Internet Protocol Security

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite.

Share tech news, updates, or what's on your mind.

Sign up to Post

How can I block a computer from accessing the internet completely. but leave open remote desktop connection so the user can only use the internet when remoted in the their work computer via remote desktop.
blocking IE will not be enough since the computer has other browsers.
Its on window 10
1
Are You Headed to Black Hat USA 2017?
Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net

What is the difference between  SSL vs IPsec VPN? Both needs tunnelng?
0
FCCInfographic-SocialMedia-Sina-OS.pngThe results of the net neutrality Day of Action are in! Thank you to everyone in our tech community who participated by sending comments to the FCC, emails to Congress, and called Congress. Check out the days total results reported in our article update.
5
Skyport2-SocialMedia-LinkedInV2.pngDid you miss our co-branded webinar with Skyport Systems yesterday? Check out the recorded webinar available on-site to learn how to secure your Active Directory against security threats.
1
So I've been tasked with creating an IPSec VPN using a Cisco RV325. I've followed through several guides to get this setup and as it currently stands, I've managed to create the tunnel, connect and authenticate to the VPN successfully using the Shrewsoft VPN Client. However, once connected with either the IPSec VPN or the EasyVPN, I am able to ping the internal address of the router, but unable to ping any other device on the remote LAN. I've made sure firewalls are turned off for testing purposes just to ensure the packets aren't being blocked. I've also tried RDP connections to devices with no joy.

Interestingly, when I tried using the PPTP VPN through the RV325 (using windows 'connect to a network') I'm able to ping everything and remote access servers etc.

I've noticed that the RV325 will give you a virtual IP address range (which the VPN client is picking up) although it seems like there's no kind of address translation or routing to the subnet I need to get to. My remote LAN uses 172.16.8.x/24, the virtual addresses use 172.16.9.x/24.

Please let me know if any log files, config files or screenshots of anything would be of any troubleshooting help and I'll get them posted. Any ideas welcome!

Many thanks in advanced,
Luke
0
Hey guys,

I´m troubleshooting very interesting issue...we have a branch connected over IPsec (setup on Mikrotik)...everything works pretty much fine but network drivers...when users wants to open it it takes very long time to open it approx 5 mins...if they connect over VPN everything is fine. Any ideas? We use 3des encryption for IPsec

Thank you very much!!

Regards

Jiri
0
Hi All,
We have a Draytek 2960 setup with a teleworker dial-in connection using L2tp over IPSEC and it works perfectly for all users apart from those using Hp Elitebooks! The connection always fails with an Error 809 even though we can connect with the same details using another laptop from the same remote office.
We've even installed the draytek vpn client but that fails with an unknown error. I have switched off the antivirus and the firewall and this doesnt help.
Has anyone got any ideas?
0
saveNetNeutrality_NativeAd.pngThe internet-wide Day of Action for all user's rights to net neutrality is July 12th! Take a stand by signing the petition here or leaving a comment with the FCC here on why you support Title II. (Click the "+Express" link to leave your comment.)
3
Hello Experts,

We have a web server that is suddenly not sending out e-mails.  I did not do this set up, but here is what I know:

Event IDs:

10016 Distributed Comm has been present since 5/8
2001 SMTPSVC
No usable TLS server certificate for SMTP virtual server instance '1' could be found. TLS will be disabled for this virtual-server
4006 SMTPSVC SMTP that started on 7/3



Details:

This server is a cloud server connected to our Active Directory through a IPSec VPN tunnel.  It has two network adapters, one for our internal network, one public.  Recently the hosting company looks like changed the nic settings and connection to our AD was halted because of it.  I restored it as of yesterday and Group Policy and authentication are working successfully but now these e-mails are not going out.  The developer is saying it's because of AD but I have done all checks and the server is connected successfully....so not sure if that is accurate?  

I checked IIS and SMTP and it's SMTP settings are set to go out on port 25, anonymous access, I did a DNS check under advanced delivery and it was successful,  under the outbound security tab it is set to go to our 365 support e-mail with those credentials under basic - nothing under windows authentication and TLS is checked...

