[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x

Cybersecurity

375

Solutions

737

Contributors

The Cybersecurity specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. Cybersecurity focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.

Share tech news, updates, or what's on your mind.

Sign up to Post

Brute force attack is a trial and error method used by application programs to decode encrypted data (passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies.

A brute force cracking application proceeds through all possible combinations of legal characters in sequence. Brute force is considered to be an infallible, although time-consuming, approach.
0
Important Lessons on Recovering from Petya
LVL 11
Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Our company are using Palo Alto Firewall ,we received the critical alert "Top 5 attackers" and the source is from one of the application server. What does it mean and what should I do .Please advice.Thanks
0
I developed some software which processes ACH payments. I am concerned about the overall security of ACH because the customer can make changes to the account (acct #, routing etc.). I was wondering if someone could share some guidance on the best way for a company like mine to protect itself from financial liability.

I have considered enhanced auditing, time delays for changes and two-factor for changes. Consider the use case of a small shop where there are only one or two people at the company. We also process for large companies. Just trying to cover the bases and show due care. What works best to cover my company and my customer from fraud as well?
0
Hi
Wanted to open this discussion - to prevent a ransomware attack or malware from spreading across a network

Seems most SMB networks have domain admins (most of which have separate accounts, so the domain admins don't log into a computer with the domain admin account unless performing some sort of work that requires domain admin access), but I've seen a lot of networks where the domain user that logs onto a particular machine is given local admin rights on that machine.  

Also have heard it's not a good idea for a domain admin account to ever log onto a user's workstation

Compromising of credentials stored in memory via LSASS seems pretty easy

As far as how many users have domain admin rights, this seems pretty straightforward; that the fewer domain admins the better, and instead of automatically creating a domain admin account any time a service account is required, it would be better for a service account to use a regular domain user account, but one that's local admin on the server it needs (rather than a full out domain admin account)

What are your thoughts on this?
0
I'm looking for a list of pre PT Questionnaire, for an application based penetration test.
Thank you in advance,
Danny
0
When the domain network portion of the Exchange server's firewall is on none of the Outlook clients can connect to the server. It will ask to rety, work offline, or cancel. After choosing to retry a few times it will go through.

We are using Exchange 2010. Server is 2008 R2 Standard.  I have searched through the event logs and can find nothing that would help identify the culprit. I have also searched through the firewall rules and everything looks correct.
0
This is a great video (however the links no longer work):
https://www.youtube.com/watch?v=Usydlsc2uWE
I need a real life example of IF someone clicks on a bad link via email or whatever avenue how the redirected website collects their credentials. Anyone have any good ones?

TIA!!
0
We seem to be having an issue with IE 11 retaining cookies on websites listed in the favorites.  We have IE 11 settings configured to delete browsing history on exit.  We also have the setting check marked to Preserve Favorites website data.  We have one particular website that we know of that requires cookies to be present to not prompt for security questions on login.  Our users are continually getting prompted for these questions on computers that should be retaining cookies and not prompting them.  Has anyone seen this issue and have a way to make it work correctly?  Thanks
0
Hi all,

Long time reader first time posting.

I have been asked to setup a web server inside a DMZ that can communicate with an internal database server. We have one external IP address available with port 443 currently only being used for external access to the SonicWALL. The firewall is a SonicWALL NSA 220.

The web server will be a virtual Windows 2016 server sat on ESXi on it's own vSwitch connected to a spare port on the SonicWALL which I will configure as a DMZ port. I assuming I can configure a rule on the SonicWALL that will allow ports 443 and 80 to be forwarded to this web server and allow the web server to only communicate with the database server over 1433.

An external vendor will be configuring the application that will be running on the web server.

Does this sound like a workable solution?

Tom
0
We're getting more and more requests from clients for recommendations and implementation of two security related systems: vulnerability assessments and file/folder encryption software. Our clients are:

1.  Law firms.
2.  Small (10 to 75 users).
3.  Networked; servers are virtualized.
4.  Windows OS (2008/2012/2016 on servers, 7/8/10 on workstations).
5.  Have perimeter firewalls suited to the size of the firm (mostly WatchGuard).

