Cyber Security

531

Solutions

846

Contributors

The cyber security specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. cyber security focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against the harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.

Share tech news, updates, or what's on your mind.

Sign up to Post

We have been hit with ransomware.  Please see the attached screenshot.

The file extensions have been changed to STG.

They hacked into the network, created admin users and made them part of the Admin group, created shares etc.
0
How do you know if your security is working?
LVL 1
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

In a meeting we were told that it is possible to know or identify if a user hit a specific page and it’s contents even if the page is locked.  We understand that when a page has a lock it means SSL and that the data to/fro from the site to computer is encrypted.  Is this possible that even thought the page has a lock, there is  a way to identify the encrypted page that the user visited and identify the contents, if it has form or just regular page?
0
Are 32 bit computers at a higher risk of Anti-Virus, Malware or Ransomware infections?

We have a few left and I need to know if I should trash them ASAP.
0
Hi,

I d like to see how good my Wi-Fi is protected so how can I test this and see what would happen when somebody could get connected to my Wi-Fi (what he could see/do)?

That way I could take countermeasures.

J
0
Hi,

I need assistance how I can disable / close network discovery on LAN for Servers and all Clients please.


Regards
Asif
0
Does anyone recommend any good ethical hackers?  I want to ensure that I close any open security issues for my organization and I was thinking of hiring an organization or individual that can provide that service?  

Any reputable recommendations?
0
I have a question about defending against  DDoS attacks.  My ISP charges a large penny for service to protect me from DDoS attacks, it's basically the same amount for my internet, and it's not cheap.  Besides buying hardware, does anyone recommend any online companies that can provide the same kind of service as my ISP, but at a descent cost?

What other options do I have, or does anyone recommend a good solution?
0
We have been reading lots of hype on these iphone apps for detecting hidden camera and wanted to know if any EE has an experience in them in how truly they work using an iphone.
0
After being hit with Ransomware, restoring from backup, and reinstalling applications as needed, I can't get the Quickbooks Database Server services started or the Quickbooks Database Server Manager to run. When I browse for files and 'Start Scan", it attempts to start the services after browsing the files, finding Quickbooks files. It claims the folder in which the company files live isn't shared. I guess that's technically true, but the directory one level up IS shared, so it's possible to browse to it from a network share. Then it tells me it is attempting to resolve Networking issues, and tells me after that to resolve network issues and try again later (not the exact syntax, obviously).

I have tried installing just the bare server (what we had done in the past), installing the full version of Quickbooks (2016 for the moment), uninstalling, rebooting the server (2008 R2), reinstalling just the database server, using the Quickbooks clean boot utility, disabling ALL firewalls (Kaspersky and WIndows Firewall), I can't get the QBDbMgrN to start and stay started. I can't get the QuickbooksDB26 started. For some reason it claims to be a service that should be started manually. I don't recall that having been the case in the past.  Also,  I don't think the QuickbooksDB26 ever disappeared, even after a clean install (using the Clean Install tool), an uninstall, and/or a reboot.

Previous to the ransomware, the server had Quickbooks 2015 and 2017 database servers installed. …
0
CAN WE APPLY DIFFERENT RETENTION POLICY FOR DIFFERENT DEPARTMENTS

how many retention policy we can have
0
Firewall Management 201 with Professor Wool
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

Running Exchange 2010 with MS outlook 2010
 I have a share mailbox call  (sharemailbox1@domain.com) in my inbox has an auto forward all mails to my inbox.

what I need is a rule that will move (filter) the email that is auto forwarded to a specific subdirectory in my personnel inbox in  Outlook 2010

Screen shot attached.
this-message-was-autoforward.PNG
0
Trying to write an Exchange 2010 Transport Rule that will warn users if someone is attempting to impersonate a real AD/Exchange User.  IE, sender's EMail is liar@gmail.com but sets his text name to be John Smith, who is the president of the company.  So the inbound message is from John Smith <liar@gmail.com> when the correct sender would be John Smith <jsmith@real_domain_name.com>

I've created a Transport rule that checks:

- If inbound message is from a user that is outside the organization
- And sender's properties firstname is John
- And sender's propoerties match text pattern of lastname is Smith
- Then prepend message to EMail's Subject warning recipient

Had to add two conditions because if I put firstname and lastname in the sender's properties line, it made an OR statement instead of an AND statement

Note, can't just block liar@gmail.com, since the actual source address changes.

Not sure if this rule is working, or if GMail and other mailers always use what appear to be Active Directory fields of firstname and lastname.

Is there a better way to do this?

Thanks,

Nathan
0
We have two VLanes, "V-LAN1 & VLAN2 Wi-Fi"

We have configure traffic between the two, but our email is not working. "Meaning if I connect my cell phone or laptop to the Wi-Fi, I can not received emails. That s with VLAN2 Wi-Fi".
VLAN1 is hardwire .

Exchange:                                                                                     Server:                                                              Firewall:
- Exchange Sever 2007  Version 08.01.0436.000                   - Windows Server 2008 R2 Enterprise         - SonicWall NSA 2600
0
I am trying to confirm whether Sentinel One EndPoint Protection is a viable replacement for existing Webroot EndPoint Protection and MalwareBytes EndPoint protection.  We have been using Webroot/Malwarebytes endpoint clients on our workstations and servers for about four or five years now.  We have not encountered any compromises/issues using these products.   I also need to mention we also use Cisco's Umbrella Roaming Client as well.

We also have a SonicWall TZ500W with the Comprehensive  Gateway protection.  We never enabled the DPI module because it caused many connection issues accessing creditable Court websites, etc.  

So now SonicWall is promoting/offering their Capture Client solution that I am interested in.  I wanted to purchase the Sentinel One client software a couple of years back, but they said I could not make a purchase since the minimum count they could sell is 100.  We only need 25 licenses.  So now that Sonicwall offers Capture Client, I want to know if its feasible to say it would actually replace both Webroot and MalwareBytes EndPoint products and not just work along side and complement them.  So, I contacted Sentinel One Sales and they indicate their product serves as direct replacement.  They also mentioned their clients actually use Capture Client exclusively.

I have concern about a complete replacement solution.  I just want to ensure if we decide to deploy Sentinel One Capture Client as the sole Anti-Virus and Anti-Malware solution it …
0
Preventing theft of company data - with the plethora of routes that are available on the internet, can someone suggest a comprehensive solution for preventing employees who are leaving the firm from stealing emails (their own corporate emails) and files? We can disable USB ports, disable certain websites such as dropbox, box.com, etc. Gmail/Hotmail/Yahoo, etc. However, there are many other routes with a simple google search away...
0
We have been working with 7-zip form some time as matter fact was recommend by EE, we use it for large compression and complex-long password protected files.  Today in a meeting we were informed that 7-zip can be hacked.  We didn't believe until the person ran an apps and unzip one of our supposedly secure 7-zip files.  So our question is which compression apps is least to be hacked (WinZIp, WinRar, etc.?), which one can we trust? Is the oldies WinZip & WinRar also hacked?.
0
Brief: SonicWALL IP Spoof on WAN from Similar Subnet.

While this article seems like the resolution doing what it detailed did not resolve the issue:
https://www.experts-exchange.com/questions/2856328/Dell-Sonicwall-IP-Spoof-Detec tion.html

I have a Unifi Controller behind a SonicWALL.
We have multiple sites we control from it.

If the site is on a static IP from the same ISP (only 2 ISPs in town) and has the same first 3 octets the traffic passes fine.
Example:
Server site WAN IP: 50.50.50.15
Client site WAN IP: 50.50.50.230

However if a site is on a different octet then they cannot communicate due to "IP Spoofing" detection.
Example
Servers site WAN IP: 50.50.50.15
Client site WAN IP: 50.50.45.59

I've talked with SonicWALL and their engineers are working to find a resolution but I don't know if they can come up with anything.

The server site ISP WAN IP is a /30 net mask.
0
We require our staff to use MobileIron MDM and read their corporate emails using
MobileIron's  Email+ (a secure email client by MI).

Several staff read Bloomberg's BFW (Bloomberg First W)  news which is not in
http nor https format but  bbs format which MI can't load though this could
load in Apple IOS partition.

Q1:
Does Bloomberg offers http or https  instead of bbs ?  It's the
trading staff who subscribes so I don't hv Bloomberg's support
access

Q2:
We have logged a case with MI & MI ack'ed they can't support bbs:
Bloomberg was supposed to be used globally, so how is it that MI
can't support it.  Any workaround?
0
I have been ask by PCI QSA regarding what is SonicWALL using for PCI industry hardening standard.

I have been searching the internet and talking to SonicWALL support but couldn’t get the answer. So I will try here.

Anyone know this information or any PCI expert here that can tell me what to do with PCI Req 2.2 regarding system hardening standards?

Please advise.

Thank you
0
Get Certified for a Job in Cybersecurity
Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

some of the cyber security best practices require that admin access and admin type activities can only be performed from dedicated admin hosts/ technically how is this enforced to ensure that admin type work can only be performed from dedicated hosts and no other users? Would this be firewall settings on each individual computer joined to a domain? Can enforcing such a policy cause any issues in support/resolution?
0
I am tasked to setup an alert for unsuccessful admin login attempts at our company to satisfy cyber security controls.  We have 2 offices and 4 home offices - the main office logs into our Windows 2012 server and then everyone logs into our Windows 2012 RDS server for all network resources.  
How can I set some sort of alert for unsuccessful admin login attempts?  I understand that event ID 4625 is the main unsuccessful login attempt identifier, and I'm ok with using that even though it is not strictly for admin logins, but where would I create this (I assume a group policy)?  On the Domain Controller (AD Server), RDS server, workstation (for all local domain logins in the main office), or all 3.  I was hoping only one server (AD server?) could do this.
0
i need to secure Exchange 2016 OWA via a reverse proxy. Is there anyone doing this and what appliance are you using/recommend
0
We have a SonicWall TZ600.  A manager wants to know in easy to understand terms what the security benefits the firewall is providing us.  Can someone help me word something that would be understandable?  I am new to SonicWall.  We were using a CISCO ASA.
0
I am currently in a trial with Citrix Sharefile... but find the pricing a bit too much for our company at the moment..   Love the features .. Large File send.. Encryption .. all integrated into Outlook.   In my email signature I have a link for people that need to send me files... etc..etc..     Does anyone know of any other companies that offer this type of service that might not be as expensive?

Cheers

GoRaps!
0
I'm trying to understand how DMZ work in a Windows environment ...

So I've got my LAN, no problems with that. Now I want to put a Windows web server into a DMZ.
I've configured a VLAN for the DMZ, that works. But I'm unsure about the necessary policies on my (Watchguard) firewall regulating the traffic between DMZ and LAN:

- I'd like to be able to access the web server from the LAN using Windows Explorer. Is that possible? If yes, how?
- does the web server need to be in the local AD in order to achieve this?
- can the web server in the DMZ use a serial number distributed by the KMS server on the LAN? Or how is this being handled? [update: I got that to work]
- what if the web server in the DMZ needs to execute a query on an MSSQL server on the LAN? Do I just open the port for SQL connections? I guess using a cache DB on another server in the DMZ would be better?
- how can I RDP from the LAN to the DMZ? RDP tells me the server does not exist although I have open the RDP port on the firewall ...

Thanks!
1

Cyber Security

531

Solutions

846

Contributors

The cyber security specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. cyber security focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against the harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.