Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x

Cybersecurity

418

Solutions

761

Contributors

The Cybersecurity specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. Cybersecurity focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.

Share tech news, updates, or what's on your mind.

Sign up to Post

My sonicwall is dropping my connection from a second subnet. I understand why, as it is identifying this 96... ip address as a WAN on the LAN. However I just simply want to allow all traffic from that IP to get through. How would I go about configuring the sonicwall?

I tried disabling IP Spoof Checking from the diag.html page, but it refuses to save and only says "there were no changes made".

01/15/2018 12:07:25.640      Alert      Intrusion Prevention      IP spoof dropped      96.67.165.X, 49873, X1      209.63.225.X, 80, X1      

Thanks!
0
Get your problem seen by more experts
LVL 11
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

A Windows Server 2008 R2 installation has been infected with a Trojan horse that has encrypted files with the *.rapid extension.  The server had Avast for Business installed.  An AVG rescue CD was made and ran multiple times to eliminate instances of the Trojan horse.  After four times, the server is labeled clean from the AVG rescue CD.  I then uploaded two *.rapid files to nomoreransom.org and it came back saying that there was no fix for this.  Does anybody know of a trusted decryption software that can correct this problem?  I can attach a file if requested.
0
In language only a little more technical than you would use to explain it to a layperson, what is cybersecurity governance? Is it simply ruling over cybersecurity, having rules in place for how you must do it?
0
Hello,

After reading through McNkife's article https://www.experts-exchange.com/articles/24599/Free-yourself-of-your-administrative-account.html I have some questions on how it relates to YubiKey.

I'm using Windows 10 Pro in a workgroup setting where I have only two accounts in Windows: a user account and an admin account (the default administrator account renamed per Microsoft recommended Best Practices). The user account has YubiKey assigned to it and I was about to do so for the admin account but I'm not sure about a couple of items I have included below:
  • Can the YubiKey work in a no password scenario?
  • If I assign the YubiKey to the admin account will that require the YubiKey for every elevation prompt?
  • Is having the YubiKey assigned to the admin account even bettering my security if I apply the article above to my machine - Are there any viable benefits?
  • If the settings annotated in the article above go wrong (get corrupted) is there a potential to be locked out of the admin account forever - what are the downsides (if any) to this idea expressed in the article
0
Learn how to mitigate the new intel bugs Meltdown & Spectre,

Join this free #webinar titled "How to mitigate #Meltdown and #Spectre bugs" on Jan 10, 11:00 am EDT to get hands on experience, clarify your doubts , fix the exploit and get back to your routines.

https://www.manageengine.com/products/desktop-central/meltdown-and-spectre-webinar.html?ee

melt-webinar-social-banner.jpg
0
I have a MacBook Pro. All my software was updated last week, but I want to make sure my new device is protected. What other security software would you recommend or would you recommend any?
0
My Favorites for IE and Bookmarks for Chrome keep replicating/duplicating themselves to the tune of 24,000+. We are on Office 365. i've deleted them both in IE (on my laptop and on the site directly) and Chrome. but they keep coming back. I've even deleted the chrome bookmark file and started with a clean slate.
0
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-updates-to-fix-meltdown-and-spectre-cpu-flaws/

Google spreadheat doesnt have Clam or Immunet listed.. Hate to have machines Bluescreen.  Anyone know yet?
0
My server load averages are going way high and too many processes are being consumed. Is it a DDoS attack or something wrong with the server?
Screen-Shot-2018-01-02-at-14.54.13.png
0
Desktop:Windows 8
VPN connection: Forticlient 5.6 or Sonicwall Netextender 8.0 used to connect to office network
Telus internet connection
Browser: Chrome, Firefox
Situation:
1. Telus internet connection works fine.
2. Without VPN connection, Chrome and Firefox access internet is normal, .
3. With VPN connection, Chrome works fine, only Firefox is very, very slow.
4. I turned off Firefox proxy server setting, Firefox works fine about two days then slowly again
5. Computer found unnormal login script error message, seems has malware in it.

Question:
How to block firefox access internet through VPN connection before I find a way kill the malware.
0
Free Tool: Subnet Calculator
LVL 11
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Twice in the past month our static IP has been flagged by the CBL as hosting malware. The CBL provides the source and destination IP but we have not been able to capture ANY traffic from our network to the destination IP provided. Here is what the CBL gave us:

Detection Information Summary
Destination IP	146.148.124.166
Destination port	443
Source IP	[xxx.xxx.xxx.xxx]
Source port	16997
C&C name/domain	kemonzura.gdn
Protocol	TCP
Time	Tue Dec 26 18:15:27 2017 UTC

Open in new window


The source IP is set on our WAN interface on our firewall (Sonicwall) and packet capture on the Sonicwall shows no outbound traffic to the destination IP. We port mirrored the switch port where the WAN port is connected on the switch and ran Wireshare against it and still no packets destined for the destination IP. We put a firewall rule in place to drop any packets destined for the destination IP and still we get listed.

In short, we have not been able to capture a single packet egressing our network and destined for the destination IP provided by the CBL. Is it possible to spoof the source IP? If so, how do you re-mediate?

We are thoroughly puzzled by this.

