Internet Protocol Security

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite.

Share tech news, updates, or what's on your mind.

Sign up to Post

Dear Experts

We have to setup and IT infrastructure highly secured,  at head office application servers will be hosted and these applications are web-based this will be accessed from the remote branch office, please suggest is mpls hub and spoke OR IP-sec VPN login setup is recommended network and data security is to be highly secured, please suggest OR you may suggest some other option also, thanks in advance
0
I'm trying to setup a IPSEC tunnel between a Draytek 2860 and a Ubiquiti EdgeMax, I'm very familiar with Drayteks and have setup many tunels before, the EdgeMax is a new customer and I havent used these devices before but looking at the setup its fairly simple to add a IPSEC LAN to LAN.  I think its almost working, here are the logs from Draytek Syslog

1412018-04-09 10:18:02Apr  9 10:17:51Systemagic_BoA[IPSEC][L2L][1:FEA][@5.2.120.190] IKE link timeout: state linking
1412018-04-09 10:18:02Apr  9 10:17:51Systemagic_BoAIKE ==>, Next Payload=ISAKMP_NEXT_HASH, Exchange Type = 0x5, Message ID = 0x17ebe5f9
1412018-04-09 10:18:02Apr  9 10:17:51Systemagic_BoADialing Node1 (FEA) : 5.2.120.190
1412018-04-09 10:18:02Apr  9 10:17:51Systemagic_BoAInitiating IKE Main Mode to 5.2.120.190
1412018-04-09 10:18:02Apr  9 10:17:51Systemagic_BoA[IPSEC/IKE][L2L][1:FEA][@5.2.120.190] Initiating IKE Main Mode 
1412018-04-09 10:18:02Apr  9 10:17:51Systemagic_BoAIKE ==>, Next Payload=ISAKMP_NEXT_SA, Exchange Type = 0x2, Message ID = 0x0
1412018-04-09 10:18:02Apr  9 10:17:51Systemagic_BoAIKE <==, Next Payload=ISAKMP_NEXT_SA, Exchange Type = 0x2, Message ID = 0x0
1412018-04-09 10:18:02Apr  9 10:17:51Systemagic_BoAAccept Phase1 prorosals : ENCR OAKLEY_AES_CBC, HASH OAKLEY_SHA 
1412018-04-09 10:18:02Apr  9 10:17:51Systemagic_BoAIKE ==>, Next Payload=ISAKMP_NEXT_KE, Exchange Type = 0x2, Message ID = 0x0
…
0
ASA IPSEC tunnel configuration issue with SonicWALL Negotiation is failing
here is the failure log
ASAVPN01/pri/act# Apr 06 00:45:21 [IKEv1]IP = x.x.x.x, IKE Initiator: New Phase 1, Intf Lan, IKE Peer x.x.x.x  local Proxy Address 192.168.90.150, remote Proxy Address 10.252.1.1,  Crypto map (Internet_map)
Apr 06 00:45:21 [IKEv1 DEBUG]IP = x.x.x.x, constructing ISAKMP SA payload
Apr 06 00:45:21 [IKEv1 DEBUG]IP = x.x.x.x, constructing Fragmentation VID + extended capabilities payload
Apr 06 00:45:21 [IKEv1]IP = x.x.x.x, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + NONE (0) total length : 340
Apr 06 00:45:21 [IKEv1]IP = x.x.x.x, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + NONE (0) total length : 96
Apr 06 00:45:21 [IKEv1 DEBUG]IP = x.x.x.x, processing SA payload
Apr 06 00:45:21 [IKEv1 DEBUG]IP = x.x.x.x, Oakley proposal is acceptable
Apr 06 00:45:21 [IKEv1 DEBUG]IP = x.x.x.x, processing VID payload
Apr 06 00:45:21 [IKEv1 DEBUG]IP = x.x.x.x, constructing ke payload
Apr 06 00:45:21 [IKEv1 DEBUG]IP = x.x.x.x, constructing nonce payload
Apr 06 00:45:21 [IKEv1 DEBUG]IP = x.x.x.x, constructing Cisco Unity VID payload
Apr 06 00:45:21 [IKEv1 DEBUG]IP = x.x.x.x, constructing xauth V6 VID payload
Apr 06 00:45:21 [IKEv1 DEBUG]IP = x.x.x.x, Send IOS VID
Apr 06 00:45:21 [IKEv1 DEBUG]IP = x.x.x.x, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Apr 06 00:45:21 …
0
I am in a world of DNS Hurt

