Internet Protocol Security

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite.

Share tech news, updates, or what's on your mind.

Sign up to Post

My issue is we set some cookies, using JS, with a 1 year expiration and that particular cookie didn't have the secure flag set. We now want to update the cookies to have the secure flag set. The code that creates the cookies now has the "secure" attribute and all new cookies have the "secure" flag. The issue is how do I update existing cookies? I'm assuming I have to destroy the cookie and then recreate it with the secure flag set? I don't know if there is any other way to do this? Also is there a way using JavaScript to detect if the cookie does have the flag set before deleting it?

Thanks!
0
We have ten gigabit interfaces. How much tunneled traffic would the device be able to push?
0
Visited a client site and ran various ‘my ip address’ site to determine what is the External IP address the provider assigned.  Noticed that each device resulted a different value.  For example their phone and their tablet gave different values where that last segment changed (xxx.xxx.xxx.19 and xxx.xxx.xxx.20), yet when we ran myipaddress in our device gave a whole different value in all segments.

We understand that the internet provider assign the cable modem or location a single dynamic external ip.  The location router managed a total different internal ip sequence values and assigns it to each device connecting to the wifi or router within the location.  Thus the cable modem has 1 IP address and the devices within the location has different ip address.

Why would the “my IP address” website display different IP address in all devices connected to the same wifi?
0
Goal: Allow a user to connect to his desktop computer with RDP  ONLY after connecting vpn.

Environment:   OPNsense/Pfsense firewall
53,25,80,443 allow through firewall-
Currently can successfully rdp  with or without VPN with port forwarding - suspect traffic is hitting the fw on public int/public static  and not the desired private Ip a range allocated VPN connection.

User successfully connects to vpn, receives ip, but cant access local resources.
The client side vpn registers an IP address, the FW sees the connection- Just doesn't seem to allow traffic from vpn to local network

The IP range assigned to vpn  connections 10.  the local ip range is 192.

help
0
My son's computer keeps having internet connection issues.

-Is playing on a minecract server / minecraft client

Sometimes these apps are also open
-Twitch
-Discord

He is playing on a minecraft server.  and begins to experience lag more and more frequently before the crash.
Is there any way to track down the culprit?  We could assume that it is not enough RAM and go buy more RAM and the problem happens again and we are no better off.

I am looking for a way to gather information that can help tells us what thing( s ) is causing the problem(  s  )

sys info 2systxt.txt
0
hi everyone,

I have facing problems to configuration my domain. users internet permission I have used hosts files but not enough for me what is suitable thing for configuration of URLs

what about firewalls what is the best firewall for filtering the URLs ...


looking forward for reply urgent..


thanks
Asad
IT student
0
Hello
We have an IPSec VPN solution for a small number of sites.  Our users remote into two of the sites via IPSec VPN too.
We are going to move supplier and looking at moving from IPSec to MPLS.  We will look to migrate to AWS and/or move CRM out to other providers.  We also will moving from our on prem phone system to a cloud solution.
Has anyone got any recomendation around security, perfornance, limitation etc of each?
Thanks
0
Is there a way to find out who owns a domain even if they have domain Privacy added to their site?
0
VPN literally just stopped working for all of our users. No changes that I am aware of. Simple MS VPN connection to a VPN server.

Server side error:
 VPN2-112: A certificate could not be found. Connections that use the L2TP protocol over IPSec require the installation of a machine certificate, also known as a computer certificate.
PC/Workstation off Network connection error:
Error 619: A connection to the remote computer could not be established, so the port for this connection was closed.

Server-side:
Windows firewall and anything that could be blocking is off. I see the users hit the network via Firepower but then the "Error 619".
If I truly need to provide them with a workstation cert, how do I go about doing this and efficiently for several people.

TIA
0
Hi All,

Im running an ASR 1000 with version XE 3.13.01.S (15.4(3)S1). Does it support SHA256 and AES256 for ikev1? I know it does for ikev2 but I am not sure about ikev1 both phase 1 and phase 2.
Here is what I found on a cisco website: https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/116055-technote-ios-crypto.html

"Support for the NGE control plane (ECDH and ECDSA) has been introduced with Version XE3.7 (15.2(4)S). Initial control plane SHA-2 support was for IKEv2 only, with IKEv1 support added in Version XE3.10 (15.3(3)S). AES-GCM-128 and AES-GCM-256 encryption algorithms have been supported for IKEv2 control plane protection since Version XE3.12 (15.4(2)S) and 15.4(2)T. NGE dataplane support was added in Version XE3.8 (15.3(1)S) for Octeon based platforms only (ASR1001-X, ASR1002-X, ESP-100, and ESP-200); dataplane support is not available for other ASR platforms."

