Cyber Security

519

Solutions

839

Contributors

The cyber security specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. cyber security focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against the harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.

Share tech news, updates, or what's on your mind.

Sign up to Post

EE,

We have been attacked by the "rapid' ransomware virus - most of our key information assets have been locked, all with the extension of ".rapid" on each file.
> The worst part is that they locked all of our backup files as well - we are stuck.

I am looking for some suggestions on how to deal with this... Yep, first time for me and my company.

Should we pay or should we fight...

Rojosho
2
Become an IT Security Management Expert
Become an IT Security Management Expert

In today’s fast-paced, digitally transformed world of business, the need to protect network data and ensure cloud privacy has never been greater. With a B.S. in Network Operations and Security, you can get the credentials it takes to become an IT security management expert.

Preventing theft of company data - with the plethora of routes that are available on the internet, can someone suggest a comprehensive solution for preventing employees who are leaving the firm from stealing emails (their own corporate emails) and files? We can disable USB ports, disable certain websites such as dropbox, box.com, etc. Gmail/Hotmail/Yahoo, etc. However, there are many other routes with a simple google search away...
0
I am considering running openVPN on a linode and setting UFW to only accept connections from that IP Address. Would this be good security? I realize it may be redudent with Fail2Ban but I'm hungover today doing sys admin stuff and thought about doing this.

I'm a Cyber Security student but I haven't gotten to any major classes yet so I really don't know if this is a good idea or not.
0
Hi,
I added a Content-Security-Policy that works in Firefox and Chrome but not Safari.  I am using Safari 10.1.2. In Safari I get the error:
“Refused to apply a stylesheet because its hash, its nonce, or 'unsafe-inline' does not appear in the style-src directive of the Content Security Policy.”
So, I tried adding ‘unsafe-inline' to style-src but I still get the error in Safari.  I have some hashes in style-src (that were provided by Chrome), and when I get rid of the hash, Safari gives no errors as long as I have ‘unsafe-inline’ written.  If I put the hash back in, I get the error again in Safari.  The other browsers work fine.  Does anyone know what I can do to get the Content-Security-Policy working in Safari?  Any help is greatly appreciated!
0
My sonicwall is dropping my connection from a second subnet. I understand why, as it is identifying this 96... ip address as a WAN on the LAN. However I just simply want to allow all traffic from that IP to get through. How would I go about configuring the sonicwall?

I tried disabling IP Spoof Checking from the diag.html page, but it refuses to save and only says "there were no changes made".

01/15/2018 12:07:25.640      Alert      Intrusion Prevention      IP spoof dropped      96.67.165.X, 49873, X1      209.63.225.X, 80, X1      

Thanks!
0
Twice in the past month our static IP has been flagged by the CBL as hosting malware. The CBL provides the source and destination IP but we have not been able to capture ANY traffic from our network to the destination IP provided. Here is what the CBL gave us:

Detection Information Summary
Destination IP	146.148.124.166
Destination port	443
Source IP	[xxx.xxx.xxx.xxx]
Source port	16997
C&C name/domain	kemonzura.gdn
Protocol	TCP
Time	Tue Dec 26 18:15:27 2017 UTC

Open in new window


The source IP is set on our WAN interface on our firewall (Sonicwall) and packet capture on the Sonicwall shows no outbound traffic to the destination IP. We port mirrored the switch port where the WAN port is connected on the switch and ran Wireshare against it and still no packets destined for the destination IP. We put a firewall rule in place to drop any packets destined for the destination IP and still we get listed.

In short, we have not been able to capture a single packet egressing our network and destined for the destination IP provided by the CBL. Is it possible to spoof the source IP? If so, how do you re-mediate?

We are thoroughly puzzled by this.

Below are the full results of the CBL lookup:

Results of Lookup
[redacted] is listed

This IP address was detected and listed 56 times in the past 28 days, and 13 times in the past 24 hours. The most recent detection was at Tue Dec 26 18:15:00 2017 UTC +/- 5 minutes

This IP address is infected with, or is NATting for a
0
This is a great video (however the links no longer work):
https://www.youtube.com/watch?v=Usydlsc2uWE
I need a real life example of IF someone clicks on a bad link via email or whatever avenue how the redirected website collects their credentials. Anyone have any good ones?

TIA!!
0
Hi Experts,

On our public-facing OWA server on IIS 7, we turned on IP Address and Domain Restriction. If from the log we detect any IP trying brute force to log into our Web Outlook interface, we will put the IP into "Deny Restriction Rule" in the hope that IP will be 'blocked', meaning not even able to get the login screen. Actually it seems to be a wishful thinking since we noticed one of the IP we already added in the 'Deny' list that particular ip still keeps showing up in the log and we can see it got the login form and then denied with sc-status 401-1.

My question is, it seems this feature does NOT "block" the IP from getting the login form, but instead simply "deny" their login request. Is it correct?
0
Hi there,

I am curious to know if there is a process to help map all DIACAP controls to RMF ? Or if there is already a mapping that was done for this already.

Please let me know your suggestions or experience. Any bit helps

-Michelle
0
So here's the situation.

We got hit with cryptolocker and we managed to restore our files from backup but the techs forgot to delete the encrypted files first and we aren't 100% sure that the restore worked.
Now I have to verify that every single folder on our filesystem has the same # or greater # of unencrypted files than encrypted ones before I can mass delete the encrypted files.
Sounds simple, aside from the fact that it's several Terabytes of data and thousands of folders.

I need help to design a script (or find a tool) that will recursively scan through all the folders in our filesystem and perform the following logic:

If # '.locked' files into folder > # of != '.locked' files in folder > paste folder path into log file.
0
Protect Your Employees from Wi-Fi Threats
LVL 1
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

I'm seeing something in a SIEM that I can't seem to wrap my head around. I have an internet facing ASA that is configured to deny spoofed IP addresses (I don't manage these devices). Shortly after feeding syslog events from this device into the SIEM, I started seeing "Traffic from Tor Exit Node" and "Deny IP Spoof" events in the SIEM. I bring up both items as I'm not sure if they're related.

Anyway, when I look at "Traffic from Tor Exit Node" events where the source IP is the known Tor exit node (most of them), there is no corresponding destination IP address or destination port. I've crafted a few stories in my head involving nmap scans through Tor but I can't convince myself of anything I've come up with. Anyone have a plausible explanation?

Thanks,
TR
0
I'm tasked with providing an email solution for a Defense Dept. (.MIL) organization that allows DoD students to submit messages and forms  containing personally identifiable information (PII) from their personal email accounts usually with no encryption.

The customer's requirements calls for the student information to be archived and tracked on a server that resides on the DoD organizational network.

The solution must support DoD 8500.1 guidelines and applicable FIPS/NIST standards  for CyberSecurity and processing PII information.

Please see the attached spreadsheet listing the requirements. The highlighted boxes are the toughest challenges.

I am open to any and all suggestions including Intranet, DMZ, VPN ...etc
Requirements.xlsx
0
I'm working on my master's dissertation in computer forensics and cyber security, and the topic is on bring-your-own-device (BYOD) acceptable use and security policy. There are many security implications that come along with BYOD. I am most interested in what organisations are doing today regarding BYOD?

If anyone has a few minutes and would like to participate in this anonymous BYOD survey, I would really appreciate the feedback.

The survey can be found here: https://www.surveymonkey.com/s/XPHCQSV 

Thank you!
0

Cyber Security

519

Solutions

839

Contributors

The cyber security specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. cyber security focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against the harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.