Protect against password cracking in Windows

I know that exists tools for get the passwords in plain text from memory in Windows (read memory and decrypt password from LSASS process).

This behavior still exists in The Windows Server 2019 ?

Is there any way of avoiding that a local admin user get the password from a Windows machine using some of this tools, for example Mimikatz?

Thanks.

How does Window Hello protect against brute forcing?

With my Windows 10 computer, I have the option to set up a PIN with Windows Hello (I believe it’s with that program). My normal Outlook password is 15+ characters mixed with upper case and lower case and numbers and symbols, but my PIN is only a few digits. Let’s say I had an eight digit password, that’s only 10⁸ possibilities. With something like the Hak5 Rubber Ducky, I figure that’s probably trivial to crack, especially with some light social engineering/research.

I haven’t personally tried inputting a bunch of wrong PINS, but I’m wondering if someone has an official source/literature explaining the security process.

Is this a secure way to protect passwords when they must be in plaintext?

I am building a web app which will use my school’s online grade reporting system. Students will sign in to my app using their credentials for the grade website. However, it does not provide an API, which means that my web app will have to store each user’s password to get access to their grade data or force each user to log in every time my app needs access. The web app will need to be able to verify the data from the grade reporting website, so the server will need to log in, which means that the plaintext password will at some point have to be on the server.

My solution is to have each user’s login details be stored locally in plaintext, then have the client send the credentials to the server whenever the server needs access to the grade system. The server would use the credentials to log in, then delete them. Everything uses HTTPS.

I believe that this system is secure because the plaintext passwords are on the server for only a short time and an attacker would not be able to access data stored on the client (assuming my web app is not vulnerable to XSS).

I’m planning to create the server in NodeJS and run it on a VPS.

Is this system secure? If not, what possible attacks exist and how could I prevent them?

How to protect file integrity and history containing counters

I would like to create a solution that would sign the data and will have a increasing counter so I can track the number of signatures.

One of the requirement is to have an increasing order of signature to track the history. As I would like to store counters on external file I need to protect the file also for change of the history.

For example I will store increased counters in file, let’s be it number 15. Then I will do another signature and store updated file with the number 16. I would like to protect the solution from replacing file with the previous version of the file containing counter 15, so it wouldn’t be possible to go back in the past.

I am aware of cryptographic techniques to protect the integrity of the file but I do not know how to ensure that it wouldn’t be possible to replace the file with the previous version.

Any advice?

How Lightning Networks protect itself from ‘Selfish Mining’?

It is a well accepted fact that mining pools do engage in ‘selfish mining’ by not broadcasting a block to the network when they find a PoW solution, but building on top of that block so as to maximize revenue. Now from the point of view of lightning nodes that are creating a HTLC, assume that the blockchain height is ‘h’. A HTLC is forwarded by the origin node and each node on the way uses 1 block of CLTV_expiry_delta (say there are 5 intermediary nodes). But soon after the final node reveals the pre-image to its peer, 3 blocks gets relayed simultaneously. Now, it may be the case that even after including a buffer, some nodes along the path can get exposed as its peer can relay the transaction to the blockchain due to timeout. Is there a protocol in place to stop intermediary nodes from getting vulnerable due to selfish mining?

Having two connections with different IP blocks (One is Global Protect VPN)

I have a wifi connection on a windows 10 Machine. It has the following conf

DEFAULT LOCAL SETTINGS

IP: 162.168.0.10  Subnet mask: 255.255.255.0  Default GW: 192.168.0.1 

When I connected to a VPN using Global Protect it creates a second network connection within a 10.x block

VPN CONNECTION TO 10.x network

IP: 10.170.170.10 Subnet mask: 255.255.255.255 Default Gateway: EMPTY 

The problem is when I connected to VPN I no longer can access internet even if the wifi connection is active. I only can access to VPN network.

The strange thing is when I connected to another VPN network having a 192.x IP block. Everthing runs perfect. No access problem.

VPN CONNECTION TO 192.x network

IP: 192.168.128.102 Subnet mask: 255.255.255.255 Default Gateway: EMPTY 

I think there is a conflict because of the different IP blocks. Any ideas to solve are welcome

Thanks

Will clearing the write bit on my backup drive protect it from malware?

I’ve been reading about ransomware and how it can infect not only the main drives but also backup drives if they’re connected to the network, and that Linux, although more secure than Windows, is not 100% risk-free from infection.

I’ve developed a daily habit of doing backups to an external USB drive, so I’ can recover quickly if I need to reimage my system. However, my backup is mounted to my system at boot and continuously accessible, and I’m concerned about my backups become infected or not accessible.

I’m wondering if clearing the write bit on all directories and files on my backup drive is an adequate level of security, should some malware get on my computer. I created the aliases in .bashrc

backup-protect="chmod -R ugo-w $  {HOME}/Backup"  backup-unprotect="chmod -R u+w $  {HOME}/Backup" 

I only enable writes for user as I don’t want anyone else to have access, anyway.

I would then run “backup-unprotect” before doing a backup, or if I need to recover, and run “backup-protect” after the backup or recover is complete. Is this adequate from a security perspective?