Whats the difference between data plane support vs control plane support?

Thanks and kind regards.
0
Very strange, this morning when I turned on the computer I got a message that Malwarebytes (I have Pro version) has been turned off. When I turned it on, the option "Protection against malicious code" was switched off, and I can not switch it on! All other options are selectable and can be switched on, but not this option.

Last time I was in Manila I had similar problems with strange things happening. Then when I left the problems disappeared. And most often here in Manila I get warnings when connecting to the hotel wifi about insecure network or dangerous connection.

All kinds of small problems since 2 days when suddenly I got this problem with the message "Waiting for proxy tunnel" in Google Chrome and "TLS handshake" in Mozilla Firefox:

https://www.experts-exchange.com/questions/29058931/How-should-I-get-rid-of-the-message-Waiting-for-Proxy-Tunnel-in-Google-Chrome.html

Other problems: Can not use Google API any longer for connection to Google Translate API for my CAT tool. Can not switch input language any longer. Can not run Windows Update any longer:

https://www.experts-exchange.com/questions/29058918/Why-do-I-get-Windows-could-not-search-for-new-updates-in-my-Windows-7-Home-when-checking-for-updates.html

Other problems (continued):

Takes ages to save a text document or other document ("Not responding").
"Google has authentication problems" when logged in to Gmail.

Etc. etc. (new issues coming up all the time).
0
After I've configured the device I can't get out to internet via any of the pcs.  I can access the 5505 from and outside computer and can configure it via the ASDM so I'm not sure what the problem is.  Can someone verify my config below?

ASA Version 8.3(1)
!
hostname ciscoasa
enable password OlOxQ1nyrZ49h6MK encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.2.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address dhcp setroute
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
object network obj_any
 subnet 0.0.0.0 0.0.0.0
object network NETWORK_OBJ_192.168.2.0_24
 subnet 192.168.2.0 255.255.255.0
object network SCETI
 subnet 172.172.128.0 255.255.255.0
access-list outside_1_cryptomap extended permit ip 192.168.2.0 255.255.255.0 object SCETI
access-list inside_access_in extended permit ip any any
access-list outside_access_in extended permit ip any any
access-list outside_access_in extended permit tcp any host 192.168.2.100 eq 3389
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (inside,outside) source …
0
I need to look at a website. It is not a pentest itself. Just a vulnerability scan. What tools could I use to generate a complete report?
I also need to generate a less technical report.
0
Hello,

We use an RDP session through a VPN tunnel to connect to our hosted software out of state.

We constantly experience latency through all of our VPN tunnels.  I can run a constant ping from our hosted provider back to our environment to get a small picture how bad the response times of the pings are.

The ping times will be consistent for a little while hovering at 55ms - 67ms and then we will see "request timed out" multiple times and then ping times will rise.  It seems like the ping times fluctuate a lot  (I assume they would as the signal is traveling through multiple possible connections).

When ping times are at 55ms or less everything seems fine.  However, when it goes up from their end users report latency.

We are not hard lined to our ISP as everything is wireless.  Our internet pipe should be sufficient at all locations as we have spoken with our ISP and we do not hit the high water mark on our bandwidth - only rare spikes the main site.  

We are not hitting the high water mark on bandwidth usage at any of our other sites.  Is there a good piece of Enterprise level software that one could use to help get a clearer picture of where the issue occurs?

What kind of architectural questions should we be presenting to our ISP?   To our hosted provider?

1.  Is your VPN Server over-utilized?
2?
0
I need a web service to remain secret and would use CloudFare or a similar technology to prevent DDoS attacks. Aside from DDoS, what other types of attacks are possible?

I assume my web service domain would be totally hidden, but need to be sure there is no other known threat to it.

Thanks
0
What options are there to protect a web service from a DOS attack?

IF the web service were accessed only by my Objective-C iPhone application, and nowhere else, is this web service protected by the "security through obscurity" model? Or, can hackers crack open the source code of the iPhone app, like Apple can?

What about if I put the URL to the web service into the SQLite database and encrypted the Path?

So, when my app needs to request information from the web service, it does a DB lookup in the SQLite database for the path to the web service. When it gets it, it decrypts it. Then, using a variable (in memory) only, it makes the web service call.

Does this protect from a DOS attack to that web service call?

Are there easier ways?

Will this work on Java for the Android?

What about on my website?