It started after I registered my new domain:
bcmsamerica.com

and used the same Domain Registrar BlueHost as my partner:
banccertified.com

I then needed email accounts and used RackSpace to register 2 email accounts for
bcmsamerica.com

I pointed the MX records to RackSpace and they both worked, as expected.

I was not ready for a website of my own, and got the permission of my partner to point my domain at his site.

I tried various methods including a CNAME record, adding a WWW record, and finally got it to work.

I tried the email, but this time it failed.

I was told that the MX records of banccertified.com pointed to Zoho. So, I dropped RackSpace and used Zoho to host my two email addresses for bcmsamerica.com

It seemed all to work.

Until it stopped working.

Since then, I have gotten the following block coming from somewhere...

Blockage

I can not even type the domain directly without blockage. But sometimes it does work.

So I proceed to click the "Agent Logon" button at the bottom and the page is blocked for the route:
https://www.banccertified.com/marketing

I tried this from my iPhone, and it works. I tried in my three browsers on my Mac, and they all fail.

I used my Tablet, and that also was blocked.

What could be the problem?

Did my router get black-listed somewhere?

I accidentally tried my tablet using my home router, and it was blocked. When I then connected my tablet …
0
Hi Everyone

I have recently started a new job and I am just looking at the existing infrastructure and listing areas that I think should be changed or improved.  There appears to be a few !!

The first thing I've noticed is that we are currently using a PPTP VPN connection which is set up on a RAS server.  From what I know, PPTP is no longer recommended and is not secure.

We have a Xyxel ZyWALL 1050 firewall that appears to offer both IPSec and SSL VPN connections.  Would it be better to use this as opposed to a software VPN as we currently have ?

As far as I can gather there are not a lot of VPN users, and my plan is to only provide VPN accounts to those with company issued laptops.  I think currently people are connecting in with all sorts of different devices, which I guess in itself is not a problem but as I have doubts about how the VP is working at the moment I would like to get away from that and just assign VPN accounts to those that need them.

I have set up an Open VPN server on my home network, so I have done a bit of work on this before but otherwise I'm a relative newbie.

Thanks
Matthew
0
I have an intermittent SSL handshake failure from one of our business partners: TLS 1.2 Alert Level Fatal: Certificate Unknown.
The error message is see at the packet level in packet from the client to the server (load balancer VIP.) Everything will work
for days or weeks and then suddenly these errors kick in with no change to our load balancer setup.  Can anyone hazard
a guess as to what's going on?
0
We have a remote site connected to the main office via a site to site VPN.  Main office has a very beefy terminal server with a separate Dell DAS device and a fast coax internet connection.  The remote site has very few internet options.  We're running a 40mb down, 10mb up connection for them now.  The issue we're having is that the users at the remote site have dual 4k resolution monitors and when they are viewing large PDF's of building plans, the scrolling is very slow.  Also, switching between programs on the TS is slow.  We can't lower the screen quality because they need to be able to see the plans at max resolution.  They also access 2 or 3 applications that access a database at the main location.  So once the software opens on the TS, it's much faster than using it over the VPN.  