Our e-mail is 365 not connected to our Active Directory.

I honestly do not see how this is a Active Directory problem and this co-worker has previously blamed network or Active directory for …
0
Hi There,

We have recently acquired a  new mail base and we need to sync the data over to our new server.
However we have encountered a problem where the passwords are encrypted.
There are 2 passwords, digest password: digestPassword = {SSHA}TWcg67eMGQn428d3dS4HbZJqytpFMkku182nLQ==
and encrypted password. I was given a key RSA-X.509 to decrypt it but unsure how to go about so.
Please could someone kindly advise as we have around 50k mailboxes to copy over.
Thanks
0
Industry Leaders: We Want Your Opinion!
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

0
Today is the last day to enroll in June’s Course of the Month. With ransomware attacks on the rise this year, we encourage all members of our community to enroll and avoid becoming part of 2017's statistics. Premium members, Team Account members, and Qualified Experts will have 30 days after enrollment to complete the course. Don’t miss this opportunity to enhance your security!
3
I have a IPSec tunnel to a remote location. From within the network I am able to access all resources over IPSec tunnel. Users who are connecting in over Cisco's Anyconnect are unable to reach the resources over the IPSec tunnel.
0
Today's update on Petya
Previously, it was believed that the ransomware would not begin encrypting until an hour after the initial infection. It is now been discovered that it begins encrypting the first 1MB of the below file types upon infection. Therefore turning off your device when viewing the reboot message, will not stop encryption.

It is also now being disputed if the goal of this attack was to collect Bitcoin or cause mass destruction in the devices it infects.

Files types:
.3ds .7z .accdb .ai .asp .aspx .avhd .back .bak .c .cfg .conf .cpp .cs .ctl .dbf .disk .djvu .doc .docx .dwg .eml .fdb .gz .h .hdd .kdbx .mail .mdb .msg .nrg .ora .ost .ova .ovf .pdf .php .pmf .ppt .pptx .pst .pvi .py .pyc .rar .rtf .sln .sql .tar .vbox .vbs .vcb .vdi .vfd .vmc .vmdk .vmsd .vmx .vsdx .vsv .work .xls .xlsx .xvd .zip
6
Gain the added security of knowing you are prepared and properly protected against future ransomware attacks, such the Petya attack, with this free course! Premium members, Team Account members, and Qualified Experts have 3 days to enroll for June’s Course of the Month. Once you enroll, you have 30 days to complete the course.

5
I hear there is a bad virus spreading. Is this a Windows virus like wanna cry?

Is there anything in need to do with Mac El Capitan?

Thanks
0
Today's ransomware attack is spreading by SMB through the local network according to Marcus,
 @MalwareTech, who stopped the last attack—known as WannaCry—and is working to stop this one.
malware-tech.JPGPost your advice or news on the currently named "Petya" attack and be sure to ask any questions by tagging the topic "ransomware"  to get solutions fast!
4
 
LVL 16

Expert Comment

by:krakatoa
To vaccinate your computer so that you are unable to get infected with the current strain of NotPetya/Petya/Petna simply create a file called perfc in the C:\Windows folder and make it read only.
1
I have a laptop that can connect to wireless and wired networks (detected) but has no internet (unidentified).

When setting static to the network, detects network name but no internet.

Cannot manually start the service.

Also cannot navigate to 127.0.0.1 or localhost - access denied.

I have scanned for malware, checked that everything is set to DHCP, re-installed NIC driver, reset using netsh int ip reset, netsh int tcp reset, netsh winsock reset.

Minitoolbox showed an error saying an attempt was made to access a socket in a way forbidden by its access permissions.

Any help would be greatly appreciated
0
Is there a way to block an entire folder including the .exe everything inside a folder from connecting to the internet? If Windows 10's Firewall can't is there another Firewall that can?
0
Independent Software Vendors: We Want Your Opinion
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

I know that my cipher suites are causing the issue with not being able to connect to certain sites - I'm not sure how or why but somehow it's only allow HTTP connections and is not allowing HTTPS connections (windows update can't check for updates, can only browse http websites)

I also can't connect to my IIS site as it's HTTPS as well - there are no errors in the logs

I know the cipher information is in computer\HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL

What do I need to do to check/fix to allow both http and https connections on this server?