Below are the full results of the CBL lookup:

Results of Lookup
[redacted] is listed

This IP address was detected and listed 56 times in the past 28 days, and 13 times in the past 24 hours. The most recent detection was at Tue Dec 26 18:15:00 2017 UTC +/- 5 minutes

This IP address is infected with, or is NATting for a
0
I have been informed by Spamhaus that the IP address we use for corporate email has communicated with a known spam site and is either infected by, or NATing for, a computer that is infected by the S_Gozi trojan / downloader.

It states that the infection is extremely difficult to detect and is not seen by most commercial AV or EndPoint protection suites.

I have been told to program the Sonic-wall TZ215 to stop all traffic to sites outside the US.  We have never done this before.  Not sure how to setup the sonic-wall for that purpose.  I know this virus does not use the standard port 25 for smtp traffic it uses port 80 which i cannot block.  It is extremely difficult to find so i am trying to stop its connections at the firewall level to stop it communicating.  Any help would be greatly appreciated.
0
Hi,

I have a Synology with a webserver (port 80)and other applications like mailserver at other ports which I would like to make public.I have a firewall router on which ports 80 and others are forwarded to my Synology (192.168.0.9) and all works fine.
However, I worry about security though. There was some ransomware targeting Synology a while ago and hackers are everywhere.
(How )can I safely put my Synology out in the open?

J.
0
Hello,

Has anyone used the Azure Information Protection scanner for scanning files on internal networks?  We are looking to use this for identifying all Personally Identifiable Information (PII) to meet the General Data Protection Regulation that goes into effect May 25, 2018.  

I am looking for feedback on anyone's experience with this.

Thanks,
Roger
0

TeamViewer hacked: Here’s how to protect your systems


Hi there,

TeamViewer can be exploited using a vulnerability allowing users to switch between viewer and presenter side, or remotely control the server. If you are using TeamViewer in your enterprise, do act now.

Read more: https://goo.gl/2E65yX
1
5 tips for seamless endpoint security

Hey there,

Are you worried about your endpoints being hacked or breached?

Here is a simple tips to build the best endpoint security in your enterprise.

Building an effective endpoint security has become all time priority for enterprises. With the amount of cyber attacks evolving day by day, enterprises have to practice certain simple best practices tosimple tips to build the best endpoint security keep them vigilant against any unforeseen vulnerability breaches.

Read more: https://goo.gl/taAmSB
0
Brute force attack is a trial and error method used by application programs to decode encrypted data (passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies.

A brute force cracking application proceeds through all possible combinations of legal characters in sequence. Brute force is considered to be an infallible, although time-consuming, approach.
0
how many hosts can we include? is it unlimited?
0
I have been using SonicWall for years. Never really thrilled with their support (primarily a language barrier until recently) but their content filtering seems to be problematic. I spend more time on the phone with them trying to keep it running correctly than it is worth.

Does anyone else use SonicWall for content filtering and in your opinion is it easy to keep running? Any comments about sonic wall in general?
0
Evaluating UTMs? Here's what you need to know!
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Hello All,

I found "IPsec (ESP) packet dropped" events in attempts section in Sonicwall GMS.
Can anyone help me to resolve this issue.

Thanks
Yogiraj Pattani
0
Our company are using Palo Alto Firewall ,we received the critical alert "Top 5 attackers" and the source is from one of the application server. What does it mean and what should I do .Please advice.Thanks
0
I developed some software which processes ACH payments. I am concerned about the overall security of ACH because the customer can make changes to the account (acct #, routing etc.). I was wondering if someone could share some guidance on the best way for a company like mine to protect itself from financial liability.

I have considered enhanced auditing, time delays for changes and two-factor for changes. Consider the use case of a small shop where there are only one or two people at the company. We also process for large companies. Just trying to cover the bases and show due care. What works best to cover my company and my customer from fraud as well?
0
Uber paid hackers $100,000 to keep data breach quiet  

The BBC reported earlier today that Uber did not tell anyone about the breach that affected 57 million customers and drivers.

David Kennerly, director of threat research at security company Webroot, criticized Uber for paying a ransom to the hackers.

"Given the current climate around data security and breaches, it is astonishing that Uber paid off the hackers and kept this breach under wraps for a year. The fact is there is absolutely no guarantee the hackers didn't create multiple copies of the stolen data for future extortion or to sell on further down the line."

What's worse than being hacked? Covering up a hack.
4
I have several colleagues complaining that when they are on VPN - when they download something - the download stop in around 75mb.  It then gives a network error.  Users can resume the download - but again causing issues.

Is there a setting in Dell Sonicwall restricting this?

Pretty sure there is no GPO setup
0
Hi
Wanted to open this discussion - to prevent a ransomware attack or malware from spreading across a network

Seems most SMB networks have domain admins (most of which have separate accounts, so the domain admins don't log into a computer with the domain admin account unless performing some sort of work that requires domain admin access), but I've seen a lot of networks where the domain user that logs onto a particular machine is given local admin rights on that machine.  

Also have heard it's not a good idea for a domain admin account to ever log onto a user's workstation

Compromising of credentials stored in memory via LSASS seems pretty easy

As far as how many users have domain admin rights, this seems pretty straightforward; that the fewer domain admins the better, and instead of automatically creating a domain admin account any time a service account is required, it would be better for a service account to use a regular domain user account, but one that's local admin on the server it needs (rather than a full out domain admin account)

What are your thoughts on this?
0

Cybersecurity

418

Solutions

761

Contributors

The Cybersecurity specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. Cybersecurity focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.