Would a Sonicwall WAN accelerator help?  What else could I look at doing to increase response times on the terminal server but not reduce image quality?
0
We have a site to site IPSEC vpn up and running and communicate to each security appliance, the gateways and VLANs We have connected laptops and other devices and can traverse back and forth.  However, Site A has a vcenter server and we are trying to add two hosts on Site B to the site a vcenter.  I can ping the hosts from site A, and ping B and vice versa. However, I cannot get access from site A to the ESXi Host on site B.  Is there a TCP/UDP necessary to connect to the host?
0
Hello,

Our team is being told to investigate whether our Windows infrastructure contains misconfig encryption.  

I sample a few WIN2012 web servers, open up the registry and look at the secured channel settings.  I see TLS 1.1 client and TLS 1.1 server are enabled.  Some servers have SSL 2.0 client presents but not enabled.  No SSL 3 or TLS present.

Would somone educate me how the secured channel protocols being added into the registry?  

I understand that SSL 2 and 3 are old and they should be disabled.  What is the best way to ensure the disable process will not affect our current applications?

I usually deal with adding secured certificates to the web servers but do not pay attention of what schannel protcol is used.  

Thank you very much.
0
I have a sonicwall nsa2650 and i have an nvr with poe ports on the back that have an internal dhcp server controlling them on a 10.0.0.x subnet. I want to access those ports from my laptop when connected via global vpn client.  sonicwall has x1 and x2 as wan, x0 as lan on 10.10.30.x, and I have plugged one of the nvr ports into x3 on sonicwall.  I need help configuring sonicwall so that I can navigate to the 10.0.0.x subnet
0
Looking for a cost effective appliance based VPN solutions (Preferably clientless), for small business.
Thoughts/ideas/recommendations?

We have a number of small clients that we have been using the Netgear fVS-336s with a lot of success but they are no longer supporting it.
Some users remain on as much as 8-10 hours per day.

Thanks!
0
We use TITAN FTP server v11.x.
Having an issue where a clients IP keeps getting blacklisted.
In the logs, i can see that they are logging in with the wrong user ID one time and immediately getting banned.
In settings at user level I have turned off the settings to ban after X attempts, and added their IP to the Client level whitelist.

Logs are below showing the user getting banned. Any idea why the action is so quick and severe? any way to make it a little more forgiving ?

2018-03-01 12:53:37 [2/1256/84c] New incoming connection from IP address: 65.116.210.66, port: 40982, socket=1488
2018-03-01 12:53:37 [2/1256/84c] OnPostCreation(pBaseCxn=0x852fb80,socket=1488), sending the '220 Welcome' message
2018-03-01 12:53:37 [2/1488/84c] RESPONSE: 220 Titan FTP Server 11.30.2350 Ready.
2018-03-01 12:53:37 [2/1488/84c] COMMAND: USER [dayco@ftp.completeshipping.ca] ***
2018-03-01 12:53:37 [2/1488/84c] Trying to find user:dayco@ftp.completeshipping.ca
2018-03-01 12:53:37 [2/1488/84c] User "dayco@ftp.completeshipping.ca" not found, we will fail in PASS.; returning 331
2018-03-01 12:53:37 [2/1488/84c] FindUserEx("dayco@ftp.completeshipping.ca") returned Success.
2018-03-01 12:53:37 [2/1488/84c] Adding random sleep activity for 23ms to deter hacker from realizing username is invalid
2018-03-01 12:53:37 [2/1488/84c] RESPONSE: 331 User name okay, need password.
2018-03-01 12:53:37 [2/1488/84c] COMMAND: PASS <hidden>
2018-03-01 12:53:37 [2/1488/84c] User 

Open in new window

0
Does Microsoft's Anti-XSS Library block:

HTTP Splitting and Cache Poisoning?

These are new concepts to me, so surely I need to spend more time reading this article:

http://chousensha.github.io/blog/2014/08/15/pentest-lab-webgoat/

If you have the time... :)

Which vulnerability is NOT blocked by Microsoft's Anti-XSS Library?

Thanks
0
How Vulnerable are query string parameters and their values?

I am curious how vulnerable a website is to hacking that has little validation on the query string params.