Thanks.
0
It seems Sky have changed their email servers to Yahoo and with it, changed the security settings. Until the other day all was working OK but then email stopped arriving. Sky deny all knowledge but from a conversation I had with their support team about another client I've been working with, and research I've done on the Internet it seems that the Sky incoming email servers have changed.
For IMAP it was imap.tools.sky.com and is now imap.mail.yahoo.com
For POP it was pop.tools.sky.com and is now pop.mail.yahoo.com

My client is using POP mail with Outlook 2010 so I have changed the server to pop.mail.yahoo.com and set port 995 and SSL=Yes but it still won't connect. Outgoing email is OK using the same username and password as incoming so that verifies the credentials. (I can also login to sky.com using the credentials).

Is there something I've missed?
0
Can loved one's or family members see my credit report if I put a security freeze on it?
0
Hi Sir,

Would like to ask for your help about the problem listed below,

[Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xccb797a8) not found (maybe expired)

Hoping that you can help me resolve this matter.


Thank you in advance.
0
Hi again everyone -

So sorry to be a pest. Now that I have my ASA 5505 up and running with successful Internet access by devices on my LAN, I can't seem to get my DMZ to gain internet access. Nor can I get a simple IPSec site-to-site VPN to work.  This is really frustrating as the ASA on the other side already participates in another separate site-to-site VPN (setup by me) which works just fine.

I have looked at NAT rules and access rules and can't seem to find the difference. The only thing I did differently on this VPN was try Diffe-Hellman Group 1 as group 2 settings didn't work.

Below is the sanitized config of the ASA that has a working DMZ and a working VPN as well as the non-working VPN.  I have replaced my static public IP with xx.xx.xx.xx and the peer IPs in the VPNs are vv.vv.vv.vv for the one that works and ng.ng.ng.ng for the one that doesn't work.

I will return to this post momentarily and add a comment with the running configuration of the ASA at the other site.

Thanks in advance for any help.

Result of the command: "sh run"

: Saved
:
ASA Version 8.2(1)
!
hostname ciscoasa
enable password /zzzzzzzzz encrypted
passwd zzzzzzz.zzzz encrypted
names
name 192.168.1.0 dmz_outside
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 10.0.0.1 255.0.0.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address xx.xx.xx.xx 255.255.255.252
!
interface Vlan3
 no forward interface Vlan1
 nameif dmz
 
0
I would like to understand the difference of persistent connection and keep alive. Is it only applicable to HTTP protocol? Thanks!
0
We have two sites each with a SonicWall on the perimeter.

I have written out the site settings for each location.  In the document I have prepared they are referred to as Main Site and Remote Site.
Every now and then the VPN will stop working.  We go in and check it, change nothing then check the other end, check and change nothing, then at some point it will start working again.
We could be down for a long as 30 minutes.  We are getting frustrated with SonicWall support as they cannot tell us what is causing this problem.    

Would anyone be able to review our setting if I attach them to this question?
Is there an alternative to VPN?  

HELP!

Kevin
0
I freeze my credit report from 3 beaurues. Equifax, Transunion, Experian. I did that because some people knows my social and date of birth and I don't want they knows my new address. My question is what other agencies i can use to freeze my credit history?
0
Hello,

Trying to create a Site to Site between our TZ215 and Azure:
VNET1 - Address Space     = 10.1.0.0/16
               Subnet  range      = 10.1.0.0/24

GatewaySubnet                  = 10.1.1.0/24

Virtual Net Gateway           = VPN
                                               = Policy-based
                                               = VNET1
                                               = VNET1GWIP  (created Public IP)

Local Net Gateway             = RP_OFFICE
                                              = Public IP address of SonicWALL
                                              = 192.168.250.0/24 (LAN network on SonicWALL)

Connection                          = Site-to-Site (IPsec)
                                               = Virtual Net Gateway
                                               = RP_OFFICE
                                               = Shared key that matches what's configured in the SonicWALL

SonicWALL:
 General Tab                         = Site to Site, IKE using Preshared , IPsec Primary = Public IP of Azure, IPsec Secondary = 0.0.0.0, Local & 
                                                   Peer IKE ID = IPv4 address
Network Tab                         = LAN Subnets, Azure LAN network
Proposals Tab                       = Main Mode, Group 2, AES-256, SHA1, 28800, ESP, AES-256, SHA1, 3600
             
Seeing the following in the SonicWALL log:
  SENDING>>>> ISAKMP OAK INFO …
0
Sir,
i have establish a vpn server in windows server 2012 R2 adn its works fine but when i try to connect with the 2nd server (The DATA Server) it shows nothing. please let me know that how i can connect the server using vpn connection.

Thanks

Asad Rehman
0

Internet Protocol Security

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite.