Cyber Security

505

Solutions

830

Contributors

The cyber security specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. cyber security focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against the harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.

Share tech news, updates, or what's on your mind.

Sign up to Post

We have been working with 7-zip form some time as matter fact was recommend by EE, we use it for large compression and complex-long password protected files.  Today in a meeting we were informed that 7-zip can be hacked.  We didn't believe until the person ran an apps and unzip one of our supposedly secure 7-zip files.  So our question is which compression apps is least to be hacked (WinZIp, WinRar, etc.?), which one can we trust? Is the oldies WinZip & WinRar also hacked?.
0
Turn Raw Data into a Real Career
Turn Raw Data into a Real Career

There’s a growing demand for qualified analysts who can make sense of Big Data. With an MS in Data Analytics, you can become the data mining, management, mapping, and munging expert that today’s leading corporations desperately need.

Brief: SonicWALL IP Spoof on WAN from Similar Subnet.

While this article seems like the resolution doing what it detailed did not resolve the issue:
https://www.experts-exchange.com/questions/2856328/Dell-Sonicwall-IP-Spoof-Detec tion.html

I have a Unifi Controller behind a SonicWALL.
We have multiple sites we control from it.

If the site is on a static IP from the same ISP (only 2 ISPs in town) and has the same first 3 octets the traffic passes fine.
Example:
Server site WAN IP: 50.50.50.15
Client site WAN IP: 50.50.50.230

However if a site is on a different octet then they cannot communicate due to "IP Spoofing" detection.
Example
Servers site WAN IP: 50.50.50.15
Client site WAN IP: 50.50.45.59

I've talked with SonicWALL and their engineers are working to find a resolution but I don't know if they can come up with anything.

The server site ISP WAN IP is a /30 net mask.
0
We require our staff to use MobileIron MDM and read their corporate emails using
MobileIron's  Email+ (a secure email client by MI).

Several staff read Bloomberg's BFW (Bloomberg First W)  news which is not in
http nor https format but  bbs format which MI can't load though this could
load in Apple IOS partition.

Q1:
Does Bloomberg offers http or https  instead of bbs ?  It's the
trading staff who subscribes so I don't hv Bloomberg's support
access

Q2:
We have logged a case with MI & MI ack'ed they can't support bbs:
Bloomberg was supposed to be used globally, so how is it that MI
can't support it.  Any workaround?
0
I have been ask by PCI QSA regarding what is SonicWALL using for PCI industry hardening standard.

I have been searching the internet and talking to SonicWALL support but couldn’t get the answer. So I will try here.

Anyone know this information or any PCI expert here that can tell me what to do with PCI Req 2.2 regarding system hardening standards?

Please advise.

Thank you
0
some of the cyber security best practices require that admin access and admin type activities can only be performed from dedicated admin hosts/ technically how is this enforced to ensure that admin type work can only be performed from dedicated hosts and no other users? Would this be firewall settings on each individual computer joined to a domain? Can enforcing such a policy cause any issues in support/resolution?
0
I am tasked to setup an alert for unsuccessful admin login attempts at our company to satisfy cyber security controls.  We have 2 offices and 4 home offices - the main office logs into our Windows 2012 server and then everyone logs into our Windows 2012 RDS server for all network resources.  
How can I set some sort of alert for unsuccessful admin login attempts?  I understand that event ID 4625 is the main unsuccessful login attempt identifier, and I'm ok with using that even though it is not strictly for admin logins, but where would I create this (I assume a group policy)?  On the Domain Controller (AD Server), RDS server, workstation (for all local domain logins in the main office), or all 3.  I was hoping only one server (AD server?) could do this.
0
i need to secure Exchange 2016 OWA via a reverse proxy. Is there anyone doing this and what appliance are you using/recommend
0
We have a SonicWall TZ600.  A manager wants to know in easy to understand terms what the security benefits the firewall is providing us.  Can someone help me word something that would be understandable?  I am new to SonicWall.  We were using a CISCO ASA.
0
I am currently in a trial with Citrix Sharefile... but find the pricing a bit too much for our company at the moment..   Love the features .. Large File send.. Encryption .. all integrated into Outlook.   In my email signature I have a link for people that need to send me files... etc..etc..     Does anyone know of any other companies that offer this type of service that might not be as expensive?

Cheers

GoRaps!
0
I'm trying to understand how DMZ work in a Windows environment ...

So I've got my LAN, no problems with that. Now I want to put a Windows web server into a DMZ.
I've configured a VLAN for the DMZ, that works. But I'm unsure about the necessary policies on my (Watchguard) firewall regulating the traffic between DMZ and LAN:

- I'd like to be able to access the web server from the LAN using Windows Explorer. Is that possible? If yes, how?
- does the web server need to be in the local AD in order to achieve this?
- can the web server in the DMZ use a serial number distributed by the KMS server on the LAN? Or how is this being handled? [update: I got that to work]
- what if the web server in the DMZ needs to execute a query on an MSSQL server on the LAN? Do I just open the port for SQL connections? I guess using a cache DB on another server in the DMZ would be better?
- how can I RDP from the LAN to the DMZ? RDP tells me the server does not exist although I have open the RDP port on the firewall ...

Thanks!
1
The Firewall Audit Checklist
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

I have a client with a SonicWall TZ 205, and we are running into an issue with PCI compliance scans.
Right now we are struggling to resolve a failure with "SSL Certificate - Signature Verification Failed Vulnerability".

Sonic support is clueless - does anyone here have a thought? Thanks in advance!
0
Hello,

I am trying to catch malware using T-Pot.
I caught some malware in /data/dionaea/binaries, but I don't know which IP did they come from.

Please let me know how to determine src ip of each malware(file name is MD5 hash).

regards,
Nobuo Miwa
0
I upgraded our SonicWall at the beginning of the year and have some confusion regarding SonicOS's  CFS.  The device is running SonicOS Enhanced 6.5.0.2-8n.

(1) Is there a way to get a log of *ALL* CFS entries?  When I look under:

Log Settings > Base Setup > Security Services > Content Filter

It shows:

CFS Alert = 1461
Website Accessed = 16
Website Blocked = 14

However, I can't figure out how to get to that log.

(2) Is there a way for me to be emailed anytime someone gets the "blocked" screen with the details shown on the block screen they see?

TIA.
0
In a Cyber Security training, the trainer/consultant from UK has recommended to my colleague (I did not attend the training) to use MS sysinternals.

Our role is to capture the evidences/artefacts using Sysinternals.

a) an End User IT support told me that sysinternals is not supported by MS, it's given as it is for use.
    Concern is : has MS been updating the version of sysinternals for use on Win 7, 8, 10 and Win2008 R2, Win 2012 R2, Win 2016
    so that it can be run / used on these versions of Windows (both 32bit Win7 as well as 64 bits Windows)?   I felt if sysinternals
    could run & capture evidences/artefacts on these platforms/versions of Windows, it's good enough  or is there any concern
    since MS is not supporting it?    We do have MS Premier support contract including MS Security escalation, so I guess MS
    will still analyse dumps captured using sysinternal or won't MS do it?

b) our role is to capture the evidences/artefacts in the event of compromises/attacks & we'll engage external forensics
     experts to analyse.  Which of the tools/components in sysinternals offer these capturing?  Will need to elaborate a
     bit for this one.  Example for "Process Explorer", we can select the specific process & "Create Full Dump" or take its
    hash & submit to Virustotal if any of the 60+ security products in Virustotal reported the hash as malicious
0
Installed a new SonicWall SOHO wireless router and the other computers at home cannot be viewed over the network.

How do I change this?
0
All of my assets laptops and servers run semantic for antivirus and protection, the security operation center that’s now providing additional security use McAfee. how will this impact my server and laptop loads?

There are live scans and after hours
0
Hi,

We have this script to delete phising emails from our organisation, however we also these requirements:

1)      We need to add into the search-mailbox after -searchquery an additional requirement for date or time, as we only want to search for emails since a certain date. We use this script to delete phishing attack emails, so we know when they started, so need to be able to search for all emails since a date and delete them if the subject matches. So the most recent example, would be all emails containing subject “RE: NOTICE: MC Support UPGRADE.” however only emails received after 01/03/2018. I assume we can just do -searchquery “Subject:’Content of Subject’ AND ReceivedDate:>01/03/2018” or something like that?
2)      We need to be able to search for subjects with special characters in. –searchquery “Subject:’RE: NOTICE: MC Support UPGRADE.’ Will currently give an error as it won’t like the : in the subject.
3)      We need to be able to search for the above criteria, but also potentially include only emails from certain email addresses. One of the phishing emails was “RE: Attention (Staff Migration)” which could be very close to something we actually send to users. The phishing email only came from a certain email though, so if we add an extra criteria for sender, that would help us focus the search.


Please can someone show me how to achieve this?

also I would appreciate if you any other suggestions for improvement.


$mbs = Get-Mailbox 

Open in new window

0
Hello
Currently we have TMG as web proxy and websense as web filtering
We are going to replace TMG with Bluecoat SG Appliance.

Hence I need to know which design is considered as best in terms of secure and efficiency.

We have 1500 users.

Any help would be appreciated.
0
What are some basic steps I could take to ensure our network is secure from outside intrusion?  We have a SonicWall and Sophos Anti virus, but what other things can I do to make our network less apt to be attacked?  What holes can I test and plug?
0
Choose an Exciting Career in Cybersecurity
Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

We have Trend Micro in our network. After looking at  sever audit failure logs on windows domain server, we ran scan and couldnt find anything.

After running scan by malwarebytes we found several issues and cleaned up. This appears to have helped with malwarebytes.

Can we do away with Trendmicro and just have malwarebytes or do we need both malwarebytes and trendmicro?
1
I need to whitelist several IP addresses to acquire PCI compliance for my in-home business.  My router is a Arris nvg589.  How to do that with his router/modem?

Thanks!
0
When I enable HTTPS Content Filtering in our SonicWall CFS, connectivity to Office 365 breaks very slowly. It might be fine for awhile, but randomly some users start to have Outlook issues where it says "trying to connect" at bottom of Outlook but eventually it says "disconnected", and then no mail comes down.

I have added all domain names listed here and here to the Allowed Domains list, in every permutation like https://, *., and just as shown on those links, but Outlook still slowly fails. To get everybody back up running, I have to go back into the CFS and disable HTTPS Content Filtering.

Ideas?
0
How Vulnerable are query string parameters and their values?

I am curious how vulnerable a website is to hacking that has little validation on the query string params.

Some argue that:
1) an unrecognized query string parameter can do no harm
2) it's too much work, since the program is always in flux, so the "poor stepchild" would not keep up
3) the code to block this (locally at least) is fragile and will always delay a solid release
4) there will be many more failed log-ins than blocked hackers

What are your thoughts on this topic?

And how does using a Web Application Firewall change the discussion?

It seems that if the benefits to security were small or non-existent, the Security Industry would not waste its time closing this vulnerability.
0
Greetings EE'ers,

This is a bit of an open ended question, but what do you all use or recommend as tools or practices for performing IT security assessments?
0
Removal Instructions:

Too many removals this week, we recommend you read and implement our suggestions, and try again later.

212.60.70.174
0

Cyber Security

505

Solutions

830

Contributors

The cyber security specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. cyber security focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against the harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.