Some argue that:
1) an unrecognized query string parameter can do no harm
2) it's too much work, since the program is always in flux, so the "poor stepchild" would not keep up
3) the code to block this (locally at least) is fragile and will always delay a solid release
4) there will be many more failed log-ins than blocked hackers

What are your thoughts on this topic?

And how does using a Web Application Firewall change the discussion?

It seems that if the benefits to security were small or non-existent, the Security Industry would not waste its time closing this vulnerability.
0
Hello

We are in the process of changing our 3x site IPSec VPN to a stage migration to MPLS, so single firewall.

Stage one is to get site 1 on MPLS first and leverage some of the newer features of the hosted firewall while still routing traffic across the site to site vpns accordingly.

First change we (on prem) need to do is re-configure a number of ports in the switch to accomodate the new on prem router(s).

Currently we have HSRP (i think) on the CPE which terminates on the HP L3 (2920 poe) switch.  Its currently using a Vlan with no IP address associated and has a ports connected to the two routers.
The two other vlans we have are for voice and data and each vlan has a connection to the firewall which has the two vlans configured.

The new provider would like to use trunk ports to get away from the multiple ports to multiple vlans.   Any pointers here in terms of configuration on the switch and if this can be done without changing the existing config (should all go wrong)?

thanks
0
Assessing Vulnerability from URL parameters

I am in the processing of helping secure a .NET website against URL hacking. So I have spent some time adding a whitelist of valid domains and sub-domains. But what about query parameters?

My instincts are to add a second whitelist of valid query string parameters, but does that do anything to protect me?

I suppose a determined hacker could, with time and experimentation, find a query string param that has some exploitation value.

What do you think?

My worry is that whitelist of query string params may be difficult to generate, as this website is quite large. And there is always a risk of rejecting a legitimate request. The query string exposure is about revealing key data in the URL, but I am asking whether there is value in asserting that each query string param is in a whitelist of such params?

So, this is a customer service versus hack risk, threat assessment. And if there is little or no measurable reduction in threat, then this parameter whitelist could cause more harm than good.

Thoughts?

Thanks.


Thanks.
0
Looking for Test URL's to try against my Anti-XSS code

Can you post some URL's or a link to a site where I can get dozens of various URL's that I can use to test against my Anti-XSS URL Hack code?

I need domains in the return URL, query string parameters, to see what my code can do.

Thanks
0
I had an attack on my site last night and I was looking in /varlog/messages and I see these entries happening every second

Feb 12 10:53:56 ip-172-31-22-236 saslauthd[2711]:                 : auth failure: [user=mara] [service=smtp] [realm=seo.thefrugallife.com] [mech=pam] [reason=PAM auth error]
Feb 12 10:53:56 ip-172-31-22-236 saslauthd[2713]:                 : auth failure: [user=tigers] [service=smtp] [realm=seo.thefrugallife.com] [mech=pam] [reason=PAM auth error]
Feb 12 10:53:56 ip-172-31-22-236 saslauthd[2710]:                 : auth failure: [user=tigers] [service=smtp] [realm=seo.thefrugallife.com] [mech=pam] [reason=PAM auth error]
Feb 12 10:53:58 ip-172-31-22-236 saslauthd[2716]:                 : auth failure: [user=josie] [service=smtp] [realm=seo.thefrugallife.com] [mech=pam] [reason=PAM auth error]
Feb 12 10:53:58 ip-172-31-22-236 saslauthd[2715]:                 : auth failure: [user=josie] [service=smtp] [realm=seo.thefrugallife.com] [mech=pam] [reason=PAM auth error]
Feb 12 10:54:05 ip-172-31-22-236 saslauthd[2711]:                 : auth failure: [user=stephanie] [service=smtp] [realm=seo.thefrugallife.com] [mech=pam] [reason=PAM auth error]
Feb 12 10:54:05 ip-172-31-22-236 saslauthd[2713]:                 : auth failure: [user=stephanie] [service=smtp] [realm=seo.thefrugallife.com] [mech=pam] [reason=PAM auth error]
Feb 12 10:54:11 ip-172-31-22-236 saslauthd[2710]:                 : auth failure: [user=amanda] [service=smtp] 

Open in new window

0
Using Telerik FiddlerCore to make our .NET website more secure

I just learned that FiddlerCore provides much of the functionality of Fiddler, but without the UI. And it seems this is a library designed to be incorporated into .NET programs.

