommends  Alpine Linux for our
microservices/container environment.

Some time back, a patch management vendor told us
that patching for Alpine can't be managed by Satellite
or BigFix  ie we have to manually download & patch.

Q1:
is the above true or is there something like 'yum' in
RHEL to patch Alpine.

Q2:
Also, there's no CIS hardening benchmark nor any
docs that standardize what to harden for Alpine.

Q3:
Architect further points out that Alpine is the most
secure & efficient Linux to use for microservices;
is this true?  Does Alpine has good development
team that constantly check for vulnerabilities &
release advisories/patches (at least like RHEL)?

https://alpinelinux.org/about/
https://en.wikipedia.org/wiki/Alpine_Linux

Q4:
Where can I view past Alpine's CVEs/vulnerabilities
list & how can we assess how good are support
for Alpine?  Don't want a case where we log a
case for support & there's lack of response &
no solution
0
Looking for help getting my Sonicwall logs files to upload the the Microsoft Azure Cloud App Security system. I am trying to setup the Sonicwall's so they forward their logs to MS to be analyze. I need to have a forwarding machine installed to do this. They have a Docking image of Linus, but I can't seem to get it to work. My working knowledge Linux is pretty limited. I have been using this article as a reference: https://blogs.technet.microsoft.com/cloudready/2018/03/07/configure-microsoft-cloud-app-security-to-analyze-sonicwall-logs/. Thanks
0
I have a question about ransomware.  If my computers C drive is already encrypted, is it still possible for ransomware to hold my computer hostage by encrypting files?  if we have office 365 and all the files are also backed up to the cloud through OneDrive, doesn’t that also create a level of protection?
0
Hi All,

We use WatchGuard as our firewall and have Dimensions setup for reporting. What is the easiest way to find out and possibly monitor all users that have some form of file transfer either ftp, or web/app based such as dropbox etc?

Can this be done / how best to view this info or set this up?

Cheers,
Paul
0
Expert Spotlight: Joe Anderson (DatabaseMX)
LVL 13
Expert Spotlight: Joe Anderson (DatabaseMX)

We’ve posted a new Expert Spotlight!  Joe Anderson (DatabaseMX) has been on Experts Exchange since 2006. Learn more about this database architect, guitar aficionado, and Microsoft MVP.

Hello:
I have a script to create an AD user and add to its respective security groups, this script works 80% of the time without issues, but sometimes I have the problem that It can not add the user to his group because it can not find the recent create user.  If I add a delay it fixes the problem.  I want to fix it without adding the delay, any suggestions

function New-OPAdDomainStudent
{
<#
.Synopsis
   Short description
.DESCRIPTION
   Long description
.EXAMPLE
   Example of how to use this cmdlet
.EXAMPLE
   Another example of how to use this cmdlet
#>
    [CmdletBinding()]
    [Alias()]
    [OutputType([int])]
    Param
    (
        $SamAccountName,
        $Surname,
        $FirstName,
        $MiddleName,
        $HomeFolderPath = "\\myd-fileserver.mydomain.com\students$",
        $HomeDrive = "H:",
        $ID,
        $OU = "DOMAIN Students"
    )
    Process
    {

        $EmailSuffix = "@students.mydomain.com"
        $Email = $SamAccountName + $EmailSuffix
        $HomeFolder = Join-Path -Path $HomeFolderPath -ChildPath $SamAccountName
        $OuDn = (Get-ADOrganizationalUnit -Filter {Name -eq $OU}).DistinguishedName
        if ($OuDn -eq $null) {
            log -message "Unable to find OU $OU, exiting" -level Error
            Stop-MPScript
        }
        $Password = "Welcome"
        $EncryptedPassword = ConvertTo-SecureString $Password -AsPlainText -Force
        log -message "Creating account $SamAccountName" …
0
we use a 3rd party SaaS provider for our HR system, and as part of the application there is a so-called self service module which allows employees to login to the system and view their payslips, which expose personal and sensitive information. Access can be achieved from any location, e.g. any Internet connection, no restrictions specific to the companies network etc. At present access is based on single-factor authentication (basic username & password) and a review of the costs associated with making the system require 2-factor authentication for access is beyond current budget. Are there any compensating controls/security techniques you can think of that minimise the need for 2-factor authentication for such a system that we can look at which may be more practical with budgets in mind. At present I am not sure what technology stack the application is based upon if that has any relevance but that is perhaps something we can review.
0
We have an lone ESXi 6.7 host in our DMZ which is the dedicated host for our DMZ VMs. It is directly connected to the DMZ port on our ASA. We're trying to figure out the safest way to management it. As it stands right now, our two options are:

1. Connect the management interface directly to our management network. I don't particularly like this because that host is directly connecting our DMZ to our management network, and we're relying on VMs not being able to attack their host to keep our management network secure.

2. Connect the management interface to an empty port on our ASA, set that port to a higher security level than our DMZ network but lower security level than our internal production network, then manage it directly through our production network. I don't particularly like this since the management interface will be directly exposed to our production network, though it would be on a different network.

Any thoughts, comments, insults, rants?
0
As i am viewing logs on the SIEM,I noticed that logs of event ID 4624 and 4625 happens concurrently
I couldn't understand how and account who is failing to log on is also successfully loggin on at the same time
within a timeframe of two hours knowing that the logs are related to yesterday which was a holiday
Can I have an understanding about what is going on?AccountfailedtologonAccountsuccessfullylogedon.jpgPS:The username is the same.For the sake of privacy I have erase the name from the pictures
0
jQuery (Javascript libraries) are bundled with a number of our
softwares (Weblogic, a supplier app, mobile app): quite a number
of XSS vulnerabilities were found by our pentester.

Q1:
One app vendor replied that updating (ie patching) or upgrading
jQuery may destabilize their app?  So are we supposed to wait
for these vendors to release their next release app so as to
bundle in newer & patched jQuery or we can get the patches/
updates from Oracle & just update/patch it??   Or by doing so,
we'll lose the support of the app vendor?

Q2:
In the case of Weblogic 12.2.1.3, jQuery ver 3.2 is bundled.
Since both Weblogic & jQuery are from Oracle, is it supported
if we just update jQuery (or there's no patch/update ie we
just have to upgrade jQuery to ver 3.3 or 3.4)?

Q3:
Is jQuery vulnerabilities the same as javascript (read at Oracle
site that jQuery is actually  javascript library) vulnerabilities?
0
On my work network. I have one computer sending random emails.  And then my ip is being blocked by my ISP.
How can I discover wich computer is doing it.
0

Security

26K

Solutions

25K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.