See attached photo

I've seen this issue before but cannot for the life of me remember what I need to do to resolve it

IIS 7.5 - Win Server 2008 R2
experts_exchange.PNG
0
It happens I need to keep my laptop (Windows 10 Home) powered on during night to save time for a lot of opened websites and documents I don't want to open anew each morning. But often when I resume work in the morning, the laptop is very slow when switching between the website tabs in the browser, and probably I get virus or other problems during night.

Is there any way I can protect it during nighttime, for example by turning off all ports? Otherwise, I only put it in sleep mode as it is now, but still it seems to get infected during nighttime.
0
I feel like this is a simple fix but I'm kind of tearing my hair out here.

Scenario:
Client has 2 sites A & B

Site A: remote office, no AD server on site but existing ASA 5505 with anyconnect  licenses
Site B: cloud hosted servers including AD with ASA 5585 with anyconnect licenses.

The users can connect to either, depending on what resources they need and the availability of licenses, and they both authenticate with LDAP.

Site B network:
10.10.0.0/24
ldap server 10.10.0.10

LDAP auth works fine here. No worries.

Site A network:
10.10.100.0/24
ldap server 10.10.0.10

LDAP is not working. Traffic works between these 2 networks just fine, everything is up and running, all devices can see the ldap server (windows, btw) BUT the ASA cannot connect to the 10.10.0.10 server when testing.

[-2147483634] New request Session, context 0x00007fff2a7fdfe8, reqType = Authentication
[-2147483634] Fiber started
[-2147483634] Creating LDAP context with uri=ldap://10.10.0.10:389
[-2147483634] Connect to LDAP server: ldap://10.10.0.10:389, status = Failed
[-2147483634] Unable to read rootDSE. Can't contact LDAP server.
[-2147483634] Fiber exit Tx=0 bytes Rx=0 bytes, status=-2
[-2147483634] Session End

I just can't seem to figure out why? ASA ping tests and packet trackers work fine from 10.10.100.0 to 10.10.0.10 and visa versa unless I use the source ip as the inside interface ip of the ASA itself. This seems like normal behavior?

I'm more of a …
0
Hi,
 
I have a Windows 2016 Hyper-V server box that came with two network cards. First NIC is connected to internal LAN (192.168.1.x) and 2nd NIC is connected directly to ISP Internet modem (therefore, it receives a dynamic public IP address given by ISP DHCP server). On 2nd NIC,  I intend to create a virtual machine ("TESTVM") where I like to try to open some suspicious email attachments or click on website links (to find out whether they are malicious). I have installed Malwarebytes Anti-Exploits/Anti-Malware/Ransomware on this VM and it sends me email alerts whenever it detects "suspecious" activity.
I plan on connecting to this VM thru remote desktop connection program (port# 3389, 3390 .. etc) using Dynamic DNS.
Having said that, I know a lot of experts would go against the idea of exposing the server to public internet.

I know that I could put another router (192.168.2.x) between 2nd NIC and ISP internet modem to enhance security, but what I like to know is how am I venerable as it is?
How could hackers penetrate to this server when the only account is "administrator" with secure password?

Thanks you for your insight.
0
Is it possible if any one knows my social security number and date of birth can pull my credit history?
0
Hi, So this used to work so I am baffeled at the moment. Lets say the networks are below.. 2 Cisco ASA 5501 one on side 5510 on other.

TUNNEL IS UP:
VLAN location 1: X.X.20.0 /24
VLAN location 2: X.X.30.0 /24

I see on both asdm the icmp packages being transmitted, "built" never says fail.  but it does not ping on local clients.
if I do a traceroute from 5505 it atleast goes out a few hops.
but if I go to the 5510, I get zero hops, as if its not leaving the asa at all..

I see network objects defined for both, I have static routes defined for both

anything I am missing ? without me pasting my config I mean, just anything very obvious?? TY ALL
0

Internet Protocol Security

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite.

Top Experts In
Internet Protocol Security