I am looking for ways to reduce the chance that a hacker makes a successful penetration into our website, so using FiddlerCore is interesting to me.

Is this something to be including in the Release version of the website? Is so, please explain what kinds of services it could provide?

I like having advanced functionality under the covers, but only so long as it protects me while not adding some new exposure.

I'd love to hear  your thoughts...

Thanks.
0
I am having some issues with some phones and was hoping someone could hopefully point me in the right direction. I am not a phone guy by any means, so excuse any mistakes or anything that is unclear. Our past set up was as follows

Site A - Sonicwall NSA 250 M with Avaya IP Office 8.1
Site B - Sonicwall TZ 205 with 20x Avaya 9608 phones

The sites are connected via a Site to Site VPN.

A week or so ago, we swapped out Firewalls. We moved Site A's to Site B, and put a Sonicwall NSA 2600 at Site B. We did a simple export/import of configs. Even though they were different Firewall models, Sonicwall documentation said it was supported, and we haven't had any issues. Except one.

Our phones seem to experience call dropping and quality issues. We get 10x dropped calls a day, and inside IP Office I can see Quality of Service Alarms going off like crazy.

I have set up QoS and BWM on both sides of the Firewalls, I don't believe bandwidth is the issue.  It's ONLY my remote phones at Site B, which are all H.323 phones. But if someone from Site A calls Site B, there is a chance it will drop as well. Site A can call Site A all day, or externally, no issues. I played around with H323 transformations on the Sonicwall, and that actually seemed to fix the issue, but after enabling it my phones would deregister themselves after a few hours, and would not re-register.

I have set up wireshark on both ends, nothing out of the ordinary, no increase of traffic when issues comes up. …
0
My OS is win10 pro 64 bit.  Due to recent security hacking on my pc, I am thinking if NordVPN would provide the security preventing everyone from entry.  I have Avast Premier protection.  Or can I use ZoneAlarm or some other software.  Thank u and regards.
0
My OS is win 10 pro 64 bit.  My pc is a lennovo m72e.   I use Verizon DSL and the pc is connected via a modem, which has about 5 ports, allowing for ethernet connection.  Last week a hacker managed to hack into my pc.  My question is if I were to change the port which the ethernet cable is connected, can the hacker get into my pc again?  I have Avast security protection and the OS' own.  thank u
0
Anti-XSS Test Tool plan for Firefox

We need to support Firefox only, so I  wonder if that limitation helps me to hone my list of options, as I seek an Anti-XSS Test Tool?

I would consider at least:
https://www.owasp.org/index.php/OWASP_XSSER
https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
https://www.owasp.org/index.php/OWASP_Xenotix_XSS_Exploit_Framework
https://portswigger.net/burp

and review:
https://www.pentestgeek.com/ethical-hacking

plus whatever else you suggest for me to consider. So, I wonder if the fact that our site is limited to Firefox support helps us find a smaller set of AntiXSS test tools from which to choose?

Thanks
0
Looking for a tool to test XSS Vulnerabilities on our site

I need to find a tool we can run which will enable us to help find XSS Vulnerabilities and to test our Anti-XSS fixes.

What can you suggest?

Thanks
0
We used to use Cisco 1`941-SEC, Cisco 3945-SEC etc. for IPSEC VPN internet connections. Since then Cisco has moved over to ISR Series Cisco 4321-AX, Cisco 4331-AX etc. What is the equivalent security bundled CPE for ISR 4200 series. I hope we do not have to buy the security licenses separately.
1

Internet Protocol Security

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite.