Cybersecurity

302

Solutions

671

Contributors

The Cybersecurity specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. Cybersecurity focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.

Share tech news, updates, or what's on your mind.

Sign up to Post

I run a start up.
My programmer has win 10 pc .
How can i prevent unauthorized transfer of code .
My modem is binatone DT910W .  

Can i make custom rule in firewall to ping me if any upload of .cs file extension happens.
0
On Demand Webinar: Networking for the Cloud Era
LVL 9
On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

is there any Tool available to Decrypt  n1n1n1 Ransomware?
0
We are using Vectra Cognito ATP. It has detected a host doing internal darknet scans. What we've seen is that it has an internal IP address xx.yy.55.zz and runs a darknet scan on the xx.yy.85.0 subnet. A separate detection showed it with an IP xx.yy.85.zz scanning the xx.yy.55.0 subnet. Each subnet is associated with different floors of the same building of one of our field offices.

The scans occurred over port 80 and 548. Port 548 is associated with Apple Filing Protocol, ExtremeZ-IP File and Print, and Novell Netware - but it doesn't appear any of those apps, or related apps or services are on the machine. I've also reviewed the application inventory of the machine and do not see anything that I believe would be conducting these scans. I've reviewed the PCAP but haven't found anything useful in determining root cause. Two different AV scans only quarantine registries related to our GPOs.

I don't know where else to look or what it may be?
0
I've been tasked with setting up a bunch of raspberry pi 3 as honeypots around a huge network.  I would like to have these all report into one server.  I saw the Modern Honeypot Network project but it's out of date.
I'd like some suggestions here.  Thanks!
0
www.virustotal.com
A cybersecurity trainer told his class of students (some are my colleagues)
that it's not a good idea to upload suspicious attachments (usually obtained
from suspicious/spam emails we received) as hackers would know that these
emails have successfully reached some valid email recipients or his attack
targets.  The trainer suggests that we get the hash value of the attachments
& scan those instead.

Pls assess if the above is valid as I disagree with his views

1. I've used virustotal but it only say how many scans have been done so it
  could have been scanned by many parties.  Suppose the hackers only send
  to a few targets & truly could know which targets have received the malicious
  attachments, wouldn't the hackers also know if we scan using the hashes of
  the attachments (as a hash is unique to each file) ?  

2. Secondly if virustotal truly could identify who has received the attachments
   & is scanning it at virustotal, I reckon hackers don't need to resort to this:
   various tools like mxtools.com & even if someone downloads the images
   of spam emails, these are easier ways to track right?

3. Lastly, is virustotal so vulnerable?  (by the number of previous scans that
    it reported, it will give hackers a good clue?)
0
I have a Client that works with a lot of Social Security Cards and I wish to get them compliant for Cyber Security,

what is the Best way to secure this sensitive Data?

Cjoego
0
Recently I have a user that is receiving the following message when sending an email in Outlook with PDF or DOCX attachments.  "The item contains attachments that are potential unsafe. Recipients using Microsoft Outlook may not be able to open these attachments. Do you want to send anyway? [Yes] [No]"

The problem may be related to a security patch from Microsoft but I wanted to present this as a question to see if anyone has any good work around for this.

Thanks
0
Hi All,

May I know where shall I manually add the below entry if I handle the Public DNS using Windows Server box in my DMZ ?

DKIM: Create a CNAME record for k1._domainkey.MyDomain.com with this value:
dkim.mcsv.net

Open in new window

SPF: Create a TXT record for MyDomain.com with:
v=spf1 include:servers.mcsv.net ?all

Open in new window


What is the risk or issue when implementing it during the business hours ?
0
We need to have a standalone IPS solution put in.  We currently run two pfSense firewalls in an HA setup.  I was looking around on eBay and saw a Tipping Point 210E (two of them).  Are they still good with updates to definitions?  Any other less cost recommendations?
pfSense HA works a little odd too, so I'm not sure if this will even work.
Firewall 1 WAN IP x.x.x.1
Firewall 2 WAN IP x.x.x.2
Firewall Shared WAN IP x.x.x.3

Same setup with internal LAN IPs.  Each firewall has its own physical connection to the modem via ethernet for the WAN side and LAN side.
0
Hi Guys,

I have installed gophish on kali linux for phishing test for our staff.

So I've followed a few tutorials and I've gotten test emails to send and imported a satisfactory template. My issue is that I am not getting a change in status when the emails are opened. Most likely has something to do with using an incorrect url or Ip address somewhere but I could definitely use some guidance. I'll post my settings for you to review and hopefully point out my mistakes.

"admin_server" : {
"listen_url" : "0.0.0.0:3333",
"use_tls" : true,
"cert_path" : "gophish.crt",
"key_path" : "gophish.key"
},
"phish_server" : {
"listen_url" : "0.0.0.0:80",
"use_tls" : false,
"cert_path" : "example.crt",
"key_path": "example.key"
},
"db_name" : "sqlite3",
"db_path" : "gophish.db",
"migrations_prefix" : "db/db_"
}

I'm using a gmail address as the sending address and all of the emails will be going to office 365 users. I'm using smtp.gmail.com:587 in my sending profile.

I've imported the default gmail landing page as my landing page.

I sent an email to myself in the format that I want and imported the source as the email template.

When setting up the campaign, I've tried using the IP of my Public IP as the url ( 79.xx.xx.x23).

I'm sure my mistake is glaringly obvious but any help would be greatly appreciated.
0
Enroll in August's Course of the Month
LVL 9
Enroll in August's Course of the Month

August's CompTIA IT Fundamentals course includes 19 hours of basic computer principle modules and prepares you for the certification exam. It's free for Premium Members, Team Accounts, and Qualified Experts!

Hi Experts,

On our public-facing OWA server on IIS 7, we turned on IP Address and Domain Restriction. If from the log we detect any IP trying brute force to log into our Web Outlook interface, we will put the IP into "Deny Restriction Rule" in the hope that IP will be 'blocked', meaning not even able to get the login screen. Actually it seems to be a wishful thinking since we noticed one of the IP we already added in the 'Deny' list that particular ip still keeps showing up in the log and we can see it got the login form and then denied with sc-status 401-1.

My question is, it seems this feature does NOT "block" the IP from getting the login form, but instead simply "deny" their login request. Is it correct?
0
Hello All,

I stuck with very odd issue .

One server running with 2k8r2 last patched on Aug 2015 not due to wannacry client asking to patch the server.
If i am checking the old patches in WSUS ,its showing declined & expire .
This server doesn't have internet , I try to installed monthly rollup for march but it got failed.

Is there any way to patch the server ???????
Please help
0
Hi there,

I am curious to know if there is a process to help map all DIACAP controls to RMF ? Or if there is already a mapping that was done for this already.

Please let me know your suggestions or experience. Any bit helps

-Michelle
0
Hi, i need help setting up Forcepoint Triton APX (inbound, outbound and encrytpiong)
Would be great to get assistance, I do have a project open
0
Parsing through my system logs yesterday after my internet signal dropped out I observed several DNS Client Events, type 1014.  Most of them are familiar, but quite a few had no reason to be there and I cannot ping them.  I listed a few examples below - should I be concerned and explore farther, or are these entries innocuous?

Name resolution for the name hytrvmnhuqu.localdomain timed out after none of the configured DNS servers responded.
Name resolution for the name rbkabhldz.localdomain timed out after none of the configured DNS servers responded.
Name resolution for the name rfsqiauqhiolob.localdomain timed out after none of the configured DNS servers responded.
Name resolution for the name zuhwgpvszqz.localdomain timed out after none of the configured DNS servers responded.
Name resolution for the name wpad.localdomain timed out after none of the configured DNS servers responded.
0
So here's the situation.

We got hit with cryptolocker and we managed to restore our files from backup but the techs forgot to delete the encrypted files first and we aren't 100% sure that the restore worked.
Now I have to verify that every single folder on our filesystem has the same # or greater # of unencrypted files than encrypted ones before I can mass delete the encrypted files.
Sounds simple, aside from the fact that it's several Terabytes of data and thousands of folders.

I need help to design a script (or find a tool) that will recursively scan through all the folders in our filesystem and perform the following logic:

If # '.locked' files into folder > # of != '.locked' files in folder > paste folder path into log file.
0
I'm seeing something in a SIEM that I can't seem to wrap my head around. I have an internet facing ASA that is configured to deny spoofed IP addresses (I don't manage these devices). Shortly after feeding syslog events from this device into the SIEM, I started seeing "Traffic from Tor Exit Node" and "Deny IP Spoof" events in the SIEM. I bring up both items as I'm not sure if they're related.

Anyway, when I look at "Traffic from Tor Exit Node" events where the source IP is the known Tor exit node (most of them), there is no corresponding destination IP address or destination port. I've crafted a few stories in my head involving nmap scans through Tor but I can't convince myself of anything I've come up with. Anyone have a plausible explanation?

Thanks,
TR
0
I'm tasked with providing an email solution for a Defense Dept. (.MIL) organization that allows DoD students to submit messages and forms  containing personally identifiable information (PII) from their personal email accounts usually with no encryption.

The customer's requirements calls for the student information to be archived and tracked on a server that resides on the DoD organizational network.

The solution must support DoD 8500.1 guidelines and applicable FIPS/NIST standards  for CyberSecurity and processing PII information.

Please see the attached spreadsheet listing the requirements. The highlighted boxes are the toughest challenges.

I am open to any and all suggestions including Intranet, DMZ, VPN ...etc
Requirements.xlsx
0
I'm working on my master's dissertation in computer forensics and cyber security, and the topic is on bring-your-own-device (BYOD) acceptable use and security policy. There are many security implications that come along with BYOD. I am most interested in what organisations are doing today regarding BYOD?

If anyone has a few minutes and would like to participate in this anonymous BYOD survey, I would really appreciate the feedback.

The survey can be found here: https://www.surveymonkey.com/s/XPHCQSV 

Thank you!
0

Cybersecurity

302

Solutions

671

Contributors

The Cybersecurity specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. Cybersecurity focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.