I have a question about defending against  DDoS attacks.  My ISP charges a large penny for service to protect me from DDoS attacks, it's basically the same amount for my internet, and it's not cheap.  Besides buying hardware, does anyone recommend any online companies that can provide the same kind of service as my ISP, but at a descent cost?

What other options do I have, or does anyone recommend a good solution?

We have been reading lots of hype on these iphone apps for detecting hidden camera and wanted to know if any EE has an experience in them in how truly they work using an iphone.

CAN WE APPLY DIFFERENT RETENTION POLICY FOR DIFFERENT DEPARTMENTS

how many retention policy we can have

Trying to write an Exchange 2010 Transport Rule that will warn users if someone is attempting to impersonate a real AD/Exchange User.  IE, sender's EMail is liar@gmail.com but sets his text name to be John Smith, who is the president of the company.  So the inbound message is from John Smith <liar@gmail.com> when the correct sender would be John Smith <jsmith@real_domain_name.com>

I've created a Transport rule that checks:

- If inbound message is from a user that is outside the organization
- And sender's properties firstname is John
- And sender's propoerties match text pattern of lastname is Smith
- Then prepend message to EMail's Subject warning recipient

Had to add two conditions because if I put firstname and lastname in the sender's properties line, it made an OR statement instead of an AND statement

Note, can't just block liar@gmail.com, since the actual source address changes.

Not sure if this rule is working, or if GMail and other mailers always use what appear to be Active Directory fields of firstname and lastname.

Is there a better way to do this?

Thanks,

Nathan

I am trying to confirm whether Sentinel One EndPoint Protection is a viable replacement for existing Webroot EndPoint Protection and MalwareBytes EndPoint protection.  We have been using Webroot/Malwarebytes endpoint clients on our workstations and servers for about four or five years now.  We have not encountered any compromises/issues using these products.   I also need to mention we also use Cisco's Umbrella Roaming Client as well.

We also have a SonicWall TZ500W with the Comprehensive  Gateway protection.  We never enabled the DPI module because it caused many connection issues accessing creditable Court websites, etc.  

So now SonicWall is promoting/offering their Capture Client solution that I am interested in.  I wanted to purchase the Sentinel One client software a couple of years back, but they said I could not make a purchase since the minimum count they could sell is 100.  We only need 25 licenses.  So now that Sonicwall offers Capture Client, I want to know if its feasible to say it would actually replace both Webroot and MalwareBytes EndPoint products and not just work along side and complement them.  So, I contacted Sentinel One Sales and they indicate their product serves as direct replacement.  They also mentioned their clients actually use Capture Client exclusively.

I have concern about a complete replacement solution.  I just want to ensure if we decide to deploy Sentinel One Capture Client as the sole Anti-Virus and Anti-Malware solution it …

We have been working with 7-zip form some time as matter fact was recommend by EE, we use it for large compression and complex-long password protected files.  Today in a meeting we were informed that 7-zip can be hacked.  We didn't believe until the person ran an apps and unzip one of our supposedly secure 7-zip files.  So our question is which compression apps is least to be hacked (WinZIp, WinRar, etc.?), which one can we trust? Is the oldies WinZip & WinRar also hacked?.

Brief: SonicWALL IP Spoof on WAN from Similar Subnet.

While this article seems like the resolution doing what it detailed did not resolve the issue:
https://www.experts-exchange.com/questions/2856328/Dell-Sonicwall-IP-Spoof-Detec tion.html

I have a Unifi Controller behind a SonicWALL.
We have multiple sites we control from it.

If the site is on a static IP from the same ISP (only 2 ISPs in town) and has the same first 3 octets the traffic passes fine.
Example:
Server site WAN IP: 50.50.50.15
Client site WAN IP: 50.50.50.230

However if a site is on a different octet then they cannot communicate due to "IP Spoofing" detection.
Example
Servers site WAN IP: 50.50.50.15
Client site WAN IP: 50.50.45.59

I've talked with SonicWALL and their engineers are working to find a resolution but I don't know if they can come up with anything.

The server site ISP WAN IP is a /30 net mask.

We require our staff to use MobileIron MDM and read their corporate emails using
MobileIron's  Email+ (a secure email client by MI).

Several staff read Bloomberg's BFW (Bloomberg First W)  news which is not in
http nor https format but  bbs format which MI can't load though this could
load in Apple IOS partition.

Q1:
Does Bloomberg offers http or https  instead of bbs ?  It's the
trading staff who subscribes so I don't hv Bloomberg's support
access

Q2:
We have logged a case with MI & MI ack'ed they can't support bbs:
Bloomberg was supposed to be used globally, so how is it that MI
can't support it.  Any workaround?

some of the cyber security best practices require that admin access and admin type activities can only be performed from dedicated admin hosts/ technically how is this enforced to ensure that admin type work can only be performed from dedicated hosts and no other users? Would this be firewall settings on each individual computer joined to a domain? Can enforcing such a policy cause any issues in support/resolution?