These requests for vulnerability assessments and encryption are prompted by requirements of certain clients of these firms, such as banks and insurance companies.  We're looking for tools that we can use/recommend to our clients for assessing vulnerabilities and providing encryption for files/folders.  Generally they don't require full disk encryption, as only a portion of their work product is affected by these outside requirements.  Full disk encryption, however, may be required for laptops.

We have a product for email encryption in place in some cases, but any thoughts or specific recommendations in that area would also be welcomed.
0
Get Certified for a Job in Cybersecurity
Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

Which is considered stronger security?
0
We need to have a standalone IPS solution put in.  We currently run two pfSense firewalls in an HA setup.  I was looking around on eBay and saw a Tipping Point 210E (two of them).  Are they still good with updates to definitions?  Any other less cost recommendations?
pfSense HA works a little odd too, so I'm not sure if this will even work.
Firewall 1 WAN IP x.x.x.1
Firewall 2 WAN IP x.x.x.2
Firewall Shared WAN IP x.x.x.3

Same setup with internal LAN IPs.  Each firewall has its own physical connection to the modem via ethernet for the WAN side and LAN side.
0
Hi Experts,

On our public-facing OWA server on IIS 7, we turned on IP Address and Domain Restriction. If from the log we detect any IP trying brute force to log into our Web Outlook interface, we will put the IP into "Deny Restriction Rule" in the hope that IP will be 'blocked', meaning not even able to get the login screen. Actually it seems to be a wishful thinking since we noticed one of the IP we already added in the 'Deny' list that particular ip still keeps showing up in the log and we can see it got the login form and then denied with sc-status 401-1.

My question is, it seems this feature does NOT "block" the IP from getting the login form, but instead simply "deny" their login request. Is it correct?
0
Hi there,

I am curious to know if there is a process to help map all DIACAP controls to RMF ? Or if there is already a mapping that was done for this already.

Please let me know your suggestions or experience. Any bit helps

-Michelle
0
So here's the situation.

We got hit with cryptolocker and we managed to restore our files from backup but the techs forgot to delete the encrypted files first and we aren't 100% sure that the restore worked.
Now I have to verify that every single folder on our filesystem has the same # or greater # of unencrypted files than encrypted ones before I can mass delete the encrypted files.
Sounds simple, aside from the fact that it's several Terabytes of data and thousands of folders.

I need help to design a script (or find a tool) that will recursively scan through all the folders in our filesystem and perform the following logic:

If # '.locked' files into folder > # of != '.locked' files in folder > paste folder path into log file.
0
I'm seeing something in a SIEM that I can't seem to wrap my head around. I have an internet facing ASA that is configured to deny spoofed IP addresses (I don't manage these devices). Shortly after feeding syslog events from this device into the SIEM, I started seeing "Traffic from Tor Exit Node" and "Deny IP Spoof" events in the SIEM. I bring up both items as I'm not sure if they're related.

Anyway, when I look at "Traffic from Tor Exit Node" events where the source IP is the known Tor exit node (most of them), there is no corresponding destination IP address or destination port. I've crafted a few stories in my head involving nmap scans through Tor but I can't convince myself of anything I've come up with. Anyone have a plausible explanation?

Thanks,
TR
0
I'm tasked with providing an email solution for a Defense Dept. (.MIL) organization that allows DoD students to submit messages and forms  containing personally identifiable information (PII) from their personal email accounts usually with no encryption.

The customer's requirements calls for the student information to be archived and tracked on a server that resides on the DoD organizational network.

The solution must support DoD 8500.1 guidelines and applicable FIPS/NIST standards  for CyberSecurity and processing PII information.

Please see the attached spreadsheet listing the requirements. The highlighted boxes are the toughest challenges.

I am open to any and all suggestions including Intranet, DMZ, VPN ...etc
Requirements.xlsx
0
I'm working on my master's dissertation in computer forensics and cyber security, and the topic is on bring-your-own-device (BYOD) acceptable use and security policy. There are many security implications that come along with BYOD. I am most interested in what organisations are doing today regarding BYOD?

If anyone has a few minutes and would like to participate in this anonymous BYOD survey, I would really appreciate the feedback.

The survey can be found here: https://www.surveymonkey.com/s/XPHCQSV 

Thank you!
0

Cybersecurity

375

Solutions

737

Contributors

The Cybersecurity specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. Cybersecurity focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.